Skip to content

Releases: AlphaB135/BitQuan

v0.1.0-rc1

11 Jan 15:36
@github-actions github-actions
v0.1.0-rc1
2a92760

Choose a tag to compare

View all tags
v0.1.0-rc1

What's Changed

  • [ci/audit] Repository code & docs sanity sweep — unsafe-macros inventory + MD cleanup by @AlphaB135 in #24
  • fix(p0): unwrap/expect hardening in consensus/crypto - production code clean by @AlphaB135 in #25
  • docs(p1): node/network/mempool hardening analysis - implementation roadmap by @AlphaB135 in #26
  • fix: resolve fuzz target compilation errors by @AlphaB135 in #29
  • fix: Replace unwrap() calls with proper error handling in pow.rs by @AlphaB135 in #32
  • feat: Agent 2 - BQIP-0003 wallet ecosystem and GUI enhancements by @AlphaB135 in #35
  • feat: Complete Dilithium5 post-quantum cryptography migration by @AlphaB135 in #55
  • feat: Complete async network migration with comprehensive security implementation by @AlphaB135 in #54
  • refactor(p2p): Implement Worker Architecture (The Heart Transplant) by @AlphaB135 in #62
  • feat(consensus): ACTIVATE FULL VALIDATION 🧠 by @AlphaB135 in #63
  • chore(ci): bump softprops/action-gh-release from 1 to 2 by @dependabot[bot] in #31
  • chore(ci): bump rustsec/audit-check from 1 to 2 by @dependabot[bot] in #30
  • chore(ci): bump actions/attest-build-provenance from 1 to 3 by @dependabot[bot] in #19
  • chore(deps)(deps): bump toml from 0.8.23 to 0.9.8 by @dependabot[bot] in #39
  • chore(deps)(deps): bump lru from 0.12.5 to 0.16.2 by @dependabot[bot] in #42
  • chore(deps)(deps): Bump the rust-dependencies group across 1 directory with 3 updates by @dependabot[bot] in #57

New Contributors

Full Changelog: v0.0.2-alpha...v0.1.0-rc1

Contributors

dependabot and AlphaB135
Loading

v1.0-audit-20251122

11 Jan 15:36
@github-actions github-actions
v1.0-audit-20251122
cc76462

Choose a tag to compare

View all tags
v1.0-audit-20251122 Latest
Latest

What's Changed

  • [ci/audit] Repository code & docs sanity sweep — unsafe-macros inventory + MD cleanup by @AlphaB135 in #24
  • fix(p0): unwrap/expect hardening in consensus/crypto - production code clean by @AlphaB135 in #25
  • docs(p1): node/network/mempool hardening analysis - implementation roadmap by @AlphaB135 in #26
  • fix: resolve fuzz target compilation errors by @AlphaB135 in #29
  • fix: Replace unwrap() calls with proper error handling in pow.rs by @AlphaB135 in #32
  • feat: Agent 2 - BQIP-0003 wallet ecosystem and GUI enhancements by @AlphaB135 in #35

Full Changelog: v0.0.2-alpha...v1.0-audit-20251122

Contributors

AlphaB135
Assets 3
Loading

v0.0.2-อัลฟ่า

02 Nov 12:38
@AlphaB135 AlphaB135
v0.0.2-alpha
8cad690

Choose a tag to compare

View all tags
v0.0.2-อัลฟ่า

BitQuan v0.0.2-alpha Release Notes

Release Date: November 2, 2025
Status: Alpha (Devnet Ready)

Critical Security Updates

This release focuses exclusively on security hardening. Three major vulnerability classes have been addressed:

1. Integer Overflow Protection

Arithmetic operations involved in transaction validation, fee calculation, and block assembly now use checked arithmetic. Overflow/underflow conditions surface explicit errors instead of wrapping silently.

2. Replay Attack Prevention

Transaction signatures are now bound to a TxContext { network_id, genesis_hash } and a domain separator (BitQuanSigHashV1). Cross-network and cross-fork replay attacks are prevented by design.

3. Entropy Security

All randomness used in key generation, encryption, and authentication is sourced from the operating system CSPRNG (OsRng/getrandom). Test-only deterministic RNG helpers remain gated behind #[cfg(test)].

Breaking Changes

Developers:

  • Update calls to transaction_sighash() and validate_block() to pass a TxContext.
  • Recalculate or regenerate any persisted signatures and golden vectors (hash domain changed).
  • RPC helpers now use JwtConfig::default() via the standard Default trait.

Node Operators:

  • Recompile the node and restart. No configuration changes are required if you rely on default RPC settings.
  • Existing wallet/RPC JWT secrets remain valid, but new defaults (or config files) follow the hardened schema.

Testing Summary

  • 320+ tests passing across the workspace (cargo test --all --locked)
  • 44 new security-focused tests (overflow, replay, entropy)
  • cargo fmt and cargo clippy --all-targets --all-features -- -D warnings are clean

Next Steps Before Mainnet

  • Commission an external security audit (Trail of Bits, Cure53, Zellic, etc.)
  • Run an extended public testnet (3–6 months) to gather operational feedback
  • Launch a bug bounty programme targeting replay/overflow/entropy regressions

Upgrading

git pull origin main
cargo build --release --locked
cargo test --all --locked

Support

Acknowledgements

Security hardening made possible with AI assistance:

  • Claude (Anthropic) – architecture review & test design
  • Cursor – refactoring and diagnostics
  • Codex – codebase analysis & implementation support

Solo developer: Atsadawut Khunthong

Loading

BitQuan v0.0.1-alpha - First Public Alpha Release

28 Oct 08:50
@AlphaB135 AlphaB135
v0.0.1-alpha
f31f489

Choose a tag to compare

View all tags
BitQuan v0.0.1-alpha - First Public Alpha Release Pre-release
Pre-release

BitQuan v0.0.1-alpha - First Public Alpha Release

Release Date: October 27, 2025
Status: ⚠️ Pre-release (Alpha) - For testing only
Commit: c1840b4

🎉 First Public Alpha Release

This is the first public alpha release of BitQuan, a post-quantum secure blockchain designed for 50+ year security resilience against quantum computing threats.

⚠️ Important Warning

This is ALPHA software - NOT for production use!

  • For developers and testers only
  • May contain bugs
  • APIs may change
  • Not suitable for real-world transactions
  • Use on testnet/devnet only

✨ Core Features

Post-Quantum Cryptography

  • Dilithium3 digital signatures (NIST Level 3)
  • ✅ Lattice-based cryptography resistant to quantum attacks
  • ✅ 1,952-byte public keys, 3,293-byte signatures

Consensus & Mining

  • Proof-of-Work consensus (SHA-256d)
  • ASERT difficulty adjustment (per-block, 1-day half-life)
  • ✅ 10-minute block time target
  • ✅ Block weight accounting for PQC signatures

Transaction Model

  • UTXO model (Bitcoin-style)
  • ✅ Segregated witness support
  • ✅ Network replay protection (chain-id in sighash)
  • ✅ Deterministic transaction hashing

Block Weight System

  • ✅ Block weight cap: 4,000,000 WU
  • ✅ Weight formula: base_size × 4 + sig_count × 384
  • ✅ Mempool ordering by fee-per-weight
  • ✅ Protected from signature bloat attacks

P2P Network

  • ✅ Network magic per chain (mainnet/testnet/devnet/regtest)
  • ✅ Version handshake with protocol validation
  • ✅ Ban-score system for misbehaving peers
  • ✅ Message size limits (10 MB max)
  • ✅ Inventory limits (50k items)

Storage & RPC

  • RocksDB persistent storage
  • JSON-RPC 2.0 server (8 methods)
  • ✅ Wallet CLI (keypair generation, address, balance)
  • ✅ Mining RPC (getwork/submitwork)

📊 Technical Specifications

Parameter Value
Block Time 10 minutes (600s)
Block Weight Cap 4,000,000 WU
Signature Weight 384 WU per PQC sig
Max Transactions/Block ~2,600
Coinbase Maturity 100 blocks
Max Supply 21,000,000 BQ
Initial Reward 50 BQ
Halving Interval 210,000 blocks (~4 years)

Network IDs

  • Mainnet: 0x01
  • Testnet: 0x02
  • Devnet: 0x03
  • Regtest: 0x04

🧪 Testing

Test Suite: 127 tests passing

  • ✅ Consensus tests (52)
  • ✅ Mempool tests (7)
  • ✅ Crypto tests (11)
  • ✅ Storage tests (31)
  • ✅ Network tests (15)
  • ✅ RPC tests (6)
  • ✅ Types tests (2)
  • ✅ Integration tests (3)

Platforms Tested:

  • ✅ Linux (Ubuntu latest)
  • ✅ macOS (latest)
  • ✅ Windows (latest)

🔐 Security

Cryptographic Hardening

  • ✅ Deterministic sighash (cross-platform)
  • ✅ Replay protection (network-id in signatures)
  • ✅ Merkle tree CVE fixes
  • ✅ Dilithium signature verification
  • ✅ DoS protection (timestamp bounds, RNG limits)

CI/CD Security

  • ✅ Multi-OS CI (Linux/macOS/Windows)
  • ✅ Format enforcement (rustfmt)
  • ✅ Lint enforcement (clippy -D warnings)
  • ✅ Security audit (cargo-audit)
  • ✅ License compliance (cargo-deny)
  • ✅ Code coverage tracking
  • ✅ Fuzz testing build

Supply Chain

  • ✅ Dependabot automated updates
  • ✅ SHA256/SHA512 checksums
  • ✅ SBOM (Software Bill of Materials)
  • ✅ SLSA Build Provenance
  • ✅ Reproducible builds (SOURCE_DATE_EPOCH)

📦 What's Included

Binaries

  • bitquan-node - Full node and mining software
  • Platform support: Linux x64, macOS ARM64/x64, Windows x64

Documentation

  • README with quickstart guide
  • API documentation (cargo doc)
  • Specification documents (transaction, block, block-weight)
  • BQIP proposals (0001-0004)
  • Security policy
  • Contributing guidelines

🚀 Quick Start

Installation

Linux/macOS:

# Download and extract
tar -xzf bitquan-v0.0.1-alpha-<platform>.tar.gz
cd bitquan-v0.0.1-alpha

# Verify checksum (recommended)
sha256sum -c checksums.txt

# Run node
./bitquan-node --help

Windows:

# Extract ZIP file
# Verify checksum in checksums.txt
# Run
.\bitquan-node.exe --help

Basic Usage

# Generate wallet
./bitquan-node wallet-gen --output wallet.keystore

# Get wallet address
./bitquan-node wallet-address --keystore wallet.keystore

# Mine genesis block (devnet)
./bitquan-node mine-genesis

# Start mining
./bitquan-node mine

See command.txt for full CLI reference.

🐛 Known Issues

  • Fuzz testing not yet integrated into CI
  • Code coverage reporting incomplete
  • Some API documentation needs polish
  • No web wallet yet (CLI only)

See Issues for full list.

📝 Changelog

Added

  • Initial implementation of BitQuan blockchain
  • Dilithium3 PQC signature support
  • ASERT difficulty adjustment algorithm
  • Block weight accounting system
  • Mempool with fee-per-weight ordering
  • P2P network protocol with hardening
  • RocksDB storage backend
  • JSON-RPC 2.0 server
  • Wallet CLI tools
  • Comprehensive test suite (127 tests)
  • CI/CD pipeline with security checks
  • Dependabot for dependency updates
  • Release workflow with checksums/SBOM/SLSA

Security

  • Deterministic sighash implementation
  • Network replay protection (chain-id)
  • Golden vector tests for sighash
  • Ban-score system for P2P
  • Message size limits
  • Timestamp bounds checking
  • RNG DoS protection
  • Merkle tree attack mitigation

🔗 Links

👥 Contributors

This release was made possible by the BitQuan development team and community contributors.

Special thanks to all testers and reviewers!

📄 License

Apache License 2.0 - See LICENSE

⚠️ Disclaimer

THIS IS ALPHA SOFTWARE - USE AT YOUR OWN RISK

  • Not audited for production use
  • May contain security vulnerabilities
  • APIs subject to change
  • No warranty provided
  • For testing and development only

DO NOT use this software for:

  • Production systems
  • Real financial transactions
  • Critical infrastructure
  • Any use case requiring security guarantees

ONLY use for:

  • Development
  • Testing
  • Research
  • Educational purposes

For security issues, please email: security@bitquan.org
For general questions: https://github.com/AlphaB135/BitQuan/discussions

🎊 Thank you for testing BitQuan v0.0.1-alpha! 🎊

We look forward to your feedback and contributions as we work toward beta and eventual mainnet launch.

Loading