Algorand Foundation publicly inventories every primitive used at protocol level. One uncertainty: production status of Pixel multi-signatures versus BM-Ed25519 in the live consensus aggregation path is not fully documented.

PQ-safe families represented: lattice only (Falcon-1024). No hash-based (SLH-DSA / XMSS / LMS) and no code-based (Classic McEliece / BIKE / HQC) PQ scheme deployed. Cryptographic-Diversity Cap fires.

Falcon-1024 → NIST Category 5 (256-bit classical equivalent), exceeds CNSA 2.0 minimum. SHA-512/256 → AES-128 effective post-Grover. Mainnet deployment is on Falcon-1024, not Falcon-512.

Library provenance: algorand/falcon (Go wrapper) + algorandfoundation/falcon-signatures (CLI). Core C reference attributed to Thomas Pornin; deterministic-mode design by David Lazar and Chris Peikert. Constant-time coding practices claimed by Foundation (no third-party constant-time validation cited publicly). No machine-checked formal verification published. Cryptanalytic tier: Falcon Tier 3 (NIST PQC standardized); Sumhash512 Tier 4 (research-grade).

Default accounts use Ed25519. Public keys are fully revealed on first transaction. > 99% of mainnet transaction volume signs under Ed25519. Foundation/Kiln staking concentration (~20% + ~20%) means a substantial share of staked-and-active value is on already-revealed pubkeys.

Mainnet launched 2019-06; ~83 months at evaluation date. Substantial dormant supply on Ed25519 pubkeys (genesis and early-distribution wallets). Rekey primitive enables migration without changing address, but cold balances by definition do not rotate.

All historical Ed25519 transaction signatures are forgeable post-Shor. State Proofs since 2022 sign block-header summaries with Falcon-1024, providing a quantum-resistant audit trail for state attestations but not for individual user transaction signatures. Pre-State-Proof history (2019–2022) has no PQ attestation layer.

Validator gossip and RPC endpoints use standard TLS (RSA / ECDH X25519). No PQC KEM (e.g., ML-KEM / hybrid X25519+ML-KEM-768) integrated. The 'Sealed' xGov proposal (April 2026) is for app-layer ML-KEM-512 messaging, not validator transport.

Pseudonymous transparent ledger. Public addresses, public balances, public state. No native shielded transactions, no on-chain mixing.

Top-3 RPC: Algonode, Nodely, Foundation public endpoints. Moderate concentration; precise share not publicly published. Mempool gossip observable to any participant. Validator metadata retention undeclared at protocol level.

Wormhole is the primary external bridge. State Proofs enable trustless cross-chain verification (one-way: Algorand → external chain). Source-to-destination linkability across bridges is high (transparent on both sides).

Shor on the Edwards curve breaks ECVRF proofs, allowing retroactive reconstruction of sortition outcomes (which validator was selected when), revealing committee membership for past rounds. Foundation explicitly identifies VRF as a 'challenging research problem' requiring quantum-resistant replacement.

No on-chain mixer, no native commit-reveal shuffle, no integrated mixnet.

LogicSig accounts permit post-quantum signature verification (Falcon-1024) in production without a hard fork, Falcon LogicSig went live via consensus v41 (go-algorand 4.3.0, released 2025-09-16), adding falcon_verify opcode (0x85) and sumhash512 (0x86) to AVM v12. Coordinated consensus upgrades v34 → v41 over five years.

LogicSig accounts behave as native account abstraction. Rekey primitive permits any account to switch its authorizing key (including from Ed25519 to a Falcon LogicSig) without changing the address or moving funds. Active production volume exists since Nov 2025.

Coordinated protocol upgrades v34 through v41 over five years; no contested forks. Consensus v41 PQ upgrade (Sep 2025) shipped with smooth node-operator coordination.

Falcon LogicSig accounts coexist with Ed25519 default accounts on mainnet, de facto parallel-deployment hybrid at the protocol level (different accounts can choose either scheme; the same account does not co-sign with both). No documented Falcon AND Ed25519 OR-composition or AND-composition for the same signing event.

Algorand uses Falcon (stateless lattice). No stateful hash scheme (XMSS, LMS, leanXMSS) at consensus or execution. Default 15/15 per v3.1 rule.

Algorand consensus today aggregates committee votes via Ed25519 (BM-Ed25519 forward-secure ephemeral keys) and references Pixel multi-signature research for forward-secure BLS aggregation. Both are Shor-breakable. No PQ aggregation path declared, no spec, no testnet pilot. Native consensus Falcon module is on the 2026 roadmap; aggregation strategy is unpublished.

Floor estimate < 0.01% of mainnet signing traffic is PQ. State Proofs (Falcon, 140K+ certificates over 3.5 years) sign every-256-rounds; Falcon LogicSig live 2025-11-03 with no public dashboard quantifying user-tx share. Mainnet-Traffic cap fires. Score 1/25 reflects: non-zero (Falcon LogicSig in production, State Proofs run continuously) but not Stage-3-traffic material.

Falcon-verify opcode and sumhash512 opcode merged into go-algorand and shipped in v4.3.0-stable (consensus v41, 2025-09-16). State Proof signing (Falcon at protocol level) merged in 2022 (go-algorand 3.4.2). Native consensus Falcon module for block proposals/committee votes is on the 2026 roadmap, not yet in mainline.

Validators run State Proof participation keys (Falcon) alongside Ed25519 consensus participation keys, required since go-algorand 3.4.2 (2022-03). Block proposals and committee votes themselves continue to be signed with Ed25519/BM-Ed25519. Score reflects partial adoption.

5a > 0, so 5d is NOT voided. Three milestones delivered with on-chain enforcement (State Proofs 2022, AVM v12 2025-09-16, first Falcon mainnet tx 2025-11-03); three 2026 milestones announced without precise dates (native consensus Falcon, Ledger firmware support, governance toggle).

Shipped: State Proofs Falcon-1024 (2022 → ongoing), falcon_verify opcode (2025), Falcon LogicSig mainnet (2025-11-03), Falcon Signatures CLI, algorandfoundation/falcon-signatures repo. Announced: consensus Falcon, Ledger firmware, governance toggle (all 2026, no precise dates). Ratio (announced/shipped) ≈ 0.83, strong shipped substance, no deduction.

Falcon-1024 signature ~1280 bytes vs Ed25519 64 bytes ≈ 20× raw multiplier. Algorand block design absorbs Falcon LogicSig at LogicSig-program-budget level without inflating block sizes for Ed25519-only blocks (Foundation states verification < 200μs, fits within program budget). Effective per-block multiplier on a hybrid block is well below 38× because most signatures remain Ed25519.

Top-3 by Algorand-user share: Pera Wallet, Defly, Ledger HW. No top-3 wallet has published a Falcon roadmap. Pera has passkey integration via Liquid Auth (Web2 UX, not Falcon key management). Foundation states 'Ledger firmware for the larger keys' is on 2026 roadmap (Foundation roadmap item, not Ledger commitment).

Top: Wormhole (primary external bridge), Algorand State Proofs (one-way light-client outbound). Wormhole has no public PQC roadmap. State Proofs are PQ-secure outbound (Falcon-signed) for trustless cross-chain verification, but inbound bridge surfaces remain classical.

Top-3: Coinbase Custody, BitGo, Anchorage Digital, Fireblocks (all support Algorand). Coinbase published an institutional PQC position paper (2026-04-21) covering ecosystem PQC posture; no Coinbase Custody-specific Algorand migration timetable. BitGo and Anchorage have no published PQC roadmap traced.

Top-3 RPC: Algonode, Nodely, Foundation public endpoints. HSMs: validator setups use AWS KMS, YubiHSM, Thales, no Algorand-specific PQC HSM commitment. TEE attestation chains not in Algorand validator path. No PQC roadmap on any infra tile.

Pure-PoS using VRF-based committee selection from total online stake. Stake distribution (March 2026): community 80.5%, Foundation 19.5%. Major concentrations include Foundation (~20%) and Kiln (~20%). Nakamoto-style 33% threshold reached by ~2 entities in worst-case stake clustering.

Smooth coordinated upgrades v34 → v41 over five years. xGov on-chain grants platform launched mainnet October 2025. State Proofs upgrade (2022) and PQ-prep upgrade (v41, 2025) shipped to schedule. No contested forks.

Algorand Foundation publicly named as coordination lead. Cryptography team includes Chris Peikert (head of cryptography, lattice researcher) and Vinod Vaikuntanathan (scientific advisor, MIT faculty). Silvio Micali (founder, Turing Award) sets long-term cryptographic direction.

No adversarial-pressure coordination event in Algorand's history. Proactive PQ shipping (State Proofs 2022, AVM Falcon 2025) is a positive signal but not a true adversarial test.

No published rate-limit canary, no cryptographic tripwire embedded in consensus, no Hourglass-equivalent mechanism, no community honeypot for forge detection.