Soundness PQ Stack

Legend

Interactive walkthrough of Soundness Post-Quantum Stack. Self-Custodial, MPC (2-of-3), and HSM modes. Toggle PQ Protected for the post-quantum NIZK proof extension.

Key generation

Derivations

MPC / DKG

HSM / Verification

Signing

PQ-NIZK proof

Confirmed

HSM + PQ: PQ-NIZK proof is generated outside the HSM boundary. The proof uses a generic info without requiring HSM firmware changes. FIPS-compliant.

Wallet

Solana

🔑

Create Your Wallet

Generate a wallet with BIP39 seed and Ed25519 key pair.

Simulates key derivation locally.

Total Balance

Amount

SOL

Network fee

✓

Transaction Confirmed

StatusFinalized

Block#187042

Sig

Balance

Sender

Recipient

Node 1

Node 2

Node 3

Recipient

User

HSM Enclave

Recipient

Phase 1: Key Derivation

Generate mnemonic (BIP39)

Derive seed
PBKDF2-SHA512(mnemonic, salt, 2048)

Derive signing key (SK)

Derive public key (PK)
pk = clamp(SHA-512(sk)[0:32]) · G

Encode address

Phase 2: Create & Sign

Create transaction

Sign transaction
sig = Ed25519.sign(tx_bytes, sk)

PQ-NIZK Proof
π = PQ-NIZK.prove(w, x)
stmt: ∃ s: Derive(s)=pk ∧ sk=SLIP10(s,path)
witness: (s, sk)

{ tx, sig, pk }

{ tx, sig, pk, π }

Phase 3: Validate & Confirm

Verify signature
Ed25519.verify(tx,sig,pk) → ✓

Verify sig → ✓

Verify π → ✓

AND

✓

Block #187042 ✓

Update balances

Phase 1: DKG

DKG share exchange

seed₁

seed₂

seed₃

sk₁=SLIP10(seed₁,)

sk₂=SLIP10(seed₂,)

sk₃=SLIP10(seed₃,)

pk=Combine(pk₁,pk₂,pk₃)

Address=

Phase 2: Threshold Sign (2-of-3)

Node 1 & Node 2 active — Node 3 offline

Create tx

σ₁=PartialSign(tx,sk₁)

σ₁

σ₂=PartialSign(tx,sk₂)

σ₂

Aggregate sig=Combine(σ₁,σ₂)

Batch PQ-NIZK Proof
π = BatchProve({seed_i,pk_i})
stmt: ∀ i∈{1,2}: Derive(s_i)=pk_i

{ tx, sig, pk }

{ tx, sig, pk, π }

Phase 3: Validate

Verify sig Ed25519.verify → ✓

Verify sig → ✓

Verify π (batch) → ✓

AND

✓

Block #187042 ✓

Update balances

Phase 1: Key Provisioning

Generate mnemonic (BIP39)

HSM ENCLAVE — FIPS 140-2

🔒 Keys never leave this boundary

Seed → SK (inside HSM)
PBKDF2 → seed → SLIP10() → sk
sk: [sealed]

PK (exportable)
pk = clamp(SHA-512(sk)) · G
pk: [exported]

Address=

Phase 2: Sign Transaction

Create tx

Sign request (tx_bytes)

HSM SIGNING

🔒 sk used internally, never exposed

sig = Ed25519.sign(tx_bytes, sk)

Return sig

PQ-NIZK Proof (outside HSM)
π = PQ-NIZK.prove(w, x)
stmt: ∃ s: Derive(s)=pk ∧ sk=SLIP10(s,path)
witness: (s, sk)

{ tx, sig, pk }

{ tx, sig, pk, π }

Phase 3: Validate

Verify sig Ed25519.verify → ✓

Verify sig → ✓

Verify π → ✓

AND

✓

Block #187042 ✓

Update balances

Key State

Sender

Chain

Recipient

Node 1

Node 2

Node 3

Chain

Recipient

User

HSM

Chain

Recipient