Hybrid accounts combine both ECDSA and PQC (ML-DSA-65) cryptography, providing defense against both classical and quantum attacks while maintaining full Ethereum compatibility.
Hybrid accounts are the recommended migration path for users who need quantum resistance without sacrificing compatibility with the existing Ethereum ecosystem.
Technical Specifications
Address Derivation
Hybrid accounts use the ECDSA address for backward compatibility:
Alternative (not used):
The wallet uses ECDSA address derivation to maintain compatibility with existing Ethereum infrastructure.
Hybrid transactions require both signatures:
Both signatures must be valid for the transaction to be accepted.
Format: Standard Ethereum address (0x-prefixed hex)
Length: 40 hex characters (20 bytes)
Compatibility: Full Ethereum ecosystem compatibility
Hybrid accounts can also be represented in Bech32m format:
HRP: pqch (mainnet) or tpqch (testnet)
Version: p (version 1, quantum-safe)
Encoding: Bech32m (BIP-350)
When to Use Hybrid Accounts
✅ Use Hybrid When:
Migration Path Needed
Upgrading from ECDSA to quantum-resistant
Maintaining existing address compatibility
Gradual transition to PQC
Maximum Security Required
Defense against both classical and quantum attacks
Full Compatibility Needed
Must work with existing Ethereum dApps
Need standard Ethereum address format
Maintaining backward compatibility
Future-Proofing
Preparing for quantum computing era
Long-term security planning
❌ Don't Use Hybrid When:
Gas Cost Optimization
High-frequency transactions
Cost-sensitive operations
Hybrid has highest gas costs (~5.3KB overhead)
PQC-Only Networks
Networks that only support PQC (no ECDSA)
No need for ECDSA compatibility
Simple Use Cases
When quantum threat is not immediate
Storage Constraints
Limited storage for private keys (4KB+)
Mobile devices with storage limitations
Security Considerations
Dual Security Model
Hybrid accounts provide defense in depth:
Classical Security (ECDSA)
Protects against current classical attacks
Maintains compatibility with existing infrastructure
Standard Ethereum security model
Quantum Security (PQC)
Protects against future quantum attacks
NIST Level 3 quantum resistance
Long-term security guarantee
Security Benefits
Defense in Depth: Both signatures must be valid
Attack Resistance: Resistant to both classical and quantum attacks
Future-Proof: Ready for quantum computing era
Backward Compatible: Works with existing Ethereum infrastructure
Secure Key Storage: Both keys must be stored securely (4KB+ total)
Backup Both Keys: Maintain backups of both ECDSA and PQC keys
Recovery Phrases: Use mnemonic phrases that can recover both keys
Network Compatibility: Verify network supports Hybrid transactions
Account Creation
From Random Generation
From Key Import
Migration from ECDSA
Export ECDSA Private Key
Extract the ECDSA private key from the existing account.
Create Hybrid Account
Create a new Hybrid account using the exported ECDSA key and generate the PQC key pair.
Move funds from the old ECDSA address to the new Hybrid address.
Transaction Signing
Hybrid transactions use HybridTx format (Type 3):
Transaction Type: Type 3 (HybridTx)
Signature Format: Both ECDSA and PQC signatures required
Validation: Both signatures must be valid
Gas Cost: Highest due to dual signatures (~5.3KB overhead)
Gas Cost Considerations
Hybrid transactions have the highest gas costs:
Gas Cost Comparison:
Migration Scenarios
Scenario 1: ECDSA to Hybrid
Export ECDSA Private Key
Extract from existing account.
Create Hybrid Account
Generate PQC key pair, use existing ECDSA key.
Move funds to new Hybrid address.
Update References
Update dApps/contracts to use new address.
Scenario 2: PQC to Hybrid
Export PQC Keys
Extract Dilithium key pair.
Generate ECDSA Key
Create new ECDSA key pair.
Create Hybrid Account
Combine both key pairs.
Move funds to Hybrid address.
Scenario 3: New Account
Create Hybrid Account
Generate both key pairs simultaneously.
Send initial funds to Hybrid address.
Use Both Signatures
All transactions require both signatures.
Highest Gas Costs: Most expensive transaction type
Largest Key Storage: Requires storing 4KB+ of private key data
Dual Signature Requirement: Both signatures must be valid
Complexity: More complex than single-signature accounts
Maximum Security: Defense against both classical and quantum attacks
Full Compatibility: Works with existing Ethereum infrastructure
Future-Proof: Ready for quantum computing era
Migration Path: Smooth transition from ECDSA to quantum-resistant
Account Comparison - Compare all account types
ECDSA Accounts - Legacy compatible accounts
PQC Accounts - Quantum-resistant accounts
When to Use Each Account Type - Decision guide