Inventory clearly reconstructible from celestia-app and celestia-core specs and from Cosmos SDK documentation. NMT + Merkle commitment, NOT KZG, Celestia's commitment layer does not use pairings.

0 PQ families. Two classical signature families (Edwards-curve EdDSA at consensus, Weierstrass-curve ECDSA at the account layer) plus one non-cryptographic erasure-coding family, none PQ-safe.

Ed25519 ≈ 128-bit classical / 0-bit post-Shor; secp256k1 ECDSA ≈ 128-bit classical / 0-bit post-Shor; SHA-256 ≈ 128-bit post-Grover; X25519 ≈ 128-bit classical / 0-bit post-Shor. No NIST PQC category mapped because no NIST PQC primitive is in scope.

CometBFT consensus has a TLA+ specification and machine-checked safety proofs; Informal Systems applies Quint specification language, Apalache model checker, and Atomkraft E2E testing in its Celestia audits. Constant-time: Go crypto/ed25519 is constant-time. Library provenance: in-tree under celestiaorg/celestia-app, celestiaorg/celestia-core, celestiaorg/celestia-node, celestiaorg/nmt, celestiaorg/rsmt2d. Stateless. Cryptanalytic tier 1 (mature classical EC + SHA-2). Audits performed by Informal Systems and OtterSec on celestia-app, op-stack integration, Blobstream X, and SP1 Blobstream.

celestia1... accounts derive from a secp256k1 pubkey hash; pubkey is published on-chain on first outbound tx. Validator Ed25519 consensus pubkeys are public by construction. The DA-layer specificity: Celestia is the consensus authority for blob attestations consumed by 56+ rollups, so Forge of validator Ed25519 keys does not just compromise TIA, it lets an attacker forge historical Celestia headers that downstream rollups treat as canonical for state-root reconstruction and IBC light-client trust.

Mainnet Beta launched 2023-10-31; chain is ~30 months old at evaluation. Foundation Delegation Program directs Foundation stake to ~50 of the 100 validator slots, meaning a structural fraction of TIA stake sits in delegated-but-cold wallets whose pubkeys are revealed on-chain via delegation transactions. Initial $55M Series B (2022-10) plus $100M Bain-led round (2024-09) brought total funding to $155M; investor and team allocations vest on multi-year schedules.

Celestia's structurally heaviest sub-score and the reason a DA L1 is qualitatively different from a settlement L1. Every historical Ed25519 validator vote and every secp256k1 account signature is forgeable after CRQC. Celestia validators sign data-root commitments (the Merkle root of NMT-rooted erasure-coded blobs) for every block. 56+ downstream rollups using Celestia DA across OP Stack, Arbitrum Orbit, Polygon CDK, and custom frameworks use those validator-signed commitments as the trust anchor. A CRQC adversary can forge a valid Celestia header against any rollup or IBC light client trusting historical Celestia validator-set state.

CometBFT p2p secret-connection uses X25519 ECDH for transport encryption between validators (Shor-vulnerable). RPC/REST endpoints (top providers Celestia official RPC, Numia, Lavender.Five, BlockPI, Ankr) use standard TLS with classical X25519/RSA/ECDH key agreement. No hybrid PQ KEM deployed.

Fully transparent ledger; celestia1... addresses pseudonymous; PayForBlobs transactions publish blob namespace, size, fee, signer pubkey, and the Merkle commitment to the blob shares. Blob payload contents are determined by the rollup that posted them and may themselves be encrypted by the rollup, but the rollup-identity-to-blob-namespace mapping is trivially observable.

Top public RPC endpoints concentrated among a handful of operators (Celestia official rpc.celestia.pops.one, Numia, Lavender.Five, BlockPI, Ankr); Mocha testnet and Arabica devnet RPCs run by core team and select infra partners. Mempool gossip observable to any validator-grade node. Foundation Delegation Program concentrates ~50% of delegated foundation stake among 50 validators.

IBC channels link Celestia to ~10+ Cosmos zones with ICS-20 fungible-token transfers (TIA flows trivially traceable). Blobstream / SP1 Blobstream relays Celestia data-root commitments to Ethereum, Arbitrum, and Base on an hourly cadence, producing a permanent on-chain correlation surface. Lotus upgrade (v4, 2025-07-28) integrated Hyperlane as a Cosmos SDK module, adding a second persistent cross-chain correlation surface.

Celestia at the protocol layer does not publish encrypted payload data, ZK-shielded transactions, or DL-based ring signatures at the consensus level. Confidentiality risk from Shor on its curves is limited to long-term cryptographic identity correlation rather than payload decryption, payloads are public blobs by design.

None at protocol level. No mixnet, no commit-reveal shuffle, no on-chain anonymity primitive in celestia-app or celestia-core.

CometBFT's priv_validator_key.json schema and cometbft init --key-type flag support multiple validator-key types in principle; Tendermint historically supported only Ed25519 validator keys, and that constraint persists in celestia-core. Cosmos SDK crypto/keys is modular at the account layer. CIP-40 (part of Matcha) extended the privval interface for arbitrary-message signing, useful for any future multi-key validator path, though not itself a PQ migration.

x/authz (delegated authorization) and x/feegrant (fee delegation) are inherited from Cosmos SDK. Cosmos SDK ADR-016 specifies validator consensus key rotation; the Olympus (v0.52) Cosmos SDK release introduced consensus-key-rotation. No native account abstraction comparable to ERC-4337 / EIP-7702 / Starknet AA. No documented client-layer PQ migration path. No CIP for hybrid signing.

Coordinated upgrades sustained: Lemongrass (v1, mainnet 2024-09), Ginger (Arabica activation 2024-11-05), Shwap (data-syncing protocol upgrade, 2024-Q4), Matcha (v6, mainnet 2025-11-24, 128MB block target, inflation 5%→2.5% via CIP-41, IBC/Hyperlane token-filter removal, privval interface extension), Lotus (v4, mainnet 2025-07-28, Hyperlane integration). All upgrades executed without contested forks. CIP process formalized via celestiaorg/CIPs repo.

No Celestia CIP for a hybrid Ed25519+PQ scheme. CometBFT inherited from Tendermint hard-codes Ed25519 at the consensus layer; a hybrid validator-key path requires either upstream CometBFT changes or a Celestia-specific fork. DoraFactory's external tendermint-pqc and cosmos-pqc repositories demonstrate a Dilithium drop-in (not hybrid) on a research fork. The Matcha CIP-40 privval interface extension for arbitrary-message signing is the closest live primitive that could host a hybrid signer, although not designed for this purpose.

N/A by default, no stateful hash scheme in scope; stateless schemes score full per v3.1 rubric.

N/A, Celestia consensus uses CometBFT default Ed25519 non-aggregating signatures per celestia-core spec. The Tendermint BLS-aggregation feature request was closed as not planned in the upstream CometBFT lineage. BLS is not in Celestia's consensus path. SP1 Blobstream uses Groth16-pairing inside the EVM verifier on the Ethereum side, but that is an EVM-side primitive, not Celestia consensus.

0% of Celestia validator votes, account signatures, blob commitments, or Blobstream attestations on Celestia mainnet are produced under any PQ primitive.

No PQC scheme merged into celestiaorg/celestia-core (the CometBFT fork) main branch. No PQC scheme merged into celestiaorg/celestia-app main crypto/keys. No CIP filed proposing PQC merge. DoraFactory tendermint-pqc and cosmos-pqc exist as external research repositories targeting upstream Tendermint/Cosmos SDK, not Celestia's celestia-core.

All 100 active Celestia validators use Ed25519 consensus keys per CometBFT default. No validator has registered a PQC consensus key (the schema does not allow it without a celestia-core change).

VOIDED to 0 per v3.1 rule (5a = 0). The public Celestia roadmap blog post and the CIP repository contain no PQ-specific dated milestones, no flag-day, no sunset date, no PQ-validator-key registration deadline.

Announced PQC trailing-12-month from Celestia Foundation / Celestia Labs / Celestia blog: 0 official communications. Shipped PQC: 0. No washing detected.

No PQ deployment, no published bytes-per-block analysis under any PQ scheme for Celestia. Particularly live concern given block-size scaling toward 128MB (Matcha) and the 1GB roadmap target, multiplier numbers under ML-DSA-44 (~38× raw) or SLH-DSA-128s (~110–125× raw) would interact with block-time and propagation-reactor design. Undisclosed.

Top-3 wallets for Celestia accounts: Keplr, Leap, Cosmostation (Ledger HW supported via these wallets for cold storage). None publishes a Cosmos-account PQC roadmap. Ledger has internal PQC research but no shipped PQ-signing for Cosmos accounts.

Top-3 bridges in Celestia flow: Blobstream / SP1 Blobstream (Ed25519 verification via Groth16 SNARK in the EVM verifier; pairing-based and Shor-vulnerable on the EVM side), IBC (light-client model, Ed25519 verification, classical), Hyperlane (Lotus-integrated, classical secp256k1/Ed25519 ISM by default). None publishes a PQC roadmap. SP1 Blobstream's 'succinctness' is not 'post-quantum.'

Top-3 institutional custodians supporting TIA: Coinbase Custody, Anchorage Digital (federally chartered, supports Celestia delegation directly from vaults), Kraken (custody + staking). None publishes a Celestia-specific PQC roadmap. None has MPC-PQ in production for TIA signing.

Top RPC providers for Celestia: Celestia official RPC, Numia, Lavender.Five, BlockPI, Ankr. None publishes PQ-enabled RPC TLS. HSMs typically used by validators: Horcrux (Strangelove threshold-signing), YubiHSM2, Ledger HW, AWS KMS via celestiaorg/aws-kms-keyring. None offer PQ signing for Ed25519/secp256k1 in production. TEE attestation chains not in Celestia's validator stack.

100 active validators (the active set is hard-capped at 100 highest-staked). Reported Nakamoto coefficient = 8 per Nakaflow real-time tracker (2026-04-29), top-8 validators control ≥33% stake. Foundation Delegation Program directs Foundation stake to 50 of the 100 slots. Client diversity weak: nearly universal celestia-app / celestia-core (no second consensus client).

Lemongrass, Ginger, Shwap, Matcha, Lotus all executed in the 2024–2025 cadence. Matcha included emergency patches for two network issues (claim-rewards-after-stake-move, broken ICA functionality). The CIP process is formalized in celestiaorg/CIPs and CIP-42 was the umbrella for Matcha's six numbered CIPs. No precedent of a contested fork.

Celestia Labs (engineering): Mustafa Al-Bassam (CEO, also Chair of Celestia Foundation board), Ismail Khoffi (CTO, former Tendermint engineer), John Adler (board, former ConsenSys L2 researcher). Celestia Foundation (Liechtenstein-domiciled, governing council of four). Clear named ownership of the protocol, foundation, and roadmap. No named PQC migration lead, no Celestia Foundation post, no CIP author, no roadmap entry assigning ownership of a quantum-readiness track.

Chain has been live ~30 months; no precedent of a coordinated cryptographic-primitive change while under attacker pressure. CIP-41 (inflation reduction 5%→2.5% in Matcha) and the Proof-of-Governance research thread demonstrate governance functions on contested economic questions, but neither has the security-emergency profile.

No canary, honeypot, rate-limited spending rule, or cryptographic tripwire on Celestia.