Sui publicly documents every primitive in active production use. Naming and specificity excellent. Minor deduction because Sui does not publish a single canonical primitive-inventory page.

Every signing primitive in production at the consensus layer, account layer, and ZK-verification layer is Shor-breakable. zkLogin compounds exposure.

Families represented in production: 0 PQ families. The Mysten Labs-authored ePrint 2025/1368 names Falcon and ML-DSA as candidate replacements and Truncator targets hash-based (Lamport-class) signatures, i.e. there is named research-stage diversity intent without deployment. Per rubric this is 0 deployed; the 5 reflects partial credit for paper-stage family commitment.

Ed25519 ~128-bit classical; secp256k1 ~128-bit; secp256r1/P-256 ~128-bit (NIST FIPS 186-5); BLS12-381 ~128-bit; Groth16/BN254 ~100-bit (BN254 below 128-bit security floor under recent TNFS analysis); SHA3-256/Blake2b-256 128-bit Grover-resistant. No NIST PQ category mappings exist for production primitives.

Sui's cryptographic primitives ship via fastcrypto (Rust), a Mysten Labs-maintained wrapper around well-vetted upstream crates. Ed25519 uses ed25519-consensus (ZIP-215 compliant). secp256k1 uses libsecp lineage. External audits by Common Prefix on Pedersen DKG and tBLS implementations within fastcrypto, plus Groth16. No machine-checked formal verification of the cryptographic library. Production primitives are tier 1; Groth16/BN254 is tier 4.

Sui's account model exposes the public key the moment an account first transacts (the address is Blake2b(flag || pubkey), but signing requires revealing the pubkey). Mainnet age ~32 months. No P2PKH-style quiet hashing, pubkeys are revealed in tx envelopes. TVL is concentrated in active accounts; treasury and exchange holdings are signed-on-demand.

Younger chain than Bitcoin/Ethereum → smaller dormant surface. Foundation and Mysten Labs holdings operated under classical schemes (Ed25519/secp256k1). Sui has no native pubkey-hashing-only resting state for inactive accounts, once a key has signed, the pubkey is on chain and Shor-recoverable.

All historical signatures are Ed25519/secp256k1/secp256r1/BLS12-381, every one Shor-forgeable post-CRQC. Sui's checkpoint history (~2 years) is not anchored to a PQ commitment, so a future quantum attacker could in principle forge historical certificates against a non-checkpointed full-node sync.

Validator gossip uses QUIC with TLS handshake performed under Ed25519 keys; standard TLS ciphersuites apply (X25519 KEX, no PQ KEM declared). RPC traffic (gRPC over TLS 1.3) likewise relies on classical KEX. No declared PQ-KEM hybrid on validator-to-validator or validator-to-RPC links.

Transparent ledger. Object-centric model means each owned object is traceable to its current owner; transfers are linkable on chain. Sui has no native shielded-pool protocol. zkLogin proves OAuth-issuer linkage but does not anonymize the on-chain graph.

Top RPC providers for Sui: MystenLabs public RPC, BlockVision, Shinami, Triton, Suiscan/SuiVision. No public composite share data, but anecdotally MystenLabs + BlockVision + Shinami account for the bulk of dapp traffic. Sui has a fast path for owned-object transactions and a consensus path for shared-object transactions; mempool gossip observable on consensus-path validators.

Sui's two primary bridges are Sui Bridge (native, secured by the Sui validator set) and Wormhole/Portal (multi-chain). LayerZero/Stargate is also active. All three produce on-chain correlations between source-chain and Sui addresses; passive observers can link both legs. No bridge in this set declares a PQC roadmap.

A future Shor-equipped adversary recovers private keys from any address whose public key has been revealed (every active Sui address). Combined with the transparent graph, this enables full retroactive ownership attribution. zkLogin's privacy boundary against the OIDC issuer is preserved, but a quantum adversary breaking RSA on the issued JWTs could potentially forge zkLogin claims.

Sui's signature dispatch is built around a unified flag-byte + enum wrapper. Native multi-scheme support is in production today: four classical schemes (Ed25519, secp256k1, secp256r1, BLS12-381 in Move runtime, plus zkLogin and Passkey) coexist, mixable inside MultiSig accounts. Adding a new scheme is a protocol upgrade, coordinated through Sui's epoch-based protocol versioning. secp256r1 was added post-launch via protocol upgrade, demonstrating the agility path is real.

Sui has zkLogin (OAuth-issued account abstraction), Passkey signatures, and MultiSig. Sui does not have ERC-4337-class general AA, and key rotation primitives are tied to address-derivation. The structural pivot is the Mysten Labs ePrint paper 2025/1368 proposing using the EdDSA seed as the witness in a zero-knowledge proof to authorize a new PQ signature without changing addresses or hard-forking. Paper-stage, not deployed.

Sui has shipped multiple coordinated protocol upgrades since mainnet (May 2023): Mysticeti v1 (mid-2024) and Mysticeti v2 (2025). Upgrades are version-gated at epoch boundaries with validator coordination. No contested forks. Validator participation in upgrades is high (>90% by stake within target epoch).

Architecturally, the multi-scheme dispatcher could host ML-DSA-65 alongside Ed25519 for hybrid signing today. Move runtime can verify Groth16 over BN254 and BLS12-381, adding lattice verifiers is incremental work at fastcrypto level. No hybrid is announced on a dated track: no SIP, no testnet, no validator opt-in flag. The Sui Foundation blog frames PQC as a multi-year journey without dates.

Sui does not use any stateful hash-based scheme today (no XMSS, LMS, leanXMSS at consensus). Sui's research interest in hash-based signatures via Truncator targets stateless schemes.

Mysticeti v1 collected per-transaction BLS signatures; Mysticeti v2 batches BLS signatures inside consensus blocks. Sui sits firmly inside 4f scope (BLS aggregation in consensus). The Sui Foundation's PQ blog and the Mysten Labs cryptography-agility blog discuss ML-DSA, Falcon, and SPHINCS+ as account-signing candidates but do not address the BLS-aggregation-in-consensus replacement path. There is no published spec for replacing BLS12-381 in Mysticeti's batched-aggregation path. Score = 0 (undeclared).

0%. No PQC primitive is deployed on Sui mainnet at the account-signing, consensus-signing, ZK-verification, or KEM layer.

fastcrypto is the cryptographic library used by sui-node. The library is extensible by design but does not contain merged ML-DSA, ML-KEM, Falcon, or SLH-DSA implementations. PQ-relevant code in the Mysten Labs orbit consists of the Truncator experimental repo (out-of-tree research) and the EdDSA-PQ ePrint (no public reference implementation linked to a Sui branch).

Zero validators on Sui hold or use PQC keys for consensus signing. All 100+ validators sign Mysticeti consensus blocks under BLS12-381.

VOIDED to 0 per v3.1 rule (5a = 0). Sui's public PQ communications cite the NIST timeline as an external anchor, but Sui itself has not published dated milestones, no testnet flag day, no mainnet PQ pilot date, no validator-PQ-key target. The most concrete dated artifacts are research papers.

Trailing-12-month foundation / Mysten-Labs / podcast announcements: ~6-8 PQ-themed posts, talks, and press hits. Shipped PQ bytes: 0. Sui's announcements are mostly capability claims (agility, EdDSA seed-based migration is possible) rather than deployment claims; modest deduction for the volume of quantum-ready framing relative to zero deployed bytes, no cap-65 trigger because Sui does not claim production PQC today.

Undisclosed. Sui has not published bytes-per-block projections for ML-DSA-65 or SLH-DSA-128s under Mysticeti v2, nor for hybrid Ed25519+ML-DSA at the account layer. Truncator's compression work (5-12% reductions) is not deployment.

Top-3 Sui wallets by user share: Sui Wallet (Mysten-maintained), Suiet, Phantom (multi-chain, added Sui support). None publishes a PQC roadmap.

Top-3 Sui bridges: Sui Bridge (native, validator-secured), Wormhole/Portal, LayerZero/Stargate. None has a public PQC roadmap. Sui Bridge inherits Sui validator cryptography (BLS12-381).

Top-3 institutional custodians supporting SUI: Coinbase Custody, BitGo, Copper. None has shipped PQC-MPC custody. Fireblocks and Anchorage also active; same status.

Top-3 Sui RPC providers: MystenLabs RPC, BlockVision, Shinami. No PQC roadmap declared. HSM vendors used by validators are standard YubiHSM / AWS KMS / Thales, none with shipped PQ-key-storage. No TEE-attestation-PQ pipeline declared.

~116 validators (H1 2025 data), >100 in 2026. Top validator holds ~2.9% of total stake. ~75% of SUI is staked. Validator set is permissioned-by-application (Foundation Delegation Program gates new entrants). Single canonical implementation of the Sui node, single-client risk is real.

Mysticeti v1 (2024) and Mysticeti v2 (2025) ship within tight epoch-coordinated windows. Multiple protocol-version bumps per year. No under-pressure precedent (no zero-day-driven emergency upgrade documented).

Named: Sui Foundation (governance / grants / community), Mysten Labs (engineering). Engineering lead figures: CEO of Mysten Labs, CPO, CTO (Move language designer), Chief Cryptographer. Mandate is published. No formal Sui Improvement Proposal track equivalent to AIPs/EIPs is in place, protocol changes are coordinated through Mysten/Foundation channels.

No precedent of coordinated cryptographic change under live attacker pressure. Multiple smooth upgrades demonstrate baseline coordination capacity. No emergency-cryptographic-rotation drills disclosed publicly.

No canary, no rate-limited spending rule, no cryptographic tripwire embedded in Sui consensus. No public proposal for one.