CURS3D
Quantum-Resistant Layer 1 Blockchain


Website · Docs · Whitepaper · Explorer · Tutorials · Live API

---

CURS3D is a Layer 1 blockchain written from scratch in Rust, designed to resist quantum computing attacks. It uses NIST-standardized post-quantum cryptography (CRYSTALS-Dilithium 5), BFT Proof of Stake consensus with explicit 2/3 finality, a WASM smart contract engine with instruction-level gas metering, and an EIP-1559 dynamic fee market. Every component is original — no fork of Ethereum, Cosmos, or Substrate.

Why CURS3D?

The quantum threat is real. NIST finalized post-quantum cryptography standards in 2024. Most blockchains still rely on ECDSA/EdDSA, which will be broken by Shor's algorithm. CURS3D is built from the ground up with quantum-resistant primitives — not retrofitted.

What	How
Signatures	CRYSTALS-Dilithium Level 5 (NIST FIPS 204)
Hashing	SHA-3 Keccak-256, double-hash blocks, Merkle trees
Wallet encryption	AES-256-GCM + Argon2 KDF
Consensus	BFT Proof of Stake, 2/3 stake-weighted finality
Smart contracts	WASM VM (Wasmer 5 + Cranelift), per-instruction fuel metering
Fee market	EIP-1559 dynamic base fee, priority fees, gas refunds
Fork choice	Heaviest chain by cumulative proposer stake
Slashing	Cryptographic equivocation proof, 33% penalty, 64-block jail
Networking	libp2p 0.54 (Gossipsub + mDNS + noise + yamux)
Storage	sled embedded DB, schema v4, auto-migration

Quick Start

# Build from source
git clone https://github.com/Pazificateur69/curs3d.git
cd curs3d
cargo build --release

# Create password files for non-interactive deploys
printf '%s\n' 'change-this-validator-password' > validator.password

# Create an encrypted wallet (CRYSTALS-Dilithium 5 keypair)
./target/release/curs3d wallet --output validator.json --password-file validator.password

# Generate a real public testnet genesis from the wallet you will operate
./target/release/curs3d genesis \
  --output genesis.public-testnet.json \
  --validator-wallet validator.json \
  --validator-password-file validator.password

# Publish a stable bootnode address for your VPS
./target/release/curs3d bootnode-address \
  --data-dir curs3d_data \
  --public-addr /dns4/node.example.com/tcp/4337

# Run a validator node
./target/release/curs3d node \
  --validator-wallet validator.json \
  --validator-password-file validator.password \
  --genesis-config genesis.public-testnet.json \
  --public-addr /dns4/node.example.com/tcp/4337

# The node exposes:
#   P2P:      0.0.0.0:4337  (Gossipsub + mDNS)
#   HTTP API: 127.0.0.1:8080
#   TCP RPC:  127.0.0.1:9545

# Check chain status (local)
curl http://localhost:8080/api/status | jq .data

# Or query the live public testnet directly
curl https://api.curs3d.fr/api/status | jq .data

Live Public Testnet

The CURS3D public testnet is running and accessible:

Surface	URL
API	https://api.curs3d.fr/api/status
Explorer	https://explorer.curs3d.fr
Faucet	POST https://api.curs3d.fr/api/faucet/request
WebSocket	wss://api.curs3d.fr/ws
P2P Bootnode	api.curs3d.fr:4337

# Request testnet tokens
curl -X POST https://api.curs3d.fr/api/faucet/request \
  -H 'Content-Type: application/json' \
  -d '{"address":"YOUR_CUR_ADDRESS"}'

# View recent blocks
curl https://api.curs3d.fr/api/blocks?from=0\&limit=5 | jq .data

# View active validators
curl https://api.curs3d.fr/api/validators | jq .data

With Docker

docker compose up -d           # Start 2-node local network
curl localhost:8080/api/status  # Query the chain
docker compose down             # Stop

Deploy Your Own Node

Use the deployment assets in deploy/:

• deploy/scripts/deploy.sh — One-shot VPS deployment script
• deploy/docker-compose.public.yml
• deploy/systemd/curs3d.service
• deploy/nginx/curs3d.conf

What's Built (Current State)

CURS3D is an advanced L1 prototype — not yet mainnet-ready, but technically substantial. Here's what exists in the codebase today, all tested:

• BFT PoS consensus with epoch-frozen validator sets and 2/3 finality threshold
• WASM smart contracts with Wasmer 5, Cranelift backend, 11 host functions, instruction-level fuel metering
• EIP-1559 fee market with dynamic base fee, separate max/priority fees, gas refunds, mempool pressure management
• 12 transaction types: native transfers/staking, WASM contracts, CUR-20 token ops, governance
• CUR-20 token standard: deploy, transfer, approve, transferFrom with native registry
• On-chain governance: validator proposals, stake-weighted voting, automatic execution
• Light client module with header-only sync and Merkle proof verification
• WebSocket real-time event streaming (new blocks, transactions, finality)
• Fork choice tree with heaviest-chain rule, automatic reorg, finality boundary, non-canonical pruning
• Provable slashing with cryptographic EquivocationEvidence (dual Dilithium signatures)
• State sync with Merkle-verified snapshot chunks, manifest protocol, finalized checkpoints
• Account + storage proofs exportable via API (Merkle inclusion proofs)
• Encrypted wallets (AES-256-GCM + Argon2), auto-migration from legacy format
• Protocol versioning with upgrade-at-height activation and network topic filtering
• P2P rate limiting with per-peer tracking, escalating bans, automatic cleanup
• Peer scoring reputation system with behavior-based scoring and automatic bans
• Epoch rewards distributed to validators proportional to stake and blocks produced
• Inactivity penalties with grace period, then escalating stake deductions
• Sparse Merkle Trie with 256-bit key space, O(log n) proofs (ready for state root migration)
• Domain separation in all hashing (prevents cross-layer collisions)
• Checksummed addresses (EIP-55 style, detects typos)
• Rate-limit headers (X-RateLimit-Limit/Remaining/Window) on all API responses
• Persistent storage (sled, 10 trees, schema v4 with auto-migration)
• REST API (22 endpoints) + WebSocket + TCP RPC + CLI (11 commands)
• SDKs: JavaScript/TypeScript (@curs3d/sdk) and Python (curs3d)
• Block explorer web UI with live dashboard
• Benchmarks (criterion) and fuzzing targets (cargo-fuzz)
• Docker multi-stage build + docker-compose + nginx TLS + systemd
• CI/CD pipeline (check, test, clippy 0 warnings, fmt)
• 129 tests across 15 modules

What Remains for Mainnet

• External security audit (consensus, VM, crypto)
• Migrate state root to Sparse Merkle Trie (protocol upgrade)
• Long-run soak tests + partition testing
• Contract SDK (Rust + AssemblyScript)

Architecture

src/
  api/             HTTP REST API (hyper 1.x, 128 max connections, 1MB body limit)
  consensus/       BFT PoS, FinalityVote, FinalityTracker, EquivocationEvidence, slashing
  core/
    block.rs         BlockHeader, Block, genesis, signatures, verification
    blocktree.rs     BlockTree, fork choice (heaviest chain), pruning
    chain.rs         Blockchain state, validation, reorg, fee market, snapshots
    transaction.rs   12 types: Transfer, Stake, Unstake, Coinbase, DeployContract, CallContract, DeployToken, TokenTransfer, TokenApprove, TokenTransferFrom, SubmitProposal, GovernanceVote
    receipt.rs       Execution receipts with gas details and logs
    state_proof.rs   AccountProof, StorageProof (Merkle inclusion)
  crypto/
    dilithium.rs     CRYSTALS-Dilithium Level 5 (pqcrypto)
    hash.rs          SHA-3, double-hash, Merkle trees/proofs, address derivation
  governance/      On-chain governance: proposals, voting, parameter changes
  light/           Light client: header sync, Merkle proof verification
  network/         libp2p P2P (Gossipsub + mDNS), sync, block production, state sync, rate limiting
  rpc/             TCP JSON RPC (port 9545)
  storage/         sled DB (10 trees, schema v4, snapshots, migration)
  token/           CUR-20 token standard: deploy, transfer, approve, transferFrom
  vm/
    mod.rs           Wasmer WASM execution, host functions, fuel middleware
    gas.rs           Gas cost schedule
    state.rs         ContractState (code, storage, owner)
  wallet/          Encrypted wallet (AES-256-GCM + Argon2)
  main.rs          CLI entry point (clap 4)

website/           Documentation site (6 pages)

REST API

Method	Endpoint	Description
GET	/api/status	Chain height, finalized height, epoch, validators, protocol version
GET	/api/healthz	Health check with block age
GET	/api/metrics	Prometheus-format metrics
GET	/api/block/:height	Block with transactions, state root, merkle root
GET	/api/blocks?from=&limit=	Paginated blocks (max 100)
GET	/api/account/:address	Balance, nonce, staked balance
GET	/api/account/:address/proof	Merkle account proof
GET	/api/contract/:addr/storage/:key/proof	Merkle storage proof
GET	/api/tx/:hash	Transaction by hash
GET	/api/receipt/:hash	Transaction receipt with gas details and logs
GET	/api/logs?...	Filtered log entries (by contract, topic, block range)
GET	/api/pending	Mempool pending transactions
GET	/api/validators	Active validator set with stakes
GET	/api/tokens	List all CUR-20 tokens
GET	/api/token/:address	CUR-20 token metadata
GET	/api/token/:addr/balance/:owner	CUR-20 token balance
GET	/api/governance/proposals	List governance proposals
GET	/api/governance/proposal/:id	Proposal details
POST	/api/faucet/request	Request 100 CUR testnet tokens (1h cooldown)
POST	/api/tx/submit	Submit signed transaction (auth optional)
POST	/api/tx/estimate	Dry-run: gas estimate, fees, replacement check
WS	/ws	Real-time events: new_block, new_transaction, finality

All responses: {"ok": true, "data": {...}} or {"ok": false, "error": "..."}.

Auth: set CURS3D_API_TOKEN env var to require Authorization: Bearer <token> on POST endpoints.

Smart Contracts

CURS3D runs WebAssembly contracts via Wasmer 5 with Cranelift. The VM injects fuel metering per instruction — contracts with unmetered loops are rejected at deploy time.

Operation	Gas Cost
Base transaction	21,000
Contract deploy	32,000
Contract call	2,600
Storage read	200
Storage write	5,000
Log emit	375
Per byte (data)	16
WASM loop tick	50

Host functions: storage_get, storage_set, storage_read, storage_write_bytes, emit_log, emit_log_bytes, input, input_len, input_read, consume_gas, loop_tick

Consensus

1. Validator Selection — Deterministic, stake-weighted using SHA-3(height || prev_hash)
2. Block Production — Selected validator signs blocks every 10 seconds
3. Finality Votes — Validators sign attestations (block_hash || height || epoch)
4. Finalization — Block irreversible when votes representing >= 2/3 total stake are collected
5. Slashing — Dual-signed block headers at same height = cryptographic proof. 33% stake penalty + jail
6. Epochs — Validator set frozen per epoch (default 32 blocks). No mid-epoch manipulation
7. Fork Choice — Heaviest cumulative proposer-stake wins. Finality boundary prevents deep reorgs

Testing

cargo test
cargo clippy         # 0 warnings (CI enforces -D warnings)
cargo fmt --check    # Enforced formatting

Coverage: cryptographic operations, block validation, transaction flow (all 6 types), staking/unstaking, slashing with evidence, BFT finality threshold, fork choice, block tree pruning, wallet encryption/decryption, storage persistence, WASM VM execution, gas metering, state sync snapshots, epoch management.

Genesis Configuration

{
  "chain_id": "my-testnet",
  "chain_name": "My Testnet",
  "block_reward": 50000000,
  "minimum_stake": 1000000000,
  "unstake_delay_blocks": 10,
  "epoch_length": 32,
  "jail_duration_blocks": 64,
  "block_gas_limit": 10000000,
  "initial_base_fee_per_gas": 0,
  "base_fee_change_denominator": 8,
  "allocations": [
    {
      "public_key": "0xVALIDATOR_PUBLIC_KEY_HEX",
      "balance": 1000000000000,
      "staked_balance": 5000000000
    }
  ],
  "upgrades": [
    { "height": 1000, "version": 2, "description": "Enable feature X" }
  ]
}

Contributing

1. Fork the repository
2. Create a feature branch (git checkout -b feature/my-feature)
3. Make your changes
4. Ensure cargo test, cargo clippy -- -D warnings, and cargo fmt --check all pass
5. Open a Pull Request

All contributions welcome — whether it's code, documentation, bug reports, or ideas.

License

MIT License. See LICENSE for details.