Reconstructible from crypto-org-chain/cronos go.mod (CometBFT v0.38.20 fork, Cosmos SDK v0.53.4 fork, evmos/ethermint fork, go-ethereum v1.15.11 fork). Not enumerated in any Cronos-authored spec.

0 PQ families. Two classical EC families in use, but neither is PQ-safe.

secp256k1 ECDSA ≈ 128-bit classical / 0-bit post-Shor; Ed25519 ≈ 128-bit classical / 0-bit post-Shor; Keccak-256 / SHA-256 ≈ 128-bit post-Grover. No NIST PQC primitive mapped.

CometBFT carries a TLA+ specification from upstream Tendermint; go-ethereum and Ethermint forks have no machine-checked PQ-relevant proofs. Standard Go crypto/ed25519 constant-time; secp256k1 via btcec constant-time. Cronos forks every major upstream via go.mod replace-directives, adds maintenance surface. Stateless. Cryptanalytic tier 1.

Cronos EVM EOAs follow standard go-ethereum / Ethermint pattern: address = keccak256(uncompressed_secp256k1_pubkey)[12:]. Pubkey is Shor-recoverable from any signed transaction. Supply concentration is exchange-heavy: Crypto.com Exchange / foundation / treasury wallets hold the largest CRO share.

Accounts that never signed retain address-as-keccak256-hash protection. EOAs that signed once expose pubkey indefinitely. Mainnet beta launched 2021-11-08, ~54 months at evaluation. Crypto.com custody concentration adds correlated cold-key risk.

Every historical Ed25519 validator vote and secp256k1 EVM signature is forgeable post-CRQC. IBC channels rely on Ed25519 validator-set signatures for light-client header verification, a CRQC adversary can forge valid-looking historical Cronos headers against any Tendermint light client. Crypto.com Bridge and LayerZero bridge attestations extend sig-validity exposure further.

CometBFT p2p secret connection uses X25519 ECDH for validator transport (Shor-vulnerable, HNDL scope). RPC / REST endpoints (Crypto.com-operated plus Ankr, QuickNode, GetBlock) use standard TLS with classical X25519 / RSA / ECDH. No hybrid PQ KEM deployed anywhere in Cronos transport.

Fully transparent EVM ledger. Cronos addresses (0x...) pseudonymous; Cronoscan and Mintscan provide full historical analytics. IBC packet receipts and bridge events make cross-chain flow trivially linkable.

Public RPC concentrated among Crypto.com-operated endpoints (evm.cronos.org, cronos-rpc.crypto.org) plus Ankr, QuickNode, GetBlock, NodeReal. Crypto.com runs the dominant share via the foundation-issued DeFi Wallet defaulting to Crypto.com endpoints. With 33 invited validators, the mempool surface is concentrated.

Cronos has dense bridge connectivity: IBC (Cosmos zones), Crypto.com Bridge, LayerZero. Each surface enables source-to-destination correlation. Crypto.com Exchange acts as a primary fiat / CEX on/off-ramp, adding KYC-linked correlation at the boundary.

Cronos publishes no encrypted payload data, ZK-shielded transactions, or DL-based ring signatures at the chain level. Confidentiality risk under Shor is limited to identity-linkability rather than payload decryption.

None at protocol level.

CometBFT (forked v0.38.20) supports --key-type for validator consensus key selection (Ed25519 default, secp256k1 selectable); Cosmos SDK crypto/keys is modular. Cronos inherits both. No production agility move on Cronos itself within 5 years: V6 was an infrastructure bump, not a primitive change. EVM precompile additions follow go-ethereum; no PQ precompile added.

Chain level: ADR-016 consensus-key-rotation inherited from Cosmos SDK upstream. EVM-account level: ERC-4337 contracts deployable but no documented Cronos-specific AA bundler / paymaster ecosystem from the foundation, and no foundation announcement of EIP-7702 enablement. The go-ethereum fork at v1.15.11 is post-Pectra upstream, EIP-7702 opcodes are present in the binary, but Cronos has not announced enablement at chain level.

V4, V5, V6 mainnet upgrades sustained (CometBFT v0.38 + Cosmos SDK v0.50 family); 2025–2026 roadmap documents block-time-to-0.5s and 90%-gas-fee-reduction upgrades. Crypto.com-led governance executes smoothly; the 33-invited-validator model makes upgrade coordination a foundation operation. No publicly contested fork.

Architecturally, Cosmos SDK + CometBFT + Ethermint supports a hybrid validator key, constructible in principle. No spec, ADR, or roadmap item from Cronos for hybrid Ed25519+PQ or secp256k1+PQ. No Cronos-specific PQ R&D published.

N/A by default, no stateful hash scheme in scope; stateless schemes score full per v3.1 rubric.

N/A, Cronos uses CometBFT default Ed25519 non-aggregating signatures at consensus. Per v3.1 rubric, 4f is N/A for non-aggregating-signature consensus chains.

0% of validator votes or EVM EOA signatures on Cronos mainnet under a PQC primitive.

No PQC scheme merged into crypto-org-chain/cometbft, crypto-org-chain/cosmos-sdk, crypto-org-chain/ethermint, or crypto-org-chain/go-ethereum forks. No PQ-related branch, PR, or feature flag in crypto-org-chain/cronos repository.

All 33 active Cronos validators (invitation-only, vetted by Cronos team and existing validators) use Ed25519 consensus keys per CometBFT default. No validator has registered a PQC consensus key.

VOIDED to 0 per v3.1 rule (5a = 0). The Cronos 2025 Whitepaper and 2025–2026 roadmap headline tokenization (RWAs), AI agents, and infrastructure scaling, they contain no PQC milestone, no flag-day for classical-key sunset, no PQ-validator-key registration deadline.

Announced PQC trailing-12-mo from Cronos / Crypto.com Labs: ~0 official communications mentioning post-quantum, PQC, NIST FIPS 203/204/205, or quantum migration. Shipped PQC: 0. No washing detected.

No PQ deployment, no published bytes-per-block analysis under any PQ scheme. Undisclosed.

Top-3 wallets: Crypto.com DeFi Wallet (foundation-issued, secp256k1), MetaMask, Ledger HW. None publish a Cronos-specific PQC roadmap. Crypto.com DeFi Wallet has no public PQC posture. Ledger has internal PQC research at Ledger Donjon but no shipped PQ-signing for Cronos.

Top-3 bridges: Crypto.com Bridge (Crypto.com-operated EVM bridge, classical multisig + secp256k1), IBC (light-client model, Ed25519 verification, classical), LayerZero (DVN-based omnichain messaging, classical secp256k1 / BLS). None publish a PQC roadmap.

Top-3 custodians: Crypto.com Custody (foundation-affiliated; received initial U.S. federal-charter approval for a regulated crypto custodian bank in 2026), Coinbase Custody, BitGo. MPC-PQ for secp256k1 signing not in production for CRO at any of the three.

Top RPC providers serving Cronos: Crypto.com-operated cronos-rpc.crypto.org and evm.cronos.org, plus Ankr, QuickNode, GetBlock, NodeReal. None publish PQ-enabled RPC TLS. Validator HSMs: standard YubiHSM2 / Ledger / AWS KMS, no PQ signing in production. TEE attestation chains not declared.

33 invitation-only validators, vetted by Cronos team and existing validators. Nakamoto coefficient structurally low, a permissioned set of this size with concentrated Crypto.com-aligned voting power implies a coefficient in low single digits. Client diversity: monoculture (single CometBFT fork, single go-ethereum fork).

V4, V5, V6 upgrades coordinated cleanly via on-chain governance + invited-validator coordination. Block-time and gas-fee performance upgrades shipped. Cadence is fast, but it is a centralized cadence. No public test of upgrade execution under adversarial-pressure conditions.

Named: Crypto.com (parent corporate entity, CEO Kris Marszalek), Cronos Labs (development entity), the Cronos Network Council. No named PQC migration lead, no named cryptographer of record, no foundation working group on quantum migration.

Crypto.com itself disclosed a January 2022 exchange-side hot-wallet incident (~$30M, customer funds reimbursed). That was a Crypto.com Exchange operational incident, not a Cronos chain coordination event under attacker pressure.

No canary, honeypot, rate-limited spending rule, or cryptographic tripwire on Cronos.