Injective publicly identifies itself as a Cosmos-SDK chain forked at v0.50.x with CometBFT v1.0.x. Hash primitives are inherited from upstream and not separately documented in Injective's docs site.

Zero PQ-safe families deployed. All active cryptography is classical elliptic-curve plus SHA-2/Keccak.

VOID (0 by Gate 3 logic). No NIST PQC primitives (ML-DSA, ML-KEM, SLH-DSA, FN-DSA) in the codebase.

Standard Cosmos-SDK and go-ethereum libraries. Library provenance: InjectiveLabs forks of cosmos-sdk v0.50.14, cometbft v1.0.1, go-ethereum v1.16.3 (all classical, no liboqs/PQCA dependency). Stateless across stack. Cryptanalytic tier 1.

Cosmos-side accounts and Injective EVM accounts both reveal user public keys on first outgoing transaction. Injective's exchange module is order-book based with continuous derivatives activity, meaning effectively every active address has a revealed pubkey. INJ market cap and on-chain TVL across spot, perpetuals, and DeFi modules sit on Shor-break primitives.

Injective mainnet went live 2021-11-08. Long-dormant balances (validator self-stake, foundation treasury, early INJ holders, vesting wallets) have ~4.5 years of accumulation under classical signatures. INJ is a staking-required asset, so cold-key opacity is partial at best.

Derivatives orders settle quickly and become historical, but settlement records (and the signatures that authorized them) live on chain forever. Withdrawal and bridge-out signatures (Peggy MsgSendToEth, Wormhole VAA initiator signatures) are particularly sensitive because a forged historical signature could be replayed against the bridge module's state.

Validator-to-validator gossip in CometBFT uses authenticated encryption over X25519 / Ed25519 handshake (Noise-style protocol via tendermint/p2p); RPC and JSON-RPC endpoints to indexers, archive nodes use standard TLS with classical ECDHE + ECDSA/RSA certificates. Bridge relayer traffic (Peggo orchestrator, Wormhole guardian gossip) likewise uses classical TLS.

Injective is pseudonymous and transparent. Spot, derivatives, and exchange-module orders are visible on chain (FBA conceals orders within the auction interval but published once the auction clears). No native shielding or hidden-tx scheme.

Top-3 RPC concentration: Injective Labs RPC, validator-operated public endpoints (Polkachu, NodesHub, Imperator). Mempool gossip observability: standard CometBFT mempool, fully observable. Validator metadata retention policy: undeclared by Injective Foundation.

Injective routes value across IBC (to/from Cosmos chains), Peggy (to/from Ethereum, lock-and-mint with INJ-side burn), Wormhole (to/from Solana, EVM L1s, L2s, Aptos, Algorand, BNB Chain). Hyperlane bridge to inEVM adds a fourth cross-domain link. High correlation surface.

Pseudonymous chain, low marginal retroactive privacy risk from Shor, but bridge-traffic correlation across IBC + Wormhole + Peggy lets a post-Shor adversary tie historical Injective addresses to counterparties on other chains by recovering keys from any side.

No mixnet, no shuffle, no commit-reveal anonymity primitive at chain level. FBA conceals orders but is a market-design feature, not a metadata-anonymity feature.

Cosmos-SDK chains have governance-driven hard-fork upgrade paths and modular keepers. Injective has demonstrated this: Cosmos-SDK upgrade from v0.45.x to v0.47.x in v1.11 (June 2023), continued through v0.50.x by 2025, plus a CometBFT v0.37 → v1.0.1 jump. The Native EVM mainnet integration (2025-11-11) added a second VM via on-chain governance and a binary upgrade. No documented in-place algorithm hot-swap.

CosmWasm allows app-level custom signature verification; Injective EVM supports ERC-4337 account abstraction patterns inherited from the EVM stack. Cosmos accounts support pubkey rotation via key replacement messages. No native protocol-level AA spec equivalent to EIP-7702 is documented for Injective. PQC client-layer migration path is architecturally possible but not deployed.

Multiple coordinated mainnet upgrades since 2021, including v1.11 (Cosmos-SDK + CometBFT major upgrade, June 2023), the December 2025 hard fork that enhanced EVM support, and the Native EVM mainnet on 2025-11-11. No contested forks observed.

Architecturally, a CosmWasm contract or a custom AnteHandler could enforce a hybrid signature path; nothing about this is announced or specified by Injective Labs / Injective Foundation. No hybrid composition declared for any signing surface.

Not applicable. No stateful-hash signature scheme in active use. Default 15 per scorecard rule for chains using stateless schemes.

N/A, Injective uses CometBFT's default Ed25519 validator signing (single, non-aggregating signatures per validator per vote). No BLS aggregation path in the consensus signing layer. Per scorecard rule, 4f is N/A for chains using non-aggregating signatures at consensus.

0% of Injective mainnet signing traffic is post-quantum. No PQC primitive is in active use on the chain.

Zero LOC of PQC primitive code merged in injective-core or in the InjectiveLabs forks of cosmos-sdk and cometbft. Dependency tree contains no liboqs / PQCA / OQS Go bindings.

0% of Injective's active validator set (~50–60 validators per mainnet parameter cap) uses any PQC consensus key. Validator pubkey type is /cosmos.crypto.ed25519.PubKey.

VOIDED to 0 per v3.1 rule because 5a = 0. No public Injective Foundation post-quantum roadmap, no dated PQ milestones, no governance proposal addressing PQ migration.

Zero announced PQC, zero shipped PQC. Ratio 0/0 → no washing tag. The chain is silent on PQ rather than overstated.

Undisclosed (no PQ scheme selected, no on-chain footprint analysis from Injective Foundation). Per rubric, undisclosed = 0.

Top-3 Injective wallets: Keplr (Cosmos-native, dominant), Leap (Cosmos-native), MetaMask (used after Native EVM launch for Injective EVM accounts). Ledger and Trezor as hardware. None has a published PQC roadmap covering Injective signing surfaces; Ledger's PQ work focuses on its OS roadmap, not deployed in production.

Injective's three primary bridge tiles: Peggy (INJ ↔ Ethereum, validator-orchestrated multisig with secp256k1 ECDSA on the Ethereum side), Wormhole (19-Guardian secp256k1 multisig, 13-of-19 quorum, classical), IBC (light-client verification, Tendermint/CometBFT proofs). Hyperlane operates the inEVM warp routes with ECDSA validator signatures. Zero PQC roadmap published by any of these top-3 bridges.

Top institutional custodians for INJ include Coinbase Custody, BitGo, Fireblocks. None has a deployed MPC-PQ product covering INJ as of evidence cutoff; Fireblocks has discussed PQC research, not deployed.

Top-3 RPC providers for Injective: Injective Labs RPC, Polkachu, NodesHub (plus Imperator, Allnodes for validator infra). HSMs in Injective validator stack: Horcrux (CometBFT remote signer), Ledger HSM-class devices, AWS KMS for cloud-hosted validators, none with deployed PQ key types for Ed25519-replacement. TEE attestation chains not specifically documented for Injective validator operation.

Validator-set cap of 60 (some sources cite an active set of ~50). Stake distribution moderately concentrated; staking-explorer listings show Zellic and similar validators with multi-million INJ self-stake plus delegations. Single-client diversity: Injective runs injectived, a single canonical client.

Track record of coordinated mainnet upgrades. v1.11 Cosmos-SDK + CometBFT migration in 2023, multi-module governance proposals in 2024–2025, 2025-11-11 Native EVM mainnet (the largest architecture change), December 2025 follow-up hard fork. Coordination across ~50–60 validators has been demonstrated repeatedly without contested forks.

Injective Labs is the named technical lead (Eric Chen, Albert Chon as co-founders). Injective Foundation operates governance, treasury, and validator coordination. No named PQC working group, no published PQC mandate, no named lead for a post-quantum migration.

Injective has executed coordinated upgrades, parameter changes (token supply parameter governance proposal #472 in January 2025), and burn-auction adjustments. No precedent for coordinating a cryptographic migration under adversarial pressure.

No consensus-embedded canary, no rate-limited spending rule, no honeypot, no automated post-Shor response mechanism.