This is a Post-Quantum Cryptography (PQC) fork of Hyperledger Fabric, implementing NIST-standardized quantum-resistant algorithms for enterprise blockchain security.
| Component | Algorithm | Standard | Security Level |
|---|---|---|---|
| MSP Signing | ML-DSA-65 | NIST FIPS 204 | Level 3 (128-bit) |
| CA Certificates | SLH-DSA-128s | NIST FIPS 205 | Level 1 (128-bit) |
| TLS Key Exchange | X25519MLKEM768 | NIST FIPS 203 | Level 3 (128-bit) |
Current cryptographic algorithms (ECDSA, RSA) are vulnerable to attacks from future quantum computers. This fork protects against:
- Harvest-now-decrypt-later attacks on blockchain transactions
- Future quantum computer attacks on identity certificates
- Shor's algorithm attacks on classical public-key cryptography
- ML-DSA (FIPS 204): Lattice-based digital signatures for MSP identities
- SLH-DSA (FIPS 205): Hash-based signatures for CA certificates (most conservative)
- ML-KEM (FIPS 203): Quantum-safe key encapsulation for TLS via X25519MLKEM768
- Hybrid Mode: Backward compatible with classical algorithms
- MSPv4_0: New MSP version with full PQC support
- pqccertgen: Tool for generating PQC certificates
# Build all binaries with PQC support
make native
# Build PQC certificate generator
make pqccertgen
# Build Docker images
make docker# Generate CA certificate (SLH-DSA-128s)
./build/bin/pqccertgen ca \
-algorithm SLHDSA128S \
-cn "My Org CA" \
-org "MyOrg" \
-out ca-cert.pem \
-keyout ca-key.pem
# Generate peer certificate (ML-DSA-65)
./build/bin/pqccertgen peer \
-algorithm MLDSA65 \
-ca ca-cert.pem \
-ca-key ca-key.pem \
-cn "peer0.myorg.example.com" \
-out peer-cert.pem \
-keyout peer-key.pemA complete PQC network template is available in pqc_template/:
cd pqc_template
# Start network with PQC certificates
./scripts/start-network.sh
# Deploy chaincode
./scripts/deploy-chaincode.sh
# Test the network
./scripts/test-network.shBCCSP:
Default: SW
SW:
Hash: SHA2
Security: 256
PQC:
Enabled: true
SignatureAlgorithm: MLDSA65
HybridMode: true
HybridKEMLevel: 3
CAAlgorithm: SLHDSA128S| Algorithm | Public Key | Signature | Use Case |
|---|---|---|---|
| ML-DSA-44 | 1,312 bytes | 2,420 bytes | Performance critical |
| ML-DSA-65 | 1,952 bytes | 3,309 bytes | Recommended default |
| ML-DSA-87 | 2,592 bytes | 4,627 bytes | High security |
| SLH-DSA-128s | 32 bytes | 7,856 bytes | CA certificates |
| Algorithm | Public Key | Ciphertext | Shared Secret |
|---|---|---|---|
| X25519MLKEM768 | Hybrid | Hybrid | 32 bytes |
- Go 1.25+ (native X25519MLKEM768 support)
- Docker (for container builds)
- Cloudflare CIRCL - ML-DSA implementation
- SPHINCS+ Golang - SLH-DSA implementation
- fabric-lib-go - PQC BCCSP fork
This fork is based on Hyperledger Fabric, a Graduated project under the Hyperledger umbrella.
- Source Code: Apache License, Version 2.0 (Apache-2.0)
- Documentation: Creative Commons Attribution 4.0 International License (CC-BY-4.0)