04 hybrid accounts

Hybrid accounts combine both ECDSA and PQC (ML-DSA-65) cryptography, providing defense against both classical and quantum attacks while maintaining full Ethereum compatibility.

Overview

Hybrid accounts are the recommended migration path for users who need quantum resistance without sacrificing compatibility with the existing Ethereum ecosystem.

Technical Specifications

Key Sizes

Address Derivation

Hybrid accounts use the ECDSA address for backward compatibility:

Alternative (not used):

The wallet uses ECDSA address derivation to maintain compatibility with existing Ethereum infrastructure.

Signature Format

Hybrid transactions require both signatures:

Both signatures must be valid for the transaction to be accepted.

Address Format

Standard Format (ECDSA-Compatible)

• Format: Standard Ethereum address (0x-prefixed hex)

• Length: 40 hex characters (20 bytes)

• Compatibility: Full Ethereum ecosystem compatibility

Bech32m Format (PQC-Enabled)

Hybrid accounts can also be represented in Bech32m format:

• HRP: pqch (mainnet) or tpqch (testnet)

• Version: p (version 1, quantum-safe)

• Length: ~62 characters

• Encoding: Bech32m (BIP-350)

When to Use Hybrid Accounts

✅ Use Hybrid When:

• Migration Path Needed

  • Upgrading from ECDSA to quantum-resistant

  • Maintaining existing address compatibility

  • Gradual transition to PQC

• Maximum Security Required

  • Defense against both classical and quantum attacks

  • Critical infrastructure

  • High-value asset storage

• Full Compatibility Needed

  • Must work with existing Ethereum dApps

  • Need standard Ethereum address format

  • Maintaining backward compatibility

• Future-Proofing

  • Preparing for quantum computing era

  • Long-term security planning

  • Regulatory compliance

❌ Don't Use Hybrid When:

• Gas Cost Optimization

  • High-frequency transactions

  • Cost-sensitive operations

  • Hybrid has highest gas costs (~5.3KB overhead)

• PQC-Only Networks

  • Networks that only support PQC (no ECDSA)

  • Pure PQC applications

  • No need for ECDSA compatibility

• Simple Use Cases

  • Temporary accounts

  • Test accounts

  • When quantum threat is not immediate

• Storage Constraints

  • Limited storage for private keys (4KB+)

  • Mobile devices with storage limitations

Security Considerations

Dual Security Model

Hybrid accounts provide defense in depth:

• Classical Security (ECDSA)

  • Protects against current classical attacks

  • Maintains compatibility with existing infrastructure

  • Standard Ethereum security model

• Quantum Security (PQC)

  • Protects against future quantum attacks

  • NIST Level 3 quantum resistance

  • Long-term security guarantee

Security Benefits

• Defense in Depth: Both signatures must be valid

• Attack Resistance: Resistant to both classical and quantum attacks

• Future-Proof: Ready for quantum computing era

• Backward Compatible: Works with existing Ethereum infrastructure

Best Practices

• Secure Key Storage: Both keys must be stored securely (4KB+ total)

• Backup Both Keys: Maintain backups of both ECDSA and PQC keys

• Recovery Phrases: Use mnemonic phrases that can recover both keys

• Network Compatibility: Verify network supports Hybrid transactions

Account Creation

From Random Generation

From Mnemonic

From Key Import

Migration from ECDSA

Transaction Signing

Hybrid transactions use HybridTx format (Type 3):

• Transaction Type: Type 3 (HybridTx)

• Signature Format: Both ECDSA and PQC signatures required

• Validation: Both signatures must be valid

• Gas Cost: Highest due to dual signatures (~5.3KB overhead)

Gas Cost Considerations

Hybrid transactions have the highest gas costs:

Gas Cost Comparison:

• ECDSA: ~1,040 gas

• PQC: ~84,176 gas

• Hybrid: ~85,216 gas

Migration Scenarios

Scenario 1: ECDSA to Hybrid

Scenario 2: PQC to Hybrid

Scenario 3: New Account

Limitations

• Highest Gas Costs: Most expensive transaction type

• Largest Key Storage: Requires storing 4KB+ of private key data

• Dual Signature Requirement: Both signatures must be valid

• Complexity: More complex than single-signature accounts

Advantages

• Maximum Security: Defense against both classical and quantum attacks

• Full Compatibility: Works with existing Ethereum infrastructure

• Future-Proof: Ready for quantum computing era

• Migration Path: Smooth transition from ECDSA to quantum-resistant

Related Documentation

• Account Comparison - Compare all account types

• ECDSA Accounts - Legacy compatible accounts

• PQC Accounts - Quantum-resistant accounts

• When to Use Each Account Type - Decision guide