1. introduction
Token launches on Ethereum typically rely on one of three mechanisms: open mints (first-come, first-served), allowlists (manually curated), or auctions (price discovery). All three share a common weakness — they provide no cryptographic proof that a participant performed meaningful work or demonstrated technical capability.
PostQ introduces a fourth model: cryptographic gating. Each mint slot is unlocked only after the participant produces a valid digital signature using a post-quantum signature scheme. The signature serves as both an access ticket and a permanent on-chain record that the mint was earned through a real cryptographic operation.
2. motivation
2.1 the coming algorithm transition
In August 2024, NIST published FIPS 205 (SLH-DSA), marking the beginning of a global migration away from elliptic curve cryptography. While production systems may take years to transition, the research community has moved forward. Ethereum's own roadmap includes post-quantum considerations for account abstraction and future signature schemes.
PostQ exists at the intersection of this transition. It takes a working post-quantum hash-based verifier and uses it as the entry requirement for a token mint.
2.2 proof-of-origin vs. proof-of-work
Unlike Bitcoin's proof-of-work, which requires ongoing computational expenditure, PostQ's proof-of-origin is a one-time event. The user produces a single post-quantum signature that cryptographically binds their identity to a mint slot. This signature becomes a permanent artifact: anyone can download it and independently verify that the mint was legitimate.
3. system design
3.1 architecture overview
PostQ has three layers: a smart contract layer (on-chain), an attestation service (off-chain), and a signature verification layer (off-chain, reproducible). The separation is intentional — it keeps gas costs manageable while preserving full verifiability.
3.2 mint flow
The user requests a fresh post-quantum keypair from the attestation service. They then submit a signed message containing their Ethereum address. The service verifies the signature using its internal hash-based verifier. If valid, it produces an EIP-712 ECDSA attestation that the smart contract accepts. The user broadcasts this attestation in a single transaction.
3.3 why ECDSA on-chain?
Verifying a hash-based post-quantum signature in Solidity is technically possible but prohibitively expensive — estimated at 300k–500k gas for the test parameter set. By bridging through a trusted attestation service, we reduce on-chain verification to a single ecrecover call (~5,000 gas).
This creates a trust assumption: users must trust that the attestation service runs the verifier honestly. To mitigate this, every signature, public key, and message is stored and made publicly retrievable. Independent parties can re-verify at any time.
4. token economics
| Total supply | 7,500,000 POSTQ |
| Public mint allocation | 5,000,000 (66.7%) |
| Liquidity pool reserve | 2,500,000 (33.3%) |
| Mint slots | 10,000 |
| Tokens per slot | 500 POSTQ |
| Cost per slot | 0.0025 ETH |
| Maximum ETH raised | 25 ETH |
The LP reserve (62.5% of supply) is pre-minted at deployment to a designated wallet. These tokens are intended for pairing with ETH in a decentralized exchange liquidity pool after the public mint concludes.
5. smart contract properties
- Immutable — no proxy pattern, no admin key, no upgrade path.
- Deterministic pricing —
MINT_PRICEis a compile-time constant. - One key, one mint —
pkUsedmapping prevents replay. - Instant settlement — ETH is forwarded to the developer wallet in the same transaction. The contract never holds a balance.
- Hard cap —
MAX_SUPPLYenforced at the ERC-20 level,MAX_MINTSenforced at the gate level.
6. threat analysis
6.1 attestation service downtime
If the attestation service goes offline, no new mints can be processed. Existing mints and token transfers are unaffected. This is the primary centralization risk and the most significant tradeoff in the current design.
6.2 attestation service compromise
A compromised service could issue attestations without valid post-quantum signatures. However, every attestation is logged and publicly verifiable. A fraudulent attestation would be cryptographically detectable by any third party running the reference verifier.
6.3 quantum attacks on ECDSA
The on-chain attestation uses ECDSA, which is vulnerable to quantum attacks. This is an acknowledged limitation: PostQ demonstrates post-quantum gating, not post-quantum settlement. Full post-quantum settlement requires changes to Ethereum itself.
7. future directions
As Ethereum evolves its account abstraction and precompile ecosystem, on-chain post-quantum verification may become gas-feasible. PostQ's architecture is designed to accommodate this shift — the attestation bridge can be deprecated in favor of direct on-chain verification when costs permit. The token contract itself requires no changes; only the gate contract would need to be updated.
8. conclusion
PostQ is a working prototype that demonstrates post-quantum signature schemes can gate on-chain token distribution today. It is not positioned as a production-grade security system but as a practical experiment: every $POSTQ in existence is backed by a verifiable post-quantum signature.
The broader question PostQ raises is whether cryptographic proof-of-origin can become a meaningful primitive in token design — replacing social reputation, financial commitment, or random selection with demonstrable technical capability.
PostQ is experimental software. It is not financial advice, not an investment vehicle, and not a production security product. Code is MIT-licensed and provided without warranty.