AmericanFortress has released a cryptographic paper introducing a patent-pending post-quantum signature scheme for hierarchical deterministic wallets, the architecture underpinning virtually every crypto wallet in use today.
The solution requires no fund migration, no chain switch, and no new infrastructure, setting it apart from existing approaches to quantum-resistant cryptography.
The scheme replaces the classical Ed25519 signing step with a ZK-STARK proof. When spending funds, a wallet proves in zero knowledge that it possesses the original master seed and that the seed is the cryptographic origin of the address being spent from.
A quantum computer running Shor’s algorithm can reverse a child private key from a public address, but it cannot reverse a master seed from an HD-derived on-chain address, an asymmetry that forms the foundation of the scheme’s security, formally proven against quantum polynomial-time adversaries.
The public keys produced are identical to those of a standard BIP32-Ed25519 wallet following the same derivation path.
BIP32 addresses protected indefinitely via soft fork
The scheme’s most significant practical implication is its upgrade path. BIP32 addresses are protected permanently through a soft fork node and wallet software upgrade, with no action required from users. Those who want faster performance can migrate funds from BIP32 to QBIP32 addresses at their own pace, but it is never a requirement.
Pre-BIP32 wallet holders, including those holding funds in wallets such as Satoshi’s early wallets, would need to move funds themselves to either BIP32 or QBIP32 addresses before Q-Day. Any funds not moved before that threshold would be subject to chain governance mechanisms, which could move, burn, or redistribute those assets using BIP32 or QBIP32 protocols.
Split-proof architecture and current performance
The paper introduces a split-proof design separating the workload into two components: a derivation proof, computed once per master key recovery at wallet initialization and reused across all transactions, and a signing proof, computed once per spend message with a cost independent of derivation depth.
The signing proof currently runs in under 10 seconds on today’s hardware, while verification remains constant at 18 to 19 milliseconds regardless of wallet depth. Signature size is a fixed 218.4 KB.
Full proof generation at typical wallet depth currently takes on the order of minutes on commodity hardware, a limitation the paper acknowledges as intrinsic to HMAC-SHA512 inside the STARK circuit. The team has identified a path forward through split-proof pre-computation and ZK-friendly hash functions, with novel performance improvement methods expected to be presented shortly.
The current scheme applies to BIP32-Ed25519 and Edwards curve chains including Solana. A secp256k1-native construction covering Bitcoin is in active development and will be the subject of a subsequent publication.
The technology integrates with AmericanFortress’s Send-to-Name stealth address system and Confidentiality Machine compliant privacy pools, positioning AmericanFortress as the first privacy infrastructure provider to pursue end-to-end post-quantum security across naming, transaction confidentiality, and key management for all chains. It is being made available via SDK.
Featured image via Shutterstock.
