AUDIT  ·  QORTRACE LABS

MPC Wallet PQC Compatibility Checker

The first PQC audit for the MPC custody stack — Fireblocks, Coinbase Custody, Privy, Lit, Web3Auth, Safeheron, DFNS, Turnkey, Capsule, Cobo.

Specialised audit for MPC / threshold wallets — every major MPC custody stack ships with classical primitives at every layer (ECDSA / EdDSA output signatures, X25519 / ECDH DKG channels, classical KEMs wrapping shares at rest, classical recovery vaults). We score the full MPC pipeline against a maintained vendor matrix, identify the harvest-now-decrypt-later (HNDL) exposure points, and deliver a signed MPC Posture Certificate that procurement, custody-counterparty diligence, and regulators can cite. Covers GG18 / CGGMP21 ECDSA TSS, FROST / DKLs Schnorr / EdDSA TSS, proactive secret sharing refresh ceremonies, and recovery vault constructions.

See all services
Engagement
2–4weeks
Day-one staffing
Seniorled
Final artefact
Signedcert
SIGNED · VERIFIABLE

Every engagement ends with a registry-verifiable certificate.

Cryptographic Migration Certificate · signed PDF, embeddable SVG, hash on the QorTrace public registry.

See a sample
THE PROBLEM

Your MPC custody stack is classical at every layer.

Fireblocks. Coinbase Custody. Privy. Lit. Web3Auth. Safeheron. DFNS. Turnkey. Capsule. Cobo. Zengo. Every major MPC wallet shipping in 2026 outputs an ECDSA / EdDSA signature, runs DKG over X25519 / ECDH channels, wraps shares at rest with classical KEMs, and protects recovery with classical Shamir. None of it survives Q-Day. The DKG transcripts are HNDL-exposed today. We're the only firm in the world auditing this stack against a PQC migration plan you can hand to procurement.

WHAT YOU’LL RECEIVE

Signed deliverables. No handwave.

Every engagement ships against this fixed manifest. No scope-creep invoices, no surprise “phase 2” line-items. If we change the scope, we re-sign first.

01

Vendor matrix review

We score your MPC SDK + custody vendor against our maintained matrix: Fireblocks, Coinbase Custody, Privy, Lit, Web3Auth, Safeheron, DFNS, Turnkey, Capsule, Cobo, Zengo, Sepior, Curv, Knox, Ledger Vault. Each vendor scored against the same PQC criteria so you can compare apples to apples.

02

DKG ceremony HNDL exposure analysis

Every DKG round shuttles share material over X25519 or ECDH. We map exactly which transcripts are HNDL-exposed forever, and write the hybrid-KEM upgrade plan (X25519 ⊗ ML-KEM-768) for the share-refresh ceremony.

03

Share-at-rest KEM wrap audit

Your shares are encrypted at rest with classical wrap. We score the construction (RSA-OAEP / ECIES / argon2 / scrypt / hkdf) and write the migration to ML-KEM-768 hybrid wrap, with the share-metadata versioning model so re-wraps can run atomically.

04

Pre-signature / nonce-pool threat model

If you persist presigs or nonce pools across signing sessions, every persistence window is HNDL-exposed. We score your TTL + AEAD choice and write the volatile-memory migration plan.

05

Proactive secret-sharing refresh review

If you don't have a `refreshShares` ceremony, you can't migrate cryptography without rotating the public key. We review your existing (or planned) PSS protocol against Herzberg '95 and CGGMP21 §6.

06

Recovery vault PQ-readiness

Shamir backups, social recovery, WebAuthn / passkey recovery — every recovery path scored. We write the FIDO2 hybrid-attestation migration plan when WebAuthn is on the table.

07

Signing-attestation + audit-trail scope

Every signing attestation, vault event signature, regulator-facing receipt — scored. Co-signing migration plan to ML-DSA-65 so future auditors can verify your audit trail post-quantum.

08

MPC Posture Score (0–100) + signed certificate

Deterministic, methodology-citable. SVG + PDF certificate verifiable on qortrace.com/verify/<id>. Procurement teams + custody counterparties + regulators can cite the score directly.

THE STACK WE WORK IN

What we’re actually shipping into your stack.

The post-quantum migration is not a slide — it’s a specific set of standards, libraries, and key-management primitives. Below is what we touch on every engagement, why it exists, and what it protects you against.

NIST FIPS 203

ML-KEM (Kyber) · key encapsulation

The lattice-based key-exchange standard NIST finalised in August 2024. Replaces ECDH on every TLS 1.3 handshake, every IPsec tunnel, every messaging-app key wrap. We integrate the FIPS-203 module ML-KEM-768 by default (Level 3 security · ~256-bit classical · quantum-resistant).

REQUIRES
OpenSSL 3.x or BoringSSL with oqs-provider · TLS endpoint owner-of-record · 90-day rotation runbook
PROTECTS
Harvest-Now-Decrypt-Later: every byte your customers send today, recorded by an adversary today, decrypted in 2034 once Shor's-capable hardware exists
NIST FIPS 204

ML-DSA (Dilithium) · digital signature

The lattice-based signature standard. Replaces RSA-PSS and ECDSA on code-signing, document-signing, and TLS server authentication. We deploy ML-DSA-65 (Level 3) for transitional dual-signing alongside the classical algorithm during the migration window — never replace, always co-sign first.

REQUIRES
Sigstore / Cosign or in-house signer · code-signing CI/CD · 365-day key rotation
PROTECTS
Forged software updates, forged firmware, forged TLS server certs — every place a quantum-attacker would impersonate your build pipeline
POLICY · CNSA 2.0

NSA Commercial National Security Algorithm Suite v2

The U.S. federal mandate: PQC primitives operational across National Security Systems by 2030, exclusive by 2035. Defines the exact KEM (ML-KEM-1024) and signature (ML-DSA-87) profile used at NSS-grade and the migration-pace expected from contractors. Every Cryptographic Migration Certificate we issue carries an explicit CNSA 2.0 attestation block.

REQUIRES
FIPS-140-3 validated module (or FIPS-203/204 module-pending) · auditable inventory · documented sunset plan
PROTECTS
Federal contract eligibility post-2030 · DoD / IC supplier status · DORA + EO 14028 alignment
BRIDGE · HYBRID

X25519 + ML-KEM · hybrid key exchange

The transitional posture every serious PQC rollout uses: combine a battle-tested classical primitive (X25519, the Curve25519 ECDH variant — or X448 at higher security level) with the post-quantum KEM in a single key-derivation step. If either side breaks, the other still holds. Browsers shipped this in 2024 (Chrome “X25519MLKEM768” group); we operationalise it for your endpoints.

REQUIRES
TLS 1.3 stack · OpenSSL 3.2+ or BoringSSL · negotiation telemetry to confirm hybrid-group adoption
PROTECTS
Day-1 deployment risk: a flaw in either ML-KEM or X25519 alone does not break your traffic — only a flaw in BOTH simultaneously could
TOOLING

oqs-provider · OpenSSL provider

The Open Quantum Safe project’s OpenSSL 3.x provider that exposes ML-KEM, ML-DSA, SLH-DSA, and the hybrid groups as first-class crypto algorithms inside any application that already speaks OpenSSL. We do not maintain a private fork — we ship upstream patches and point your CI at a reproducible build with a pinned commit.

REQUIRES
OpenSSL 3.2+ · CMake 3.18+ · liboqs build chain · application-side config update
PROTECTS
Vendor-lock-in to a single PQC library · drift between staging and production crypto behaviour
TOOLING · CORE

liboqs · post-quantum primitive library

The C library underneath everything else — implementations of every PQC candidate that ever entered NIST’s evaluation, including the four standardised winners (ML-KEM, ML-DSA, SLH-DSA, FN-DSA). Audited, side-channel-aware, and the de-facto reference for open-source PQC. We pin the version, we record the commit hash, and the hash makes it onto your migration certificate.

REQUIRES
C99 toolchain · OpenSSL or mbedTLS for symmetric primitives
PROTECTS
Implementation-bug exposure: a verified-pinned build is the difference between ‘we ran ML-KEM’ and ‘we ran a known-bad ML-KEM’
RUNTIME

OpenSSL 3.x · with PQC providers loaded

The version line that gives us providers (modular crypto), proper FIPS module isolation, and the runtime negotiation hooks needed to ship hybrid TLS without a fork. We standardise every engagement on OpenSSL 3.2+ and surface the version on the certificate so auditors don't need to grep your container builds.

REQUIRES
Operating system upgrade if pinned to OpenSSL 1.x (RHEL 7, Ubuntu 18.04 etc.) · runtime config rebuild
PROTECTS
PQC drift across services — one binary on 3.2 negotiating hybrid, another on 1.1 silently falling back to classical-only
KMS

AWS KMS · GCP KMS · Azure Key Vault · Thales / Entrust HSM

Where your most sensitive keys actually live. Every cloud KMS now exposes ML-KEM and ML-DSA key types (AWS “ML_KEM_768”, GCP “PQ_SIGN_ML_DSA_65”, Azure “ML-KEM”), and on-premise HSMs from Thales and Entrust ship FIPS-203/204 firmware lines. We map your existing key inventory, design the wrap-and-rotate path, and ship the runbook your SRE team executes — without you ever exposing key material outside the boundary.

REQUIRES
Cloud account audit access · HSM administrator credential · IAM separation between operator and rotator
PROTECTS
Cross-region replication, backup/restore, and disaster-recovery flows breaking silently when a primary key migrates and a secondary doesn’t
FREQUENTLY ASKED

Before you book the call.

Which MPC SDKs do you support?
Every production MPC custody stack: Fireblocks SDK, Coinbase Custody / WaaS, Privy MPC, Lit Protocol, Web3Auth (tKey), Safeheron, DFNS, Turnkey, Capsule, Cobo MPC, Zengo, Sepior, Curv (legacy), Knox Custody, Ledger Vault. We also audit custom in-house MPC stacks built on GG18, GG20, CGGMP21, FROST, DKLs, or Shamir + ECDSA TSS.
Do you audit the vendor or my integration?
Both. The Standard tier scopes your integration code — how you call the SDK, persist shares, run DKG, manage recovery. The Deep Dive tier additionally produces a vendor-side PQC posture report you can use to negotiate with the vendor's roadmap team (we have warm intros at several of the majors).
What about the DKG transcripts that are already HNDL-exposed?
Honestly: they're exposed forever. The migration plan we write always includes a one-time `share_refresh` ceremony under hybrid KEM, executed under your existing signing quorum. Pre-refresh transcripts remain HNDL-exposed but no longer reveal live secret material. We sequence this as a top-priority remediation in every engagement.
Does this replace the vendor's SOC 2?
No — orthogonal coverage. SOC 2 attests to control existence; our certificate attests to cryptographic readiness against the harvest-now-decrypt-later threat model. Procurement teams use them side-by-side.
What's the turnaround?
Standard: 2 weeks. Deep Dive: 4 weeks. Both include a 30-minute walkthrough call with the auditor + one round of remediation review at no charge.
Do I need a Hybrid Signature audit too?
If your MPC stack outputs a hybrid (classical + PQ) signature at the threshold-combine step, yes — the two audits are complementary. The MPC audit scopes the threshold stack; the Hybrid Sig audit scopes the combiner construction. Bundle pricing available.

Ready to scope mpc wallet pqc compatibility checker?

One business day to a senior engineer. Fixed-fee scoping memo within five business days. NDAs available on request.

Back to QorTrace Labs
HI — I'M QELLI
Ask me anything about QorTrace, post-quantum cryptography, or the latest news in the DeFi space.