explaingit

quipnetwork/hashsigs-solidity

11,559SolidityAudience · developerComplexity · 4/5LicenseSetup · hard

TLDR

Solidity smart contracts that let Ethereum applications verify digital signatures designed to stay secure even against quantum computers. An early-stage research project using hash-based WOTS+ signatures.

Mindmap

mindmap
  root((repo))
    What It Does
      On-chain WOTS+ verify
      Post-quantum security
      Hash-based signatures
    Tech Stack
      Solidity
      Hardhat
      Foundry
      Ethereum
    Use Cases
      Quantum-safe auth
      Smart contract signing
      DeFi security
    Audience
      Blockchain developers
      Crypto researchers
    Setup
      Install Foundry
      Node.js dependencies
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Add quantum-resistant signature verification to an Ethereum smart contract so it remains secure against future quantum attacks

USE CASE 2

Use as a starting point for researching post-quantum authentication patterns on a blockchain

USE CASE 3

Integrate WOTS+ signature checking into a DeFi or identity protocol that needs long-term cryptographic security

Tech stack

SolidityHardhatFoundryEthereum

Getting it running

Difficulty · hard Time to first run · 1h+

Early-stage research code with minimal documentation, requires Foundry and Node.js to build and test.

Source code must remain open under AGPL-3.0, if you use this in a network service, you must publish your modified source code.

In plain English

This repository contains Solidity smart contracts that implement a type of digital signature scheme called WOTS+, short for Winternitz One-Time Signature Plus. Solidity is the programming language used to write code that runs on the Ethereum blockchain, so these contracts are intended to be deployed on a blockchain environment. WOTS+ is a hash-based signature scheme, meaning its security comes from hash functions rather than from the mathematical problems (like factoring large numbers) that underpin most current encryption. Hash-based signatures are considered post-quantum, which means they are believed to remain secure even if large-scale quantum computers become available, since quantum computers are expected to break several of the classical approaches but not hash-based ones. The one-time aspect means each signing key should only be used to sign a single message, reusing it weakens the security guarantees. The project is described as providing a way to verify post-quantum signatures on-chain, which would allow smart contracts to authenticate data using quantum-resistant proofs rather than the standard Ethereum signature scheme. The README is sparse and covers only the development setup. The project uses two Ethereum development tools: Hardhat and Foundry. To get started, you install Foundry and the Node.js dependencies, then run tests with the forge command. A build command compiles the contracts. This is an early or research-grade project from quip.network, available under the GNU Affero General Public License version 3. Beyond the setup instructions, the README does not document the contract interfaces or intended use cases in detail.

Copy-paste prompts

Prompt 1
I want to use the hashsigs-solidity WOTS+ contracts to verify a quantum-resistant signature inside my Ethereum smart contract. Show me how to call the verifier contract and what inputs it expects.
Prompt 2
Help me set up the hashsigs-solidity repo locally using Foundry, run the existing tests, and explain what each test is verifying about the WOTS+ scheme.
Prompt 3
I'm building an Ethereum app that needs to stay secure against quantum computers. Compare using hashsigs-solidity WOTS+ versus the standard ECDSA signatures Ethereum uses today, what are the trade-offs in gas cost and security?
Open on GitHub → Explain another repo

← quipnetwork on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.