Heimdall v2 runs CometBFT v0.38.x + Cosmos-SDK v0.50.13. Checkpoint signatures landed on Ethereum are individual ECDSA secp256k1, not BLS-aggregated.

0 PQ families deployed in production. Plonky3-FRI is hash-based and PQ-sound at the inner level but is not a deployed signing primitive, it is a proof-system commitment; its on-chain verifier is BN254 pairing-based.

No ML-DSA / ML-KEM / SLH-DSA / FN-DSA in Polygon PoS production or any published PIP / docs page / forum thread.

Bor forks go-ethereum; Heimdall v2 forks Cosmos-SDK + CometBFT. Constant-time: standard library defaults (geth crypto, Go x/crypto Ed25519); no chain-specific hardening attestation. No formal verification of cryptographic primitives. Heimdall v2 went through migration audits ahead of mainnet rollout. Cryptanalytic tier 1 (ECC), tier 2 (Keccak), tier 4 (Poseidon2, research-grade) for AggLayer inner.

EVM EOA model, pubkeys revealed at first spend; any address that has transacted has its pubkey exposed to Shor recovery. EIP-7702 delegations live since Bhilai hardfork (PIP-63, July 2025) broaden authorizing-pubkey exposure. Significant TVL on EOAs across DeFi, RWA, and Deutsche Telekom-validated enterprise traffic.

Cold EOAs that have never spent retain Keccak-of-pubkey hash protection. Risk activates only post-spend or post-7702-delegation. Same model as Ethereum mainnet.

Historical ECDSA signatures across Bor blocks and Heimdall checkpoints persist on-chain and on Ethereum L1; post-Shor they are forgeable in adversarial historical-fork constructions. Checkpoint signatures landed in StakeManager retain validity as long as Ethereum L1 retains the data.

Validator gossip (CometBFT P2P) and RPC endpoints (Infura, Alchemy, QuickNode) terminate TLS with classical X25519/ECDH and RSA. Bor P2P inherits Ethereum devp2p (RLPx with secp256k1 ephemeral ECDH). No declared hybrid-KEM transport.

Fully transparent EVM. Pseudonymous addresses; full graph linkable on Polygonscan and equivalent indexers.

Top-3 RPC concentration (Infura, Alchemy, QuickNode) >70% by request volume. Public mempool fully observable to indexers and MEV searchers. Validator metadata retention undeclared at protocol level.

Polygon PoS-to-Ethereum unified bridge, AggLayer pessimistic-proof settlement, plus heavy LayerZero/Wormhole/Stargate usage. AggLayer's Local Balance Tree is a safety property, not anonymity, flow correlation across Local Exit Trees is fully observable.

No native privacy layer at Polygon PoS. Shor on secp256k1 exposes signed-history attribution; no encrypted on-chain payloads at the protocol layer to retroactively decrypt.

None at protocol level.

Hardforks ship via PIPs routed through the Polygon Protocol Governance Council (PPGC). Coordinated 2025–2026 upgrades: Heimdall v2 (PIP-43/44/62, mainnet 2025-07-10), Bhilai (PIP-63, July 2025, EIP-7702), Giugliano (April 2026, ~5s finality), Phuket (mainnet 2026-04-29). EVM-equivalence binds Bor's EOA primitive to Ethereum's choice, Polygon PoS cannot unilaterally swap secp256k1 for ML-DSA at the EOA level without breaking equivalence.

ERC-4337 supported (EVM-equivalent). EIP-7702 live via Bhilai hardfork (July 2025). Validators rotate signer keys via StakeManager MsgSignerUpdate. No documented PQC client-layer path; rotation infrastructure is in place but not wired to a PQ scheme.

Coordinated hardforks shipped without contested forks: Heimdall v2 (2025-07-10), described as Polygon's most complex upgrade, completed with managed downtime; Bhilai (2025); Giugliano (2026-04-08); Phuket (2026-04-29). Heimdall v0.6.0 security-bug fix and post-mainnet consensus hiccup were patched in-flight without rollback. POL migration from MATIC reached 99% completion by 2025-09-03.

No hybrid composition (AND or OR) declared in any Polygon PIP, blog, or docs as of 2026-05-01. No commit-to-hash pattern documented. The Heimdall v2 + Bhilai + Giugliano + Phuket + Gigagas roadmap is classical-only.

N/A by default, no stateful hash schemes (XMSS, LMS) in scope. Full default credit per v3.1 rules.

N/A, Heimdall v2 consensus uses CometBFT with non-aggregating validator signatures (Ed25519 default, secp256k1 supported). Checkpoint signatures hitting Ethereum's StakeManager are individual ECDSA secp256k1 verified via ecrecover, not BLS-aggregated. Per v3.1 rules, 4f is N/A for chains with non-aggregating consensus signatures.

0%. All transactions ECDSA secp256k1; consensus signing Ed25519/secp256k1. No NIST-PQC primitive in production.

0xPolygon/bor and 0xPolygon/heimdall-v2 show no merged code paths invoking ML-DSA, SLH-DSA, FN-DSA, ML-KEM, XMSS, LMS, or any liboqs/PQClean import.

105 validator slots, none with PQC keys. Top-5 by stake (March 2026): Upbit Staking ~385M POL, Coinbase ~337M, Binance Node ~255M, Figment ~227M, Luganodes ~219M. All Ed25519/secp256k1.

VOIDED per v3.1 because 5a = 0. No dated PQC milestones with enforcement-mechanism evidence in any published Polygon PIP, blog, or roadmap. Heimdall v2 / Bhilai / Giugliano / Phuket / Gigagas are all classical-cryptography upgrades.

Announced PQC mentions trailing 12 months on official Polygon channels: zero. Shipped PQC: zero. Ratio 0/0; no washing tag fires (silence, not narrative-vs-shipping mismatch).

No PQ scheme selected; no published bytes-per-block analysis under any PQ candidate. Undisclosed → 0.

Top-3 by Polygon PoS usage: MetaMask, Coinbase Wallet, Rabby. None ships PQC signing in production firmware/extension. Coinbase has published PQ research direction (ML-DSA in MPC); not yet shipped to retail wallet. Hardware wallets (Ledger, Trezor) widely used via WalletConnect, neither ships PQC firmware.

Top-3: Polygon canonical PoS-Ethereum bridge, AggLayer (pessimistic-proof settlement), LayerZero. AggLayer has a PQ-safe FRI inner system but a Shor-vulnerable BN254 Groth16/PLONK wrapper at the L1 verifier, net classical at the trust boundary.

Top-3 by Polygon PoS AUM: Coinbase Custody, Binance Custody, BitGo (Fireblocks heavily used by enterprise). Coinbase has the most explicit MPC-PQ research direction. Binance, BitGo, Fireblocks: no shipped PQC roadmap for Polygon PoS keys. Coinbase, Binance, and Upbit also operate top-5 validators directly, custodian and validator concentration overlap.

Top-3 RPC: Infura, Alchemy, QuickNode. None publishes PQC TLS/transport roadmap for Polygon PoS endpoints. HSMs (Thales, AWS KMS, YubiHSM) classical-only signing. TEE attestation (Intel TDX/SGX, AWS Nitro): no PQ roadmap declared.

105 validator slots; Nakamoto coefficient structurally low. Independent research finds top 4 can censor and top 12 can alter the ledger. Top-5 stake (March 2026): Upbit ~385M, Coinbase ~337M, Binance ~255M, Figment ~227M, Luganodes ~219M, five exchange-affiliated/institutional operators dominate. Single official client; Bor has no widely-deployed alternate.

Multiple coordinated time-bounded hardforks 2025–2026: Heimdall v2 (2025-07-10), Bhilai (July 2025), Giugliano (2026-04-08), Phuket (2026-04-29). Heimdall v0.6.0 fix and post-mainnet consensus hiccup patched in-flight without rollback. POL migration coordinated across exchanges to 99% by 2025-09-03.

Polygon Foundation (CEO Sandeep Nailwal, succeeded executive chairman role 2025-06-11) and PPGC (monthly meetings, public minutes) own coordination. PIP authorship documented per upgrade. No named PQC working group or published PQC mandate.

December 2021, Polygon patched a critical bridge/staking-contract vulnerability (~$850M at risk) by validator coordination ahead of disclosure. Patching cadence demonstrates ability to coordinate under threat; the 2021 incident was custodial-style rather than a cryptographic-primitive transition.

No canary, honeypot, rate-limited spending rule, or cryptographic tripwire embedded in Polygon PoS consensus or governance.