Algo-pqc-kit - Algorand-Native PQC Developer Toolkit

Governance Discussions
,
1

algo-pqc-kit - Algorand-Native PQC Developer Toolkit (Puya Contracts + AlgoKit SDK)

Amount Requested: 2,500 ALGO (retroactive grant)
Status: Completed & Live on Testnet
GitHub Repository: https://github.com/quantachain/algo-pqc-kit

Abstract

Algorand’s AVM v12 introduced the falcon_verify opcode — enabling on-chain post-quantum signature verification. What does not exist is a developer toolkit that makes this opcode accessible to ordinary Algorand dApp developers.

algo-pqc-kit fills this gap with an integrated set of tools:

  1. Puya smart contract libraryFalconVault, FalconLsig, and PQCDao contracts using falcon_verify natively on-chain.
  2. Python SDK / SDK Tooling — One-line Falcon keypair generation, Logic Signature derivation, M-of-N threshold co-signing, and automated transaction bootstrapping.

All work is complete and publicly available. This is a retroactive grant request for Algorand-exclusive open-source infrastructure that accelerates the ecosystem’s Post-Quantum Cryptography (PQC) migration.

Why This Matters for Algorand

The Algorand Foundation has done incredible work adding falcon_verify to AVM v12. However, for the average developer to actually adopt and integrate PQC into their applications, they need abstractions: standard threshold vaults, simple Python SDK bindings for key generation, and ready-to-use smart contracts.

Our team at QuantaLabs previously built the underlying Falcon-1024 cryptography logic - battle-tested in over 88,000+ blocks on our native L1 network, QuantaChain - and we have now brought that deep cryptographic expertise natively into the Algorand ecosystem via Python and Puya.

What is Delivered & Live Right Now

This project is not an “idea.” It is fully built and deployed today.

1. Puya Smart Contracts (AVM v12)

We have written, compiled (to ARC-32 specifications), and deployed production-ready contracts using the falcon_verify opcode:

  • FalconVault: A threshold vault that locks funds until a quorum of Falcon signers approve the release.
  • PQCDao: A full DAO structure with Falcon-gated proposals and voting.

2. Live Testnet Deployments

To prove the integration works perfectly with the Algorand Testnet box storage and the AVM v12 falcon_verify opcode, we have deployed working instances:

  • PQCDao App ID: 761821515
  • FalconVault App ID: 761821533

(Note: Box storage was successfully funded and bootstrapped with the 1793-byte Falcon-1024 public keys for on-chain threshold verification).

3. Python SDK & Deployment Scripts

The GitHub repository includes the algo-pqc-kit SDK wrappers that allow any developer to:

  • Generate valid Falcon-1024 keys.
  • Programmatically deploy the PQC Smart Contracts using algokit-utils-py v2.
  • Fund and bootstrap the massive Falcon public keys into Box storage automatically.

Funding & Next Steps

We are asking for a nominal, retroactive grant of 2,500 ALGO.

Our motivation is not financial - it is to establish our credibility as dedicated builders in the Algorand PQC ecosystem. By approving this small grant, xGovs are supporting open-source infrastructure that makes Algorand’s state-of-the-art cryptography accessible to everyone.

Thank you for your consideration! We welcome any feedback or questions from the community.

2

Even though the ask is minimal, it still needs to meet the necessary requirements, sufficient quality, and provide benefits to the community.

While I am not convinced the gap the project tries to address is as big as pruported, I could see this as a small example of how to use PQC on Algorand.

That said, the smart contract code does not exert confidence as it lacks tests.
The contracts include bugs, e.g. FalconVault gets all public_keys as input of a single call as an array. Each key is 1793 B while AVM has limitation of 2048 B for arguments, effectively enabling only one signature.

IMO even minimal asks should have show real traction and usage, not just a concept.

3

First of all, Thank you for the review, We have addressed the issues by implementing an asynchronous Multi-Transaction Session Pattern using Box Storage -

  • Keys are now loaded sequentially into Box storage via add_signer(index, pubkey) rather than an array in the create method.

  • Signers call submit_signature(proposal_id, sig) individually. The contract verifies each 1220B signature in isolation using falcon_verify and increments an approval_count inside a Proposal Box.

  • Once approval_count >= threshold, execute_release is called to dispatch the inner transaction. This completely bypasses the 2048B transaction limit, enabling infinite M-of-N threshold sizes natively on Algorand.

We have also implemented a comprehensive pytest integration suite using algokit-utils that fully tests this Box Storage aggregation pattern and ensures invalid signatures are rejected on-chain.

Regarding your point on traction - we completely understand and agree. We are absolutely okay with whatever decision the council makes here. Our core mission is simply to provide robust PQC libraries and execution layers for blockchain systems. We applied for this minimal grant as this was the minimum requirement, and we aren’t here for the funding. We will continue to open-source, maintain, and improve this toolkit as Algorand’s need for quantum resistance matures.

Thank you again for the feedback and for pushing us to make the codebase better!