tron-nile-testnet/nile-testnet GreatVoyage-v4.8.2-PQ1-build1

on GitHub

Notice

Mandatory upgrade

Adds end-to-end post-quantum (PQ) signature support to resist quantum attacks on ECDSA.

Two schemes are supported, each activated independently by committee proposal:

• FN-DSA-512 / Falcon-512 — variable-length signature with max 667 B, public key 896 B.
• ML-DSA-44 / Dilithium-2 — fixed-length signature 2420 B, public key 1312 B.

New Features

Crypto

• Post-Quantum FN-DSA-512 and ML-DSA-44 signing/verification via BouncyCastle. (#46, #59)
• PQSchemeRegistry centralizes per-scheme key/signature lengths and address derivation. (#46, #59)
• Shared PQAuthSig{scheme, public_key, signature} envelope — repeated pq_auth_sig on transactions and pq_auth_sig on BlockHeader. (#46, #59)

TVM

• Precompiles VerifyFnDsa512, VerifyMlDsa44, BatchValidateFnDsa512, and BatchValidateMlDsa44. (#46, #52, #57, #64)
• Algorithm-agnostic ValidateMultiPQSig precompile for mixed ECDSA + PQ multi-sign. (#46, #57)

Core

• PQ-aware permission threshold checks in transaction, block and p2p handshake. (#46, #49)
• PQ block signing and validation; block reserves pq_auth_sig size to stay under maxBlockSize. (#46)
• Configure PQ witnesses via localPqWitness.keys JSON key files in config.conf. (#46)
• Count pq_auth_sig as bandwidth, and cap PQ transactions per block in the pending pool (node.pqTransInPendingMaxCounts = 1000). (#46)
• Hard-fork VERSION_4_8_2_PQ1 gating proposals ALLOW_FN_DSA_512 and ALLOW_ML_DSA_44. (#48)
• Cross-check the declared PQ witness address at node startup, abort on mismatch. (#62)

Net

• Fast-forward handshakes using PQ authentication. (#46)
• Bound HelloMessage with a 16 KB cap. (#54)
• Bound signature count cap across API and p2p. (#54)
• Adjust Manager.isSameSig to include PQ signatures. (#49)

API

• Add a field pqAuthSigList in the JSON-RPC eth_getTransactionReceipt. (#51)
• Add an optional pq_scheme field in getCanDelegatedMaxSize to account for pq_auth_sig size. (#53)
• Broadcast API returns SERVER_BUSY when the PQ pending pool is full. (#63)

Metric

• Add per-block PQ transaction-count, tx fetch latency and handshake latency metrics. (#46)

Tooling

• Add toolkit command pq-key new for PQ key generation. (#46, #47)

Integrity Check

All jar files available in this release are signed via this GPG key:

• PUB: BBA2FC19D5F0B54AB1EE072BCA92A5501765E1EC
• UID: build@nileex.io
• KeyServer: hkps://keyserver.ubuntu.com

From the download listings below you should see links to the downloadable jar files as well as sig signature files. To verify the authenticity of any jar file, grab the jar and sig files with the same prefix name and then execute the verification process:

Install GPG

Mac OS

brew install gpg

On Debian, Ubuntu and other Linux distributions

sudo apt install gpg

Import Public Key

gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys BBA2FC19D5F0B54AB1EE072BCA92A5501765E1EC

Signature verification

x64

gpg --verify FullNode-Nile-x64-4.8.2-pq1-build1.jar.sig FullNode-Nile-x64-4.8.2-pq1-build1.jar

If the signature verification is passed, the following will be returned:

gpg: Signature made Tue 30 Jun 2026 07:03:45 AM UTC using RSA key ID 1765E1EC
gpg: Good signature from "build_nileex (build_nileex)<build@nileex.io>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: BBA2 FC19 D5F0 B54A B1EE  072B CA92 A550 1765 E1EC

aarch64

gpg --verify FullNode-Nile-aarch64-4.8.2-pq1-build1.jar.sig FullNode-Nile-aarch64-4.8.2-pq1-build1.jar

If the signature verification is passed, the following will be returned:

gpg: Signature made Tue 30 Jun 2026 07:04:08 AM UTC using RSA key ID 1765E1EC
gpg: Good signature from "build_nileex (build_nileex)<build@nileex.io>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: BBA2 FC19 D5F0 B54A B1EE  072B CA92 A550 1765 E1EC