A proof-of-work blockchain with post-quantum security using CRYSTALS-Dilithium5 signatures.
Run a BitQuan testnet node in minutes:
git clone https://github.com/AlphaB135/BitQuan.git && cd BitQuan
docker-compose up -d # Docker
# or
./scripts/testnet-start.sh # Build from sourceSee Testnet Quickstart for full instructions.
Current Phase: Pre-Testnet Development (March 2026)
| Component | Status | Notes |
|---|---|---|
| Core Protocol | Complete | ASERT difficulty, P2P sync |
| Cryptography | Complete | Dilithium5 signatures |
| Data Integrity | Fixed | C1-C7 vulnerabilities resolved |
| Documentation | Complete | Production guides, BQIPs |
| Unit Tests | 795+ passing | Consensus + integration + E2E |
| Internal Audit | Complete | Security hardening done |
| External Audit | Pending | Q3 2026 target |
| Testnet | Q2 2026 | Public launch |
| Mainnet | Q4 2026 | Post-audit |
Recent Fixes: Keystore brute-force protection, KDF timing hardening, wallet session management, data integrity (C1-C7)
| Document | Description |
|---|---|
| POST_QUANTUM_TRADEOFFS.md | Honest analysis of Dilithium5 size trade-offs |
| BQIP-0003_WALLET_STANDARDS.md | PQC PSBT, address format, SDK patterns |
| BQIP-0004_L2_INTEGRATION.md | Witness model, ZK-Rollup roadmap |
| Document | Description |
|---|---|
| PRODUCTION_DEPLOYMENT.md | Hardware, network, security, monitoring, backup |
| SDK_DESIGN.md | Rust SDK, TypeScript bindings, CLI tools |
| Document | Description |
|---|---|
| REDDIT_ROAST_RESPONSE.md | Honest response to criticism, what's fixed |
- Proven Consensus: Longest VALID chain rule, no checkpoints, no governance
- Quantum-Resistant: CRYSTALS-Dilithium5 post-quantum signatures (NIST-approved)
- Simple & Secure: No smart contracts, no DeFi, just value transfer
- Proof-of-Work: SHA-256d mining with RandomX support
- Precision: 18-decimal precision (1 BQ = 10^18 qbits) stored as
u128 - Hard Supply: 21,000,000 BQ limit
- Memory Safety: 14 unsafe blocks (all justified with SAFETY comments), minimal unwrap() in production code
- Open Source: Apache 2.0, fully auditable, no backdoors
- Async-Powered: High-performance network layer with DoS protection
Honest Assessment: BitQuan uses Dilithium5 signatures which are ~63x larger than Bitcoin's ECDSA.
| Metric | Bitcoin | BitQuan | Ratio |
|---|---|---|---|
| Signature Size | ~73 bytes | 4,595 bytes | 63x |
| Layer 1 TPS | ~7 | < 1 | By design |
| Quantum Security | Vulnerable | Dilithium5 | NIST standard |
This is a deliberate trade-off: We prioritize quantum security today over layer 1 efficiency.
- Why: Emergency hard forks for PQ migration are risky and disruptive
- Solution: Layer 2 protocols for scaling (payment channels, rollups)
- Mitigation: State pruning keeps full node storage manageable
Full Analysis: See Post-Quantum Trade-offs | TPS Analysis
# Clone repository
git clone https://github.com/AlphaB135/BitQuan.git
cd BitQuan
# Build (requires Rust 1.82+)
cargo build --release
# Run tests
cargo test --all
# Run lints
cargo clippy -- -D warnings# Create new wallet with Dilithium5 keys
./target/release/bitquan-node wallet-gen --output wallet.keystore
# Get your address
./target/release/bitquan-node wallet-address --keystore wallet.keystore
# Output: bq1qyqsq9q5z5khxv8y2w3...# Initialize configuration
./target/release/bitquan-node init --network testnet
# Start node
./target/release/bitquan-node run --config config/testnet.toml# SHA-256d mining (default)
./target/release/bitquan-node mine --pow hashcash --network testnet
# Mock mining for testing (instant blocks)
./target/release/bitquan-node mine --pow mock --network devnetFull Guide: SDK_DESIGN.md | PRODUCTION_DEPLOYMENT.md
BitQuan is a cryptocurrency designed for 50+ year security resilience against quantum computing threats. It implements a proven consensus model with post-quantum cryptographic signatures, maintaining simplicity while ensuring long-term security against quantum attacks.
# Build
cargo build --release
# Run tests
cargo test --all --locked
# Generate wallet keypair (random)
./target/release/bitquan-node wallet-gen --output wallet.keystore
# Generate wallet from BIP39 mnemonic (deterministic recovery)
./target/release/bitquan-node wallet-gen-mnemonic
./target/release/bitquan-node wallet-from-mnemonic --phrase "your twelve word mnemonic phrase here..."
# Get wallet address
./target/release/bitquan-node wallet-address --keystore wallet.keystore
# Mine genesis block
./target/release/bitquan-node mine-genesis
# Start continuous mining
./target/release/bitquan-node mine- Fast PR (
fast-pr.yml): Ubuntu-only, format + clippy + cargo-deny + nextest + coverage threshold. Target: < 7 minutes. - CI (
ci.yml): Full matrix (Ubuntu/macOS/Windows), clippy, docs, coverage, cargo-deny, fuzz build. - Integration Tests (
integration-tests.yml): Multi-node, network, database, wallet, security, stress tests. - RPC Tests (
rpc-tests.yml): JSON-RPC endpoint tests. - Nightly (
nightly.yml): Coverage reporting, security audit. - Release (
release.yml,release-mainnet.yml): Binary builds and deployment. - Docker (
docker-multiplatform.yml): Multi-platform container builds.
Optional: add the full-ci label on a PR to run the full matrix on-demand.
- Getting Started - Installation and first steps
- CLI Tools - Command-line tools and guides
- Development - Build, test, contribute
- Operations - Deployment, monitoring, runbooks
- Security - Audits, bug bounty, disclosure policy
- Installation Guide - Mainnet installation
- Post-Quantum Cryptography: CRYSTALS-Dilithium5 signatures (NIST-approved)
- Proven Consensus: Longest chain rule, no governance, no checkpoints
- Proof-of-Work Mining: SHA-256d (primary) with RandomX (experimental) for CPU/GPU mining
- BIP39 Wallet Support: 12/24 word mnemonic phrases with deterministic recovery
- UTXO Model: Transaction model with
u128values (18 decimals) and 100-block coin maturity - Block Weight System: 4MB blocks with 384 weight units per PQC signature
- Difficulty Adjustment: ASERT algorithm with integer fixed-point arithmetic
- Async P2P Networking: High-performance async network layer with DoS protection
- JSON-RPC API: Standard RPC interface with JWT authentication
- Stratum Mining Pool Support: Stratum V1 protocol for pool mining
- Keystore Security: Argon2id KDF with auto-tune, AES-256-GCM, brute-force protection
- Wallet Session: Timeout-based key caching with exponential backoff lockout
- Memory Safety: 14 unsafe blocks (all justified with SAFETY comments)
BitQuan uses an async network layer powered by tokio for:
- Slowloris Attack Protection: 30-second total timeout per message
- Scalability: Handle 100,000+ concurrent connections
- Efficiency: 4KB per connection vs 8MB with threads
Tokio Runtime
├─ P2P Server (accept loop)
│ └─ Per-peer handlers (spawned tasks)
├─ RPC Server (async)
└─ Mining (spawn_blocking thread pool)
- Memory: 2000x improvement (4MB vs 8GB for 1000 peers)
- Security: Immune to Slowloris attacks
- Performance: Non-blocking I/O throughout
BitQuan intentionally does NOT include:
- Smart Contracts: No scripting language
- DeFi Features: No DEX, staking, governance
- Alternative Consensus: Only PoW (no PoS, DPoS)
- Experimental Crypto: Only NIST-approved algorithms
Philosophy: Quantum-resistant value transfer with 50+ year security horizon.
Q1 2026: Security hardening (complete)
Q2 2026: Public testnet launch
Q3 2026: External security audit
Q4 2026: Mainnet launch (post-audit)
2027+: Layer 2 development (ZK-Rollup)
bitquan/
├── crates/ # Rust workspace crates
│ ├── consensus/ # Consensus rules and validation
│ ├── crypto/ # Cryptographic primitives (Argon2id, AES-256-GCM, Dilithium5)
│ ├── mempool/ # Transaction pool
│ ├── network/ # P2P networking
│ ├── node/ # Main node implementation
│ ├── rpc/ # JSON-RPC server with JWT auth
│ ├── storage/ # Database backend (RocksDB)
│ ├── types/ # Core data structures
│ ├── wallet/ # Advanced wallet (multisig, backup, adaptive KDF)
│ ├── bitquan-cli/ # CLI wallet tool
│ ├── bq-sdk/ # SDK for third-party integration
│ ├── faucet/ # Testnet faucet service
│ ├── pqc-dilithium-seeded/ # C reference Dilithium5 implementation
│ └── tools/ # Preflight checker, stress tester
├── docs/ # Documentation (32 sections, 26+ guides)
└── scripts/ # Utility scripts
| Phase | Status | Date |
|---|---|---|
| Internal Audit | Complete | Feb 2026 |
| Code Hardening | Complete | Feb 2026 |
| External Audit | Planned | Q3 2026 |
Resolved Issues: C1-C7 data integrity, P2P sync, unwrap elimination
Do NOT open public issues for security vulnerabilities.
Email: bitquan.dev@proton.me
Response SLA:
- Acknowledgment: 24 hours
- Initial assessment: 72 hours
- Critical fix: 7 days
See SECURITY.md for full policy.
- Post-Quantum: Dilithium5 (NIST FIPS 205)
- No Backdoors: No admin keys, no hidden switches
- Reproducible Builds: Deterministic compilation
- Signed Releases: GPG-signed commits and binaries
- Memory Safety: Rust + 14 justified unsafe blocks
Current version: v1.0-audit-20260204 (pre-mainnet) Tests: 795+ tests passing (unit + integration + E2E stress) Recent Updates:
- Keystore brute-force protection (exponential backoff, progressive lockout)
- KDF timing-constant password verification
- Wallet session management with auto-tune Argon2id calibration
- AES-256-GCM authenticated encryption with stored KDF parameters
- RPC JWT authentication (default enabled)
- P2P TCP socket I/O with Noise Protocol encryption
- ASERT difficulty adjustment (120s block time, 14,400s half-life)
- Data integrity hardening (C1-C7 vulnerabilities resolved)
See docs/archive/ for historical audits and planning documents.
Requirements:
- Rust 1.82.0 or later (stable)
- RocksDB development libraries (optional, bundled by default)
# Install Rust
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
# Clone repository
git clone https://github.com/AlphaB135/BitQuan.git
cd BitQuan
# Build BitQuan
cargo build --release --locked
# Run full test suite
cargo test --all --locked
# Reproducible build
export SOURCE_DATE_EPOCH=1700000000
cargo build --release --lockedSee REPRODUCIBILITY.md for deterministic builds.
Apache License 2.0
See LICENSE for details.
- Repository: https://github.com/AlphaB135/BitQuan
- Issues: https://github.com/AlphaB135/BitQuan/issues
- Discussions: https://github.com/AlphaB135/BitQuan/discussions
- Security: bitquan.dev@proton.me
| Area | Skills Needed | Priority |
|---|---|---|
| Code review | Rust, blockchain | High |
| Security audit | Cryptography | Critical |
| Test coverage | Rust testing | High |
| Documentation | Technical writing | Medium |
| Layer 2 research | ZK proofs | Medium |
# Format code
cargo fmt --all
# Check lints (must pass)
cargo clippy --all-targets --all-features -- -D warnings
# Run all tests (must pass)
cargo test --all --locked
# Check for unwrap in production
cargo clippy -- -D clippy::unwrap_used- Fork the repository
- Create feature branch (
git checkout -b feature/my-feature) - Make changes following SECURITY_STANDARDS.md
- Run tests and lints locally
- Sign commits with GPG (
git commit -S) - Open PR against
mainbranch - Wait for CI to pass (Fast PR < 7 min)
- Address review feedback
Guidelines: CONTRIBUTING.md | CODE_OF_CONDUCT.md
./scripts/install-hooks.shIf you like this project, consider buying me a beer (or a server):
BTC: bc1qmm8ur3rv5cqmmlnh7ztyah2r747qvy8vff2v42
ETH: 0x8414c09BF901824dC11b742fB74E2D5504C0e1e5
SOL: HexzqGPuBZxP6qpUb68693U4r4cirEbnEBRERqYE6pY2
- Issues: https://github.com/AlphaB135/BitQuan/issues
- Discussions: https://github.com/AlphaB135/BitQuan/discussions
- Security: bitquan.dev@proton.me
- Email: bitquan.dev@proton.me
BitQuan is NOT launched. No mainnet exists. All coins are testnet-only with NO VALUE.