The first PQVM-native, post-quantum blockchain β quantum-safe before Q-Day, no migration needed.
Shell-Chain follows Vitalik Buterin's vision for Ethereum's quantum upgrade, but skips the migration path entirely by building a new chain with PQ cryptography as the foundation.
- π Post-Quantum Signatures β ML-DSA-65 (FIPS 204) is the primary governed algorithm; Dilithium3 remains deployed for legacy compatibility, with SPHINCS+ as a conservative fallback
- βοΈ PQVM Execution β EVM-familiar Cancun-style arithmetic, memory, storage, and control flow, with native 32-byte PQ addresses, PQTx, and PQ precompiles/opcodes
- ποΈ Native Account Abstraction β protocol-level smart accounts with built-in PQ validation, key rotation, and custom validator hooks
- 𧩠PQ Precompile Suite β 6 on-chain precompiles at
0x0001β0x0006: ML-DSA-65 verify, SLH-DSA-SHA2-256f verify, ML-DSA-65 batch verify, BLAKE3-256, BLAKE3-512, PQAddr derive - βοΈ wPoA Consensus β Weighted Proof-of-Authority with weighted proposer rotation, view-change fallback, offline/equivocation handling, economic slash weights, and finality tracking
- β‘ STARK Sig-Aggregation β Winterfell proofs compress PQ witness data, track challenges through
Open β Resolved/Slashed, and in v0.23.0 ship multi-layer (L1/L2/L3) settlement plus trie-pruning integration for lighter storage profiles. - ποΈ Storage Profiles β
--storage-profile archive|full|lightcontrols data retention; nodes auto-backfill missing history from richer peers via P2P - π οΈ Developer Ecosystem β TypeScript SDK (
shell-sdk) with viem-based PQ signers and AA transaction builders - π P2P Networking β libp2p with GossipSub, Kademlia DHT, peer scoring, and message signature verification
- π‘ Full JSON-RPC β Ethereum-shaped read namespaces (
eth_*,web3_*,net_*,debug_*) plus Shell-specific APIs such asshell_getFinalityInfoandshell_getAlgorithmRegistry, secured by TLS, rate limiting, and API keys - π³ Production Ready β Docker Compose orchestration, Prometheus/Grafana monitoring, hot backups, and TOML configuration
- π‘οΈ Security Hardened β 50+ audit findings addressed, Criterion benchmarks, and continuous fuzzing
See docs/QUICKSTART.md for a complete guide to running a local node.
# Build
cargo build --release
# Initialize a new chain
./target/release/shell-node init --datadir ./data
# Run a node
./target/release/shell-node run --datadir ./dataFor production deployments with Docker, see the Operator Guide.
Shell-Chain's long-term account model is native AA.
Accounts are identified by 0x-prefixed 64-character lowercase hex addresses β
the full 32-byte BLAKE3 hash of algo_id β public_key.
At the canonical layer (RPC, storage, consensus, signing), addresses are always
the full 32 bytes. At the revm adapter boundary, Shell-Chain maintains a
20-byte mapping layer: Address::to_alloy() takes the last 20 bytes of the 32-byte
canonical address for use with revm, and Address::from_alloy() zero-pads left
back to 32 bytes. This boundary is internal β external callers (SDK, CLI, explorer)
always see and submit the full 32-byte 0x+64-hex form.
Transaction validation follows three protocol-level paths:
- First use β derive
tx.fromfrom(algo_id, pubkey)and verify the PQ signature - Default existing account β verify
pq_pubkey_hashand the PQ signature - Custom AA account β call account-specific validator code through
validation_code_hash
This design lets Shell-Chain support key rotation and custom validation logic without introducing an ERC-4337 bundler or changing the account's address.
For the full design and current implementation status, see docs/ACCOUNT_ABSTRACTION_GUIDE.md.
βββββββββββββββββββββββββββββββββββββββββββββββ
β shell-node β
β (Node Builder / CLI) β
βββββββββββ¬βββββββββββ¬βββββββββββ¬ββββββββββββββ€
β RPC β Mempool βConsensus β Network β
βββββββββββ΄βββββββββββ΄βββββ¬ββββββ΄ββββββββββββββ€
β shell-core β
β (Block, Transaction, Account) β
ββββββββββββ¬βββββββββββββββΌββββββββββββββββββββ€
β shell-pqvmβ shell-crypto β shell-storage β
β(PQVM/revmβ (PQ Crypto) β (RocksDB) β
β adapter) β β β
ββββββββββββ΄βββββββββββββββ΄ββββββββββββββββββββ€
β shell-primitives β
β (Hash, Address, U256, Bytes) β
βββββββββββββββββββββββββββββββββββββββββββββββ
| Crate | Description |
|---|---|
shell-primitives |
Foundational types: Keccak-256, BLAKE3, H256, Address, U256, Bytes |
shell-crypto |
ML-DSA-65 primary (FIPS 204) & Dilithium3 legacy-compatible active path & SPHINCS+ fallback signing, multi-algorithm Signer/Verifier traits |
shell-core |
Block, Transaction (AA-native), Account, Receipt, EIP-1559 gas model |
shell-storage |
RocksDB backend, Merkle Patricia Trie, RLP serialization, state pruning, storage profiles |
shell-consensus |
PoA engine (default); optional wPoA extension: weight-based fork choice, BFT finality, slashing |
shell-pqvm |
PQVM execution adapter over revm for retained Cancun-style semantics, PQ precompiles, EIP-2930/4844 fields, system contracts |
shell-mempool |
Transaction pool with PQ validation, fee-priority ordering, Replace-by-Fee |
shell-network |
libp2p P2P: GossipSub, Kademlia DHT, NAT traversal, peer scoring, tx gossip |
shell-rpc |
JSON-RPC (HTTP + WebSocket), CORS, rate limiting, filters, subscriptions, debug/trace APIs |
shell-node |
Async node harness, block production, chain sync, health endpoint, Prometheus metrics |
shell-cli |
CLI binary: run, init, key, tx, account, TOML config, structured logging |
shell-genesis |
Genesis block initialization from config |
shell-keystore |
PQ keystore with argon2id + XChaCha20-Poly1305 encryption |
shell-stark-prover |
STARK proof generation and aggregation service (crates/stark-prover/) |
shell-chain/
βββ Cargo.toml # Workspace root
βββ crates/
β βββ cli/ # CLI binary and TOML config
β βββ consensus/ # Weighted PoA consensus engine and slashing
β βββ core/ # Block, Transaction, Account
β βββ crypto/ # Post-quantum cryptography
β βββ pqvm/ # PQVM/revm execution adapter and precompiles
β βββ genesis/ # Genesis configuration
β βββ keystore/ # Encrypted key storage
β βββ mempool/ # Transaction pool
β βββ network/ # P2P networking
β βββ node/ # Node harness
β βββ primitives/ # Foundational types
β βββ rpc/ # JSON-RPC server
β βββ storage/ # RocksDB storage
βββ tests/e2e/ # End-to-end tests
βββ fuzz/ # Fuzzing targets for serialization and protocols
βββ docs/ # Documentation
βββ CHANGELOG.md # Release history
βββ LICENSE # MIT
βββ README.md # This file
| Algorithm | Type | Use Case | Status |
|---|---|---|---|
| ML-DSA-65 (FIPS 204) | Lattice-based | Transaction signing (primary) | Deployed β NIST FIPS 204 |
| Dilithium3 | Lattice-based | Transaction signing (legacy-compatible active path) | Deployed β NIST Round 3 reference |
| SPHINCS+ (SLH-DSA) | Hash-based | High-security accounts (fallback) | Deployed β NIST Level 5 |
| STARKs | Hash-based proofs | Signature aggregation, storage compression | Deployed (optional, off by default in dev) |
| Kyber / ML-KEM (P2P) | KEM | Validator transport (future) | Not yet deployed β classical libp2p Noise/XX is current |
Addresses are derived as BLAKE3(algo_id || pq_public_key) β full 32 bytes,
displayed as 0x + 64 lowercase hex chars.
For details, see docs/PQ_CRYPTO_GUIDE.md.
- Quick Start Guide β run your first node in minutes
- Operator Guide β production deployment with Docker and monitoring
- API Reference β complete JSON-RPC API documentation
- PQ Crypto Guide β post-quantum cryptography details
- Native Account Abstraction Guide β 32-byte PQ addresses, validation layers, and AA rollout
- Block Pruning & Compression β storage profiles (archive/full/light), block body lifecycle, STARK compression
- STARK Aggregation β STARK aggregate proof architecture and multi-layer settlement
- Prover Guide β running a dedicated prover node
- Consensus Details β wPoA consensus engine internals
- Changelog β full release history
See CONTRIBUTING.md for guidelines.
MIT Β© ShellDAO