Post-Quantum Signatures

pq_key, @pq_signed — Dilithium-5 authentication.

Classical ECDSA signatures are vulnerable to sufficiently large quantum computers. Covenant adds pq_key<Scheme> as a first-class storage type and @pq_signed as a decorator that verifies post-quantum signatures at function entry. The verification compiles to a STATICCALL into the chain's PQ precompile (0x0400–0x0401).

pq_vault.cov

record PQVault {
    // Store a Dilithium-5 public key instead of an address
    pq_owner:  pq_key;
    balance:   amount;
    nonce:     u64;

    error BadSignature();

    // @pq_signed verifies the caller's Dilithium-5 signature over
    // (contract_address ++ nonce ++ calldata) before the body runs
    @pq_signed(self.pq_owner)
    action withdraw(to: address, value: amount) {
        if value > self.balance {
            revert_with InsufficientFunds(value, self.balance);
        }
        self.balance -= value;
        self.nonce   += 1;
        transfer(to, value);
    }

    // Standard ECDSA deposit — anyone can fund
    action deposit() {
        self.balance += msg.value;
    }

    error InsufficientFunds(requested: amount, available: amount);
}

hybrid_auth.cov — ECDSA + PQ dual key

record HybridWallet {
    // Both keys must sign for high-value ops
    classical_owner: address;
    pq_owner:        pq_key;
    threshold:       amount;

    // Small withdrawals: classical ECDSA only
    action withdraw_small(to: address, value: amount)
        only(self.classical_owner)
        when(value <= self.threshold)
    {
        transfer(to, value);
    }

    // Large withdrawals: require PQ signature too
    @pq_signed(self.pq_owner)
    action withdraw_large(to: address, value: amount)
        only(self.classical_owner)
        when(value > self.threshold)
    {
        transfer(to, value);
    }
}

Annotations

`pq_key<Dilithium5>`	stores a Dilithium-5 public key (NIST FIPS 204 Level 5). The key is stored as `bytes` in EVM storage.
`@pq_signed(key)`	prepends a STATICCALL to precompile `0x0400` that verifies the signature over the canonical message `keccak256(address ++ nonce ++ selector ++ calldata)`.
Supported schemes	`Dilithium3` (NIST Level 3), `Dilithium5` (NIST Level 5), `Falcon512`, `Falcon1024`. Chain support varies.
Nonce	is automatically incremented by the PQ precompile to prevent replay attacks — you don't manage it manually.

Key takeaways

PQ signatures are a zero-cost abstraction — the compiler emits a precompile call, not a Rust/Solidity verifier.
Hybrid wallets (classical + PQ) are the recommended migration path — quantum resistance without breaking existing tooling.
Covenant's PQ support is chain-dependent; check your target chain's precompile registry.