Quantum-Safe Before Q-Day

The first EVM-compatible blockchain with native post-quantum cryptography. Secured before quantum computers break the internet — no migration, no compromise.

Get Started View on GitHub

1200+

Tests Passing

Audit Fixes

Modular Crates

v0.15.0

Current Version

Built for the Post-Quantum Era

Every layer — cryptography, consensus, execution, and tooling — is designed with quantum resistance as a first-class requirement.

Post-Quantum Signatures

ML-DSA-65 (FIPS 204) as default, SPHINCS+ as conservative fallback. NIST Level 3 standard — quantum-resistant before Q-Day arrives.

Learn more

EVM Compatible

Cancun-spec EVM. Run your Solidity contracts with Hardhat, ethers.js, and MetaMask — zero migration cost.

Learn more

Native Account Abstraction

Protocol-level smart accounts with 3-layer validation, pq1... Bech32m addresses, key rotation without address changes, and custom validator hooks — no ERC-4337 bundler needed.

Learn more

PQ Precompiles

On-chain Dilithium/SPHINCS+ verification, Kyber decapsulation, and STARK proof verification as native precompiles.

Learn more

wPoA Consensus

PoA with stake-weighted proposer selection, ML-DSA-65 validator signing, lifecycle management, and SlashingEngine for double-sign and offline detection.

Learn more

Full JSON-RPC

Complete Ethereum-compatible API (eth_*, web3_*, net_*, debug_*) plus Shell-specific endpoints for node and network stats.

Learn more

Protocol-Level

Protocol-Native Smart Accounts

Three validation layers, key rotation, and custom validators — built into the base protocol without ERC-4337.

Three-Layer Validation Flow

Layer 1

First-Use Validation

Derive address from (version, algo_id, pubkey) via BLAKE3 and verify PQ signature — account created on first transaction.

Layer 2

Default PQ Validation

Existing accounts verify pubkey_hash + PQ signature. Key rotation changes the key but keeps the same address.

Layer 3

Custom Validator

Delegate validation to account-specific EVM logic — multisig, social recovery, time locks, or any custom policy.

No Bundler Required

Validation is part of the base protocol — no ERC-4337 EntryPoint or separate alt-mempool.

pq1... Addresses

Bech32m encoding with PQ HRP — visually distinct from Ethereum, binds to the signing algorithm.

Key Rotation

Rotate keypair or switch PQ algorithm — your on-chain address and identity stay the same.

Custom Validators

Multisig, social recovery, time locks — deploy your own validation logic as an EVM contract.

Shell AA vs ERC-4337

Dimension	Shell Chain ✦	ERC-4337
Validation Location	Protocol-level	EntryPoint contract
Bundler Required	No	Yes
Separate Alt-Mempool	No	Usually yes
Default Validator	Built into the chain	Wallet contract-defined
Address Format	pq1... (Bech32m)	0x... (hex)

Validation Location

ShellProtocol-level

4337EntryPoint contract

Bundler Required

ShellNo

4337Yes

Separate Alt-Mempool

ShellNo

4337Usually yes

Default Validator

ShellBuilt into the chain

4337Wallet contract-defined

Address Format

Shellpq1... (Bech32m)

43370x... (hex)

Read the AA Spec

Built for Scale

Benchmarked against real workloads. Post-quantum crypto without performance compromise.

Block Time

Consistent 2-second block intervals

30M

Gas Limit

Per-block gas matching Ethereum mainnet

~2s

Finality

Sub-2-second finality with wPoA consensus

~714

TPS Baseline

Peak simple-transfer TPS at 30M gas/block

TPS by Transaction Type(30M gas · 2s block · parallel EVM)

~714Simple Transfer

~300ERC-20 Transfer

~150Contract Call

~75Complex DeFi

Based on 30M gas/block · 2s block time · Parallel EVM · STARK sig-aggregation (v0.15.0) · CPU overhead < 15ms per block

Benchmark Results

Alpha Test · v0.15.0

Cryptography

Dilithium3 (ML-DSA)

Key Generation56 µs

Sign67 µs

Verify39 µs

Batch Verify (100 sigs)958 µs

Theoretical Verify/sec~25,000

Transaction Processing

shell-core

TX RLP Encode71 ns

TX RLP Decode118 ns

TX Hash (SHA3)372 ns

Base Fee Calc2 ns

SHA3-256 (1 MB)1.17 ms

Storage & State

shell-storage

Block Encode835 ns

Block Decode1.56 µs

ChainStore Write3.4 µs

ChainStore Read1.85 µs

Merkle Trie Insert290 ns

STARK Sig-Aggregation

shell-stark-prover

Compression (batch=5)7.1×

Compression (batch=10)4.0×

Soak throughput (6 h)157 proofs/s

Mean prove latency6.4 ms

p99 prove latency18.7 ms

Benchmarked with Criterion.rs on Apple Silicon · Single-core results

Block Compression

Shrink the Chain, Not the Security

Three complementary compression layers reduce block data by up to 7× — without sacrificing post-quantum security or delaying block production.

Block Compression Pipeline

Raw BlockFull Dilithium3 sigs + pubkeys~52 KB

ZstdRocksDB cold compression5–15% saved

Pubkey DedupReference mode on repeat senders7–18% saved

STARK AggregateOne proof per block replaces N sig pairsup to 7.1×

Stored BlockStripped body + STARK proof~7 KB

Layer 1

RocksDB Zstd

All block data is stored with Zstd cold compression (level 3). Negligible read latency overhead (<2%) with 5–15% raw storage savings on top of every other layer.

39 MiB/swrite throughput under compression

Layer 2

PQ Pubkey Deduplication

Dilithium3 public keys are 1952 bytes each. The first transaction from an address embeds the full key; subsequent transactions in the same block store only a 20-byte address reference.

1,932 Bsaved per repeated sender

Layer 3

STARK Sig-Aggregation

A Winterfell STARK circuit aggregates all Dilithium3 signatures in a block into a single proof. The full sig+pubkey data (3309 + 1952 bytes per tx) is replaced by one shared proof, pruned after the proving window.

7.1×compression at batch=5

Why it matters

⚡Non-blocking

STARK proving is fully asynchronous — block production never waits for a proof.

💾Less Storage

Full nodes store stripped block bodies after the proving window, reducing long-term disk usage.

🌐Faster Propagation

Smaller stripped blocks propagate faster over P2P, improving time-to-finality.

🔐Zero Security Tradeoff

STARK proofs are cryptographically binding. PQ signatures remain fully verifiable via the witness store.

Modular Architecture

13 purpose-built Rust crates, layered for clarity

Application

shell-cli

CLI binary & TOML config

shell-node

Async node harness

shell-rpc

JSON-RPC server

Protocol

shell-consensus

wPoA consensus engine

shell-evm

Cancun-spec EVM

shell-mempool

PQ-validated tx pool

shell-network

libp2p P2P layer

Foundation

shell-core

Block, Tx, Account types

shell-storage

RocksDB + Merkle Trie

shell-crypto

Dilithium & SPHINCS+

shell-genesis

Genesis block init

shell-keystore

PQ keystore

shell-primitives

Keccak, H256, Address

Explore the architecture

Works With Your Existing Stack

Full EVM compatibility — your contracts, tools, and workflows just work. Add quantum safety without changing anything.

shell-chain

# Get started with Shell Chain in minutes

# 1. Install the TypeScript SDK

$ npm install shell-sdk

✓ shell-sdk@0.2.0 installed (ML-DSA-65 post-quantum signing)

# 2. Generate a post-quantum keypair

$ node -e "const {generateMlDsa65KeyPair} = require('shell-sdk'); console.log(generateMlDsa65KeyPair().address)"

✓ Address: pq1qz8v70k5lqgq9rjsm7xh5s6jfw60...

# 3. Build and run a node from source

$ git clone https://github.com/ShellDAO/shell-chain.git

$ cd shell-chain && cargo build --release

$ shell-node run --parallel-evm --parallel-evm-workers 4

🚀 Shell Chain node started on port 30303

📡 JSON-RPC available at http://127.0.0.1:8545

Zero Config

Your existing Solidity contracts deploy without changes

Familiar Tools

Hardhat, Foundry, ethers.js, MetaMask — they all just work

Quantum-Safe by Default

Every transaction signed with Dilithium3, addressed as pq1...

Native Account Abstraction

Smart accounts at the protocol layer — key rotation, custom validators, no bundler

Shell SDK

Build on Shell Chain with our TypeScript SDK — PQ key generation, transaction signing, and full RPC client in one package.

shell-sdk

View on npm

# Install the SDK

$ npm install shell-sdk

# Generate a PQ keypair

$ shell-sdk keygen --algo ml-dsa-65

✓ Public key: pq1q8v70k5...

✓ Algorithm: ML-DSA-65 (FIPS 204)

PQ Key GenerationML-DSA-65 & SPHINCS+

Transaction SigningPost-quantum by default

Full RPC ClientAll eth_* methods

Why Shell Chain?

A side-by-side look at how Shell Chain compares to existing blockchains.

Dimension	Bitcoin	Ethereum	Shell Chain ✦
Cryptographic Security	ECDSA (vulnerable to quantum)	ECDSA (vulnerable to quantum)	ML-DSA (Dilithium3) — NIST post-quantum standard
Account Abstraction	None	ERC-4337 overlay (bundler required)	Native protocol-level AA — no bundler needed
Smart Contracts	None (basic Script only)	Full EVM support	Full EVM (Cancun-spec) — zero-cost migration
Consensus	PoW (high energy, mining pools)	PoS (stake centralization)	PoA (Proof of Authority) — stake-weighted validators, ML-DSA-65 signing
Storage	UTXO slow indexing	LevelDB / MPT hybrid	Custom RocksDB — multi-CF read/write isolation
Shell Chain: designed for the post-quantum era from the ground up

Cryptographic Security

BitcoinECDSA (vulnerable to quantum)

EthereumECDSA (vulnerable to quantum)

Shell ✦ML-DSA (Dilithium3) — NIST post-quantum standard

Account Abstraction

BitcoinNone

EthereumERC-4337 overlay (bundler required)

Shell ✦Native protocol-level AA — no bundler needed

Smart Contracts

BitcoinNone (basic Script only)

EthereumFull EVM support

Shell ✦Full EVM (Cancun-spec) — zero-cost migration

Consensus

BitcoinPoW (high energy, mining pools)

EthereumPoS (stake centralization)

Shell ✦PoA (Proof of Authority) — stake-weighted validators, ML-DSA-65 signing

Storage

BitcoinUTXO slow indexing

EthereumLevelDB / MPT hybrid

Shell ✦Custom RocksDB — multi-CF read/write isolation

Shell Chain: designed for the post-quantum era from the ground up

Building in Public

Every milestone is developed openly, reviewed by 5 engineering roles, and shipped with full test coverage.

Crypto + Core

Done62 tests

PQ signatures, core types, 62 tests

M1a

Solo Chain

Done211 tests

Single-node block production, 211 tests

M1b

Multi-Node Network

Done231 tests

P2P networking, gossip, 231 tests

Usable Chain

Done296 tests

Transaction gossip, logs, events, 296 tests

Production Hardening

Done450 tests

P2P DHT, governance, 450 tests

Advanced Features

Done659 tests

Finality, snapshots, debug API, 659 tests

EVM & Security

Done853 tests

Cancun EVM, 69 audit fixes, 853 tests

Account Abstraction

Done6,028 tests

Native AA, pq1... addresses, 3-layer validation, key rotation

Alpha Test

In Progress

wPoA consensus, Shell SDK, wallet CLI, admin RPC, 500 TPS baseline, Block Explorer & Faucet

Beta Test

Planned

Public beta launch, TLS/API-key security hardening, extended Prometheus metrics, bug bounty program

Token & Wallet

Planned

Native token economics, browser wallet extension, faucet service

M10

Smart Contract Platform

Planned

Solidity toolchain, verified contract explorer, developer SDK

M11

Mainnet Launch

Planned

Genesis block, validator onboarding, full decentralization

M12

Ecosystem Maturity

Planned

Org governance, CI/CD, SDK v0.2.0 stable (ML-DSA-65), wallet v0.2.0, parallel EVM hardening, release readiness

View detailed changelog

Ready to Build Before Q-Day?

Join developers building the next generation of blockchain applications — secured against quantum threats before they arrive.

Read the Docs GitHub

GitHub Follow on X

Stay in the Loop

Get updates on Shell Chain development, alpha test announcements, and quantum-safe blockchain news.

No spam, unsubscribe anytime.