Lattice: A Post-Quantum Settlement Layer
Source: arXiv:2603.07947 · Published 2026-03-09 · By David Alejandro Trejo Pizzo
TL;DR
Lattice is a peer-to-peer cryptocurrency protocol designed from inception as a post-quantum secure settlement layer. It addresses three main challenges: hardware accessibility by using RandomX CPU-only proof-of-work to enable decentralized mining on commodity CPUs; network resilience through per-block difficulty adjustment using LWMA-1 to rapidly respond to hash rate fluctuations and avoid the Flash Hash Rate vulnerability inherent in Bitcoin's slower retargeting; and cryptographic resilience via exclusive use of the NIST-standardized lattice-based ML-DSA-44 (Dilithium2) post-quantum digital signature scheme from genesis, with no fallback to classical ECDSA. This combined approach makes Lattice resistant to the emerging threat of quantum computing capable of breaking current elliptic curve cryptography. The economic model preserves Bitcoin's halving supply schedule but adds a perpetual tail emission to incent miners indefinitely. Lattice aims to be a live, long-lived platform suitable as a post-quantum safe settlement layer operating in parallel to Bitcoin, producing empirical data on the engineering tradeoffs involved. Empirical lessons from Monero's RandomX deployment inform the CPU mining assumptions, and formal security bounds are provided for cryptographic and consensus components.
Key findings
- RandomX PoW requires 2GB RAM per mining thread, enabling widely accessible CPU mining but deterring ASICs by requiring general-purpose CPU features (random VM programs, floating point, branch prediction).
- LWMA-1 per-block difficulty adjustment with N=120 and weighted solve times enables recovery from a 10× hash rate drop within ~8 hours, vs Bitcoin’s slow recovery over multiple 2016-block (~14 day) periods.
- Exclusive use of ML-DSA-44 (Dilithium2) PQ signatures from genesis eliminates classical ECDSA fallback and associated quantum vulnerabilities; public keys 1312 bytes, signatures 2420 bytes vs 33 and 72 bytes in ECDSA.
- Estimated botnet mining with RandomX can reach ~10 GH/s with 5 million compromised nodes but remains limited by hardware and detection costs; Monero data shows botnet mining remains below 5% hashrate.
- Lattice’s warm-up period uses ~5,670 fast blocks of ~53s with reduced coinbase rewards (25 LAT) before switching permanently to 240s block times and a long tail emission of 0.15 LAT per block.
- Total supply projected with halving every 295,000 blocks and perpetual tail emission, enabling sustainable miner incentives beyond Bitcoin’s subsidy end date (~2140).
- Formal security proofs include ML-DSA-44 reduction bounds, LWMA-1 convergence guarantees, memory-hardness bounds for RandomX, and game-theoretic stability of tail emission.
- Hardware recommendations include minimum 16GB RAM and quad-core CPU; deployment on consumer devices like Mac Mini demonstrated viable full node and mining operation.
Threat model
The adversary includes classical miners attempting selfish mining, 51% attacks, flash hash rate withdrawal, and botnets compromising commodity CPUs to inject hash rate covertly. The principal future adversary is a quantum computer capable of running Shor's algorithm to break ECDSA signatures, which Lattice mitigates by exclusively deploying ML-DSA-44 post-quantum signatures from genesis. The adversary cannot efficiently solve the Module-LWE lattice problem or forge ML-DSA-44 signatures. The attacker cannot circumvent the RandomX memory-hard proof-of-work without general-purpose CPU equivalents or perform timestamp manipulation beyond clamping safety bounds.
Methodology — deep read
The threat model assumes adversaries equipped with quantum computers capable of applying Shor's algorithm to break classical ECDSA signatures, as well as conventional miners and attackers attempting hashrate manipulation or network attacks such as flash hash rate events and 51% attacks. The adversary cannot break the lattice-based ML-DSA-44 post-quantum signatures or circumvent RandomX's memory-hard PoW parameters.
Data provenance and training do not apply as Lattice is a full protocol specification and live blockchain deployment project rather than a machine learning model. The paper relies on empirical data from Monero's RandomX mining ecosystem, public NIST cryptanalysis of ML-DSA-44, and prior work on LWMA-1 difficulty adjustment.
The architecture combines three main modules: (1) RandomX PoW with a 2GB memory dataset built by AES-based expansion from a seed, generating a randomized VM program unique per nonce; (2) LWMA-1 difficulty adjuster that calculates per-block target based on the weighted solve times of last 120 blocks, with clamps to prevent timestamp manipulation and difficulty spikes; (3) ML-DSA-44 digital signature scheme implemented per NIST FIPS 204, replacing the classical elliptic curve signature used by Bitcoin. Transaction verification rejects any non-post-quantum keys.
Training in the conventional sense is not applicable. Instead, the protocol uses predefined parameters: 295,000-block halving schedule, 240-second permanent block times after 5,670 warm-up blocks at 53 seconds, block weight stages from 11M to 56M bytes. The Docker-based full node deployment is optimized to run on consumer hardware with at least 16GB RAM and quad-core CPU.
Evaluation protocols include analysis of flash hash rate scenarios against Bitcoin's 2016-block retarget and LWMA-1 per-block adjustment demonstrating ~8 hour recovery from 10× hash rate drops. Botnet analysis models effective hash rates from compromised machines under realistic thermal and usage constraints using Monero network data as a reference. Security proofs cover signature resistance, double-spend prevention, timestamp manipulation, 51% attacks, and game-theoretic incentive stability under tail emissions.
Reproducibility is supported by open-source Docker images for node and mining software, though ledger data and network participation data are live rather than fully closed datasets. The protocol is designed for deployment from genesis, with no hybrid PQC fallback, enabling open empirical testing of post-quantum blockchain engineering trade-offs.
A concrete example is the calculation of the LWMA-1 target for block difficulty: for each new block, the previous 120 block times are weighted linearly with recent blocks weighted higher, multiplied by aggregate target sum, then adjusted within safety bounds to produce a new difficulty target. This enables rapid difficulty tuning to sudden hashrate changes, demonstrated by simulations compared to Bitcoin's slow 14-day adjustment window.
Technical innovations
- Integration of RandomX CPU-only mining with 2GB memory-hard dataset at protocol level to maximize decentralization and ASIC resistance in a post-quantum settlement layer.
- Adoption of LWMA-1 linear weighted moving average for per-block difficulty adjustment, enabling rapid recovery (~8h) from sudden hash rate fluctuations unlike Bitcoin's 14-day retarget period.
- Exclusive application of ML-DSA-44 lattice-based post-quantum digital signatures from genesis block, with no fallback to classical ECDSA to avoid quantum vulnerabilities.
- Economic model combines traditional halving schedule with perpetual tail emission (0.15 LAT per block) to sustain long-term miner incentives beyond subsidy end.
- Comprehensive formal security proofs encompassing consensus convergence, signature security, memory hardness, and economic incentive stability under quantum and classical threat models.
Baselines vs proposed
- Bitcoin retarget difficulty adjustment: recovery from 10× hashrate drop takes multiple 2016-block (~14 day) periods vs Lattice LWMA-1 per-block adjustment: recovery within ~8 hours
- Monero RandomX botnet hashrate share estimated at 2-5% over 6 years vs no direct botnet disruption observed in Lattice assumptions
- ECDSA signature size: 72 bytes vs ML-DSA-44: 2,420 bytes; public key size ECDSA 33 bytes vs ML-DSA-44 1,312 bytes
- Bitcoin block time target after difficulty retarget: 600 seconds vs Lattice stable block time 240 seconds after warm-up phase
Limitations
- Exclusive reliance on ML-DSA-44 lattice signatures entails 30× larger signature sizes than ECDSA, increasing blockchain storage and bandwidth.
- RandomX mining remains vulnerable to botnets exploiting compromised CPUs; while mitigated by economics and detection, botnet hash rate remains a risk.
- LWMA-1 algorithm depends on recent 120 blocks; extreme or coordinated timestamp manipulation remains a possible attack vector despite clamping.
- No evaluation under extreme distributional shifts such as rapid global internet partitions or sustained state-level mining bans is presented.
- Tail emission economics assume persistent miner rationality and network usage, which may vary under unforeseeable future incentives or regulatory changes.
- Quantum resistance is based on current cryptanalysis assumptions of ML-DSA-44 hardness; breakthroughs in lattice cryptanalysis could affect security.
Open questions / follow-ons
- How will the blockchain storage and network overhead from large ML-DSA-44 signatures impact scalability under high transaction volumes long-term?
- What are the economic impacts and practical limits of botnet-driven RandomX mining as botnet sizes evolve in future threat landscapes?
- Can LWMA-1 difficulty adjustment maintain security and stability under prolonged adversarial timestamp manipulations or synchronized miner collusion?
- How will real-world adoption trajectories of Lattice inform the roadmap and optimizations for Bitcoin's eventual post-quantum migration?
Why it matters for bot defense
For bot-defense and CAPTCHA practitioners, Lattice presents a notable case study in building systems resilient to emerging quantum threats while maintaining accessibility and decentralization. The use of hardware-accessible mining (CPU-focused) alongside a cryptographically secure post-quantum signature scheme underscores the importance of layered defense in distributed systems. The challenges of botnet mining in RandomX hint at the potential for adversarial exploitation of commodity hardware resources, analogous to botnets hijacking user devices in CAPTCHA attack scenarios. The rapid per-block difficulty adjustment via LWMA-1 offers a model for adaptive and responsive defense mechanisms in dynamic threat environments. Practitioners should understand that while technical mitigations exist, economic incentives, device heterogeneity, and attacker cost asymmetries significantly influence system security, relevant to CAPTCHA service abuse prevention and bot detection strategies.
Cite
@article{arxiv2603_07947,
title={ Lattice: A Post-Quantum Settlement Layer },
author={ David Alejandro Trejo Pizzo },
journal={arXiv preprint arXiv:2603.07947},
year={ 2026 },
url={https://arxiv.org/abs/2603.07947}
}