Mondoshawan Protocol — Technical Whitepaper v2.0

0 Abstract

Mondoshawan is a Layer 1 blockchain protocol built in Rust that combines three capabilities no existing production chain currently offers simultaneously: GhostDAG BlockDAG consensus for parallel block production, ML-KEM-768 post-quantum cryptography (NIST FIPS 203) on all peer-to-peer transport, and full EVM compatibility via SputnikVM. The protocol is currently operational on a multi-datacenter public testnet, producing blocks at a stable ~10-second median interval using real cryptographic Proof of Work.

This document describes the technical architecture of the Mondoshawan protocol as it exists in the current codebase, distinguishing implemented features from planned work. Claims are grounded in the live implementation.

1 Motivation & Problem Statement

The Quantum Threat is Not Hypothetical

In August 2024, NIST finalized three post-quantum cryptographic standards: FIPS 203 (ML-KEM, key encapsulation), FIPS 204 (ML-DSA, digital signatures), and FIPS 205 (SLH-DSA, hash-based signatures). The US National Security Agency has mandated migration to these standards for all classified systems by 2030. The Federal Reserve has published guidance on the "Harvest Now, Decrypt Later" (HNDL) threat — the practice of recording encrypted network traffic today for decryption once a sufficiently powerful quantum computer exists.

The HNDL threat applies directly to blockchain P2P networks. Any node-to-node communication using classical ECDH key exchange today can be archived and decrypted retroactively. No major production blockchain has addressed this at the transport layer.

The Gap in the Market

Examining the current landscape reveals a clear gap. Kaspa implements GhostDAG with high throughput but has no post-quantum security and no EVM. Ethereum has EVM and a large developer ecosystem but uses a single-chain architecture and has no post-quantum roadmap at the protocol layer. QRL implements post-quantum signatures but has no EVM and uses a traditional single chain. No production Layer 1 combines all three.

Mondoshawan is built to occupy this intersection.

2 System Architecture

The Mondoshawan node is structured as four distinct layers, each with clear responsibilities and interfaces:

┌─────────────────────────────────────────────────────────┐ │ LAYER 4 — EXECUTION LAYER │ │ SputnikVM EVM (Shanghai) · JSON-RPC (129+ methods) │ │ Account Abstraction · Gas Estimation · eth_call │ ├─────────────────────────────────────────────────────────┤ │ LAYER 3 — CONSENSUS LAYER │ │ GhostDAG (K=4) · Blue/Red Classification │ │ Sled DB + RAM Hot-Cache · Quorum Fork Recovery │ ├─────────────────────────────────────────────────────────┤ │ LAYER 2 — MINING LAYER │ │ Stream A: Blake3 (ASIC) · Stream B: B3MemHash (GPU) │ │ DAA (Fixed-point, 0.667x–1.5x clamp) · ~10s target │ ├─────────────────────────────────────────────────────────┤ │ LAYER 1 — NETWORK LAYER │ │ QUIC Transport · ML-KEM-768 Kyber Handshake │ │ Noise Protocol · TOFU Identity · Sybil Resistance │ └─────────────────────────────────────────────────────────┘

Layer	Implementation	Status
Network	QUIC + ML-KEM-768 + Noise Protocol	Live
Mining	Blake3 (Stream A) + B3MemHash SIMD (Stream B)	Live
Consensus	GhostDAG K=4, sled + RAM hybrid storage	Live
Execution	SputnikVM EVM, 129+ JSON-RPC methods	Live
Sharding	Consistent-hash sharding, two-phase cross-shard commit	Testnet
Stream C (ZK)	ZK Proof validation stream	Planned

3 GhostDAG Consensus

BlockDAG vs. Single Chain

Traditional blockchains discard blocks produced simultaneously (orphans), wasting the honest work of miners and limiting throughput to a single block per interval. GhostDAG (Greedy Heaviest-Observed Sub-DAG) resolves this by organizing all produced blocks into a Directed Acyclic Graph and then computing a linear ordering over them.

The protocol uses a parameter K (set to 4 in Mondoshawan's testnet configuration) representing the maximum number of blocks produced in a single network propagation delay window. Blocks are classified as blue (honest, well-connected) or red (potentially dishonest or poorly connected) based on their position in the DAG relative to the blue set. Only blue blocks earn mining rewards.

Storage Architecture

The DAG is stored using a hybrid strategy: a sled embedded key-value store provides durable persistence, while a bounded in-memory LRU cache holds the "hot" tip region of the DAG for low-latency blue score computation. This avoids the recursive traversal penalty that would otherwise make GhostDAG impractical on a key-value store.

Sync Resilience

The sync layer implements compact block IBD (analogous to BIP152), stall detection with automatic re-sync triggers, and quorum-based fork recovery. These mechanisms were hardened through extensive multi-datacenter testing and are running in production on the current testnet.

4 BraidCore Mining Architecture

Mondoshawan introduces a three-stream parallel mining architecture where each stream uses a different algorithm targeting different hardware profiles. All three streams feed blocks into the same GhostDAG consensus engine.

Stream	Algorithm	Target Hardware	Block Reward	Status
Stream A	Blake3	ASIC / High-end GPU	50 QMON	Live
Stream B	B3MemHash (memory-hard)	CPU / GPU	25 QMON	Live
Stream C	ZK Proof Validation	ZK Provers	Fee-based	Planned

Economic Rationale

The BraidCore model addresses a fundamental tension in PoW design. Pure ASIC mining (Bitcoin) concentrates hash power in large industrial operations. Pure memory-hard mining (Monero) resists ASICs but limits throughput. By running both in parallel and adding a ZK proof validation stream, Mondoshawan creates three distinct economic constituencies — ASIC operators, GPU miners, and ZK prover operators — each with different cost structures and incentives, making coordinated attacks significantly more expensive.

5 Proof of Work & Difficulty Adjustment

B3MemHash Algorithm

Stream B uses a custom memory-hard hash function called B3MemHash. The algorithm initializes a 256-byte scratchpad from the block header using Blake3, then performs 64 rounds of XOR mixing across the buffer using SIMD intrinsics (AVX2 on x86-64, SSE2 fallback, scalar on other architectures). The final hash is produced by running Blake3 over the mixed buffer.

// B3MemHash — SIMD-accelerated memory-hard hash (from pow.rs)
fn b3memhash(header: &BlockHeader, nonce: u64) -> [u8; 32] {
    // 1. Initialize 256-byte scratchpad from header + nonce
    let mut buf = [0u8; 256];
    blake3_init_buffer(header, nonce, &mut buf);

    // 2. 64 rounds of SIMD XOR mixing (AVX2 / SSE2 / scalar)
    for _ in 0..64 {
        simd_xor_mix(&mut buf); // dispatches to best available SIMD
    }

    // 3. Final Blake3 over mixed buffer
    blake3::hash(&buf).into()
}

// Mining loop — zero allocation, parallel threads with atomics
fn mine_block(header: &BlockHeader, difficulty: u8) -> u64 {
    let mut nonce = 0u64;
    loop {
        let hash = b3memhash(header, nonce);
        if meets_difficulty(&hash, difficulty) { return nonce; }
        nonce += 1;
    }
}
                

Difficulty Adjustment Algorithm (DAA)

The DAA uses fixed-point arithmetic (no floating-point in consensus code) to compute the ratio of target block time to actual block time, then clamps the adjustment to a range of 0.667× to 1.5× per adjustment window. This prevents the oscillation behavior common in naive DAA implementations.

Two variants are implemented: a single-block adjustment for rapid response and a moving-average variant for stability over longer windows. The testnet currently runs with the following parameters:

Parameter	Value	Purpose
INITIAL_DIFFICULTY_A	20 leading zero bits	Stream A starting difficulty
MAX_DIFFICULTY	28 leading zero bits	Upper bound on difficulty
Adjustment clamp (up)	1.5×	Prevents runaway difficulty increase
Adjustment clamp (down)	0.667×	Prevents runaway difficulty collapse
Target block time	10 seconds	Median interval target
Observed block time	~10–11 seconds	Live testnet measurement

Testnet Status: The chain is currently producing blocks at a stable 10–11 second median interval between two geographically distributed datacenters using real cryptographic PoW. The DAA was tuned to eliminate oscillation behavior observed in early testnet runs.

6 Post-Quantum Cryptography

NIST Standards Implemented

Mondoshawan implements post-quantum cryptography at the network transport layer using ML-KEM-768 (Module Lattice Key Encapsulation Mechanism, NIST FIPS 203), the standardized version of CRYSTALS-Kyber. This provides 192-bit classical security and is resistant to Grover's algorithm and Shor's algorithm attacks.

Algorithm	Standard	Use Case	Security Level
ML-KEM-768	NIST FIPS 203	P2P key encapsulation	NIST Level 3 (192-bit)
Ed25519	RFC 8032	TOFU peer identity	Classical 128-bit
ML-DSA (planned)	NIST FIPS 204	Transaction signatures	NIST Level 3

The Kyber Handshake Protocol

Every peer connection performs a full ML-KEM-768 key exchange before any block data is transmitted. The handshake proceeds as follows:

// 5-step Kyber handshake (from kyber_transport.rs)

// Step 1: Initiator generates ML-KEM-768 keypair
let (ek, dk) = ml_kem_768::generate_keypair();

// Step 2: Initiator sends encapsulation key (ek) to responder
send(peer, &ek).await?;

// Step 3: Responder encapsulates — produces ciphertext + shared secret
let (ciphertext, shared_secret) = ml_kem_768::encapsulate(&ek);
send(initiator, &ciphertext).await?;

// Step 4: Initiator decapsulates — derives same shared secret
let shared_secret = ml_kem_768::decapsulate(&dk, &ciphertext);

// Step 5: Both parties derive session key via HKDF-SHA256
let session_key = hkdf_sha256(&shared_secret, b"mondoshawan-session-v1");
// All subsequent traffic encrypted with session_key
                

Why This Matters: HNDL Protection

The Harvest Now, Decrypt Later attack allows a quantum-capable adversary to record classical ECDH-encrypted P2P traffic today and decrypt it once a sufficiently powerful quantum computer exists. By using ML-KEM-768 for key exchange, Mondoshawan ensures that even if all historical P2P traffic is archived, it cannot be decrypted retroactively — the shared secret is computationally infeasible to derive from the public encapsulation key alone, even with a quantum computer.

7 P2P Network Layer

The Mondoshawan P2P layer uses QUIC as the transport protocol, providing multiplexed streams, built-in TLS 1.3, and connection migration. Peer identity is established via TOFU (Trust On First Use) — each node presents a self-signed Ed25519 certificate, and the fingerprint is stored on first connection.

Sybil & Eclipse Attack Resistance

The network layer implements several mitigations against Sybil and eclipse attacks:

Attack Vector	Mitigation
Sybil via many identities	Jaccard similarity detection — peers with highly overlapping peer lists are flagged
Eclipse via subnet concentration	/16 subnet diversity limit — maximum 2 peers per /16 IPv4 subnet
MITM on key exchange	ML-KEM-768 encapsulation — no shared secret derivable from public key alone
Traffic analysis	QUIC multiplexing obscures message boundaries
Peer identity spoofing	Ed25519 TOFU certificate pinning

8 EVM Integration

Mondoshawan integrates SputnikVM at the Shanghai hard fork level, providing full EVM opcode compatibility. The JSON-RPC surface has been validated with 129+ methods covering the full eth_*, net_*, web3_*, and mds_* (Mondoshawan-specific) namespaces.

Validated Capabilities

Capability	Status
MetaMask connection (Chain ID 1338)	Live
eth_call / eth_estimateGas	Live
Transaction receipts & logs	Live
Solidity contract deployment	Live
WebSocket subscriptions (eth_subscribe)	Live
ERC-20 / ERC-721 compatibility	Live
Parallel EVM execution	Testnet

Account Abstraction

The protocol implements native account abstraction with smart contract wallets supporting multi-signature authorization, social recovery mechanisms, per-transaction spending limits, and atomic batch transactions. This is implemented at the protocol level rather than as an L2 overlay, providing lower gas costs and tighter security guarantees than ERC-4337 on Ethereum.

9 Sharding

Mondoshawan implements native state sharding using consistent hashing for deterministic shard assignment. Each shard maintains its own state tree and transaction pool. Cross-shard transactions use a two-phase commit protocol with atomic finality guarantees.

Current Status: The sharding module is implemented and running on the testnet but is in an early phase. The primary known bottleneck is RwLock contention on the shard state at high transaction volumes. Hot-cache optimization and lock-free data structures are planned for the mainnet milestone.

10 Tokenomics

Allocation	Percentage	Vesting
Mining Rewards (Stream A + B)	90%	Earned per block
Team & Development	5%	4-year linear vesting
Ecosystem Fund	5%	Community governance

Stream A (Blake3) rewards 50 QMON per block. Stream B (B3MemHash) rewards 25 QMON per block. Stream C (ZK Proofs, planned) will be fee-based only. There is no pre-mine, no presale, and no VC allocation. The supply is entirely emission-based.

A portion of transaction fees are burned on each block, creating deflationary pressure as network usage grows. The burn rate and emission schedule are subject to governance adjustment post-mainnet.

11 Competitive Analysis

Protocol	BlockDAG	Post-Quantum P2P	EVM	Real PoW
Mondoshawan (QMON)	✓ GhostDAG	✓ ML-KEM-768	✓ SputnikVM	✓ B3MemHash
Kaspa (KAS)	✓ GhostDAG	✗	✗	✓ KHeavyHash
Ethereum (ETH)	✗	✗	✓ Native	✗ PoS
QRL	✗	✓ XMSS	✗	✓ RandomX
Bitcoin (BTC)	✗	✗	✗	✓ SHA-256
Solana (SOL)	✗	✗	✓ Partial	✗ PoH/PoS

12 Roadmap

Phase	Milestone	Status
Phase 1	Core protocol: GhostDAG, BraidCore PoW, ML-KEM-768 P2P, SputnikVM EVM, Account Abstraction	Complete
Phase 2	Testnet hardening: sync resilience, DAA tuning, RPC validation, multi-datacenter deployment	Complete
Phase 3	Public testnet: community nodes, bug bounty, seed funding, Alliance DAO application	In Progress
Phase 4	Mainnet: genesis config, ML-DSA signature migration (FIPS 204), sharding optimization, ecosystem tooling	Planned

13 Conclusion

Mondoshawan is a production-grade Layer 1 blockchain protocol that addresses a clear gap in the current landscape. The combination of GhostDAG consensus, ML-KEM-768 post-quantum transport, and full EVM compatibility is unique among live or testnet-stage protocols as of April 2026.

The protocol is not a whitepaper or a proof of concept. It is a running system producing blocks at stable intervals between geographically distributed nodes using real cryptographic Proof of Work and real post-quantum key exchange. The core implementation is available for technical review at the GitHub repository below.

Core Concepts Repository: github.com/dev-mondoshawan/mondoshawan-core-concepts

Public Testnet RPC: http://76.13.101.31:8545 — Chain ID: 1338 — Currency: QMON

Block Explorer: explorer.mondoshawan.io