Weekly Updates

Weekly Development Snapshot

Status / overview

• April 3rd: Audit complete of 2 cryptographic libraries.
• March 31st: QRL 2.0 Testnet V2 Released.
• Audits: Internal and External work ongoing

64 Byte addresses

• 64 bytes address related changes done for qrvmone, qrvmc
• hyperion is being reviewed for 64 bytes address related changes

P2P Layer PQ Implementation

• Falcon-1024 has been implemented and PR is currently being reviewed

Daniel Bernstein’s “Exploiting ML-DSA Bugs” review

The QRL ML-DSA implementation is not broken and is not at risk from any of the three forgery attacks described in the paper. Each attack relies on a specific implementation bug; we checked for all three at the bit/byte level, confirmed each is absent, and corroborated the findings with empirical probes and the existing test suite.

To guard against such bugs being introduced into the codebase in the future, we added specific regression tests.

Additional CVE review (ML-DSA Timing)

We additionally confirmed that the most recently disclosed ML-DSA timing vulnerability (Decompose, CVE-2026-22705) is not present.

Weekly Development Snapshot

Status / overview

• April 3rd: Audit complete of 2 cryptographic libraries.
• March 31st: QRL 2.0 Testnet V2 Released.
• Audits: Internal and External work ongoing

go-qrllib

• ML-KEM-1024 changes merged
• Dilithium5 removed, with CI enhancements
• Falcon-1024 implementation is in progress

64 bytes address

• Migration to 64-byte addresses merged for go-qrl
• 64-byte word accounting now used across QRVM gas and tracers
• 64-byte address changes merged for go-qrllib qrvmc

Weekly Development Snapshot

Status / overview

• April 3rd: Audit complete of 2 cryptographic libraries.
• March 31st: QRL 2.0 Testnet V2 Released.
• Audits: Internal and External work ongoing

go-qrllib

• ML-KEM-1024 implementation finished
• Falcon-1024 implementation is in progress

64 bytes address

• Changes reviewed for qrysm, go-qrllib
• Changes being reviewed for hyperion, qrvmone, go-qrl, qrl-web3-wallet etc.

Weekly Development Snapshot

Status / overview

• April 3rd: Audit complete of 2 cryptographic libraries.
• March 31st: QRL 2.0 Testnet V2 Released.
• Audits: Internal and External work ongoing

Qrysm

• Finished all upstream patches

64 bytes address

• Implementation finished for multiple repos including go-qrllib, qrysm, go-qrl, hyperion, qrvmone etc.
• Implementation is Currently being reviewed and tested

go-qrllib

• Falcon-1024 implementation is still in progress
• ML-KEM implementation has begun, it will be used in P2P layer

Weekly Development Snapshot

Status / overview

• April 3rd: Audit complete of 2 cryptographic libraries.
• March 31st: QRL 2.0 Testnet V2 Released.
• Audits: Internal and External work ongoing

Qrysm

• Upstream patches are still being reviewed and merged

64 bytes address / wallets

• Address related changes done for QRVMC, QRVMONE, go-qrl & qrysm and current being reviewed before merge
• Address-space changes complete in go-qrllib and wallet.js
• EIP-55 style address checksums implemented in wallet.js and go-qrllib

go-qrllib

• Falcon-1024 & ML-KEM implementation are still in progress

Weekly Development Snapshot

Qrysm

• Nodes tested with 48 bytes address and working totally fine
• Making changes to move from 48 bytes address to 64 bytes address, to have complete NIST Security Level 5
• Upstream patches are still being reviewed and added

go-qrllib

• Falcon-1024 implementation is still in progress
• ML-KEM implementation has begun, it will be used in P2P layer

In light of increasingly significant supply chain attacks. While no substantial issues have been found, enhancements to our CI/CD setup has been undertaken following review to follow best current practices and learn from adverse events elsewhere.

Weekly Development Snapshot

Status / overview

• April 3rd: Audit complete of 2 cryptographic libraries. See Halborn Audit Validates QRL’s Post-Quantum Cryptography Library.
• March 31st: QRL 2.0 Testnet V2 Released. See QRL Launches Post-Quantum Smart Contract Testnet Ahead of 2.0 Mainnet.
• Audits: Internal and External work ongoing

Qrysm

• 48 bytes address changes finished. PR is being reviewed.
• Upstream patches are still being reviewed and added

QRL-Web3-Wallet

• Changes are in progress to support 48 bytes address size

go-qrllib

• Falcon-1024 implementation is still in progress

Weekly Development Snapshot

Status / overview

• April 3rd: Audit complete of 2 cryptographic libraries. See Halborn Audit Validates QRL’s Post-Quantum Cryptography Library.
• March 31st: QRL 2.0 Testnet V2 Released. See QRL Launches Post-Quantum Smart Contract Testnet Ahead of 2.0 Mainnet.
• Audits: Internal and External work ongoing

Qrysm, go-qrl & hyperion

• Changes related to 48 bytes address length is finished
• Node is being tested privately with new address size of 48 bytes

Qrysm

• Upstream patches are being reviewed and applied

go-qrllib

• Falcon implementation to be used in P2P is in progress

Weekly Development Snapshot

Status / overview

• April 3rd: Audit complete of 2 cryptographic libraries. See Halborn Audit Validates QRL’s Post-Quantum Cryptography Library.
• March 31st: QRL 2.0 Testnet V2 Released. See QRL Launches Post-Quantum Smart Contract Testnet Ahead of 2.0 Mainnet.
• Audits: Internal and External work ongoing

48-bytes Address

• Changes are in progress to support new address size in go-qrl and go-qrllib

Falcon

• Falcon-1024 is being implemented which will be used for p2p layer

Qrysm

• Bug fix are still in progress

Testing

• Successfully stress tested network with 952 (21,000 gas per transaction) transactions per block.

wallet.js

• added version and descriptor data to wallet context
• rebuilt and fixed cross-verification coverage around the new context format.

go-qrllib

• tightened Descriptor.IsValid() so only canonical ML-DSA-87 and SPHINCS+-256s wallet descriptors are accepted, with tests and docs updated to match.

rust-qrllib

• exploratory implementation to investigate webasm performance gains

zond-faucet

• Shipped initial QRL 2.0 Testnet V2 Faucet release for internal testing

Audits

• Internal and External work ongoing

block-explorer[legacy]

• added supply-oriented API endpoints and cleaned up supply tracking and presentation

Weekly Development Snapshot

Status / overview

• April 3rd: Audit complete of 2 cryptographic libraries. See Halborn Audit Validates QRL’s Post-Quantum Cryptography Library.
• March 31st: QRL 2.0 Testnet V2 Released. See QRL Launches Post-Quantum Smart Contract Testnet Ahead of 2.0 Mainnet.
• Code freeze completed for all relevant repositories.

QRL Testnet V2 Test

• Upcoming Reset: A network reset will be made to implement the 48-byte address

48-bytes Address

• Ready: qrvmc, qrvmone, hyperion has been updated to support 48 bytes address
• In-progress: go-qrl, qrysm are being updated to support new address format

Qrysm

• Merged several upstream patches
• More tests added
• Update GensisValidatorsRoot for staking-deposit-cli