Quickstart
Get QShield running in under 2 minutes. Install the SDK, connect to Solana, and start analyzing keys for quantum vulnerabilities.
npm install qshield-sdk @solana/web3.jsimport { QuantumShield } from 'qshield-sdk'
import { Connection } from '@solana/web3.js'
const connection = new Connection('https://api.mainnet-beta.solana.com')
const qs = new QuantumShield({
connection,
mode: 'monitor' // 'monitor' warns, 'enforce' blocks
})const analysis = await qs.analyze('7xKX...your-public-key...')
// analysis.totalTransactions → real on-chain tx count
// analysis.exposureLevel → 'fresh' | 'low' | 'moderate' | 'high' | 'critical'
// analysis.riskScore → 0–1 based on real data
// analysis.balanceSOL → SOL at risk
// analysis.recommendation → actionable next stepconst result = await qs.scan(transaction)
// result.safe → boolean
// result.action → 'allow' | 'warn' | 'block'
// result.signers → per-signer risk breakdown
// result.riskScore → aggregate riskSDK Reference
The qshield-sdk package provides a TypeScript-first client for analyzing quantum risk on Solana. All analysis is based on real on-chain data queried via Solana RPC.
QuantumShield(config)
interface QShieldConfig {
connection: Connection // Solana RPC connection
mode: 'monitor' | 'enforce'
policy?: {
maxRiskScore: number // Block/warn above this (default: 0.5)
maxKeyExposureTx: number // Alert after N tx (default: 500)
blockHighRisk: boolean // Auto-block high risk (default: false)
alertThreshold: number // Monitor alert threshold (default: 0.6)
onBlock?: (result) => void
onWarn?: (result) => void
}
}qs.analyze(publicKey)
Performs a full on-chain analysis of a Solana public key. Queries transaction history, balance, program interactions, and computes a quantum risk score based on real exposure data.
interface KeyAnalysis {
publicKey: string
totalTransactions: number // Real on-chain tx count
recentTransactions: number // Last 7 days
balanceLamports: number
balanceSOL: number
programsInteracted: string[] // Token Program, Jupiter, etc.
firstActivity: Date | null
lastActivity: Date | null
ageDays: number
exposureLevel: 'fresh' | 'low' | 'moderate' | 'high' | 'critical'
riskScore: number // 0 (safe) to 1 (critical)
riskLevel: 'safe' | 'low' | 'medium' | 'high' | 'critical'
recommendation: string
}qs.scan(transaction)
Scans a Solana transaction before broadcast. Analyzes every signer's on-chain history and produces an aggregate risk assessment. In 'enforce' mode, high-risk transactions are blocked.
interface ScanResult {
safe: boolean
action: 'allow' | 'warn' | 'block'
riskScore: number
riskLevel: string
signers: {
publicKey: string
totalTransactions: number
exposureLevel: string
riskScore: number
}[]
recommendation: string
}qs.planMigration(sourceKey, destinationKey?)
Creates a migration plan to move all assets from a high-exposure key to a fresh one. Detects SOL balance and SPL token accounts. Does not execute — call qs.migrate() to run it.
const plan = await qs.planMigration('source-public-key')
// plan.balanceToTransfer → SOL to move
// plan.tokenAccountsToMigrate → SPL token accounts found
// plan.estimatedCostLamports → total tx fees
// plan.steps → ordered migration instructionsqs.migrate(sourceKeypair, destinationKey)
Executes a SOL migration: transfers all SOL (minus fees) from the source keypair to the destination. Returns signatures and success status.
import { Keypair } from '@solana/web3.js'
const source = Keypair.fromSecretKey(/* your key */)
const freshKey = Keypair.generate()
const result = await qs.migrate(source, freshKey.publicKey)
// result.success → boolean
// result.signatures → on-chain tx signatures
// result.errors → any failuresMonitoring
Continuously monitor Solana public keys for quantum risk changes. The monitor polls on-chain data and fires alerts when a key's risk score crosses your threshold.
qs.createMonitor(keys, onAlert, intervalMs)
const monitor = qs.createMonitor(
['key1...', 'key2...'],
(analysis) => {
console.log(`Alert: ${analysis.publicKey}`)
console.log(`Risk: ${analysis.riskScore}`)
console.log(`Exposure: ${analysis.exposureLevel}`)
console.log(analysis.recommendation)
},
60_000 // poll every 60 seconds
)
monitor.start()
// Add/remove keys dynamically
monitor.addKey('new-key...')
monitor.removeKey('old-key...')
// Stop monitoring
monitor.stop()Post-Quantum Attestation
Solana doesn't support post-quantum signatures on-chain yet. This module provides off-chain attestation: cryptographic proof that a Solana key holder also controls a quantum-resistant ML-DSA key (NIST FIPS 204). When Solana adds PQ support, migration will be seamless.
Generate ML-DSA keypair
import { generatePQKeypair, createAttestation, verifyAttestation }
from 'qshield-sdk'
// Generate a NIST-standard ML-DSA-65 keypair
const pqKeys = await generatePQKeypair()
// pqKeys.publicKey → Uint8Array (1952 bytes)
// pqKeys.secretKey → Uint8Array (4032 bytes)Create & verify attestation
// Bind your Solana key to your PQ key
const attestation = await createAttestation(
'your-solana-public-key',
pqKeys.secretKey,
pqKeys.publicKey
)
// Verify the binding
const valid = await verifyAttestation(attestation)
// valid → trueRisk Scoring
QShield's risk score is based on real on-chain data, not simulation. Every Solana key using Ed25519 is theoretically vulnerable to quantum attack via Shor's algorithm. The risk score quantifies how exposed and valuable a specific key is.
Risk factors
// Transaction exposure (35%)
// More signatures = more public key material on-chain
// Keys with 1000+ tx are critically exposed
// Recent activity (20%)
// Active keys are higher priority targets
// Value at risk (30%)
// More SOL = more incentive for attack
// Key age (15%)
// Older keys have been exposed longerExposure levels
'fresh' → 0 transactions (never used)
'low' → 1–10 transactions
'moderate' → 11–100 transactions
'high' → 101–1000 transactions
'critical' → 1000+ transactions