Meet QP2: One Address, Every Algorithm, Forever

Suryansh

4 min read
Share
Meet QP2: One Address, Every Algorithm, Forever

Most crypto projects introduce themselves with a problem. We'll get to ours — quantum computers, broken cryptography, the whole uncomfortable story — but not today. Today I just want to tell you what QP2 actually is, because the core idea is simple enough to explain over coffee, and once it clicks, everything else we build makes sense.

So here it is in one sentence: QP2 lets your Ethereum address outlive the cryptography that secures it.

If that sounds like a small thing, stick with me. It isn't.

The one assumption everyone stopped questioning

Every Ethereum account works the same way. You have a private key, the network derives a public key from it, and your address comes straight out of that. Your identity is your key. They're welded together at birth.

Nobody really questions this. It's just how wallets work, right?

But that welding is the source of nearly every painful thing about account security. Lose the key, lose the account. Want to change your security model? You can't, not really — you'd have to move to a brand-new address and leave your old life behind. The address and the key are the same object, so you can never touch one without sacrificing the other.

We think that was a design mistake. A reasonable one, made early, for good reasons at the time — but a mistake all the same. And it's the one we built QP2 to undo.

The QP2 idea: identity is a contract, security is a setting

Here's the flip.

In QP2, your identity isn't a key. It's a contract — an account with an address derived deterministically (via CREATE2) that has no permanent, hard-wired link to any single signing algorithm. The thing that actually authenticates you — the cryptography that answers "is this really the owner?" — lives in a slot inside that contract. A setting. Something you can change.

We call the thing in that slot a verifier. Your account points at one verifier at a time, and that verifier decides what counts as a valid signature.

Want different security? Point at a different verifier. Your address doesn't move. Your funds don't move. Your history, your ENS, your DeFi positions, your reputation — all of it stays exactly where it is. The only thing that changes is the lock on the door, and you swap it without ever changing your address.

One function call does it: switchVerifier(). That's the whole magic trick.

Two verifiers to start

We're launching with two, and neither one relies on exotic, unproven math:

The OTA Verifier is for everyday accounts. It's a one-time-address scheme built on cryptographic primitives Ethereum already supports, so there's nothing experimental holding up your funds. By our estimates it adds only about 8,000 gas over a standard delegated transaction — roughly three cents. You barely feel it.

The SHA-256 Vault is for the accounts that keep people up at night — treasuries, multisigs, anything where "probably fine" isn't good enough. It uses a two-layer commit-reveal design that adds a second wall between an attacker and your assets.

Two different needs, same architecture, same permanent address. You can even use one today and switch to the other later if your situation changes. That's the point.

The part that compounds: the Verifier Registry

Here's where it stops being a clever trick and starts being infrastructure.

New verifiers don't have to come from us. QP2 has a governed Verifier Registry — a place where new, vetted authentication algorithms get added over time. When a new cryptographic standard matures and proves itself, it can be registered as a verifier that any QP2 account can switch to.

So when NIST finalizes the next post-quantum signature standard — whether that's in 2028 or 2038 — it doesn't require a hard fork, a migration event, or a new address for anyone. It becomes one more verifier in the registry. You upgrade with a single transaction, on your own schedule, and your address never notices.

That's why our tagline isn't marketing fluff. One address. Every algorithm. Forever. The address is the permanent thing. The algorithms are guests that come and go.

Why build it this way?

Because security isn't a state you reach. It's a thing you maintain.

Every cryptographic algorithm we trust today will eventually be weakened or broken — that's just the history of the field, repeating. The schemes protecting your wallet right now are strong, until one day they aren't. A system that hard-codes a single algorithm is a system with an expiration date baked in. It just doesn't tell you when.

QP2 doesn't bet on any one algorithm being unbreakable. It bets on the opposite — that you'll need to change algorithms, more than once, over the life of an address that might outlive you. So we made changing them painless instead of catastrophic.

That's the whole philosophy. Don't build a wall and pray. Build a wall you can replace without moving the house.

What's next

We're building toward Ethereum mainnet, and there's a lot to share as we go — the architecture in detail, the verifier internals, how migration works, how governance of the registry is designed. We'll get into all of it.

For now, if you take one thing away, make it this: your address should be the most permanent thing you own on-chain, and the security behind it should be the most upgradeable. QP2 finally lets those two things be true at the same time.

Your address stays. Your security evolves.

QP2 — Quantum Proof Protocol. We're shipping to Ethereum mainnet — follow along. -> qp2.org