Client Overview
Soqucoin is a Layer 1 blockchain built on a Scrypt Proof-of-Work model and designed around post-quantum cryptography from the outset. Derived from the Dogecoin Core codebase but launched from its own genesis block, the protocol replaces ECDSA with NIST FIPS 204 ML-DSA / Dilithium signatures across transaction authorization, wallet architecture, and consensus validation.
The protocol also introduces several new cryptographic components, including a Merkle-based batch verification scheme for Dilithium signatures called PAT, a LatticeFold verifier for lattice-based zero-knowledge range proofs, and a purpose-built wallet architecture with Argon2id key derivation, AES-256 Encrypt-then-MAC, and deterministic HD seed recovery. Together, these design choices make Soqucoin one of the earliest blockchain projects attempting to operationalize post-quantum cryptography at the protocol level.
Key Security Challenges
As Soqucoin prepared for genesis mainnet launch, the team engaged Halborn for a comprehensive security audit of the protocol and its cryptographic implementation. The engagement centered on two major challenges.
First, Soqucoin’s architecture introduced a category of security review that has very little prior precedent in blockchain. Instead of auditing an ECDSA-based chain with familiar assumptions, Halborn had to evaluate a protocol built around lattice-based post-quantum primitives, including novel constructions that had not yet been tested in a production blockchain environment.
Second, the codebase combined inherited architectural patterns from Dogecoin Core with entirely new cryptographic logic. This required a security review capable of distinguishing legacy assumptions from newly introduced attack surfaces, while also validating implementation correctness across consensus, wallet security, and merged mining behavior.
Halborn’s Solutions
Halborn delivered a multi-layered security assessment tailored to the protocol’s unique risk profile. The review covered more than 16,000 lines of post-quantum cryptographic code, spanning both inherited blockchain components and newly introduced cryptographic systems.
The engagement included:
Post-quantum cryptography review
Halborn assessed Soqucoin’s integration of Dilithium across key generation, transaction signing, consensus verification, and wallet storage. This included review of implementation correctness, memory safety, and adherence to the NIST reference specification.
Novel consensus primitive audit
Halborn evaluated PAT, Soqucoin’s Merkle-based batch verification scheme for Dilithium signatures. Because this construction had no direct audit precedent in the blockchain industry, the review required first-principles analysis of soundness and attack resistance.
Wallet cryptographic architecture assessment
Halborn conducted a detailed review of the protocol’s wallet design, including key derivation, encrypted file formatting, secure handling of post-quantum key material, and deterministic seed recovery.
Merged mining and AuxPoW review
The audit also covered Auxiliary Proof-of-Work logic, including chain ID enforcement and replay protection across merged-mined environments involving Litecoin and Dogecoin.
Casey Wilson, CEO and Founder of Soqucoin Labs Inc., noted that Halborn’s role extended beyond a conventional security review. In his words, “Halborn didn't just audit our code, they helped us establish the security playbook for an entirely new class of blockchain. When your signature scheme has no prior audit history in the industry, you need a world-class security team who can evaluate cryptographic soundness from first principles. The Halborn team delivered exactly that.”
Outcomes Beyond the Core Audit
The engagement produced security improvements that extended beyond Soqucoin itself.
One of the most significant outcomes was Halborn’s discovery of vulnerabilities in the upstream NIST PQC reference implementation of Dilithium, including a heap buffer overflow in the signature verification path. These findings affected not only Soqucoin, but any project relying on the same reference library. As a result, the engagement contributed to the broader security posture of the emerging post-quantum ecosystem.
The audit also validated the importance of independent review for novel cryptographic primitives. Critical findings in PAT showed that new constructions, even when theoretically well motivated, require rigorous adversarial analysis before deployment. Those issues were identified and remediated before mainnet, reducing the risk of consensus-level failure.
In addition, the engagement drove broader hardening across wallet cryptography, memory management, and RPC interfaces. By the end of the process, all 30 findings had been remediated, with each fix accompanied by regression testing to confirm there were no reintroduced issues.
Wilson emphasized the practical value of gating launch on an external review: “We made the deliberate decision to gate our mainnet launch on a comprehensive Halborn security assessment. That decision paid for itself when they uncovered vulnerabilities in the upstream NIST PQC reference implementation that affect every project using the same library. That's the kind of impact that comes from working with a world-class security team.”
Going Above and Beyond
This engagement required Halborn to operate in a domain where the standard assumptions of blockchain security no longer applied. Instead of reviewing familiar ECDSA- and secp256k1-based systems, Halborn assessed a protocol built around lattice-based cryptography that is still maturing alongside its NIST standardization and broader institutional adoption.
That work has implications well beyond one blockchain launch. As institutions prepare for the transition to post-quantum standards, the need for production-grade security validation of PQC implementations is becoming increasingly urgent. Halborn’s review helped secure one of the earliest attempts at a production-grade post-quantum blockchain at a time when there is still effectively no mature PQC infrastructure in live blockchain environments.
In that sense, the engagement was not only about one protocol. It was about helping establish the security expectations for a future in which quantum-safe infrastructure may underpin institutional settlement systems, a stablecoin market of roughly $316 billion, and more than $33 trillion in annual transaction volume. With the 2030 NIST migration deadline approaching for federal and regulated systems, the Soqucoin audit illustrates how early, rigorous security review can play a foundational role in preparing for that transition.
