codex

Colosseum Codex: Quantum Readiness, Multisig Tools, Agent Payments Protocol

Solana's Quantum Readiness Plan, Squads Multisig Tools, Agent Payments Protocol (APP), BAM Maker Priority Plugin

Here's what's featured in this week's issue:

Solana's quantum readiness plan takes shape
Squads releases three open-source multisig tools
OKX launches Agent Payments Protocol for agentic commerce
BAM Maker Plugin brings deterministic execution to Solana market makers

🛡️ Solana's Quantum Readiness

The Solana Foundation published a quantum readiness update, and the headline is that two of the network's core developer teams independently arrived at the same answer.

Anza and Jump Crypto's Firedancer each studied post-quantum migration paths separately and both converged on Falcon, a NIST-standardized lattice-based signature scheme designed for high-throughput blockchains that require compact signatures.

The urgency behind the update reflects a shifting threat landscape. Google Quantum AI published research showing a roughly 20-fold reduction in the physical qubits needed to crack current elliptic curve cryptography, tightening theoretical timelines.

Anza, in a separate technical post, now assigns a 3–5% probability that ECDLP-256 could be broken within five years. The four domains at risk on Solana are accounts, block propagation, consensus, and user programs, each of which depends on elliptic curve signatures that Shor's algorithm could render breakable.

Solana's architecture provides meaningful advantages for migration. Program Derived Addresses are already quantum-resistant by design, using hash-based derivation with no associated private keys. The network's throughput means a full user migration could be completed in hours rather than the months or years other blockchains would require.

The roadmap the Foundation outlined is phased and tied to quantum progress rather than an arbitrary schedule.

Phase one involves continued research and performance benchmarking of Falcon and alternative schemes. If quantum computing begins to pose a credible threat, newly created wallets would move to post-quantum cryptography first. Existing wallet migration would follow.

"Quantum is still years away, and if and when it materializes, the work to migrate Solana is well-researched, understood, and ready to deploy." - Solana Foundation

Developers and high-value account holders don't need to wait for a protocol upgrade. Blueshift's WinterWallet offers quantum-resistant storage today using Winternitz one-time signatures, a hash-based scheme that requires no protocol changes and fits within current transaction size limits.

Blueshift also said that WinterWallet is positioned to upgrade to Falcon-512 once SIMD-0296 expands transaction sizes to 4,096 bytes, meaning the two approaches are complementary rather than competing.

Quantum-Proofing Solana (Blueshift)

Securing Solana Against a Powerful Quantum Adversary (Anza)

✍️ Solana Multisig Tools

Three new open-source tools for Squads Protocol v4 were released targeting teams who want independent frontends and access points for multisig management. All three are self-hostable, built with minimal dependencies, and developed in coordination with STRIDE to strengthen multisig security practices on Solana.

The design philosophy across all three tools is consistent: inspect before signing, verify before approving, monitor after execution. Smaller dependency surfaces reduce supply-chain risk, direct decoding reduces blind signing, and open implementations are reviewable end-to-end.

multisig-cli: a Rust CLI for reviewing, simulating, signing, and executing multisig proposals. It parses multisig accounts and instructions directly rather than pulling in a large dependency tree, producing a binary that's easy to audit and suited for high-trust operational workflows.
multisig-verifier: a static, zero-backend browser UI that reads multisig state directly from Solana RPCs. It decodes proposals, tracks approvals, and lets members approve or reject from their own wallet. No secrets leave the browser, and strict CSP rules are enabled by default.
multisig-monitor: watches configured multisigs, decodes actions, and emits notifications when members create, vote on, execute, or modify configuration — surfacing treasury and governance events as they happen.

The multisig-verifier is self-hostable today, and a number of security teams are already working to host their own instances. Independently operated versions run by parties with no affiliation to Squads will also become available.

Announcing Solana Multisig Tools

🤖 Agent Payments Protocol

OKX launched the Agent Payments Protocol (APP) as an open standard defining how AI agents communicate, negotiate, and transact with each other and with services. Where existing agentic payment solutions handle single transactions, APP covers the full commerce lifecycle of quoting, hiring specialists, holding funds in escrow, and resolving disputes.

The protocol introduces capabilities agents previously lacked:

Autonomous operation across the full commerce lifecycle
Agent-to-agent payment
Flexible payment structures including up-front, top-up and deduct, and plan-based models.
Escrow and dispute resolution are listed as coming soon.

APP is designed as an open protocol rather than a closed network, positioned alongside email and HTTP as infrastructure any chain can implement. Solana developers can build compatible implementations without requiring permission.

Solana and Quicknode are among the launch partners, alongside AWS, MoonPay, and others. The protocol is live and open for builders to deploy on and contribute to.

Introducing APP: The Open Standard for Agent Commerce

🔌BAM Maker Priority Plugin

Jito Labs shipped the first execution plugin for Block Assembly Marketplace (BAM) designed for prop AMMs, which update quotes continuously and depend on predictable ordering to avoid stale quotes being sniped by takers.

Solana's scheduler changes every 1.6 seconds as validators run different implementations, forcing market makers to send redundant transactions or quote wider spreads.

The Maker Priority Plugin addresses this by reserving a separate TPU port exclusively for maker transactions, placing them ahead of general transaction flow regardless of competing fee bids. Quotes are automatically deduplicated so only the most recent update per market is scheduled.

The plugin requires 20 lamports per CU in priority fees, which flow to validators running the BAM client. BAM currently runs on 347 validators representing 28% of Solana's stake.

BAM describes the plugin as a proof of concept for a broader plugin architecture with additional execution plugins on the way.

Introducing BAM’s Maker Priority Plugin: Sub-Slot Deterministic Execution for Onchain Market-Making

Want early access to the latest products launching from Colosseum?

We're looking for alpha testers to be among the first to try what we're building!

Apply Now

⚡ Quick Hits

The entire Solana Builders Series is now a podcast on YouTube - @QuicknodeSolana

Agentic Capital Markets: The Infrastructure race happening right now - @solana_stream

The new stack for global finance: Stablecoins edition - @a16zcrypto

Accelerate Miami Agenda is live - Solana

Announcing Harmonic Preconfs, now in private pilot - @harmonic_gg

Expanding The Solana Ecosystem with Catherine Gu (video) - CNBC-TV18

RadiantsDAO has announced the winners of the Monolith Mobile Hackathon - @solanamobile

Introducing Arcium's live ecosystem - @Arcium

⚙️ Tools & Resources

WinterWallet is a Rust and TypeScript library implementing Winternitz one-time signatures on Solana, providing quantum-resistant wallet storage on mainnet today without requiring protocol changes.

solana-php is a framework-agnostic PHP library for building, signing, and submitting Solana transactions natively, including v0 transactions with Address Lookup Tables, Solana Pay, and provider-agnostic priority fee estimation.

Rise is a developer SDK for Phoenix Perpetuals available in TypeScript and Rust, with typed HTTP clients for exchange, market, orderbook, and trader state, WebSocket adapters for live order book and streaming data, and instruction builders for limit, market, stop-loss, bracket, and cancel orders.

Mirage is a CLI for private payments on Solana built on Private Ephemeral Rollups, supporting private SPL transfers for any mint, amount splitting up to 15x, randomized delays to obfuscate timing, and interaction with any Solana program. Installable as a Claude Code skill.

quasar-escrow is a full-stack starter template pairing the Quasar escrow program with a React UI.

sentio is an SDK and CLI for scanning Solana programs for vulnerabilities, with file and line-level findings, support for Anchor and native Rust, and linear and modular program analysis. Designed to run in CI pipelines.

💸 Funding

Squads secured $18M led by Solana Ventures to expand its Altitude stablecoin-native financial OS for businesses, which has processed $200M in payment volume across 50 countries since December.

👩‍🔧 Get Hired

Phantom is hiring an Engineering Manager - DevEx
Ondo Finance is hiring a Security Engineer
Sec3 is hiring a Technical Writer/Researcher (Solana Security)
Jito Labs is hiring a Sr. Technical Recruiter

🎧 Listen to This

The Stack

In this episode of The Stack, Noah Prince from Helium shares his journey into crypto, the technical challenges of migrating Helium's blockchain to Solana, and innovative ideas for improving blockchain security.

Hotspots & Circuit Breakers with Noah Prince, Helium

Follow me on X!