Weekly Updates
QRL Weekly, 2026-July-03
Development Snapshot
Status / overview
- April 3rd: Audit complete of 2 cryptographic libraries.
- March 31st: QRL 2.0 Testnet V2 Released.
- Audits: 50% completion
64 byte addresses
- Most of the changes related to 64 bytes address done for Hyperion.
- go-qrl is currently being fixed with some remaining changes related to 64 bytes address.
Tooling
- Hardhat like tool is being developed for the QRL 2.0 along with the documentation.
P2P Layer
- Falcon-1024 PR is still being reviewed.
QRL Weekly, 2026-June-26
Development Snapshot
Status / overview
- April 3rd: Audit complete of 2 cryptographic libraries.
- March 31st: QRL 2.0 Testnet V2 Released.
- Audits: 50% completion
64 byte address
- 64 bytes address related changes done for hypc-js, qrl-contracts, go-qrl & qrysm
- changes in progress for hyperion related to 64 bytes address
P2P Layer
- Falcon-1024 PR is still being reviewed
QRL Weekly, 2026-June-19
Weekly Development Snapshot
Status / overview
- April 3rd: Audit complete of 2 cryptographic libraries.
- March 31st: QRL 2.0 Testnet V2 Released.
- Audits: Internal and External work ongoing
64 Byte addresses
- 64 bytes address related changes done for qrvmone, qrvmc
- hyperion is being reviewed for 64 bytes address related changes
P2P Layer PQ Implementation
- Falcon-1024 has been implemented and PR is currently being reviewed
Daniel Bernstein’s “Exploiting ML-DSA Bugs” review
The QRL ML-DSA implementation is not broken and is not at risk from any of the three forgery attacks described in the paper. Each attack relies on a specific implementation bug; we checked for all three at the bit/byte level, confirmed each is absent, and corroborated the findings with empirical probes and the existing test suite.
| # | Attack in the paper | Underlying bug it needs | Present in go-qrllib? | Outcome |
|---|---|---|---|---|
| 1 | Secret-key recovery from masks | Duplicated mask coefficients ( AABBCC / A0B0C0 / ABABCDCD ) | No | Not exploitable |
| 2 | Predictable signatures | Secret seed K zeroed/cleared before use | No | Not exploitable |
| 3 | Nonce-reuse forgery | Repeated nonces from a truncated seed hash | No | Not exploitable |
To guard against such bugs being introduced into the codebase in the future, we added specific regression tests.
Additional CVE review (ML-DSA Timing)
We additionally confirmed that the most recently disclosed ML-DSA timing vulnerability (Decompose, CVE-2026-22705) is not present.
QRL Weekly, 2026-June-12
Weekly Development Snapshot
Status / overview
- April 3rd: Audit complete of 2 cryptographic libraries.
- March 31st: QRL 2.0 Testnet V2 Released.
- Audits: Internal and External work ongoing
go-qrllib
- ML-KEM-1024 changes merged
- Dilithium5 removed, with CI enhancements
- Falcon-1024 implementation is in progress
64 bytes address
- Migration to 64-byte addresses merged for go-qrl
- 64-byte word accounting now used across QRVM gas and tracers
- 64-byte address changes merged for go-qrllib qrvmc
QRL Weekly, 2026-June-05
Weekly Development Snapshot
Status / overview
- April 3rd: Audit complete of 2 cryptographic libraries.
- March 31st: QRL 2.0 Testnet V2 Released.
- Audits: Internal and External work ongoing
go-qrllib
- ML-KEM-1024 implementation finished
- Falcon-1024 implementation is in progress
64 bytes address
- Changes reviewed for qrysm, go-qrllib
- Changes being reviewed for hyperion, qrvmone, go-qrl, qrl-web3-wallet etc.
QRL Weekly, 2026-May-29
Weekly Development Snapshot
Status / overview
- April 3rd: Audit complete of 2 cryptographic libraries.
- March 31st: QRL 2.0 Testnet V2 Released.
- Audits: Internal and External work ongoing
Qrysm
- Finished all upstream patches
64 bytes address
- Implementation finished for multiple repos including go-qrllib, qrysm, go-qrl, hyperion, qrvmone etc.
- Implementation is Currently being reviewed and tested
go-qrllib
- Falcon-1024 implementation is still in progress
- ML-KEM implementation has begun, it will be used in P2P layer
QRL Weekly, 2026-May-22
Weekly Development Snapshot
Status / overview
- April 3rd: Audit complete of 2 cryptographic libraries.
- March 31st: QRL 2.0 Testnet V2 Released.
- Audits: Internal and External work ongoing
Qrysm
- Upstream patches are still being reviewed and merged
64 bytes address / wallets
- Address related changes done for QRVMC, QRVMONE, go-qrl & qrysm and current being reviewed before merge
- Address-space changes complete in go-qrllib and wallet.js
- EIP-55 style address checksums implemented in wallet.js and go-qrllib
go-qrllib
- Falcon-1024 & ML-KEM implementation are still in progress
QRL Weekly, 2026-May-15
Weekly Development Snapshot
Qrysm
- Nodes tested with 48 bytes address and working totally fine
- Making changes to move from 48 bytes address to 64 bytes address, to have complete NIST Security Level 5
- Upstream patches are still being reviewed and added
go-qrllib
- Falcon-1024 implementation is still in progress
- ML-KEM implementation has begun, it will be used in P2P layer
In light of increasingly significant supply chain attacks. While no substantial issues have been found, enhancements to our CI/CD setup has been undertaken following review to follow best current practices and learn from adverse events elsewhere.
QRL Weekly, 2026-May-08
Weekly Development Snapshot
Status / overview
- April 3rd: Audit complete of 2 cryptographic libraries. See Halborn Audit Validates QRL’s Post-Quantum Cryptography Library.
- March 31st: QRL 2.0 Testnet V2 Released. See QRL Launches Post-Quantum Smart Contract Testnet Ahead of 2.0 Mainnet.
- Audits: Internal and External work ongoing
Qrysm
- 48 bytes address changes finished. PR is being reviewed.
- Upstream patches are still being reviewed and added
QRL-Web3-Wallet
- Changes are in progress to support 48 bytes address size
go-qrllib
- Falcon-1024 implementation is still in progress
QRL Weekly, 2026-May-01
Weekly Development Snapshot
Status / overview
- April 3rd: Audit complete of 2 cryptographic libraries. See Halborn Audit Validates QRL’s Post-Quantum Cryptography Library.
- March 31st: QRL 2.0 Testnet V2 Released. See QRL Launches Post-Quantum Smart Contract Testnet Ahead of 2.0 Mainnet.
- Audits: Internal and External work ongoing
Qrysm, go-qrl & hyperion
- Changes related to 48 bytes address length is finished
- Node is being tested privately with new address size of 48 bytes
Qrysm
- Upstream patches are being reviewed and applied
go-qrllib
- Falcon implementation to be used in P2P is in progress
Join our mailing list, contact the team or join our vibrant and friendly community of users, developers and enthusiasts on Discord or one of our other social channels