Security FAQ

No. This claim comes from a misunderstanding of how NIST Security Levels work and a misapplication of Grover's algorithm.

ML-DSA-44 is based on Module-LWE (Module Learning With Errors), a lattice problem. The best known quantum attack against Module-LWE is lattice sieving, not Grover's algorithm. These are fundamentally different mathematical operations.

Grover's algorithm provides a quadratic speedup for unstructured search problems, like searching through a symmetric cipher's keyspace. It does not speed up lattice sieving. Applying Grover's to ML-DSA-44 is a category error.

NIST defines 5 security levels for post-quantum algorithms. Each level is defined by a comparison to a well-understood symmetric primitive:

This argument confuses two different things:

1. AES-128 key search (where Grover's applies): AES-128 has a 2¹²⁸ keyspace. Grover's theoretically reduces exhaustive search to 2⁶⁴ quantum operations. This is correct for symmetric key search.

2. ML-DSA-44 (where Grover's does NOT apply): ML-DSA-44's security depends on solving Module-LWE, a structured algebraic problem over polynomial lattices. Grover's provides no speedup for lattice sieving. The quantum speedup for lattice algorithms comes from different techniques entirely, and these are already factored into NIST's security level assessment.

The phrase "equivalent to AES-128" in older documentation was shorthand for "the total computational cost is comparable." It was never intended to mean "apply Grover's to AES-128 and that's the quantum security."

Even if Grover's did apply (it does not apply to lattice problems), a 2⁶⁴ Grover search is not practically achievable with any technology on the horizon:

Grover's is not parallelizable in the same way classical brute force is. The oracle queries must be executed sequentially. Running 2⁶⁴ sequential quantum operations at even 1 GHz would take over 584 years.

Multiple peer-reviewed analyses (Jaques et al. 2020, Grassl et al. 2016) have shown that the gate depth, qubit count, and error correction requirements for a 2⁶⁴ Grover search against AES-128 would require millions of logical qubits running for years. No such machine exists or is projected to exist within the next several decades.

Soqucoin is a blockchain. Every transaction includes a signature and a public key. These sizes directly affect block capacity, storage costs, network bandwidth, and sync time for full nodes.

ML-DSA-44 signatures are already ~34x larger than ECDSA. Moving to ML-DSA-87 would make signatures ~64x larger than ECDSA, nearly doubling the per-transaction cost with no practical security benefit for the next 30+ years of quantum computing.

Yes. Soqucoin's consensus engine supports BIP9-style soft forks for cryptographic upgrades. If quantum computing advances faster than expected and NIST revises its security level guidance, the chain can upgrade its signature scheme through a coordinated network upgrade. This is the same mechanism Bitcoin uses for protocol changes.

This is a standard engineering practice: deploy the most efficient secure option today, retain the ability to upgrade if the threat model changes.

ML-DSA-44 was evaluated and standardized through NIST's Post-Quantum Cryptography Standardization Process (2016-2024), the most extensive public cryptographic evaluation in history:

Round 1 (2017): 69 candidate algorithms submitted. Round 2 (2019): Narrowed to 26. Round 3 (2020): Narrowed to 7 finalists + 8 alternates. Final Standard (August 2024): CRYSTALS-Dilithium selected and published as FIPS 204.

The evaluation involved cryptographers from NIST, NSA, GCHQ (UK), ANSSI (France), BSI (Germany), and hundreds of academic researchers worldwide. Every known quantum attack model was analyzed.

Halborn Security conducted two audits of the Soqucoin codebase (March 2026):

Genesis Audit: 10 findings + 20 informational items covering the Dilithium integration, PAT, wallet architecture, and consensus layer. All findings remediated. Lead auditor: Hossam Mohamed, who has also audited Dogecoin Core.

Extension Audit: 6 findings covering the LatticeFold+ batch verification system. All findings remediated.

The full audit reports are available on our Transparency page.

Yes. ML-DSA is the standardized name published in FIPS 204. "CRYSTALS-Dilithium" was the name used during the NIST competition (2017-2024). ML-DSA-44 corresponds to what was previously called "Dilithium2" (security parameter set 2). The algorithm, parameters, and security guarantees are identical. Soqucoin uses the exact FIPS 204 parameter set with no modifications.

ML-DSA-44 (Level 2) is the parameter set recommended by NIST for general-purpose digital signatures. It is being adopted across the federal government and private sector:

NIST Special Publication 800-227 (Draft, 2025) recommends ML-DSA for all new federal systems. The Department of Defense, financial institutions, and technology companies are migrating to FIPS 204-based signatures. Soqucoin is the first L1 blockchain to ship ML-DSA-44 from genesis.

ML-DSA-44 is NIST Security Level 2. The "lowest" level is Level 1 (ML-KEM-512 targets Level 1). Level 2 is the standard recommendation for digital signatures.

Calling Level 2 "the lowest" is like saying a steel vault door is "the weakest" because a bank vault exists. Both exceed the threat model. The question is whether the security level matches the use case, and for transaction signatures, Level 2 exceeds requirements by a wide margin.