Jun. 18, 2025
Hedera has an issue with their public claims versus their source code. Lacking a formal upgrade path to post quantum cryptography as required by Executive Order 14144 and 13694, Hedera executives have chosen a simple path to feign compliance by lying about their cryptography. The current cryptography is secp256k1 and AES128 as indicated by their source code. The claims of "post quantum cryptography" and "quantum resistance" along with "quantum readiness" have made a series of false claims. I am happy to forward you a more exhaustive list, but I've included several references. The actual source code plainly says "secp256k1" and "AES128" at in their official repository at https://github.com/hashgraph/hedera-sdk-java/blob/7190845f36ce592ac6d111b825e89cc93d971527/sdk/src/main/java/com/hedera/hashgraph/sdk/Crypto.java#L53 I would like the claims of Hedera's cryptography to match the reality of their cryptography. Bitcoin and Ethereum have a migration path to quantum safety while Hedera makes bold and false claims. I am considering a lawsuit but need to engage specific legal counsel for pending claims. Before the SEC makes a determination I would ask that Hedera formally reconcile their claims with their usage of cryptography. Ian Smith Here are sample quotes from the executives and official documentation. https://hedera.com/blog/facilitating-adoption-through-cryptographic-standards https://www.youtube.com/watch?t=293&v=8-_Bf6yZVHo "much better security...." Provably the same or worse security. At 8:30 he violates CAP theorem of computer science, which has never been contradicted through mathematics, only marketing https://en.m.wikipedia.org/wiki/CAP_theorem 27:46 multisig baked into HTS. Multisig is not quantum safe because they are reducible to either Abelian Hidden Subgroup, Non-Abelian Hidden Subgroup both of which have quantum solutions https://quantumalgorithmzoo.org/#abelian_HSP