• The structure uses a ZK-STARK proof in place of the traditional Ed25519 signature phase.
  • The method eliminates the attack vector quantum computers offer to current public-key encryption by using zero-knowledge proofs to prove seed ownership at the point of spend.

Researchers at AmericanFortress deliver an formally proven upgrade route for the wallet infrastructure that is now in use by hundreds of millions of users.

Sheridan, WY: Today, AmericanFortress published a cryptographic paper outlining a patent-pending post-quantum signature strategy for hierarchical deterministic wallets, which are the foundation of almost all current cryptocurrency wallets.

Without forcing users to transfer money, switch chains, or implement new infrastructure, the method eliminates the attack vector quantum computers offer to current public-key encryption by using zero-knowledge proofs to prove seed ownership at the point of spend.

What the Scheme Does?

The structure uses a ZK-STARK proof in place of the traditional Ed25519 signature phase. When a wallet spends money, it demonstrates in zero knowledge that it has the original master seed and that the seed represents the address’s cryptographic origin. A child private key may be reversed from a public address by a quantum computer using Shor’s method. A master seed from an HD generated on chain address cannot be reversed. The security of the technique is based on this imbalance, which has been explicitly shown against quantum polynomial-time attackers.

Crucially, using the same derivation method, the public keys generated are exactly the same as those of a typical BIP32-Ed25519 wallet. No new chain, key re-registration, or address migration.

Split-proof Architecture

The paper presents a split-proof design that divides the workload into two independent parts: a signing proof that is computed once per spend message and has a cost independent of derivation depth, and a derivation proof that is computed once per master key recovery from seed at wallet initialization and reused across all transactions.

Regarding Present Performance

On commodity hardware, full proof creation at a common wallet depth presently takes a few minutes. Split-proof pre-computation and ZK-friendly hash functions are identified as the solution to this recognized shortcoming inherent in HMAC-SHA512 within the STARK circuit. With current hardware, the signature proof vs. HMAC-SHA512 HD derivation takes less than ten seconds. Regardless of wallet depth, verification always takes 18–19 milliseconds. The signature size is set as 218.4 KB. In a short while, the team will introduce innovative performance-enhancing techniques that, even with current technology, don’t alter the user experience.

Regarding Bitcoin

The present approach is exclusive to Edwards curve chains, including Solana, and BIP32-Ed25519. On the other hand, a secp256k1-native construction is currently in development and will be covered in a later publication. Wallets that calculate key pairs directly rather than via a derivation process are the only funds that cannot be protected against quantum theft like Satoshi’s early wallets using this new approach.

AmericanFortress is the first privacy infrastructure provider to pursue end-to-end post-quantum security across naming, transaction confidentiality, and key management for all chains thanks to the technology’s native integration with the company’s Send-to-Name stealth address system and Confidentiality Machine compliant privacy pools. The solution is being implemented directly in AmericanFortress’s own wallets and custody systems and made accessible via SDK.

Acknowledgement

AmericanFortress would like to express its gratitude to the following team members for this innovation and its implementation: Chief Architect Justus Ranvier, Senior Cryoptographer Vincenzo Botta, Chief Cryptographer Emmanuel Ragnoli, Patents/Legal Richard Topolewski, and CEO/CTO Michal Pospieszalski. Additionally, I would want to express my gratitude for the cited research from previous studies that this much depended upon.