S
sphincs sigil
post-quantum proof mint
sepolia
Sphincs Sigil: NFT-First Post-Quantum Minting
SphincsSigilNFT · 2026

abstract

Sphincs Sigil is an NFT-first mint protocol. A user proves control of a SPHINCS- key by producing a post-quantum signature over their recipient address. The Sigil Attestation Engine verifies the signature and returns an EIP-712 attestation. The on-chain gate verifies that attestation and mints one ERC-721 proof NFT.

Each NFT can later be burned through the redeemer to release exactly 1,000 SIGIL ERC-20 tokens. This separates proof collection from token release, keeps the audit object visible, and prevents unused attestations from reserving NFT token ids.

1. components

NFTSphincsSigilNFT, ERC-721 + ERC721Enumerable
GateMintGateNFT, verifies EIP-712 attestations
RedeemerSphincsSigilRedeemer, burns NFTs and releases ERC-20
TokenSphincsSigilToken, capped ERC-20 named SIGIL

2. supply

Max NFT mints10,000
Redeem per NFT1,000 SIGIL
NFT redeemable supply10,000,000 SIGIL
LP reserve10,000,000 SIGIL, minted at deployment
Team reserve1,000,000 SIGIL, minted at deployment
Max ERC-20 supply21,000,000 SIGIL
Mint price0.0025 ETH per NFT

3. mint flow

  1. User generates a SPHINCS- keypair.
  2. User signs domain || pkHash || recipient.
  3. Sigil Attestation Engine verifies the SPHINCS- signature off-chain.
  4. Sigil Attestation Engine signs MintNFTAttestation(pkHash, sigHash, recipient, deadline).
  5. User calls MintGateNFT.mint(attestation) with 0.0025 ETH.
  6. The contract assigns tokenId = mintsDone + 1 and mints the NFT.

4. nft fields

Each NFT stores the following audit fields:

  • pkHash: hash of the SPHINCS- public key
  • sigHash: hash of the SPHINCS- signature
  • artSeed: deterministic seed derived from collection seed and token id
  • metadataHash: deterministic metadata commitment derived the same way
  • slope: fixed redeem amount, currently 1,000 SIGIL

5. redeem flow

A holder calls SphincsSigilRedeemer.redeem(tokenId). The redeemer checks ownership, asks the NFT contract to burn the NFT, then mints slope SIGIL to the holder. The NFT is gone after redemption, but its stored audit fields remain available on-chain.

6. security model

  • Recipient is bound into both the SPHINCS- message and EIP-712 attestation.
  • Each pkHash can mint only once.
  • Unused attestations do not consume token ids.
  • The gate enforces MAX_MINTS.
  • The token enforces MAX_SUPPLY.
  • Fees are forwarded immediately to the configured dev address.

7. metadata

tokenURI(tokenId) resolves to BASE_URI + tokenId + ".json". Marketplaces can index the collection through normal ERC-721 transfer events and metadata fetches. Metadata assets are managed outside this contract.