Inventory clear and reconstructible from fetchai GitHub (fetchd, cosmos-sdk fork, cosmos-consensus). uAgents identity reuses Cosmos account-key primitives.

No PQ-safe primitive in active use on Fetch.ai L1.

0 PQ families. Two classical families on the signing path (Edwards-curve EdDSA, Weierstrass-curve ECDSA), neither PQ-safe.

Ed25519 ≈ 128-bit classical / 0-bit post-Shor; secp256k1 ECDSA ≈ 128-bit classical / 0-bit post-Shor; SHA-256 ≈ 128-bit post-Grover. No NIST PQC primitive in scope.

Tendermint consensus has TLA+ specification work (upstream); Fetch's cosmos-consensus DRB integration adds custom logic without machine-checked PQ-relevant proofs. Standard Go crypto/ed25519 (constant-time); secp256k1 via btcec. Tier 1 (mature classical EC + SHA-2). No PQ implementation, no formal verification of the DRB at the level of Formosa-Crypto / XMSS proofs.

fetch1… accounts derive from secp256k1 pubkey hash (Cosmos SDK pattern). Pubkey is published on-chain on first outbound tx; any account that has ever signed has its pubkey publicly recorded, Shor-forgeable post-CRQC. uAgent wallets follow the same pattern and broadcast pubkeys when paying in FET / ASI.

Accounts that have never signed retain pubkey-hash protection; accounts that signed once retain exposed pubkeys indefinitely. fetchhub mainnet has been live since 2019 (fetchhub-1 → fetchhub-4 lineage), so a non-trivial fraction of cold supply has revealed pubkeys at some point. No public quantification.

Every historical Ed25519 validator vote and secp256k1 account signature is forgeable after CRQC. Agent-economic provenance (uAgent reputations, AI-Engine / DeltaV service-agreement signatures) is signed under the same classical keys and is therefore retroactively forgeable. IBC light-client trust on Fetch's IBC channels extends this to counterparties.

Tendermint p2p secret connection uses X25519 ECDH for transport encryption between validators (Shor-vulnerable). RPC/REST endpoints use standard TLS (classical X25519 / RSA / ECDH). uAgent message channels rely on the same classical KEMs. No hybrid PQ KEM deployed on Fetch.ai L1 or in the agent stack.

Fully transparent ledger; fetch1… addresses pseudonymous; agent-to-agent payment flows on-chain are linkable. Agentverse-hosted agents add an off-chain metadata surface (mailbox, message queue) that is not on-chain but is observable to the platform operator.

Public RPC endpoints concentrated among Fetch.ai-operated infrastructure plus a handful of community providers (AviaOne, Lavender.Five, Polkachu). Smaller validator set (~60 cap) plus Fetch-foundation hosted endpoints means greater concentration than larger Cosmos chains. No validator-metadata-retention policy declared.

Fetch is IBC-connected; flows between fetchhub and other Cosmos zones are directly linkable. ASI Alliance token-merger cross-chain mechanics (FET + AGIX on Ethereum + OCEAN on Ethereum → ASI) introduce additional EVM-side correlation.

Fetch.ai L1 does not publish encrypted payload data, ZK-shielded transactions, or DL-based ring signatures at the protocol level. Some agent-to-agent message payloads may carry confidential commercial content protected by classical PK schemes, these would be HNDL-decryptable post-CRQC, but they are an off-chain layer and not part of the consensus surface.

None at protocol level. Agent-to-agent traffic in Agentverse / Mailroom is not a cryptographic mixnet.

Inherits Cosmos SDK / CometBFT modularity (--key-type flag, modular crypto/keys package). Fetch's cosmos-consensus repo demonstrates capability to fork and modify the Tendermint crypto path (DRB integration). However, no production instance of a validator-consensus-key-type swap on fetchhub mainnet within 5 years; agility is architectural, not demonstrated.

Cosmos SDK ADR-016 consensus-key-rotation inherited at the SDK level; whether Fetch's older SDK fork has merged the v0.52 Olympus x/accounts module is unverified. x/authz and x/feegrant available via SDK fork. No native account abstraction comparable to ERC-4337 / EIP-7702. uAgents provides agent-level identity but is an application-layer construct, not a chain-level AA primitive. No documented client-layer PQ migration path.

fetchhub-1 → fetchhub-2 → fetchhub-3 → fetchhub-4 chain-id transitions executed via coordinated upgrades. Validator-set governance proposal (50 → 60 active validators) ratified. ASI token-merge ($FET + $AGIX + $OCEAN → $ASI) executed via on-chain governance. Cadence acceptable but slower / less frequent than Cosmos Hub.

Architecturally, the Cosmos SDK + Tendermint base permits hybrid validator-key constructions; Fetch's existing cosmos-consensus fork shows willingness to modify the consensus crypto path. No spec proposal or FIP for a hybrid Ed25519+PQ scheme on Fetch.ai L1. ASI Alliance commentary about modular PQ primitives is scoped to the future ASI:Chain, not fetchhub.

N/A by default, no stateful hash scheme in scope; stateless schemes score full per v3.1 rubric.

N/A. Tendermint / CometBFT (Fetch fork) uses Ed25519 non-aggregating signatures at consensus. BLS aggregation is not in the Fetch.ai consensus path; the cosmos-consensus DRB uses pairing-based threshold cryptography in a separate role (randomness beacon), not for vote aggregation. Per v3.1 rubric, 4f is N/A for non-aggregating-signature consensus and weight redistributes.

0% of validator votes or account signatures on fetchhub-4 mainnet under a PQC primitive.

No PQC scheme merged into fetchai/fetchd, fetchai/cosmos-sdk fork, or fetchai/cosmos-consensus main. No PQ research fork comparable to DoraFactory's tendermint-pqc has been published from Fetch.ai engineering.

All ~60 active fetchhub-4 validators use Ed25519 consensus keys per Tendermint default. No validator has registered a PQC consensus key.

VOIDED to 0 per v3.1 rule (5a = 0). No dated, enforcement-mechanism-backed PQC milestones published for Fetch.ai L1. ASI:Chain testnet/mainnet dates are for a separate future chain, not the live Fetch L1, and are not protocol-enforced milestones for fetchhub.

Announced PQC trailing-12-mo: ASI Alliance public commentary referencing modular quantum-safe primitives for the future ASI:Chain (not Fetch.ai L1). Shipped PQC: 0. Low-volume narrative; not aggressive washing but creates scope confusion between Fetch.ai L1 (current chain, no PQ work) and ASI:Chain (future chain, PQ statements). 3-point deduction reflects the conflation risk.

No PQ deployment, no published bytes-per-block analysis under any PQ scheme for Fetch.ai. Undisclosed.

Top wallets supporting FET / ASI: ASI Alliance Wallet (Fetch native), Keplr, Leap, Ledger HW, MetaMask (for ERC-20 ASI). None publish a PQC roadmap. Ledger has internal PQC research at Ledger Donjon but no shipped PQ-signing for FET / ASI accounts.

Top bridges: IBC (light-client, Ed25519 verification), Axelar, Gravity Bridge or equivalent for FET ↔ Ethereum (relevant given ASI is also an ERC-20 on Ethereum). None publish a PQC roadmap. The ASI token-merge cross-chain swap mechanics rely on classical signatures.

Institutional custody for FET / ASI: a tier-1 US custodian, Kiln (staking), BitGo, Anchorage exposure varies. None publish a Fetch-specific PQC roadmap. None have MPC-PQ in production for FET / ASI signing. ATOM ecosystem MPC-PQ work would need to be ported.

RPC providers: Fetch.ai-hosted endpoints (browse-fetchhub.fetch.ai, explore-fetchhub.fetch.ai), AviaOne, Lavender.Five, Polkachu, community validators. None publish PQ-enabled RPC TLS. HSMs used by validators: standard YubiHSM2 / Ledger / Thales / cloud KMS, no PQ signing for Ed25519/secp256k1 in production. TEE attestation chains not declared in the Fetch validator stack at protocol level. Agentverse cloud infrastructure attestation flow not mapped to PQC.

~60 active validators (raised from 50 via on-chain proposal). Smaller set than Cosmos Hub (~180). Concentration metrics published less frequently; Nakamoto coefficient estimated in low single digits historically. Client diversity weak, single Tendermint/CometBFT-derived consensus client (fetchd / cosmos-consensus).

fetchhub-1 → fetchhub-2 → fetchhub-3 → fetchhub-4 chain-id transitions completed; ASI token-merge governance executed. No clear public record of an emergency security upgrade under attacker pressure comparable to Cosmos Hub v19.2.

Fetch.ai Foundation / Fetch.ai Ltd. (Cambridge), plus ASI Alliance (Fetch.ai + SingularityNET + Ocean Protocol, post-merger). Clear named ownership at the chain level. No named PQC migration lead for Fetch.ai L1; ASI Alliance public PQ commentary scoped to ASI:Chain.

Successful execution of contested governance items (validator-set increase, ASI token-merge proposal). No precedent of a coordinated cryptographic-primitive change under attacker pressure.

No canary, honeypot, rate-limited spending rule, or cryptographic tripwire on Fetch.ai L1 or in the agent stack.