Stellar Community Fund

By Nebula Wallet

Quantum-Proof Stellar Wallet

SCF #42

$111.0K

Build

Community Vote

Products & Services

Nebula is a post-quantum wallet for Stellar. The signing key is XMSS (NIST SP 800-208) a hash-based signature scheme that remains secure against Shor's algorithm. Transactions are never authorized by ed25519. Instead, a ZK proof of XMSS signature validity is verified on-chain by a Soroban smart contract using Stellar's native BN254 host functions.

NIST finalized its first post-quantum cryptography standards in 2024 (FIPS 203–205), and XMSS was standardized earlier under SP 800-208. Harvest-now-decrypt-later attacks are already documented against classical key schemes. Stellar's current ed25519-only signing is a long-term liability for any funds that need to remain secure over a 10–15 year horizon. Nebula is the only wallet on Stellar addressing this today.

Current features live on the Stellar testnet:

The Soroban smart contract verifies Groth16/BN254 proofs with replay protection enforced via per-wallet nonces. Funds move only if the proof is valid and the nonce is fresh; no signature replay is possible.
Rust CLI (nebula) with wallet create, fund, and withdraw and an interactive TUI. The withdrawal flow runs entirely on the user's machine: XMSS signs locally > SP1 zkVM proves signature validity > Sindri compiles to Groth16 > contract verifies on-chain.
Chrome extension with XMSS key generation running in WASM (never leaves the browser), Sindri proving from the background service worker, and transaction submission via relay server. Private keys are never transmitted.
Relay server (Node.js, Docker) that works around Soroban testnet RPC's current BN254 simulation gap by running Stellar contract invoke locally. It is stateless and holds no user keys or funds.

With SCF funding, we will:

Replace Sindri cloud proving with a self-hosted SP1 prover. This removes the only remaining third-party dependency in the signing flow and makes the wallet fully non-custodial.
Replace Groth16/BN254 with a Poseidon-based proof system using Stellar's newly released Poseidon host functions. This reduces the on-chain verification cost and removes the BN254 pairing dependency.
Resume Falcon (NIST FIPS 206) implementation previously blocked by our hardware constraints as an opt-in alternative to XMSS with significantly smaller keys and signatures.
Deploy on Stellar mainnet with full key management UX: XMSS key rotation warnings, atomic fund migration, and encrypted key backup/restore.

Requested Budget

$111.0K

Traction Evidence

Live & Proven.

First post-quantum withdrawal executed on Stellar testnet March 12, 2026 at contract CCQ4R5FTHPDBGPMYEWEDRKZMHWHYN4QB26DRTZCM4MICARWNLJK56Q6B. Multiple withdrawals confirmed with incrementing nonces, proving the full cryptographic stack works end-to-end: XMSS sign > Sindri Groth16 proof > Soroban on-chain verification > XLM transfer.

Verifiable. Public proof: https://stellar.expert/explorer/testnet/tx/e90b5d48539aa038ca4d88858ce48ab4fee58660ee7f31cd9acbe149714013b8 (successful, processed 2026-03-15 11:08:02 UTC).

Production Ready. One-line CLI installer (Linux/macOS). Functional Chrome extension. Open-source codebase at https://github.com/Eshan276/nebulav2.

The most urgent threat to blockchain security isn't a quantum computer breaking your wallet

Today, it's the "Harvest Now, Decrypt Later" (HNDL) attack already underway.

Nation-states are collecting public keys and transaction data from public blockchains right now.

Now, storing them and waiting until quantum hardware matures. Every Bitcoin or Stellar

A transaction permanently broadcasts your public key on-chain. The [NSA, CISA, and

NIST](https://www.nist.gov/publications/nist-ir-8547-transition-post-quantum-cryptography-standards),

along with a [2025 Federal Reserve paper](https://www.federalreserve.gov/econres/feds/),

confirm this threat is active and migration after Q-Day will be too late for wallets

that have already exposed their keys.

The scale of exposure is enormous. An estimated $440 billion in Bitcoin sits in

addresses with already-exposed public keys, including ~1 million BTC linked to Satoshi

Nakamoto. Stellar faces the same risk as every account that has ever transacted has broadcast

It's the Ed25519 public key forever. Quantum hardware is also advancing faster than expected:

[Google's Willow chip](https://blog.google/technology/research/google-willow-quantum-chip/)

(Dec 2024) proved fault-tolerant quantum computing is physically achievable, and a 2026

paper cut the qubit requirement to break RSA-2048 by 10x. Expert consensus now puts Q-Day

at 5–15 years away.

Governments and the crypto industry are responding at scale. [NIST finalized three

post-quantum standards](https://csrc.nist.gov/news/2024/postquantum-cryptography-fips-approved)

(FIPS 203/204/205) in August 2024, and the U.S. has mandated full federal migration by 2035

with a $7.1 billion budget. Vitalik Buterin published a [4-year Ethereum quantum

roadmap](https://ethereum-magicians.org/) in February 2026, Coinbase formed a Quantum

Advisory Council, and Citi dubbed it ["The Trillion-Dollar Security

Race."](https://www.citigroup.com/) For Stellar built for remittances, tokenized assets,

and CBDCs, the window to protect wallets is before they transact, not after.

More Detailed Doc About Our Research: https://drive.google.com/file/d/1dBr5cVhn7Cb5SKnnVVcWHBWVoEaxp6tw/view

Tranche 1 (Deliverable Roadmap) - MVP

Milestone 1 — Infrastructure & Core Systems

Timeline -> ~8 weeks

Deliverable 1: Self-Hosted Prover Infrastructure

Brief description: Replace third-party proving services (Sindri) with a fully self-hosted prover to establish a non-custodial cryptographic backend. This is an architectural shift requiring specialized engineering expertise at the intersection of zero-knowledge cryptography and high-performance GPU infrastructure. Includes deterministic proving controls to ensure proofs are reproducible with no nondeterministic GPU behavior, as required by Nebula.
How to measure completion:
- Third-party prover (Sindri) was fully removed and replaced with sovereign infrastructure.
- The self-hosted (AWS) prover is operational and integrated into the backend pipeline.
- Deterministic proof reproduction verified across controlled environments.
- Cost and trust dependencies on external services eliminated.
Budget: $9,300

Deliverable 2: Proof System Prototype (Optimized Verification)

Brief description: A focused prototype exploring an optimized on-chain verification approach using Poseidon-based hashing to reduce gas costs and improve scalability. Not a full production system designed to validate feasibility and benchmark performance before committing to a complete rewrite in later stages.
How to measure completion:
- Prototype Soroban contract deployed on Stellar testnet.
- Proof generation and verification work end-to-end.
- Benchmark results comparing gas cost and execution efficiency against the baseline system were documented and published.
Budget: $4,000

Deliverable 3: Falcon Signature Integration (Advanced Post-Quantum System)

Brief description: Implement Falcon — a NIST-standardized, stateless lattice-based post-quantum signature scheme — as an advanced alternative to XMSS within Nebula. This expands cryptographic flexibility while maintaining post-quantum security guarantees. Key challenges include adapting Falcon's NTRU lattice operations and floating-point arithmetic into deterministic, ZK-compatible circuits and extending on-chain verification logic to support Falcon-based proofs. A short-term cryptographic specialist with post-quantum and lattice-based scheme experience will be engaged to validate and accelerate this work.
How to measure completion:
- Falcon-based key generation, signing, and verification work end-to-end.
- Full integration with the Nebula pipeline (client → prover → contract).
- Successful verification of Falcon-based proofs on mainnet.
- Benchmark results comparing Falcon and XMSS performance have been documented and published.
- Implementation validated against NIST reference standards.
Budget: $9000

Tranche 2 (Deliverable Roadmap) - Testnet

Milestone 2 — Production Testnet & Infrastructure

Timeline -> ~5 weeks

Deliverable 1: Full Proof System (Production Testnet)

Brief description: Upgrade the initial prototype into a fully integrated, production-ready proof system that enables reliable end-to-end proof generation and verification across all Nebula components on the testnet. Replaces the experimental prototype with a complete system covering the prover, Soroban smart contracts, a backend relay, and a client layer handling real transaction data, edge cases, and a consistent execution flow from client > prover > verifier > on-chain confirmation.
How to measure completion:
- Full proof pipeline operational on Stellar testnet.
- Proofs generated from the client are successfully verified on-chain.
- The legacy prototype system was fully removed and replaced.
- Valid proofs accepted and invalid proofs correctly rejected.
- Consistent behavior demonstrated across multiple test runs.
Budget: $16,500

Deliverable 2: Post-Quantum Key Lifecycle (XMSS Rotation)

Brief description: Implement a complete lifecycle management system for post-quantum XMSS keys, including usage tracking, exhaustion detection, user-facing migration flows, and atomic on-chain key replacement. Because XMSS is a stateful signature scheme with a limited number of uses per key, this system is critical to preventing key reuse or permanent fund loss in real-world conditions.
How to measure completion:
- Key usage tracking correctly reflects remaining signature capacity.
- Users receive warnings before exhaustion thresholds are reached.
- Migration flow successfully transfers funds to a new key with no loss of funds or access.
- The system handles edge cases such as interrupted or repeated migration attempts.
Budget: $8,000

Deliverable 3: Relay Infrastructure Hardening

Brief description: Upgrade the relay and backend infrastructure for reliable, scalable, fault-tolerant operation under real-world load. The relay is the critical coordination layer between the client, the proving system, and on-chain verification. This phase refactors it into a stateless, horizontally scalable service with request queuing, rate limiting, structured logging, monitoring dashboards, and alerting for failures or degraded performance.
How to measure completion:
- The system maintains stable performance under concurrent request load.
- No dropped or failed requests during stress testing.
- Monitoring dashboards provide real-time system visibility.
- Alerts are triggered for failures or abnormal conditions.
- Average response time remains within acceptable limits under load.
Budget: $6500

Deliverable 4: Basic CI Pipeline (Development Foundation)

Brief description: A foundational CI pipeline across all Nebula repositories (ZK circuits, smart contracts, backend services, browser extension) using GitHub Actions. Standardizes build environments, runs automated tests and static checks on every PR, and ensures component compatibility as subsystems are developed in parallel.
How to measure completion:
- CI pipelines are active across all repositories.
- Automated workflows are enforced on every pull request and commit.
- Breaking changes are blocked from merging via pipeline gates.
- Shared environment configuration templates are documented and in use.
Budget: $3000

Tranche 3 (Deliverable Roadmap) - Mainnet

Milestone 3 — Mainnet Launch & Advanced Cryptography

Timeline -> ~10 weeks

Deliverable 1: Mainnet Deployment & Internal Security Hardening

Brief description: Deploy Nebula to the Stellar mainnet with production-grade infrastructure across all components, smart contracts, backend relay, prover coordination layer, and client. Transitions the system from a fully tested environment into live operation involving real assets, with staged rollout procedures, final integration validation across the full stack (client > relay > prover > contract), and internal security hardening covering contract logic, proof verification correctness, input validation, and failure handling.
How to measure completion:
- Smart contracts are successfully deployed and operational on the mainnet.
- At least 400+ successful end-to-end transactions executed without failure.
- Proof generation and verification are functioning correctly in production.
- No critical vulnerabilities or system-breaking issues observed.
- System remains stable under real usage conditions.
Budget: $10,000

Deliverable 2: Monitoring & Operations Setup

Brief description: Deploy monitoring and operational tooling across all production infrastructure to ensure system reliability, visibility, and rapid incident response post-launch. Covers metrics dashboards, health checks, and alerting for all critical system components.
How to measure completion:
- Monitoring dashboards are active across all production components.
- Alerts are configured for failures and abnormal conditions.
- System health is continuously tracked post-launch.
Budget: $11,500

Deliverable 3: Production CI/CD & Release Pipeline

Brief description: Upgrade the foundational CI setup into a production-grade CI/CD and release pipeline with deterministic builds, automated testnet deployments, and full release management across all Nebula components. Covers ZK circuits, smart contracts, backend services, and the client extension with versioned releases, reproducible WASM/binary outputs, rollback capabilities, and integrated security validation gates.
How to measure completion:
- Automated deployment to testnet and staging environments is functional.
- Versioned releases generated for the extension and SDK.
- Builds are reproducible across environments.
- CI/CD pipelines enforce validation before every deployment.
- Release process supports rollback and controlled updates.
Budget: $6,500

Deliverable 4: Browser Extension (Production-Ready Client)

Brief description: A production-ready browser extension handling secure client-side cryptographic operations, including key generation, encryption, and signing, with full integration into the proving system and backend relay. Requires careful handling of sensitive cryptographic material to prevent key exposure and ensure transaction integrity.
How to measure completion:
- Extension published and installable.
- Secure key generation and encrypted storage are functional.
- Signing and submission flow is working end-to-end.
Budget: $8,000

Deliverable 5: Documentation & Developer SDK

Brief description: Produce comprehensive technical documentation and a developer-facing SDK to support external integrations, ecosystem adoption, and long-term maintainability of the Nebula system. Covers integration guides, API references, ZK circuit documentation, smart contract ABIs, and SDK tooling, enabling developers to build on top of Nebula's post-quantum infrastructure.
How to measure completion:
- Full API and integration documentation published
- SDK is published and installable with working examples
- ZK circuit and smart contract documentation are complete
- Developer onboarding guide covering end-to-end integration flow
- Documentation versioned and maintained alongside releases
Budget: $7,500