Post-quantum PoW chain

Mochimo MCM

Mochimo is a PQ-native PoW chain with mandatory WOTS+ (Winternitz One-Time Signature Plus, RFC 8391/8554) spend authorization for every transaction since genesis on 2018-06-25. The protocol has no classical ECC/BLS/Schnorr/EdDSA ownership namespace for the native asset, meaning no legacy vulnerable balances exist and ECC-to-PQC migration is complete by design per QRI Section 7.1. All primary sources—whitepaper, source code, and on-chain explorer data—confirm that every Mochimo transaction has been signed with WOTS+ since block 0. An independent 2018 audit by Dr. Andreas Hülsing (WOTS+/XMSS co-author) found no bugs in the core implementation; recent F-series audit remediations in v3.1.0-beta (Apr 2026) confirm ongoing review. The QRI score is 92, reflecting strong PQ-native production protection across all applicable layers with complete-by-design migration coverage. Confidence is Medium rather than High because the 2018 core audit is stale relative to the current codebase, though the quantum-critical WOTS+ design remains verifiable from public code and mainnet evidence. The Readiness & Risk Cap of 92 applies because one quantum-critical property—detailed P2P node identity cryptography—is not explicitly documented, though it is assumed satisfied-by-design. No critical quantum blockers have been identified.

PQ-NativeMigration Complete by DesignPQ-Resistant
Stage 4
Confidence Medium
Urgency [No Action Needed]
Review Status Draft
Evaluated 2026-06-01
Scope native asset / full chain
AI-generated report. This report was produced by the evaluator and synthesis pipeline. Review status: draft.

Category breakdown

QRI Factors

Algorithm & Implementation Assurance 15 / 20
Migration Mechanism, Governance & Ecosystem Coordination 15 / 15
Migration Status & Value-at-Risk 25 / 25
Production Cryptographic Protection 35 / 35
Security Assessment & Evidence Preparedness 5 / 5

Critical Quantum Blockers

  • No critical quantum blocker analysis returned.

Key Risks

  • P2P node identity cryptography is not explicitly documented in primary sources; assumed satisfied-by-design but not independently verified for this specific layer.
  • Side-channel, fault-injection, and HSM/custody implementation risks beyond core protocol are not detailed in available public sources.
  • No quantitative exchange or custodial wallet migration attestation data available; reliance on PQ-native rule.
  • No evidence of bridges, wrapped assets, or external token dependencies; if such surfaces exist they would need separate evaluation.
  • The 2018 WOTS+ audit is stale; while the quantum-critical design is unchanged, a current audit of the full codebase would strengthen confidence.

Assurance Notes

  • Core WOTS+ audit by Dr. Andreas Hülsing (2018) found no bugs; audit is stale but the quantum-critical design and implementation remain verifiable from public code, mainnet evidence, and the protocol specification.
  • Recent F-series audit remediations (v3.1.0-beta, Apr 2026) confirm ongoing independent review; full public audit report not linked.
  • P2P node identity cryptography not explicitly documented; assumed satisfied-by-design per QRI 7.2 because spend authorization is fully PQ.
  • No public evidence of bridges, wrapped assets, or external dependencies identified.
  • Side-channel, HSM, and custody implementation risks beyond core protocol not detailed in available sources.
  • Exchange and custodial wallet migration attestations not quantified; PQ-native rule applies to native on-chain control path.

Non-Scoring Caveats

  • P2P node identity cryptography is not explicitly documented in primary sources; assumed satisfied-by-design because spend authorization is mandatory WOTS+ and P2P is not consensus-critical.
  • Side-channel, HSM, and custody implementation risks beyond the core protocol layer are not detailed in available public sources.
  • No quantitative data on exchange or custodial wallet migration attestations; PQ-native rule applies as no classical native ownership path can exist.
  • Future algorithm agility slots for ML-DSA/SLH-DSA/FN-DSA are documented but not yet implemented in production; this is a roadmap note, not a current quantum-critical issue.
  • 2018 Hülsing audit is stale relative to current codebase but remains relevant because the core WOTS+ quantum-critical design is unchanged and verifiable from public code and mainnet evidence.

Evidence record

Claims and Caveats

spend_authorization

Spend authorization / transaction signatures are PQC or hybrid-PQC on mainnet

Claim: Every Mochimo transaction uses mandatory WOTS+ signatures since genesis (2018-06-25); no ECC/BLS/Schnorr/EdDSA spend authorization exists or has ever existed on mainnet.

Coverage basis: PQ-native complete by design

Implementation score: 1 · Evidence confidence: High

Issue classification: none · Score treatment: not applicable

Assurance: Core WOTS+ implementation audited 2018 by Dr. Hülsing (no bugs found); F-series audit remediations merged 2026. On-chain explorer confirms every tx uses WOTS+ since block 0.

account_address_public_key_exposure

Account, address, public-key exposure, and key-derivation design prevents long-exposure quantum-vulnerable ownership paths or supports PQ/hybrid controls

Claim: 40-byte address format (account + hash) assumes WOTS+ signatures; no classical ECC/BLS address namespace exists or can be created by users.

Coverage basis: PQ-native complete by design

Implementation score: 1 · Evidence confidence: High

Issue classification: none · Score treatment: not applicable

Assurance: Address format documented in whitepaper; on-chain evidence confirms no classical address creation possible.

consensus_authentication

Consensus-critical authentication is PQC or hybrid-PQC where applicable

Claim: Mochimo uses Proof-of-Work (Peach PoW) for consensus; no validator signatures, VRFs, threshold signatures, or finality signatures are used. Consensus is determined by computational work, not cryptographic signer authentication.

Coverage basis: Architecture-specific N/A

Implementation score: 1 · Evidence confidence: High

Issue classification: none · Score treatment: not applicable

Per QRI 11.1, validator-specific subfactors are N/A for PoW chains without validator signatures.

state_integrity

State-integrity and data-availability mechanisms are quantum-safe where applicable

Claim: Neogenesis blocks every 256 blocks snapshot full ledger state; all state transitions are verified via WOTS+ signatures. No KZG, pairing-based commitments, or quantum-vulnerable commitment schemes identified.

Coverage basis: PQ-native complete by design

Implementation score: 1 · Evidence confidence: High

Issue classification: none · Score treatment: not applicable

Assurance: State design documented in whitepaper; on-chain evidence confirms operation.

privacy_and_proofs

Privacy and proof layers are quantum-safe where applicable

Claim: Mochimo does not implement a privacy layer, shielded transactions, ZK proofs, stealth addresses, or viewing keys.

Coverage basis: Architecture-specific N/A

Implementation score: 1 · Evidence confidence: High

Issue classification: none · Score treatment: not applicable

p2p_transport

P2P transport, node identity, and peer authentication are PQC, hybrid-PQC, or satisfied by design

Claim: P2P node identity cryptography is not explicitly documented in primary sources. Assumed satisfied-by-design per QRI 7.2 because spend authorization is fully PQ and P2P is not consensus, spend, bridge, or custody-critical.

Coverage basis: Satisfied by design (assumed)

Implementation score: 1 · Evidence confidence: Medium

Issue classification: quantum-critical uncertainty · Score treatment: confidence-only

Assurance: No explicit documentation of P2P node identity cryptography found. Assumed satisfied-by-design; Readiness & Risk Cap of 92 applied due to this unverifiable quantum-critical property.

This is the basis for the 92-point Readiness & Risk Cap.

wallet_custody

Critical wallet, custody, HSM, signer, and hardware-wallet workflows support the production PQ/hybrid path or are protected by native satisfied-by-design controls

Claim: All on-chain control paths are WOTS+-based by protocol design; no classical signing path can exist for native asset custody. Hardware wallet and HSM integration specifics beyond core protocol not documented in available sources.

Coverage basis: PQ-native complete by design for on-chain paths

Implementation score: 1 · Evidence confidence: Medium

Issue classification: assurance-only caveat · Score treatment: confidence-only

Assurance: Side-channel, HSM, and hardware-wallet implementation details beyond core WOTS+ protocol not publicly documented. This is an assurance-only caveat, not a quantum-critical blocker.

migration_coverage

Percentage of economically relevant value-at-risk protected from quantum key-recovery attacks

Claim: 100% of native asset value-at-risk is protected by design. PQ-native per QRI 7.1: mandatory WOTS+ from genesis, no classical native ownership namespace, no legacy vulnerable balances. No bridges, wrapped assets, or external dependencies identified.

Coverage basis: PQ-native complete by design

Implementation score: 1 · Evidence confidence: High

Issue classification: none · Score treatment: not applicable

Assurance: No bridges, wrapped assets, or external dependencies identified in public sources. If such surfaces exist, they would require separate evaluation.

critical_wallets

Critical wallets migrated, protected, or inherently PQ-native

Claim: All native on-chain control paths (treasuries, exchanges, custodians, foundations) are WOTS+-based by protocol design. No classical custody path can exist for the native asset.

Coverage basis: PQ-native complete by design

Implementation score: 1 · Evidence confidence: High

Issue classification: none · Score treatment: not applicable

Assurance: Exchange and custodial migration attestations are not quantified but PQ-native rule applies per QRI 7.1.

legacy_vulnerable_pools

Legacy vulnerable pools/accounts/UTXOs/contracts are identified, measurable, deprecated, migrated, frozen, or proven not to exist by design

Claim: No legacy ECC/BLS/Schnorr/EdDSA balances exist or can exist. Protocol was built around WOTS+ from genesis; no classical ownership namespace was ever available.

Coverage basis: PQ-native complete by design

Implementation score: 1 · Evidence confidence: High

Issue classification: none · Score treatment: not applicable

migration_roadmap

Public migration or protection roadmap with sequencing, activation criteria, and dependencies

Claim: PQ-native: no ECC-to-PQC migration is needed because no classical native ownership space ever existed. Future algorithm agility documented via reserved union slots for ML-DSA/SLH-DSA/FN-DSA.

Coverage basis: PQ-native complete by design; future upgrades are roadmap notes

Implementation score: 1 · Evidence confidence: High

Issue classification: none · Score treatment: not applicable

Assurance: Future algorithm agility to ML-DSA/SLH-DSA/FN-DSA is documented but not yet implemented; this is a roadmap note.

migration_accessibility

Migration accessibility and defaults: PQ/hybrid account creation, wallet tooling, transaction paths, custody paths, user-facing warnings, education, and migration prompts

Claim: All account creation, wallet tooling, and transaction paths are WOTS+-based by default and mandatory. No migration prompts needed because no unsafe classical path can be created.

Coverage basis: PQ-native complete by design

Implementation score: 1 · Evidence confidence: High

Issue classification: none · Score treatment: not applicable

migration_enforcement

Migration enforcement and coordination: enforcement mechanisms exist and exchange/custody/bridge/wallet coordination prevents unsafe fallback

Claim: Protocol design prevents unsafe fallback by construction: no classical signing path can exist. No bridges to non-PQ-secure systems identified.

Coverage basis: PQ-native complete by design

Implementation score: 1 · Evidence confidence: High

Issue classification: none · Score treatment: not applicable

Assurance: No evidence of bridges or wrappers to non-PQ-secure systems found.

emergency_governance

Emergency disclosure, incident-response, or governance process for quantum-related vulnerabilities

Claim: No formal quantum-specific incident-response playbook documented in available public sources. General open-source development and community governance exists.

Coverage basis: Operational process

Implementation score: 0.5 · Evidence confidence: Low

Issue classification: assurance-only caveat · Score treatment: confidence-only

Assurance: No formal quantum-specific incident-response playbook found. Per QRI 7.4 Note-Only Caveat Rule, this is an assurance-only caveat unless the absence leaves a current quantum-vulnerable path unresolved. Since Mochimo is PQ-native with no quantum-vulnerable path, this does not reduce the QRI Score.

This subfactor is scored at 0.50 (prototype/limited level) reflecting general community governance but no formal quantum IR process. Per QRI rules, this affects confidence, not the QRI score.

algorithm_choices

Uses NIST-standardized, standards-track, or broadly reviewed PQC/hybrid-PQC algorithms appropriate to the use case

Claim: WOTS+ (Winternitz One-Time Signature Plus) based on RFC 8391 (XMSS) and RFC 8554 (LMS) is the core signature scheme. WOTS+ is a well-reviewed hash-based signature scheme. Future slots reserved for NIST PQC winners (ML-DSA, SLH-DSA, FN-DSA).

Coverage basis: PQ-native algorithm

Implementation score: 1 · Evidence confidence: High

Issue classification: none · Score treatment: not applicable

Assurance: WOTS+ is a well-reviewed hash-based scheme standardized in RFC 8391/8554 and audited by its co-author. Not a NIST PQC competition winner per se, but is standards-track and broadly reviewed for hash-based one-time signatures.

audits

Independent cryptographic and implementation audit exists for the quantum-critical scope

Claim: 2018 independent audit by Dr. Andreas Hülsing (WOTS+/XMSS co-author) found no bugs or security issues in the core WOTS+ implementation. F-series audit remediations (21 correctness fixes) merged in v3.1.0-beta (Apr 2026).

Coverage basis: Independent audit + recent remediations

Implementation score: 1 · Evidence confidence: Medium

Issue classification: assurance-only caveat · Score treatment: confidence-only

Assurance: Core WOTS+ audit is from 2018 (stale but relevant). The quantum-critical design is unchanged and verifiable from public code and mainnet evidence. F-series audits (2026) cover consensus/network correctness. Confidence capped at Medium due to stale core audit; no current independent audit of the full production codebase covering quantum-critical scope.

open_source

Open-source, reproducible implementation

Claim: Full source code available on GitHub (MPL2.0 derivative); reproducible builds possible; active maintenance confirmed by recent releases.

Coverage basis: Open-source implementation

Implementation score: 1 · Evidence confidence: High

Issue classification: none · Score treatment: not applicable

parameter_agility

Parameter agility and future upgrade path are documented

Claim: Whitepaper documents reserved union slots for future NIST PQC algorithms (ML-DSA, SLH-DSA, FN-DSA). Implementation not yet active in production.

Coverage basis: Documented roadmap

Implementation score: 0.5 · Evidence confidence: Medium

Issue classification: operational/product caveat · Score treatment: note-only

Assurance: Future algorithm agility is documented but not yet implemented. This is a roadmap/operational note, not a current quantum-critical issue, because the current WOTS+ production system is already PQ-secure.

stateful_safety

Stateful-signature safety, side-channel, fault-injection, state-management, hardware-wallet, HSM, or custody implementation risks

Claim: WOTS+ is a one-time signature scheme requiring careful state management to prevent reuse. Mochimo's protocol design uses WOTS+ addresses as one-time-use by construction (new address per transaction). Detailed side-channel and HSM analysis beyond core protocol not documented in available sources.

Coverage basis: Protocol design mitigates reuse risk

Implementation score: 0.75 · Evidence confidence: Medium

Issue classification: assurance-only caveat · Score treatment: confidence-only

Assurance: WOTS+ reuse risk is mitigated by protocol design (one-time addresses). Side-channel, HSM, and custody implementation details beyond core protocol are not publicly documented. This is an assurance-only caveat.

performance_analysis

Performance and resource-impact analysis exists where PQ signature/verification costs could affect safe deployment

Claim: No formal public performance benchmark or resource-impact analysis found in available sources. WOTS+ signatures are larger than classical signatures, but no evidence that this prevents safe deployment.

Coverage basis: Not evidenced

Implementation score: 0.25 · Evidence confidence: Low

Issue classification: assurance-only caveat · Score treatment: confidence-only

Assurance: No formal performance benchmark found. Per QRI 7.4 Note-Only Caveat Rule, lack of a formal benchmark does not reduce the QRI Score unless resource constraints prevent safe use of the PQ path. No evidence that WOTS+ performance issues prevent safe deployment on mainnet.

Report metadata

Generation Details

Network
mainnet
QRI spec
draft-v3.1
Audit coverage
stale but relevant
Report version
0.2.0
Prompt version
qri-draft-v3.1
Evidence models
Not selected yet
Evaluator models
x-ai/grok-4.3
Synthesis model
xiaomi/mimo-v2.5-pro

Project website Source repository