Post-Quantum Cryptography in Practice: How Marscoin's Approach Compares
A technical comparison of post-quantum approaches across Bitcoin-derived chains. Why Marscoin chose SPHINCS+ at the consensus level, how it differs from Bitcoin Cash's Quantumroot vaults, and what Marscoin borrows from BCH and Monero to build a quantum-resistant foundation.
Standing on the Shoulders of Working Code
Marscoin’s Quantum Upgrade Proposal is not being built in a vacuum. The best engineering starts by studying what already works, borrowing what fits, and diverging only where the mission demands it.
This article examines the design decisions behind Marscoin’s quantum-resistant upgrade — what we took from Bitcoin Cash and Monero, what we built ourselves, and why the choices differ. It is written for developers, node operators, and anyone who wants to understand not just what Marscoin is building, but why.
The Three Borrowed Foundations
1. Adaptive Block Sizing — From Bitcoin Cash
In May 2024, Bitcoin Cash activated the Adaptive Blocksize Limit Algorithm (ABLA) via CHIP-2023-04. After two years in production, it is considered settled infrastructure by the BCH community.
ABLA replaces fixed block size limits with two interacting functions:
- A control function that tracks actual block usage via an exponentially weighted moving average (EWMA). It grows slowly when blocks are full (maximum 2x/year under sustained load) and shrinks when they are not (maximum -75%/year).
- An elastic buffer that provides temporary surge capacity. It accumulates during quiet periods and gets consumed during demand spikes, allowing up to 4x/year growth in bursts. The buffer has a half-life of approximately 183 days.
- An asymmetry factor (ζ = 1.5) that makes the limit harder to push up than to pull down. An attacker must consistently fill blocks above 67% capacity to grow the ceiling, but the ceiling drops faster when they stop.
This is exactly the kind of mechanism Marscoin needs. SPHINCS+ signatures are approximately 7,856 bytes — roughly 109 times larger than ECDSA’s ~72 bytes. Under a fixed 4M weight limit, blocks could hold only ~400-500 single-input post-quantum transactions versus ~2,500-3,000 today. The chain wouldn’t break, but it would lose all headroom.
Marscoin’s adaptation: We adopt ABLA’s core algorithm with Marscoin-specific parameters — a 4M weight floor (matching our current limit for zero discontinuity at activation), a 128M temporary ceiling (conservative for a smaller chain; BCH uses 2GB), and the same growth/decay constants that BCH validated in production. We call it ABWL (Adaptive Block Weight Limit) to reflect our weight-based accounting rather than BCH’s size-based system.
The honest framing: this is not novel research. It is deliberate adoption of a battle-tested mechanism. The Marscoin Foundation believes that the best infrastructure is infrastructure that has already survived real-world conditions.
2. RandomX Mining — From Monero
Monero’s RandomX has secured a top-10 cryptocurrency for over six years with zero successful ASIC deployments. It has been independently audited by Trail of Bits, Quarkslab, Kudelski Security, and X41 D-Sec.
Marscoin vendors RandomX v2 (February 2026), which increases total operations per hash by 53%, doubles AES computations, and expands program size from 256 to 384 instructions — delivering 5-8% faster hashrates on modern CPUs while further raising the ASIC development barrier.
Why it matters for quantum: RandomX is primarily a mining fairness upgrade — it replaces Scrypt ASIC dominance with CPU-egalitarian mining aligned with the general-purpose computing hardware available on a Mars colony. The quantum defense angle for proof-of-work is weaker: Grover’s algorithm gives only a quadratic speedup on hash preimages, addressable by doubling hash output size rather than changing algorithms. We include RandomX in the quantum upgrade because it completes the unified security model — post-upgrade, zero elliptic curve primitives remain anywhere in the Marscoin protocol stack.
3. SPHINCS+ Signatures — From NIST and the Quantum Resistant Ledger
This is where Marscoin’s path diverges from both Bitcoin and Bitcoin Cash.
The Core Decision: SPHINCS+ vs. Quantumroot
In May 2026, Bitcoin Cash activated its own post-quantum solution: Quantumroot, developed by Jason Dreyzehner. It is the first post-quantum vault system deployed on a Bitcoin-derived chain’s testnet (Chipnet). Marscoin’s approach differs fundamentally.
How Quantumroot Works
Quantumroot implements the LM-OTS signature scheme (RFC 8554) inside Bitcoin Script, using SHA-256 hash operations and new 2026 CHIP opcodes (bounded loops, reusable functions, bitwise operations). Key properties:
- No hard fork required. The quantum-safe vault is a smart contract, not a consensus change. Anyone can start using it without a network-wide upgrade.
- ~1.5 KB per UTXO with cross-input aggregation — significantly more compact than raw SPHINCS+ signatures.
- LM-OTS is a one-time signature scheme. Each signing key can produce exactly one valid signature. Reusing a key to sign a second message compromises the private key.
How Marscoin’s SPHINCS+ Works
Marscoin implements SPHINCS+ (SLH-DSA, FIPS 205) as a native consensus primitive — a new witness version (v2) with its own verification rules, address format (mars1z...), and sighash computation. Key properties:
- Hard fork required. The new witness version is a consensus change. All nodes must upgrade.
- ~7.9 KB per input — larger than Quantumroot, accommodated by adaptive block sizing.
- SPHINCS+ is stateless. A signing key can produce an unlimited number of signatures. There is no key reuse catastrophe.
Comparison
| BCH Quantumroot | Marscoin SPHINCS+ | |
|---|---|---|
| Crypto primitive | LM-OTS (RFC 8554) | SPHINCS+ (SLH-DSA, FIPS 205) |
| Security basis | SHA-256 only | SHA-256 only |
| NIST category | Category 5 (256-bit classical, 128-bit quantum) | Category 1 (128-bit quantum) |
| Implementation layer | Bitcoin Script (CashVM) | Native consensus (witness v2) |
| Requires hard fork | No | Yes |
| Stateless | No — one-time signatures; key reuse = compromised | Yes — unlimited signatures per key |
| Signature size | ~1.5 KB per UTXO (aggregated) | ~7.9 KB per input |
| User safety burden | High — wallet must enforce key progression | Low — standard key model |
| Coexistence with legacy | Hybrid (ECDSA + vaults coexist) | Clean break (EC primitives eliminated) |
Why the Approaches Differ
The difference is not about which cryptography is “better.” Both rest on SHA-256. The difference is about what each chain can coordinate.
Bitcoin Cash is a large, decentralized network where hard forks require extensive community consensus. Building quantum resistance as a permissionless smart contract — something anyone can opt into without a network upgrade — is pragmatic for that environment. The tradeoff is that safety depends on wallet software correctly managing one-time keys, and legacy ECDSA addresses remain part of the protocol indefinitely.
Marscoin is a small, mission-driven community that can coordinate hard forks. This allows a cleaner design: replace ECDSA entirely at the consensus level, eliminate all elliptic curve primitives, and give users a signature scheme that works exactly like the one they’re used to — just quantum-safe. The tradeoff is that everyone must upgrade, and signatures are larger.
For a chain designed to operate on Mars — where emergency software patches face 4-to-24-minute communication delays and user support infrastructure is minimal — the stateless, foolproof approach is the better fit. You want the simplest possible signature scheme that cannot be broken by user error.
The Unified Security Model
Post-upgrade, Marscoin’s entire cryptographic surface is hash-based:
| Layer | Current | Post-Upgrade |
|---|---|---|
| Mining | Scrypt (ASIC-dominated) | RandomX (AES + SHA-256 + general computation) |
| Signatures | ECDSA (secp256k1 — Shor-vulnerable) | SPHINCS+ (SHA-256 only) |
| Address derivation | Hash of EC public key | Hash of SPHINCS+ public key |
| Key exchange | N/A | N/A |
No Shor-vulnerable primitives remain. This is the cleanest possible quantum-resistant design for a UTXO chain.
Bitcoin Cash achieves a similar goal for users who opt into Quantumroot vaults, but legacy ECDSA coexists indefinitely. Bitcoin (BTC) is still debating BIP-360 and has not shipped any post-quantum capability. Ethereum’s roadmap includes lattice-based signatures but no timeline.
What Marscoin Builds Itself
While the block sizing and mining algorithms are adopted from proven implementations, the post-quantum signature integration is original work:
- Vendored liboqs backend: Pinned snapshot of Open Quantum Safe’s liboqs library (v0.15.0), compiled with only the SPHINCS+ SHA2-128s algorithm for minimal binary size. Build-gated behind
--enable-pq-oqs-vendor. - Deterministic Known Answer Tests: A custom xorshift64 RNG with ASCII seeds (
MARSQNET,SIGNATUR) produces reproducible test vectors validated in CI on every commit. - Scaffold-first development: Every component ships non-activating first — format parsers, type definitions, test vectors — before consensus wiring. This allows review and testing of each layer independently.
- Witness v2 (P2WPQH): A new witness version with dedicated address format (
mars1z...), sighash computation, and verification rules. The output commits toSHA256(parameter_set_id || public_key), hiding the public key until spend time.
The code is open and available on the feature/quantum-upgrade branch of the Marscoin Core repository.
Current Status
As of April 2026, five pull requests have been merged into the quantum upgrade integration branch:
| Layer | Status |
|---|---|
| SPHINCS+ crypto backend (liboqs) | Done — keygen, sign, verify working with deterministic KATs |
| SPHINCS+ scaffold types & format validation | Done |
| PQ address prefix detection | Scaffolded — mars1z... format recognized |
| RandomX v2 vendoring & consensus profile | Done — marsqnet devnet producing blocks |
| Wallet migration status RPC | Scaffolded — read-only planning tool |
| Adaptive block weight limit (ABWL) | Specified — based on BCH ABLA |
| PQ witness v2 consensus integration | Specified — implementation next |
| Difficulty recalibration for RandomX | Not started |
| UTXO recycling rules | Not started |
| Governance treasury | Not started |
The full Quantum Upgrade Proposal details the complete roadmap.
Conclusion
The quantum threat to elliptic curve cryptography is no longer theoretical. Google’s March 2026 research demonstrated private key derivation from exposed public keys in approximately nine minutes. NIST has finalized post-quantum standards and federal agencies are required to submit migration plans.
Marscoin’s response is not to invent everything from scratch. It is to take the best proven mechanisms — BCH’s adaptive block sizing, Monero’s RandomX mining, NIST’s SPHINCS+ signatures — and combine them into a coherent, conservative, unified upgrade.
The result is a chain with no elliptic curve dependencies, CPU-egalitarian mining, adaptive capacity, and the simplest possible post-quantum signature model: stateless, hash-based, and foolproof.
For a cryptocurrency designed to function on another planet, that conservatism is a feature.
This article reflects the Marscoin Foundation’s technical analysis as of April 2026. The quantum upgrade is under active development on the feature/quantum-upgrade branch. Community discussion: martianrepublic.org.
For the full proposal, see the Quantum Upgrade Proposal. For the testnet announcement, see Marsqnet Is Live.
