Inventory fully public and reconstructible. The 2026-01-22 X-Ray upgrade adds further Shor-vulnerable pairing-curve and research-grade hash exposure; the surface expands, it does not contract.

Zero PQ-safe families deployed. Classical-only across Edwards-curve EdDSA, Weierstrass-curve ECDSA, pairing-friendly curves, SHA-2, and arithmetic-friendly hashes.

Ed25519 / secp256k1 / secp256r1 ≈ 128-bit classical / 0-bit post-Shor. BLS12-381 ≈ 120–128-bit classical / 0-bit post-Shor. BN254 ≈ ~100-bit classical (post-2017 ex-TNFS) / 0-bit post-Shor. SHA-256 ≈ 128-bit post-Grover. No NIST PQC FIPS 203/204/205/206 category mapped.

SCP has machine-checked safety proofs (Mazières et al. SCP whitepaper + IETF draft). Ed25519 / secp256k1/r1 in stellar-core are standard well-tested libraries. soroban-env-host (Rust) for host-function crypto using bls12_381, k256, p256, ark-bn254 crates. Stateless across all primitives. Cryptanalytic tier 1 for Ed25519 / SHA-2 / ECDSA-secp256r1; tier 1–2 for BLS12-381; tier 4 for Poseidon.

Stellar accounts ARE Ed25519 public keys directly: G... strkey-encoded addresses are the public key, not a hash. The pubkey is exposed at account-creation time. Every active account is in the pubkey-revealed category from genesis. CRQC-Shor-forgery applies to 100% of active accounts.

Because the strkey address IS the Ed25519 public key, there is no cold-key hash-protection regime on Stellar. Mainnet live since 2015-07-31, so a decade of dormant XLM is fully pubkey-exposed. The cold-key forgeability surface is structurally larger than for hash-address chains.

Every historical Ed25519 transaction signature is Shor-forgeable post-CRQC. Light-client schemes verify SCP messages via Tier-1 quorum, relying on Ed25519 validator signatures over SHA-256 message hashes, a CRQC adversary can forge historical SCP nominate/prepare/commit messages. Seven Tier-1 organizations operate 21 Tier-1 validators.

Stellar peer-to-peer transport (stellar-core overlay) uses standard TLS for inbound RPC (Horizon, Stellar RPC) and a stellar-core specific peer auth protocol over TCP. No documented hybrid PQ KEM at any layer. Validator gossip transport for SCP messages between Tier-1 nodes likewise classical.

Fully transparent ledger; payment memos commonly carry user-identifiers, customer-IDs, or external-account references (MEMO_TEXT/MEMO_ID/MEMO_HASH plus muxed-account scheme in CAP-0027/SEP-0023). USDC issuance via Circle and the anchor network add 60+ named regulated counterparties with on-chain Ed25519 issuing accounts.

Public Horizon and Stellar RPC endpoints concentrated among SDF-hosted Horizon, Blockdaemon, QuickNode, Validation Cloud, plus Tier-1 validator-operated endpoints. Fee-pool / surge-pricing model means transaction-queue ordering is observable to participating nodes. No protocol-level validator-metadata-retention policy declared.

Allbridge Core, Squid via Axelar, and Wormhole-class bridges connect Stellar to EVM and Solana. USDC on Stellar is multi-chain by Circle's design, so passive observers can correlate Stellar source-of-funds against Ethereum / Solana / Avalanche destinations. Anchor flows tie Stellar addresses to off-chain KYC by design.

Stellar does not deploy ZK-shielded transactions or DL-based ring signatures at protocol level today. X-Ray (Protocol 25, 2026-01-22) adds primitives for ZK applications (BN254, Poseidon) but no shielded-pool feature has shipped. Once ZK applications are built on top of new BN254/Poseidon primitives, any pairing-based application-layer privacy will be retroactively breakable under Shor.

None at protocol level.

Stellar XDR signer-type union is documented as extensible (PUBLIC_KEY_TYPE_ED25519 today), and signature size is variable per scheme. The signer-type extensibility (Hash(x), pre-auth-tx, Ed25519, Ed25519 Signed Payload via CAP-0040) is the agility surface. CAP-0051 (secp256r1) shows Soroban host can add new signature primitives via a finite CAP path. However, no in-protocol signature-scheme switch primitive at the account level.

Native multisig (weighted thresholds 0–255 across low/medium/high operation thresholds), pre-authorized transactions, Hash(x) signers, and Ed25519 Signed Payload Signers (CAP-0040). Soroban contracts can implement custom-account-contract authorization (__check_auth host pattern). Closer to AA than EOA-only chains, though not a per-account abstraction layer comparable to ERC-4337 / EIP-7702.

SDF has shipped 25 numbered protocol upgrades (Protocol 1 → Protocol 25 X-Ray, mainnet 2026-01-22), with regular cadence and SDF-coordinated validator-vote mechanism. Recent shipped upgrades include Protocol 22 (2024-11), 23, 24, and 25 X-Ray. One delayed upgrade (Soroban smart-contracts) was held back rather than ship a known bug.

No published PQ hybrid roadmap. No dual-stack Ed25519+ML-DSA spec or testnet branch identified in stellar-core or stellar-protocol. The architectural agility means a hybrid signature path is not foreclosed, but no document or merged spec specifies one.

Stellar uses no stateful hash-based signature scheme. Default 15/15 per v3.1 rule for stateless schemes.

N/A, SCP uses per-validator Ed25519 signatures over message envelopes; SCP is Federated Byzantine Agreement built on quorum slices, NOT BLS aggregation at consensus. The BLS12-381 host functions added in CAP-0059 are exposed to Soroban smart contracts, not used in consensus.

Mainnet PQC traffic % = 0%. No PQ signature primitive deployed on the protocol or in Soroban host. The X-Ray upgrade (2026-01-22) added BN254 and Poseidon, not PQ.

No PQ primitive code merged in stellar-core. The crypto subsystem lists Ed25519, ECDSA, and (in soroban-env-host) BLS12-381 / BN254 / Poseidon. No liboqs import, no ML-DSA / Falcon / SLH-DSA branch identified.

Zero of 21 Tier-1 validators (across the 7 Tier-1 organizations: SDF, Blockdaemon, SatoshiPay, LOBSTR, Public Node, Creit Technologies, Franklin Templeton) operate any PQC key. SCP validator keys are Ed25519.

VOIDED to 0 per v3.1 rule (5d voided when 5a = 0). SDF has not published any PQ milestone, working group, or sunset date. The 2025 SDF Product Roadmap and the End of Year 2025 Report contain no post-quantum, PQC, ML-DSA, Falcon, or quantum-readiness language.

Announced PQC count 0; shipped PQC bytes 0; ratio undefined. Tag: none, honest silence rather than narrative-only or aspirational PR.

No published PQ signature footprint analysis from SDF. Ed25519 signatures are 64 bytes; ML-DSA-44 ~2420 bytes (~38×); Falcon-512 ~666 bytes (~10×); SLH-DSA-128s ~7856 bytes (~123×). Stellar has not picked a target primitive. Per rubric (>38× or undisclosed = 0).

Top-3: Freighter (browser extension, SDF-maintained), LOBSTR (mobile + web), Ledger (HW). None has published a PQC roadmap for Stellar key types. Hardware wallet PQC support not Stellar-specific and not currently shipping for Ed25519 → ML-DSA migration on any chain.

Top-3 venues: Allbridge Core, Squid Protocol, Wormhole-class native interop (USDC native via Circle Multi-Chain). No PQC roadmap on any. All rely on classical ECDSA / Ed25519 / BLS12-381 validator-set or guardian signatures.

Top-3 by AUC: Coinbase Custody, BitGo (~$90B AUC, OCC national bank charter approved Dec 2025), Anchorage Digital (US qualified custodian, bank charter). All deploy threshold-cryptography (MPC) on classical secp256k1 / Ed25519 today.

Top RPC / infra: Stellar RPC (SDF-hosted), Blockdaemon, QuickNode, Validation Cloud. No PQC TLS (hybrid X25519+ML-KEM-768) confirmed across Stellar RPC fleet. HSM stack generic. No TEE attestation chain declared as part of the Stellar validator stack.

7 Tier-1 organizations operating 21 Tier-1 validators (3 each) as of April 2025: SDF, Blockdaemon, SatoshiPay, LOBSTR, Public Node, Creit Technologies, Franklin Templeton. Quorum graph means consensus halts if 3 of 7 organizations go dark. SDF target to grow to 13 Tier-1 organizations by Q4 2025. Concentration is structural to Federated Byzantine Agreement. Client diversity: stellar-core dominant.

25 protocol upgrades shipped since 2015; SDF coordinates validator-vote on each via stellar-core protocolVersion. Protocol 22 (2024-11), Protocol 25 X-Ray (2026-01-22) cadence is ~annual. One delayed upgrade was held back rather than ship a known bug.

Stellar Development Foundation (SDF) is the named single foundation, headquartered San Francisco, with a published roadmap, named CEO (Denelle Dixon), and a 10+ year track record of protocol coordination. CAP/SEP process documented and run on a public GitHub repo.

No cryptographic emergency precedent. The 2019 inflation-pool removal (CAP-0007) was coordinated cleanly. The 2017 disruption / consensus halt was resolved within hours under SDF coordination. No precedent of coordinating a cryptographic primitive change under active attacker.

None. No community honeypot, rate-limited spending rule, cryptographic tripwire embedded in SCP, or automated response declared.