01Executive Summary
Zero-Downtime Crypto Migration is JIL Sovereign's method for transitioning an entire blockchain network from one cryptographic scheme to another without any service interruption. The protocol uses a three-phase approach - Hybrid, Primary Swap, and Deprecation - with epoch-based transitions that ensure all validators migrate within bounded time windows.
This capability is critical for the approaching post-quantum era, where blockchains must transition from classical cryptographic schemes (Ed25519, secp256k1) to quantum-resistant alternatives (Dilithium, Kyber) before large-scale quantum computers become available. Most blockchains would require a hard fork and coordinated downtime to perform such a migration. JIL's protocol enables a seamless, zero-downtime transition while maintaining backward compatibility for historical transaction verification through archived keys.
02Problem Statement
The cryptographic foundations of every major blockchain will need to change within the next decade. NIST estimates that cryptographically relevant quantum computers capable of breaking current elliptic curve cryptography could emerge by the mid-2030s. The "harvest now, decrypt later" attack vector means that blockchain transactions recorded today could be retrospectively forged by future quantum computers.
Hard Fork Dependency
Current blockchains (Bitcoin, Ethereum, Solana) have no mechanism for migrating their cryptographic scheme without a coordinated hard fork. A hard fork requires all validators to upgrade simultaneously, creating a planned downtime window. For a network processing billions of dollars in daily volume, even a brief downtime is unacceptable - it creates settlement risk, triggers oracle deviations, and disrupts DeFi protocols that depend on continuous block production.
Key Management Burden
When a blockchain changes its cryptographic scheme, every user must generate new keys and migrate their assets. On Ethereum, this means over 250 million addresses would need to create new wallets and transfer all assets and token approvals. Users who fail to migrate before the deadline risk losing access to their assets. There is no standard mechanism for notifying all affected key holders.
Historical Verification Loss
After migrating to a new cryptographic scheme, the old scheme's public keys are typically discarded. This means historical transactions signed with the old scheme can no longer be independently verified, breaking the auditability guarantee that is fundamental to blockchain technology.
03Technical Architecture
The migration protocol operates in three sequential phases, each enforced at the consensus level through epoch boundaries.
Phase Definitions
| Phase | Duration | Transaction Signatures | Validator Signatures | Key Requirement |
|---|---|---|---|---|
| Phase 1: Hybrid | Configurable (default 90 days) | Dual (legacy + target), either accepted | Dual (legacy + target), both required | Both key pairs generated |
| Phase 2: Primary Swap | Configurable (default 60 days) | Target required, legacy optional (flagged) | Target required | Target key is primary |
| Phase 3: Deprecation | Permanent after transition | Target only | Target only | Legacy keys archived |
Phase 1: Hybrid (Dual Signature Period)
Epoch N: Migration governance proposal approved
|
+--> All validators generate target scheme key pairs
| (e.g., Dilithium key pair alongside existing Ed25519)
|
+--> Validators begin producing dual-signed blocks
| Block header contains both Ed25519 and Dilithium signatures
| Consensus accepts block if EITHER signature is valid
| (allows lagging validators time to upgrade)
|
+--> Users generate target scheme key pairs via wallet
| New Dilithium public key registered alongside Ed25519
| Transactions may carry either or both signatures
| Validators accept either signature as valid
|
+--> Guardian notification system alerts at intervals:
Day 1, Day 30, Day 60, Day 75, Day 85, Day 89
Channels: email, SMS, push, on-chain event, wallet bannerPhase 2: Primary Swap
Epoch N+K: Primary Swap activates
|
+--> Target scheme becomes primary verification method
| Transactions MUST include target scheme signature
| Legacy signature is optional (accepted but flagged)
| Flagged transactions emit deprecation warning
|
+--> Validators MUST sign blocks with target scheme
| Legacy signatures stripped from block headers
| Validator key registry updated to target scheme primary
|
+--> Accounts with only legacy keys:
Transactions accepted but marked as "legacy-signed"
Guardian notifications increase frequency (weekly)
Wallet UI shows migration urgency bannerPhase 3: Deprecation
Epoch N+K+M: Deprecation activates
|
+--> Legacy scheme removed from active verification path
| Only target scheme signatures accepted for new transactions
| Legacy-only accounts can still migrate (special migration tx)
|
+--> Legacy keys archived in pq-epoch-registry
| Archived keys mapped to epoch ranges for historical lookup
| Historical transactions remain verifiable using archived keys
|
+--> Migration complete
Network fully transitioned to target scheme
Zero downtime achieved throughout04Implementation
The migration protocol is implemented across the validator node, the pq-epoch-registry service, and the wallet infrastructure.
Epoch-Based Phase Transitions
Phase transitions are triggered at specific epoch boundaries, announced well in advance through governance. The pq-epoch-registry service maintains the migration schedule and broadcasts phase transition events to all network participants. Each epoch is approximately 24 hours (57,600 blocks at 1.5-second block time), ensuring that all validators transition within the same bounded time window.
Dual Signature Format
During the Hybrid phase, transactions carry a signature envelope containing both the legacy and target signatures. The envelope format is backward-compatible - legacy nodes that have not yet upgraded can still parse and verify the legacy signature, while upgraded nodes verify both.
| Scheme Pair | Legacy Signature Size | Target Signature Size | Combined Overhead | Verification Time |
|---|---|---|---|---|
| Ed25519 to Dilithium-3 | 64 bytes | 3,293 bytes | +3,293 bytes per tx | +0.8ms per tx |
| secp256k1 to Dilithium-2 | 64 bytes | 2,420 bytes | +2,420 bytes per tx | +0.5ms per tx |
| Ed25519 to SPHINCS+-128f | 64 bytes | 17,088 bytes | +17,088 bytes per tx | +4.2ms per tx |
Archived Verification Keys
When a key transitions from legacy to target scheme, the legacy public key is not deleted. Instead, it is archived in the pq-epoch-registry with metadata indicating the epoch range during which it was active. This enables historical transaction verification at any point in the future - an auditor can verify a transaction from epoch 100 by looking up the archived legacy public key that was active during that epoch.
05Integration with JIL Ecosystem
The crypto migration protocol is deeply integrated with JIL Sovereign's identity, custody, and security infrastructure.
PQ Epoch Registry
The pq-epoch-registry service manages the migration schedule, tracks per-account migration status, maintains the archived key store, and provides lookup APIs for historical verification of transactions signed with legacy schemes.
MPC Cosigner
The mpc-cosigner service coordinates MPC key shard regeneration during migration. Each MPC shard holder generates a new target-scheme shard, and the threshold signing protocol is updated to support dual-scheme signing during the Hybrid phase.
BPoH (Proof-of-Humanity)
Biometric Proof-of-Humanity proofs issued under the legacy scheme are re-issued under the target scheme during migration. The BPoH re-issuance does not require users to re-enroll biometrics - only to sign a migration transaction.
Social Recovery
Guardian attestation keys migrate alongside account keys. The Social Recovery Ceremony supports guardians using either scheme during the Hybrid phase, ensuring recovery capability is never interrupted by the migration process.
06Prior Art Differentiation
JIL's zero-downtime migration protocol is the first to provide seamless cryptographic scheme transition for a live blockchain.
| Feature | Ethereum (planned) | Bitcoin (proposed) | Algorand | JIL Zero-Downtime |
|---|---|---|---|---|
| Migration Method | Hard fork | Soft fork (proposed) | Stateless PQ | Three-phase, no fork |
| Downtime Required | Yes (fork coordination) | Yes (activation window) | No (but limited) | Zero (guaranteed) |
| Dual Signatures | Not planned | Not planned | No | Full Hybrid phase |
| Epoch-Based Transitions | Fork block number | Activation height | Not applicable | Bounded epoch transitions |
| Historical Key Archive | No | No | No | Full archive with epoch mapping |
| Guardian Notification | Community announcement | Community announcement | Not applicable | Multi-channel at configurable intervals |
07Implementation Roadmap
PQ Epoch Registry and Key Archive
Deploy pq-epoch-registry service with migration schedule management. Implement archived key storage with epoch-range metadata. Build historical verification lookup API for legacy-signed transactions.
Dual Signature Support
Implement dual signature envelope format in validator node. Enable Dilithium key pair generation alongside Ed25519. Deploy dual-signature verification in consensus layer. Begin Hybrid phase on DevNet.
Guardian Notification System
Build multi-channel notification pipeline (email, SMS, push, on-chain, wallet banner). Implement configurable notification intervals per migration phase. Deploy migration status dashboard for ops monitoring.
MainNet Migration Readiness
Complete full three-phase migration cycle on DevNet. Audit Dilithium integration by external cryptography firm. Prepare MainNet migration governance proposal. Coordinate with all 20 validators for epoch-synchronized transition.