QBit SmartChain: A ZK-Native Post-Quantum Blockchain Protocol
Achinta Das, Tumukunde Arnold & the QBit Core Team
30,000 TPS
Throughput
~3s
Finality
120-bit
Security
~27×
Compression
Abstract
QBit SmartChain is a Layer 1 blockchain that uses ZK-STARK proof aggregation to make post-quantum cryptography practical at scale. Instead of gossiping ML-DSA-65 signatures directly, Sentries batch transactions, verify signatures locally, and produce compact STARK proofs. Validators only verify proofs, cutting ingress bandwidth by ~27×.
The protocol targets 30,000 TPS with ~3s consensus finality at a 120-bit post-quantum security floor. The entire cryptographic stack is post-quantum: ML-DSA-65 for signatures, ML-KEM-768 for encryption, Poseidon2 for in-circuit hashing, SHA3-256 for out-of-circuit hashing, and ZK-STARKs for proofs.
QBit also supports QChains, sovereign application-specific blockchains that inherit the base layer's security and finality. Cross-chain messaging works through Merkle proof verification against the shared DAG. No bridges, no relayers, no challenge periods.
Contents
1. The Post-Quantum Bandwidth Trilemma
Post-quantum signatures are large. ML-DSA-65 signatures run 3,293 bytes each, roughly 51x bigger than Ed25519's 64 bytes. At 30,000 TPS with a GossipSub mesh degree of D=8, each validator would need to ingest about 6.3 Gbps of signature data. That's datacenter-grade bandwidth for every node in the network.
This creates a trilemma: you can have post-quantum security, high throughput, or decentralization. Pick two. Most approaches sacrifice one. QBit's thesis is that ZK proof aggregation breaks the trilemma by collapsing thousands of large signatures into a single compact proof.
A batch of 1,000 ML-DSA-65 signatures (3.3 MB) compresses to a single ~147 KB STARK proof. Validators verify the proof in ~20ms instead of checking each signature individually. Total validator bandwidth drops to ~237 Mbps, which commodity 500 Mbps fiber handles comfortably.
5. ZK-STARK Proof System
QBit uses ZK-STARKs over the Goldilocks field (p = 2⁶⁴ − 2³² + 1). STARKs are hash-based with no trusted setup, and their security relies only on collision-resistant hashing, not elliptic curve assumptions.
Each batch proof covers approximately 1,000 transactions. The constraint budget per ML-DSA-65 signature verification is 56,000–73,000 constraints, with an additional 5,000–9,000 for state transitions. Effective total: 61,000–82,000 constraints per transaction.
Proof Parameters
Proof Size Breakdown
Recursive epoch compression runs hourly. A Checkpoint Aggregator sentry produces a recursive proof over all batch proofs in the epoch (12 recursive layers, ~15–25 minutes on 4x RTX 4090). Light clients only need the latest epoch proof (~200–300 KB) to verify the full chain state. After 10 recursive steps, the soundness error is ~2⁻¹²⁰, which sets the protocol's 120-bit security floor.
6. Data Availability
Data availability uses FRI-based polynomial commitments over the Goldilocks field. No trusted setup. Data is Reed-Solomon encoded with blowup factor ρ=8, meaning an attacker must withhold over 87.5% of evaluations to hide data.
Each validator samples 30 random query positions per block, derived from the epoch seed. DA chunks are distributed and attested before proofs are accepted (concurrent with proving, not sequential). A DA certificate requires attestations from validators representing over 2/3 of total stake weight.
Only 1/8 of the encoded chunks are needed for full reconstruction, making the scheme resilient to partial data loss.
9. Token Economics
QBIT has a hard cap of 1 billion tokens. 500 million are allocated at genesis, and 500 million are emitted algorithmically over time. The emission schedule uses convergence-guaranteed parameters, meaning the cap is mathematically enforced, not just a promise.
Genesis Allocation
All base transaction fees are permanently burned. Priority fees (tips) go to Sentries. A 10% protocol treasury tax is deducted from block rewards before validator distribution. At sustained high adoption (≥20,000 TPS), annual burns exceed remaining emissions, making QBIT net deflationary within 3–5 years.
Fee Schedule
10. Security Analysis
The protocol is safe as long as fewer than 1/3 of validators (by stake weight) are Byzantine. With a target of 256 validators and a minimum stake of 10,000 QBIT, an attacker would need to control at least 86 validators, locking up a minimum of 860,000 QBIT.
Epoch transitions maintain at least 2/3 overlap between consecutive validator sets (96.9% overlap at maximum churn rate). The churn limit is max(4, N_active/65,536) validators per epoch, roughly 1.5% per hour at N=256.
Security Budget
The MEV-resistant encrypted mempool uses ML-KEM-768 committee encryption with (12,21) Shamir threshold secret sharing. A 21-member committee per epoch ensures no single party can decrypt pending transactions.
11. Governance
Protocol upgrades are governed on-chain. Proposals require a bond of at least 100,000 QBIT, a 7-day voting period, and 4% quorum of total supply. One staked QBIT equals one vote, and votes are delegatable.
A hysteresis mechanism prevents rapid parameter oscillation: each governance-controlled parameter can only change by ±20% per action, with a 90-day cooldown between changes to the same parameter. Emergency actions require a 2/3 supermajority.
Read the Full Paper
The complete whitepaper includes formal proofs, circuit analysis, and detailed parameter derivations.
Explore by Topic
Each section of the whitepaper has a dedicated page with interactive diagrams and expanded explanations.