QuantumPools

Quantum Safe Pools is a hybrid DeFi protocol designed to harden decentralized liquidity infrastructure against two systemic failures in current Ethereum-based systems: the eventual breakage of ECDSA under quantum adversaries, and the persistent loss of LP value due to MEV-driven toxic flow. Classical externally owned accounts and long-lived LP positions rely on elliptic-curve assumptions that are not quantum-resistant, meaning their security degrades over time. Simultaneously, AMMs lack any notion of on-chain identity, allowing arbitrage bots and JIT liquidity strategies to exploit deterministic execution and public state, extracting value from LPs without contributing risk or capital efficiency.

At the account layer, Quantum Safe Pools replaces ECDSA-based authorization with post-quantum signatures using Dilithium. Users interact through ERC-4337 smart contract wallets that validate Dilithium signatures instead of secp256k1. Because native on-chain verification of Dilithium signatures is prohibitively expensive, the protocol uses zkSNARKs (Groth16) to prove the correctness of off-chain signature verification. The smart account verifies a succinct proof rather than the raw signature, reducing verification costs from millions of gas to practical levels while preserving post-quantum security. Account abstraction further allows the signature scheme to be upgraded without migrating assets or LP positions.

Post-quantum public keys are significantly larger than classical keys, creating a storage and calldata bottleneck if handled naively. Quantum Safe Pools addresses this by separating identity data from settlement logic. Large Dilithium keys and metadata are maintained off-chain, while Ethereum only stores compact commitments and verification hooks. This “Shadow Registry” design preserves Ethereum’s role as the trust anchor while avoiding the gas costs associated with storing or transmitting multi-kilobyte keys on every interaction. Identity validity is therefore enforced cryptographically without bloating the base layer.

At the liquidity layer, the protocol integrates identity directly into AMM execution using a Uniswap v4–style hook. The hook executes on every swap and liquidity action and queries the identity status associated with the calling smart account. Fee calculation, pool access rules, and liquidity permissions are dynamically adjusted based on this status. Quantum-verified accounts receive lower swap fees, while unverified or legacy flows incur higher fees that are redistributed to LPs. This transforms identity from an off-chain concept into an on-chain economic signal enforced at execution time.

The same hook mechanism is used to mitigate MEV and Just-in-Time liquidity attacks. Actions that are known to be MEV-sensitive—such as adding or removing liquidity immediately before or after large swaps—require a valid post-quantum authorization proof. Because bots cannot cheaply generate or rotate quantum-safe identities, this creates a cryptographic barrier to JIT strategies without introducing centralized allowlists or trusted actors. MEV resistance is achieved through authorization constraints rather than timing games or private mempools.

While identity-aware execution reduces toxic flow, public AMMs still leak strategic information through transparent state. To address this, Quantum Safe Pools introduces a dual-pool architecture consisting of standard public pools and privacy-preserving dark pools. Dark pools use Fully Homomorphic Encryption (FHE) to store balances, reserves, and intermediate swap values in encrypted form. AMM arithmetic—such as reserve updates and invariant checks—is performed directly on ciphertexts, allowing the contract to enforce correctness without learning the underlying values. This prevents front-running, whale tracking, and strategy replication while remaining fully on-chain.

FHE is integrated in a modular way. During development and testnet deployment, encrypted operations are simulated to allow rapid iteration and gas profiling. In production, the same pool logic can be deployed on FHE-enabled execution environments where encrypted arithmetic is supported natively. This design allows the protocol to offer confidentiality where it is economically justified, while maintaining standard AMM performance for public liquidity.

Supporting infrastructure ties these components together. ERC-4337 paymasters enable gas abstraction, allowing users to onboard with post-quantum accounts without first holding ETH. zkSNARK verification contracts act as cryptographic bridges between off-chain computation and on-chain enforcement. The AMM factory and router expose a unified interface for both public and dark pools, ensuring composability with existing DeFi tooling while preserving differentiated execution semantics internally.

In effect, Quantum Safe Pools combines post-quantum cryptography, account abstraction, identity-aware AMM hooks, zkSNARK-based verification, and optional FHE-based confidentiality into a single coherent system. The result is not merely a more secure DEX, but a protocol that encodes security, identity, and privacy directly into economic logic. By aligning cryptographic strength with financial incentives, the system creates a practical migration path toward quantum-safe, MEV-resilient, and privacy-preserving DeFi infrastructure.

Quantum Safe Pools is built as a layered system that combines post-quantum cryptography, account abstraction, identity-aware AMM logic, and optional encrypted execution. The design goal was to keep Ethereum as the final settlement and security layer, while offloading computation and data that would otherwise be impractical or prohibitively expensive on-chain.

At the account layer, the project uses ERC-4337 account abstraction to replace traditional EOAs with smart contract wallets that support non-ECDSA authentication. Each user operates through a Quantum Account contract that validates Dilithium post-quantum signatures instead of secp256k1. Because Dilithium verification is extremely gas-expensive if done directly in Solidity, signatures are verified off-chain and wrapped inside a Groth16 zkSNARK proof. On-chain, the account contract only verifies the succinct proof, making post-quantum authentication feasible within normal gas limits. This setup also makes the signature scheme upgradeable without migrating funds or LP positions.

To handle the size and cost of post-quantum keys, the project introduces a hybrid identity architecture. Large Dilithium public keys and identity metadata are not stored directly on Ethereum. Instead, they are managed off-chain using state-channel style infrastructure, while Ethereum stores only compact commitments and verification hooks. This “Shadow Registry” design avoids multi-kilobyte calldata and storage costs while keeping all security guarantees anchored to on-chain verification. For this, the project integrates the Yellow Network Nitrolite SDK, which provides fast off-chain signing, batching, and reliable data availability. Yellow’s infrastructure allows identity checks and signature aggregation to happen cheaply and quickly, while Ethereum only settles the final proof.

On the transaction flow side, ERC-4337 UserOperations are constructed in the frontend and MetaMask Snap, signed with Dilithium, optimized and optionally batched using the Yellow SDK, and then submitted to the EntryPoint contract. Inside validateUserOp, the Quantum Account verifies the zkSNARK proof of signature correctness before allowing execution. This flow significantly reduces gas costs and also enables multi-step actions—such as pool creation followed by liquidity addition—to be executed atomically in a single UserOperation, which would normally require multiple transactions.

At the AMM layer, Quantum Safe Pools borrows the Uniswap v4 architectural pattern by using a custom hook contract that executes before swaps and liquidity operations. This hook queries the caller’s identity status and dynamically alters pool behavior. Fees are calculated conditionally, with quantum-verified accounts receiving discounted fees and unverified or legacy flows paying higher fees. The hook also enforces additional authorization checks for MEV-sensitive actions such as adding or removing liquidity around large swaps. This is how identity is translated directly into execution-time economic logic, rather than being an off-chain reputation system.

To address information leakage and front-running, the protocol implements a dual-track pool architecture. Standard pools behave like classical AMMs and prioritize low gas usage and composability. In parallel, dark pools are implemented with Fully Homomorphic Encryption (FHE) abstractions. In these pools, reserves, balances, and swap calculations are stored and updated in encrypted form. AMM math (reserve updates, invariant checks) is performed directly on ciphertexts, ensuring that neither observers nor validators can infer trade sizes or LP positions. On testnets, FHE operations are mocked to allow rapid iteration and realistic gas profiling; in production, the same contracts are designed to be deployable on FHE-enabled execution environments with minimal changes.

The smart contract architecture is modular: separate contracts handle quantum accounts, account factories, AMM factories, routers, pools, hooks, and paymasters. This separation allowed rapid iteration during the hackathon while keeping responsibilities clean and auditable. The router exposes a unified interface for both normal and dark pools, ensuring that frontend and integration logic does not need to branch on pool type.

On the frontend and UX side, the project uses a React + TypeScript stack with wagmi v2 for blockchain interactions. A custom MetaMask Snap is used to generate and manage Dilithium keypairs inside the wallet environment, keeping private keys off the browser and aligned with the ERC-4337 flow. The Snap handles post-quantum signing transparently, so users interact with the app similarly to a normal DeFi interface despite the heavier cryptography under the hood.

One particularly hacky but impactful part of the build is the signature compression pipeline: Dilithium signatures are generated in the Snap, verified off-chain, compressed into zkSNARK proofs, batched via Yellow infrastructure, and only then verified on-chain. This pipeline is what makes post-quantum DeFi practical today rather than purely theoretical. Another notable aspect is the decision to implement FHE pools alongside normal pools in the same protocol, allowing privacy to be opt-in and economically justified rather than universally imposed.

Overall, Quantum Safe Pools is assembled from production-grade primitives—ERC-4337, zkSNARKs, Uniswap v4 hooks, state channels, and FHE—but combined in a way that encodes security, identity, and privacy directly into DeFi execution. The system is intentionally modular so that individual components (signature schemes, FHE backends, identity infrastructure) can evolve without breaking the economic or architectural core.

Canva: https://www.canva.com/design/DAG7xar7_V8/o7w68xplCxV1ow9YIVyoKg/edit?utm_content=DAG7xar7_V8&utm_campaign=designshare&utm_medium=link2&utm_source=sharebutton

NPM Package: https://www.npmjs.com/package/quantum-pools-snap