SQDPoS: A Secure and Practical Semi-Quantum Blockchain System for the Post-Quantum Era

Abstract

The rapid development of quantum computing poses severe threats to traditional blockchain security mechanisms, while existing full-quantum blockchains face challenges regarding high hardware costs and limited scalability. To address these issues, this paper proposes a secure and practical semi-quantum blockchain system. Specifically, a Semi-Quantum Delegated Proof of Stake consensus mechanism is constructed by integrating an adapted semi-quantum voting protocol with the Borda count method and a malicious behavior penalty model. Furthermore, a lightweight transaction verification framework is designed based on semi-quantum key distribution, enabling classical users with limited quantum capabilities to participate securely. Theoretical analysis demonstrates that the system achieves unconditional security against quantum attacks while maintaining high throughput. These results indicate that the proposed asymmetric resource design significantly lowers hardware barriers compared to full-quantum schemes, effectively balancing security, practicality, and cost-effectiveness for post-quantum blockchain networks.

1. Introduction

On 1 November 2008, Satoshi Nakamoto published a paper titled “Bitcoin: A Peer-to-Peer Electronic Cash System” [1], marking the formal inception of blockchain technology. As a tamper-proof, open and transparent distributed ledger collaboratively maintained by all network nodes, the blockchain integrates multiple technologies, including decentralization, cryptography, and consensus mechanisms. Facilitates the construction of peer-to-peer transaction systems without the need for trusted third parties and has been widely applied in diverse fields such as fintech, supply chain management, economics, outsourcing services, and personal data management. In blockchain schemes, each block encapsulates transaction information and every transaction is verified through digital signatures. Currently, consensus algorithms such as Proof of Work (PoW) [1], Proof of Stake (PoS) [2], Delegated Proof of Stake (DPoS) [3], and Practical Byzantine Fault Tolerance (PBFT) [4] have been successfully deployed for block generation and confirmation. Each block generates a unique hash identifier by performing a hash operation on the current transaction data and the hash value of the previous block, thereby cryptographically linking the blocks to form a chain.

However, with the rapid advancement of quantum computing technology, the security of traditional Public Key Cryptography (PKC) algorithms faces severe challenges. It is widely acknowledged that Shor’s quantum algorithm [5] can efficiently solve the discrete logarithm problem and the integer factorization problem, which implies that traditional encryption algorithms such as RSA [6], DSA and ECC [7,8] are incapable of withstand quantum computing attacks. Furthermore, quantum computing attacks also compromise the security of hash functions; the quantum algorithm proposed by Grover [9,10] can efficiently search for the preimage of hash functions. Consequently, traditional blockchain technologies that rely on ECC algorithms and hash functions for security are no longer secure [11], and addressing this issue is of paramount importance.

To resist quantum computing attacks, the applications of quantum secure blockchain technology have emerged two primary distinct research paths:post quantum blockchain and quantum blockchain.

The path of post-quantum blockchain achieves quantum resistance primarily by replacing classical primitives with post-quantum algorithms, such as lattice-based [12,13,14,15,16] or hybrid [17,18,19] cryptographic schemes. For instance, recent studies have explored the application of PQC in privacy-preserving schemes, such as anonymous transactions [14,16], as well as developing quantum-resistant consensus mechanisms and migration strategies for existing infrastructures [20,21,22,23]. However, this approach introduces a severe efficiency–security trade-off and exacerbates the blockchain trilemma [24]. While critical for mitigating urgent risks like the “harvest now, decrypt later” threat [23,24], the increased computational complexity of these cryptographic systems imposes significant resource costs. Consequently, this high storage and computational overhead drastically reduces transaction throughput (TPS) and diminishes the overall operational efficiency of the blockchain. Furthermore, although these algorithms may currently withstand attacks from known quantum adversaries, their security remains theoretically unverifiable. As breakthroughs in quantum technology accelerate, the robustness of these post-quantum algorithms risks being compromised by the development of more powerful quantum algorithms or the availability of advanced computational resources.

Another path is the quantum blockchain, which incorporates quantum cryptography [25,26] into the blockchain. Based on the fundamental properties of quantum mechanics (such as the Heisenberg Uncertainty Principle [27]), quantum cryptography is fundamentally distinct from traditional public key cryptography and has been proven to possess unconditional security. In 1984, the first Quantum Key Distribution (QKD) protocol (BB84 protocol) [28] was proposed and verified to be unconditionally secure. Since then, quantum cryptography has attracted widespread attention due to its unique advantages, evolving into multiple research directions such as Quantum Key Distribution [29,30,31], Quantum Secure Direct Communication (QSDC) [32,33], Quantum Secret Sharing (QSS) [34,35], and Quantum Digital Signature (QDS) [36].

Early research in quantum blockchain mainly focused on the establishment of foundational quantum data structures and simple transaction models [37,38,39,40,41,42]. While these pioneering works demonstrated theoretical feasibility and opened up new prospects for integrating quantum information technology with blockchain, they lacked mature, scalable consensus designs. More recently, the research focus has shifted toward integrating quantum cryptography with complex consensus mechanisms. For instance, Li et al. [43] and Wang et al. [44] explored Quantum DPoS (QDPoS) frameworks to optimize election processes. Similarly, Chen et al. [45] proposed an unconditionally secure quantum Byzantine protocol with enhanced fault tolerance, Liu et al. [46] designed a quantum-secure scheme based on QPoA, and Long et al. [47] utilized QSDC for blockchain integration.

However, a critical analytical review of these existing quantum consensus schemes [43,44,45,46,47] reveals a significant unresolved limitation: the “Quantum Hardware Bottleneck.” These protocols implicitly assume an idealized network where all participating nodes possess full quantum computational capabilities. This stringent hardware requirement and the absence of robust node-governance models severely restrict their scalability and contradict the decentralized nature of realistic blockchain networks.

This critical limitation articulates a clear research gap: there is an urgent need for a consensus model that bridges the gap between unconditional quantum security and the practical hardware constraints of modern decentralized networks.

The emergence of semi-quantum cryptography provides a novel approach to resolving this contradiction. By allowing “classical users” to participate in protocols using only partial quantum capabilities, semi-quantum technology significantly lowers the threshold for adoption while ensuring quantum security. In 2007, Boyer et al. first proposed the concept of semi-quantum and designed a quantum key distribution protocol where one party is classical [48], thereby pioneering research into semi-quantum protocols. With the promotion of semi-quantum concepts, an increasing number of semi-quantum key distribution protocols have emerged, and numerous scholars have attempted to apply semi-quantum ideas to a broader range of quantum security protocols, such as Semi-Quantum Secret Sharing (SQSS) [49,50], Semi-Quantum Key Agreement (SQKA) [51,52,53], Semi-Quantum Secure Direct Communication (SQSDC) [54,55,56], and Semi-Quantum Identity Authentication (SQIA) [57,58].

These schemes reduce the quantum capability requirements for participants and promote the practical application of quantum cryptography. With continuous technological advancements and in-depth research, semi-quantum technology is expected to play an increasingly important role in the field of information security. However, research on applying semi-quantum technology to blockchain remains in its infancy. Based on these challenges, this paper proposes a novel secure and practical semi-quantum blockchain system. The main contributions of this paper are summarized as follows:

1.

A Semi-Quantum Delegated Proof of Stake (SQDPoS) consensus mechanism is proposed. We synergize the high throughput of DPoS with semi-quantum technology. Crucially, to mitigate the risks of node centralization and unfair elections inherent in traditional DPoS, we introduce a malicious behavior penalty model and the Borda count method. This integration not only ensures post-quantum security but also significantly improves the fairness of node elections and the robustness of the consensus committee.

2.

An improved semi-quantum voting protocol adapted for decentralized elections is integrated. Building on the foundational semi-quantum voting principles proposed by Xu et al. [59], we significantly modified and optimized the scheme to meet the specific stringent requirements of a decentralized blockchain environment. By leveraging the entanglement characteristics of GHZ states and Semi-Quantum Secure Direct Communication (SQSDC), this adapted protocol ensures voter privacy and ballot tamper resistance while achieving high architectural compatibility with our newly designed node election mechanism.

3.

A practical and lightweight semi-quantum transaction verification framework is designed. Adapted from the theoretical signature scheme of Zhang et al. [60], we built a comprehensive transaction verification process based on Semi-Quantum Key Distribution (SQKD) and One-Time Pad encryption. Our key architectural innovation lies in successfully bridging these cryptographic primitives with distributed ledger scenarios, explicitly allowing classical users with limited quantum capabilities (measure-and-reflect only) to perform unconditionally secure transaction signatures. This drastically reduces the hardware threshold and deployment cost for post-quantum blockchains.

The remainder of this paper is organized as follows: Section 2 introduces the preliminaries related to GHZ states and the DPoS consensus mechanism. Section 3 details the specific protocol workflow of the semi-quantum blockchain. Section 4 analyzes and discusses the security and performance of the system. Finally, Section 5 summarizes the research work and core conclusions of this paper.

2. Preliminaries

2.1. GHZ States

The GHZ state is a type of multipartite maximally entangled state proposed by Greenberger, Horne, and Zeilinger [61] in 1989, which occupies a central position in quantum communication networks and multiparty quantum protocols. In 2000, Pan et al. [62] experimentally verified the properties of GHZ states. Subsequently, Zeng et al. [63] first applied GHZ states to their arbitrated quantum signature protocol in 2002. One form of the GHZ state is expressed as follows:

$$|\psi \rangle ={\displaystyle \frac{1}{\sqrt{2}}}(|000\rangle +|111\rangle )$$

(1)

The expression for an n-particle GHZ state is given by:

$$|{\psi }_i\rangle ={\displaystyle \frac{1}{\sqrt{2}}}\left(|q_1,q_2,\cdots ,q_n{\rangle +(-1)}^{\Delta }|\overline{q_1},\overline{q_2},\cdots ,\overline{q_n}\rangle \right)$$

(2)

where the GHZ state consists of n particles, $i=1,2,\cdots ,2^n$, $q_1=0$, and the remaining $q_i\in \{0,1\}$. The parameter $\Delta$ is defined as $\Delta =i-1\left(\mathrm{mod}2\right)$.

In the design of quantum cryptographic protocols, to adapt to specific measurement requirements, a variant of the GHZ state, known as the GHZ-like state, is frequently employed. The n-particle GHZ-like state can be defined as:

$$|{\psi }_i^{*}\rangle ={\displaystyle \frac{1}{\sqrt{2^{n-1}}}}\sum _{k=1}^{2^{n-1}}{\left[{(-1)}^{\delta }|x_1,x_2,\cdots ,x_n\rangle \right]}_N$$

(3)

where $|x_1,x_2,\cdots ,x_n\rangle$ represents the state in the Z-basis. If $\Delta =i-1\left(\mathrm{mod}2\right)=0$, then N is an even number; otherwise, N is an odd number. Here, N denotes the count of terms where $x_i=1$ in the state $|x_1,x_2,\cdots ,x_n\rangle$, and the phase factor is given by $\delta ={⨁}_{\{i|x_i=1\}}i$.

In this protocol, we focus on the decomposition form of the three-particle GHZ state under different bases. For instance, The three-particle GHZ state $|{\psi }_1\rangle$ can be rewritten as:

$$|{\psi }_1{\rangle =|0\rangle }_1\otimes |{\varphi }^{+}{\rangle }_{23}+{|1\rangle }_1\otimes {|{\phi }^{+}\rangle }_{23}$$

(4)

where $|{\varphi }^{+}\rangle ={\displaystyle \frac{1}{\sqrt{2}}}(|00\rangle +|11\rangle )$ and $|{\phi }^{+}\rangle ={\displaystyle \frac{1}{\sqrt{2}}}(|01\rangle +|10\rangle )$.

2.2. DPoS Consensus

The Delegated Proof of Stake (DPoS) consensus algorithm was proposed by Daniel Larimer [3] in 2014, aiming to address the limitations of traditional Proof of Work (PoW) and Proof of Stake (PoS) in terms of throughput, latency, and energy consumption. DPoS is regarded as a technology-based “representative democracy” consensus mechanism. Its core idea is that token holders elect a certain number of representatives (i.e., witnesses or block producers) through voting to be responsible for blockchain maintenance and block generation.

The operation process of DPoS consensus primarily consists of three phases: voting election, block generation scheduling, and verification and confirmation.

1.

Voting Election: Each token-holding node in the network possesses voting power proportional to its stake. Nodes can cast votes for one or more candidate nodes. The system tallies the votes in real-time, and the top N nodes with the highest votes (e.g., 21 in the EOS network) are elected as block producers (witnesses) for the current cycle.

2.

Block Generation Scheduling: The elected witnesses are sorted randomly or in a fixed order and take turns packaging transactions and generating new blocks within strictly defined time slots. This deterministic scheduling mechanism significantly reduces the probability of conflicts among nodes competing for bookkeeping rights.

3.

Verification and Confirmation: The generated blocks are broadcast to the entire network for verification by other witnesses and verification nodes. If a witness fails to produce a block within the stipulated time (e.g., due to being offline or network faults), their time slot is skipped, and such behavior is recorded.

Compared with PoW and traditional PoS, DPoS possesses significant advantages. First, since only a small number of elected nodes participate in block generation and verification, the communication overhead for network-wide broadcasting and confirmation is drastically reduced, thereby achieving second-level confirmation and high throughput (TPS). Second, DPoS introduces a voting penalty mechanism against malicious behaviors. If a witness acts maliciously or goes offline frequently, token holders can revoke their votes to oust the witness, thereby ensuring the security and liveness of the system. The SQDPoS consensus mechanism proposed in this paper is based on the DPoS architecture and further enhances its security and election fairness in a post-quantum environment by introducing semi-quantum technology.

3. Protocol Design

In the semi-quantum blockchain system constructed in this paper, the network adopts a heterogeneous hybrid architecture, composed jointly of classical nodes possessing restricted quantum capabilities (i.e., semi-quantum capabilities) and nodes possessing full quantum capabilities. While inheriting the advantages of high throughput and low latency from the DPoS consensus, the system introduces semi-quantum protocols aimed at significantly enhancing the security and fairness of the consensus process under the threat of quantum computing. Based on their functional positioning within the consensus workflow, as shown in Figure 1, network nodes are classified into the following four categories:

• User Nodes: These constitute the largest scale of basic nodes in the network, required only to possess restricted quantum capabilities such as measurement and reflection. Their primary responsibilities include maintaining local ledger copies, relaying network messages, and participating in voting. Although User Nodes do not possess block production rights, they determine the composition of the consensus committee through the voting mechanism, serving as the cornerstone of the system’s decentralized governance.
• Candidate Nodes: These are high-performance nodes equipped with full quantum computing and communication capabilities. Such nodes must satisfy specific stake (wealth) thresholds and complete identity registration. Once elected via user voting, they form the core consensus set. Subsequent block producer nodes and verification nodes are dynamically selected from this set.
• Block Producer Nodes: These are a minority of nodes elected from the candidate node set. Their core functions include collecting unconfirmed transactions across the network, executing preliminary verification of transaction legitimacy, packaging transactions to generate new blocks, and broadcasting them to the entire network.
• Verification Nodes: These consist of the remaining nodes in the candidate node set, excluding the block producer nodes. Their duties involve validating the effectiveness of new blocks, supervising the behavior of block producer nodes, and broadcasting confirmation signatures. They serve as the critical line of defense for guaranteeing the system’s Byzantine fault tolerance capability.

3.1. Consensus Process

Based on the node classification described above, this paper proposes a semi-quantum consensus process (Semi-Quantum Delegated Proof of Stake, SQDPoS) that combines a semi-quantum voting mechanism with the Delegated Proof of Stake (DPoS) philosophy. While maintaining the advantages of high throughput and low latency inherent in DPoS, this consensus process introduces stake constraints and a quantum-secure voting mechanism to enhance the security, fairness, and interpretability of the consensus process under the threat of quantum computing.

3.1.1. Consensus Operation Workflow

Similar to the architecture of DPoS, SQDPoS employs a voting mechanism to elect a specific number of block producer nodes. These nodes assume responsibility for blockchain block production and network maintenance according to preset rules, while other nodes in the network reach consensus on the generated blocks. The overall workflow is illustrated in Figure 2. The SQDPoS consensus process primarily comprises the following six stages: Identity Authentication, Voting Election, Block Producer Selection, Block Generation, Block Verification, and Block Confirmation.

1.

Identity Authentication Phase: Upon a node’s entry into the blockchain network, the system initiates the identity authentication process. All nodes must complete registration via a classical identity authentication mechanism. Successfully registered nodes are categorized as either “User Nodes” or “Quantum Nodes” based on their computational capabilities and participation willingness. Specifically, Quantum Nodes enter a candidate state upon registration completion, awaiting voting support from User Nodes; conversely, nodes that fail to garner sufficient votes or lack quantum capabilities participate in network activities as User Nodes.

2.

User Voting Phase: At the commencement of each consensus cycle, User Nodes cast votes for the system’s Quantum Nodes utilizing a semi-quantum voting mechanism. To mitigate Sybil attacks and increase the cost of malicious behavior, User Nodes are required to lock a certain amount of tokens as a stake before participating in voting. This process elects the set of candidate nodes for the current consensus round. The detailed protocol workflow for this stage is elaborated in Section 3.2.

3.

Block Producer Selection Phase: Assume the system contains N User Nodes and K Quantum Nodes. In this phase, the system first filters out $2m$ candidate nodes (where $K>2m$) based on voting results, and subsequently selects the top m nodes from these candidates to serve as block producer nodes for the current round. To address potential malicious nodes hindering block production or manipulating elections, we introduce a malicious behavior penalty mechanism and the Borda count method (Borda Score) in this process to ensure the fairness and robustness of block producer selection.

4.

Block Generation Phase: Block production is executed sequentially by the elected block producer nodes based on their Borda score ranking. Within the allocated time slot t, the current block producer node is responsible for collecting transaction information M occurring during this period, verifying its authenticity, and packaging legitimate transactions to generate a new block. Once the new block is constructed, the block producer broadcasts it to the set of verification nodes to initiate the verification phase. All block producer nodes perform block production tasks in a cyclic sequence until the end of the current consensus round, as shown in Figure 3. If a block producer node fails to complete block generation within the stipulated time window, its production opportunity is skipped, and the event is recorded in the historical malicious behavior log.

5.

Block Verification Phase: Upon receiving a new block, verification nodes first validate whether the block producer possesses legitimate block production qualifications for the current consensus round. Following successful identity validation, verification nodes further scrutinize the integrity and consistency of the transactions within the block. When a new block garners confirmation signatures from no less than ${\displaystyle \frac{2}{3}}$ of the total verification nodes, the system determines that the block has passed consensus verification and achieved network-wide agreement.

6.

Block Confirmation Phase: Once the new block passes verification, verification nodes broadcast the confirmation message to the entire network. Upon receiving the new block and its corresponding confirmation credentials, User Nodes formally append the block to their local blockchain ledger and subsequently proceed to participate in the next consensus round.

3.1.2. Block Election Algorithm

To effectively suppress the manipulation of the election process by malicious nodes and ensure the honesty and high quality of the consensus committee, this paper introduces a malicious behavior-weighted penalty mechanism and the Borda Count Method during the election phase. This algorithm dynamically adjusts the effective voting weight of nodes by quantifying their historical malicious behaviors and utilizes Borda sorting to optimize the selection of block producer nodes that better represent the network-wide consensus.

This paper ranks malicious behaviors that can jeopardize system security and efficiency according to their severity of the hazard. Each behavior is associated with a penalty weight $Q_r$ and a maximum allowable tolerance threshold $T_r$. The specific behavior types are defined as follows:

• $r=1$ (fp): Transaction packaging failure, with $Q_1=0.4,T_1=Max1$.
• $r=2$ (fv): Block verification failure, with $Q_2=0.3,T_2=Max2$.
• $r=3$ (bn): Node communication failure, with $Q_3=0.2,T_3=Max3$.
• $r=4$ (other): Other malicious behaviors, with $Q_4=0.1,T_4=Max4$.

The penalty weights $Q_r$ are systematically derived from the ranking of the four abnormal behaviors using the rank-sum weighting method. According to the rank-sum formula, for a total of $n=4$ risk categories, the severity index $w_r$ for the behavior ranked r is intrinsically defined as $w_r=n-r+1$. This mathematically yields the ordinal scale $w_r\in \{4,3,2,1\}$. Finally, the exact penalty weight $Q_r$ is obtained by normalization: $Q_r={\displaystyle \frac{w_r}{{\sum }_{k=1}^n{w}_k}}$. This formal approach rigorously derives the penalty weight $Q_r$ corresponding to each type of malicious behavior, with values of $0.4,0.3,0.2,$ and $0.1$, respectively.

The threshold value $T_r$ is dynamically calculated at the end of each consensus cycle based on the real-time health status of the entire network. Specifically, the system aggregates the fault occurrences $t_{i,r}$ of all participating nodes N during epoch t to calculate the global mean in real-time (${\mu }_r={\displaystyle \frac{1}{N}}{\sum }_{i=1}^N{t}_{i,r}$) and the standard deviation (${\sigma }_r^{=}\sqrt{{\displaystyle \frac{1}{N-1}}{\sum }_{i=1}^N{(t_{i,r}-{\mu }_r)}^2}$). Using the dynamic Three-Sigma rule, the tolerance threshold for epoch t is strictly updated as: $T_r=\lceil {\mu }_r+3·{\sigma }_r\rceil$. This dynamic formulation ensures high resilience; during severe global network degradation or channel deterioration, ${\mu }_r$ naturally increases, dynamically relaxing $T_r$ to prevent massive false penalization of honest nodes. In contrast, in stable network conditions, the threshold automatically tightens to quickly and accurately isolate Byzantine attackers.

Based on the above definitions, the Malicious Behavior Coefficient $N_i^{Bw}$ of the i-th node is calculated using the following formula:

$$N_i^{Bw}=\sum _{r=1}^4\left({\displaystyle \frac{t_{i,r}}{T_r}}\times Q_r\right),(0\le t_{i,r}\le T_r)$$

(5)

Combined with the penalty coefficient, the effective votes $V_i$ of the i-th node are defined as:

$$V_i=\left(\sum _{j=1}^N{p}_j^{\left(t\right)}\right)\times \left(1-N_i^{Bw}\right)$$

(6)

where N is the total number of user nodes participating in the voting, and $p_j^{\left(t\right)}$ represents the raw votes cast by voter j for node i in the t-th election round.

Based on effective votes $V_i$, all participating nodes are preliminarily sorted, and the top $2m$ nodes are selected to form the candidate set, the set size being indicated as $C=2m$.

To avoid the “tyranny of the majority” or vote dispersion problems potentially caused by simple majority voting, we construct a preference matrix for the candidate node set. For any k-th voting node, its relative preference matrix $R^k$ regarding candidate nodes i and j is defined as follows:

$$R^k=\left[\begin{array}{cccc}{r}_{11}^k& r_{12}^k& \cdots & r_{1C}^k\\ r_{21}^k& r_{22}^k& \cdots & r_{2C}^k\\ ⋮& ⋮& \ddots & ⋮\\ r_{C1}^k& r_{C2}^k& \cdots & r_{CC}^k\end{array}\right]$$

(7)

where the value rule for the matrix element $r_{ij}^k$ is:

$$r_{ij}^k=\left\{\begin{array}{cc}1,\hfill & \mathrm{Preference}\mathrm{order}\mathrm{of}\mathrm{voter}k\mathrm{is}{x}_i>x_j\hfill \\ 0,\hfill & \mathrm{Otherwise}\hfill \end{array}\right.$$

(8)

Next, calculate the preference value $r_i^k={\sum }_{j=1}^C{r}_{ij}^k$ given by the k-th voting node to the i-th candidate node. Accordingly, we can obtain the Borda score matrix across the network (where rows represent candidate nodes and columns represent voting nodes):

$$\left[\begin{array}{cccc}{r}_1^1& r_1^2& \cdots & r_1^N\\ r_2^1& r_2^2& \cdots & r_2^N\\ ⋮& ⋮& \ddots & ⋮\\ r_C^1& r_C^2& \cdots & r_C^N\end{array}\right]$$

(9)

Finally, calculate the cumulative Borda score $r_i={\sum }_{k=1}^N{r}_i^k$ for each candidate node. Sort the $r_i$ of all candidate nodes in the set in descending order, and the top m nodes with the highest scores will be formally elected as the block producer nodes for the current consensus cycle.

3.1.3. Block Structure

As illustrated in Figure 4, the arrows in the figure denote the connections between blocks. The block structure of the proposed scheme consists primarily of a Block Header and a Block Body. The Block Header contains not only the previous block hash and timestamp but also specific fields designed for the SQDPoS mechanism: ProducerID to identify the current block producer, BordaScore to rapidly validate the legitimacy of the block production right, and RoundIndex to identify the current consensus round. The Block Body maintains a transaction list, where each transaction encapsulates not only basic transfer data (e.g., sender, receiver, amount), but also complete semi-quantum signature parameters, including the sender’s ciphertext signature, the original message hash, and the arbitration proof provided by the third party. This structural design ensures that the block possesses the capability to resist quantum computing attacks from the consensus layer down to the transaction layer.

3.2. Semi-Quantum Voting Process

Xu et al. [59] proposed a semi-quantum voting protocol. Addressing node election requirements under the DPoS consensus mechanism, this paper improves and adapts this protocol. In the voting process of the proposed scheme, we map the blockchain network roles to the protocol participants: the on-chain User Node Alice assumes the role of the Voter; the Block Producer Node David serves as the Ballot Counter, responsible for collecting ballots and tallying votes; the Verification Node Charlie acts as the Scrutineer, charged with verifying voter identity legitimacy and supervising the Ballot Counter David; and the Voting Management Center (VMC) is responsible for preparing entangled states to distribute quantum sequences. The VMC is dynamically composed of n high-capacity Quantum Nodes selected from the Verification Nodes set. It strictly operates on a $(t,n)$ threshold cryptography mechanism [64]. This means that critical operations such as generating the eavesdropping detection key $K_{ED}$ and resolving arbitration disputes are jointly executed by Multi-Party Computation (MPC). No single node can reconstruct the key or dictate the arbitration. A valid output strictly requires the consensus of at least t committee members. Additionally, the committee collaboratively prepares the initial entangled states using established distributed entanglement swapping protocols [65,66], ensuring a fully trustless and decentralized architecture.

Before presenting the full step-by-step procedure, we provide a simplified conceptual explanation of the entire voting process, which consists of five distinct phases. To begin with, Steps 1–5 represent the initialization phase, in which the protocol establishes secure identities and shared cryptographic keys via the Semi-Quantum key distribution (SQKD). Next, Steps 6–12 serve as the eavesdropping detection phase, where the VMC distributes GHZ triplets to establish a secure quantum correlation network and detect any potential eavesdropping. Subsequently, Steps 13–15 constitute the selection of the ballot, in which the voter Alice performs blinding operations on her ballot to guaranty unconditional voter anonymity. After that, Steps 16–18 act as the vote-counting phase; the final tally can only be recovered through the honest collaboration of distinct protocol roles. This enforces a truthful and verifiable voting result via a strict separation of powers. Finally, Steps 19–20 form the arbitration phase. In the event of any dispute, the VMC collaboratively recovers the ballot using Multi-Party Computation (MPC) to complete the arbitration.

The specific interaction workflow of this voting protocol is illustrated in Figure 5, with detailed steps described below.

3.2.1. Phase 1: Initialization

Step 1: Voter Alice sends her identity information to the VMC to apply for voting qualifications. If Alice’s identity is legitimate and it is her first time voting, the VMC generates an identity number $I{D}_A=\{I{D}_A^1,I{D}_A^2,\dots ,I{D}_A^n\}$ based on her identity information and sends $I{D}_A$ to Alice.

Step 2: Voter Alice casts her vote for the K Quantum Nodes. She constructs a composite ballot message M consisting of two parts: (1) her raw votes for the nodes (used to calculate $p_j^{\left(t\right)}$), and (2) a global preference ranking vector $P{R}_A=[c_{i1},c_{i2},\dots ,c_{i,K}]$ representing her strict ordered preference for all K nodes. This structured composite ballot is then serialized and encoded in a binary message M.

Step 3: Supervisor Charlie sends his identity information to the VMC. Upon approval, the VMC shares an authentication key $K_{AC}$ with Voter Alice and Supervisor Charlie based on Semi-Quantum Key Distribution (SQKD).

Step 4: The VMC uses $I{D}_A$ as a seed for a quantum random number generator to produce a voting sequence number $SN=QRING\left(I{D}_A\right)$, which is shared with Voter Alice and Supervisor Charlie.

Step 5: The VMC calculates the eavesdropping detection key $K_{ED}=\mathrm{Hash}(K_{AC}\left|\right|SN)$. This key is used to determine the operations performed by participants on the GHZ particles during the eavesdropping detection phase.

3.2.2. Phase 2: Eavesdropping Detection

Step 6: The VMC generates $N=2n(1+\delta )$ GHZ triplets (where $\delta >0$ is a fixed parameter):

$${|\psi \rangle }_{acv}^i={\displaystyle \frac{1}{\sqrt{2}}}(|0_a{0}_c{0}_v\rangle +|1_a{1}_c{1}_v\rangle ),(i=1,2,\dots ,N)$$

(10)

where the subscripts a, c, and v denote the three particles of the GHZ triplet owned by Alice, Charlie, and the VMC, respectively.

Step 7: The VMC organizes the three particles from ${|\psi \rangle }_{acv}^i$ into the corresponding ordered sequences $S_A={\{|\psi \rangle }_a^1{,|\psi \rangle }_a^2{,\cdots ,|\psi \rangle }_a^N\}$, $S_C={\{|\psi \rangle }_c^1{,|\psi \rangle }_c^2{,\cdots ,|\psi \rangle }_c^N\}$, and $S_V={\{|\psi \rangle }_v^1{,|\psi \rangle }_v^2{,\cdots ,|\psi \rangle }_v^N\}$. The VMC retains the sequence $S_V$ and sends $S_A$ and $S_C$ to Voter Alice and Supervisor Charlie, respectively.

Step 8: Voter Alice performs operations on the qubits in sequence $S_A$ according to $K_{ED}$. If $K_{ED}^i=1$, she measures ${|\psi \rangle }_a^i$ using the Z-basis $\{|0\rangle ,|1\rangle \}$ and resends it. If $K_{ED}^i=0$, she performs a direct reflection operation. Alice obtains the operated sequence $S_A^{\prime }$ sequentially and sends it back to the VMC. Alice saves her classical measurement results as $MRA=\{MR{A}_1,MR{A}_2,\dots ,MR{A}_m\}$.

Step 9: Supervisor Charlie performs the same operations as Alice on sequence $S_C$, obtaining sequence $S_C^{\prime }$, and sends it back to the VMC. Charlie also saves his measurement results as $MRC=\{MR{C}_1,MR{C}_2,\dots ,MR{C}_m\}$.

Step 10: Upon receiving sequences $S_A^{\prime }$ and $S_C^{\prime }$, the VMC operates on $S_A^{\prime }$, $S_C^{\prime }$, and $S_V$ according to $K_{ED}$. If $K_{ED}^i=1$, the VMC measures the qubits ${|\psi \rangle }_a^{i\prime }$, ${|\psi \rangle }_c^{i\prime }$, and ${|\psi \rangle }_v^i$ in sequences $S_A^{\prime }$, $S_C^{\prime }$, and $S_V$ using the Z-basis $\{|0\rangle ,|1\rangle \}$. The VMC checks whether the measurement results of ${|\psi \rangle }_a^{i\prime }$, ${|\psi \rangle }_c^{i\prime }$, and ${|\psi \rangle }_v^i$ follow the collapse principle of GHZ states. If the results adhere to the collapse principle, the VMC proceeds to the next step; otherwise, this phase restarts.

Step 11: If $K_{ED}^i=0$, the VMC performs a joint measurement of the GHZ state on the qubits ${|\psi \rangle }_a^{i\prime }$, ${|\psi \rangle }_c^{i\prime }$, and ${|\psi \rangle }_v^i$. Then, the VMC compares whether the measurement result is consistent with the initial state. If they match, the VMC notifies Voter Alice to enter the voting phase; otherwise, this phase restarts.

Step 12: VMC saves the results of the measured qubits in sequences $S_A^{\prime }$, $S_C^{\prime }$, and $S_V$ as $MR{A}^{\prime }$, $MR{C}^{\prime }$, and $MRV$.

3.2.3. Phase 3: Selection of the Ballot

Step 13: Voter Alice blinds the binary message M using her identity number $I{D}_A$ and the measurement results $MRA$, obtaining the ballot information $P=I{D}_A\oplus MRA\oplus M$.

Step 14: Voter Alice calculates the ballot sequence $S_M=SN\oplus P$ using the voting sequence number $SN$ and the ballot information P, and sends it to Supervisor Charlie via Semi-Quantum Secure Direct Communication (SQSDC).

Step 15: Supervisor Charlie stores the ballot sequence $S_M$, blinds it using $MRC$ to obtain $S_{MC}=S_M\oplus MRC$, and sends it to Counter David via Quantum Secure Direct Communication (QSDC).

3.2.4. Phase 4: Tallying Votes

Step 16: The VMC calculates the unblinding factor $S_{MV}={MRA}^{\prime }\oplus {MRC}^{\prime }\oplus I{D}_A$ and packages $\{S_{MV},SN\}$ to send to Counter David via QSDC.

Step 17: Counter David recovers the content of the ballot M using $\{S_{MC},S_{MV},SN\}$ according to (11):

$$\begin{array}{cc}\hfill S_{MV}\oplus S_{MC}\oplus SN& =S_{MV}\oplus MRC\oplus S_M\oplus SN\hfill \\ \hfill & =S_{MV}\oplus MRC\oplus SN\oplus P\oplus SN\hfill \\ \hfill & =MR{A}^{\prime }\oplus MR{C}^{\prime }\oplus I{D}_A\oplus MRC\oplus P\hfill \\ \hfill & =MR{A}^{\prime }\oplus P\oplus I{D}_A\hfill \\ \hfill & =M\hfill \end{array}$$

(11)

Step 18: Counter David publishes $SN$ and the decoded ballot information M on the bulletin board. Specifically, M is deserialized to recover the raw votes and the preference ranking vector $P{R}_A$. First, raw votes are aggregated to calculate the effective votes $V_i$ and filter the top candidate nodes $2m$. Then, for any voter k, their recovered global ranking vector $P{R}_k$ is utilized to extract the relative preference order exclusively among these $2m$ candidates. This relative order serves as the direct input to construct the $2m\times 2m$ preference matrix $R^k$ defined in (7).

3.2.5. Phase 5: Arbitration

Step 19: If Alice has an objection to the voting result, she can publish $SN$ to apply for arbitration. Charlie finds the corresponding ballot sequence $S_M$ based on $SN$ and sends it to the VMC. The committee members of the VMC collaboratively recover the ballot content $M^{\prime }$ using their distributed secret shares of the stored $MR{A}^{\prime }$ and $I{D}_A$ by Multi-Party Computation (MPC):

$$M^{\prime }={MRA}^{\prime }\oplus {ID}_A\oplus S_M\oplus SN={MRA}^{\prime }\oplus P\oplus {ID}_A$$

(12)

To complete the arbitration, the VMC compares the recovered $M^{\prime }$ with the result on the bulletin board. A valid arbitration result strictly requires the consensus and co-signature of at least t committee members.

Step 20: After all voters have completed voting and there are no arbitration requests, the final voting results are announced.

3.3. Semi-Quantum Transaction Verification

Based on the semi-quantum signature scheme by Zhang et al. [60], we construct a transaction verification framework suitable for DPoS networks. As shown in Figure 6, this transaction system involves three types of core participants: Alice acting as the user node on the chain and the transaction initiator; Bob acting as the Verification Node and the transaction verifier responsible for validating the legitimacy of transaction data; and Trent, serving as a logical decentralized assistant (instantiated by the aforementioned VMC) responsible for facilitating the generation and verification process of the semi-quantum signature between Alice and Bob.

The semi-quantum transaction verification process is logically divided into four distinct phases. Specifically, the first phase is transaction initialization (Steps 1–5), in which Alice processes her transaction information. Following this, the second phase is the detection of eavesdropping (Steps 6–9), which is performed to ensure the security of the transaction information. Next, the third phase is the generation of the signature (Steps 10–12), where Alice generates the encrypted signature. Finally, the fourth phase is the signature verification (Steps 13–15), during which Bob decrypts the signature and performs the verification.The detailed steps are as follows:

3.3.1. Phase 1: Transaction Initialization

Step 1: Alice shares a secret key $K_{AB}$ with Bob by executing the Semi-Quantum Key Distribution (SQKD) protocol.

Step 2: Alice constructs the transaction information $TX=\{from,to,amount,nonce,fee\}$ and encodes it in the original message $M=\{m_1,m_2,\cdots ,m_n\}$. She then calculates $\tilde{M}=H(K_{AB}\oplus M)$ and sends it to Trent.

Step 3: Upon receiving the signature request and $\tilde{M}$ from Alice, Trent calculates $T=H(I{D}_A\parallel time\parallel \tilde{M}\parallel I{D}_B)$, where $time$ is the timestamp.

Step 4: Trent prepares the quantum states ${|\psi \rangle }_i$ according to $T_i$ (the i-th bit of T). If $T_i=0$, prepare the quantum state ${|\psi \rangle }_i=|{\psi }_1\rangle$; otherwise, prepare ${|\psi \rangle }_i=|{\psi }_2\rangle$. In this way, Trent obtains the quantum state sequence $|\psi \rangle ={\{|\psi \rangle }_1{,|\psi \rangle }_2{,\cdots ,|\psi \rangle }_n\}$, where ${|\psi \rangle }_i$ denotes the i-th particle trio in sequence $|\psi \rangle$. The expression for $|{\psi }_1\rangle$ is given in (4), and the expression for $|{\psi }_2\rangle$ is:

$$|{\psi }_2{\rangle =|0\rangle }_1\otimes |{\phi }^{+}{\rangle }_{23}+{|1\rangle }_1\otimes {|{\varphi }^{+}\rangle }_{23}$$

(13)

Step 5: Trent divides $|\psi \rangle$ to generate two particle sequences $A=\{a_1,a_2,\cdots ,a_n\}$ and $B=\{b_{11}{b}_{12},b_{21}{b}_{22},\cdots ,b_{n1}{b}_{n2}\}$, where $a_i$ is the first particle of ${|\psi \rangle }_i$, and $b_{i1}{b}_{i2}$ are the second and third particles of ${|\psi \rangle }_i$.

3.3.2. Phase 2: Eavesdropping Detection

Step 6: Trent randomly selects decoy particles from the set $\{|0\rangle ,|1\rangle ,|+\rangle ,|-\rangle \}$ and inserts them randomly into sequences A and B, resulting in new sequences $A^{\prime }$ and $B^{\prime }$, which are sent to Alice and Bob, respectively.

Step 7: When Alice confirms the receipt of $A^{\prime }$, Trent announces the positions of all the decoy particles. Subsequently, Alice reflects these decoy particles back to Trent.

Step 8: After receiving the reflected particles, Trent performs measurements on all decoy particles. If the error rate of the decoy particles exceeds the bit error rate and phase error rate of the noise particle pairs in the channel, the process restarts from Step 3; otherwise, it proceeds to the next step, and Alice retains sequence A.

Step 9: When Bob confirms the receipt of $B^{\prime }$, Trent announces the positions and initial states of the decoy particles. Bob measures them based on the results published by Trent. If the error rate exceeds the threshold, Step 3 is re-executed; otherwise, Bob retains sequence B.

3.3.3. Phase 3: Signature Generation

Step 10: After Alice and Bob have successfully obtained particle sequences A and B respectively, Trent publishes T and stores the timestamp $time$ and $\tilde{M}$ in the database to prevent future disputes.

Step 11: Alice measures the particle sequence A particle by particle using the Z-basis ($|0\rangle ,|1\rangle$) and calculates $MRA$ according to (14):

$${MRA}_i=\left\{\begin{array}{c}0,\mathrm{if}{a}_i=|0\rangle \hfill \\ 1,\mathrm{if}{a}_i=|1\rangle \hfill \end{array}\right.$$

(14)

Alice obtains $MRA=\{MR{A}_1,MR{A}_2,\cdots ,MR{A}_n\}$ and calculates $TA$ by using (15):

$$TA=T\oplus K_{AB}\oplus MRA\oplus M$$

(15)

Step 12: Alice calculates $K=H(K_{AB}\parallel M)$, then uses K to encrypt $TA$ to generate the signature $S_A=E_K\left(TA\right)$ and sends it to Bob.

3.3.4. Phase 4: Signature Verification

Step 13: Upon receiving $S_A=E_K\left(TA\right)$, Bob calculates $K^{\prime }=H(K_{AB}\parallel M)$ and uses $K^{\prime }$ to decrypt $S_A$ to obtain $TA$.

Step 14: Bob calculates $TB=TA\oplus K_{AB}$ using $TA$ and $K_{AB}$. Based on $TB$, he performs the following operation:

$$b_{i1}^{\prime }=X^{T{B}_i}{b}_{i1}$$

(16)

where $T{B}_i$ is the i-th bit of $TB$, and X is the Pauli-X gate. Its expression and the corresponding unitary operations are:

$$\begin{array}{c}\hfill X=\left(\begin{array}{cc}0& 1\\ 1& 0\end{array}\right),X^0=\left(\begin{array}{cc}1& 0\\ 0& 1\end{array}\right)\\ \hfill X|{\varphi }^{+}\rangle =|{\phi }^{+}\rangle ,X^0|{\varphi }^{+}\rangle =|{\varphi }^{+}\rangle \end{array}$$

(17)

Subsequently, Bob measures the particle sequence B particle by particle using the Bell basis to obtain $M_B=\{m{b}_1,m{b}_2,\cdots ,m{b}_n\}$:

$$m{b}_i=\left\{\begin{array}{c}0,\mathrm{if}{b}_{i1}^{\prime }{b}_{i2}=|{\varphi }^{+}\rangle \hfill \\ 1,\mathrm{if}{b}_{i1}^{\prime }{b}_{i2}=|{\phi }^{+}\rangle \hfill \end{array}\right.$$

(18)

Step 15: combining (15)–(18) and

Table 1. Alice and Bob’s coding and operation rules.

${\mathit{T}}_{\mathit{i}}$	${\mathit{MRA}}_{\mathit{i}}$	${\mathit{m}}_{\mathit{i}}$	${\mathit{b}}_{\mathit{i}1}{\mathit{b}}_{\mathit{i}2}$	Bob’ Operation	${\mathit{mb}}_{\mathit{i}}$
0	0	0	$|{\varphi }^{+}\rangle$	$X^0$	$0(|{\varphi }^{+}\rangle )$
		1		X	$1(|{\phi }^{+}\rangle )$
0	1	0	$|{\phi }^{+}\rangle$	X	$0(|{\varphi }^{+}\rangle )$
		1		$X^0$	$1(|{\phi }^{+}\rangle )$
1	0	0	$|{\phi }^{+}\rangle$	X	$0(|{\varphi }^{+}\rangle )$
		1		$X^0$	$1(|{\phi }^{+}\rangle )$
1	1	0	$|{\varphi }^{+}\rangle$	$X^0$	$0(|{\varphi }^{+}\rangle )$
		1		X	$1(|{\phi }^{+}\rangle )$

, Bob derives:

$$TB=T\oplus K_{AB}\oplus MRA\oplus M\oplus K_{AB}=T\oplus MRA\oplus M$$

(19)

Bob compares $M_B$ with M. If $M=M_B$, the signature $S_A$ is accepted; otherwise, it is rejected.

4. Protocol Analysis

This section presents an in-depth analysis of the proposed SQDPoS blockchain scheme across three dimensions: theoretical security, performance efficiency, and comparative analysis. We demonstrate that the scheme possesses robust resistance against quantum attacks during both the consensus election and transaction signature processes, satisfying critical security requirements such as unforgeability and anonymity. Furthermore, through a comprehensive comparison with existing solutions, we verify the specific advantages this scheme achieves in terms of system efficiency and practicality while ensuring quantum security.

4.1. Security Analysis

4.1.1. Consensus Security

The Semi-Quantum Delegated Proof of Stake (SQDPoS) consensus mechanism proposed in this paper integrates an improved semi-quantum voting protocol with a malicious behavior penalty model. While guaranteeing the high efficiency of classical DPoS, it significantly enhances the system’s fairness and capability to resist quantum attacks. The following discussion elucidates this from three dimensions: the fairness and robustness of node election, the cryptographic security of the voting process, and the resistance to quantum attacks.

1.

Fairness and Robustness of Node Election

Traditional DPoS consensus is susceptible to node centralization issues. This scheme enhances the robustness of the consensus by introducing a multi-dimensional malicious behavior penalty mechanism and the Borda count method. The system defines a set of malicious behaviors, including transaction packaging failure, block verification failure, and communication fault, and assigns different penalty weights $Q_r$. The malicious behavior weight of a node, $N_i^{Bw}$, is calculated via Equation (5), which in turn is used to dynamically adjust the node’s effective votes $V_i$ according to Equation (6). This mechanism ensures that nodes with a history of malicious behavior are unlikely to obtain high weights, effectively preventing malicious nodes from infiltrating the consensus committee. Distinct from the traditional rule, this scheme employs the Borda count method to construct a preference matrix. By synthesizing the ranking preferences of network-wide nodes for candidates, this method selects block producer nodes that better represent the overall consensus of the system, avoiding the monopoly of consensus rights by minority interest groups and enhancing the representativeness and fairness of the committee.

2.

Cryptographic Security of Voting Process

The semi-Quantum voting protocol constitutes the core of the SQDPoS consensus, ensuring the security of votes throughout their lifecycle of generation, transmission, and tallying. This protocol satisfies the following key security properties:

(1)

Legitimacy: Only nodes holding the legitimate identity authentication key $K_{Ac}$ can participate in the consensus. In the initialization phase, the VMC uses SQKD protocols [67,68] to make the scrutineer Charlie and the voter Alice share the authentication key $K_{AC}$, which is unconditionally secure and ensures that the authentication key cannot be leaked, thereby only legitimate voters can vote. When voter Alice sends her vote to Charlie, the SQSDC channel is proved to be secure, and ensures that the voting sequence $S_M$ would not be disclosed [54,55,56]. At the time that voting center Bob and scrutineer Charlie communicate with the vote counter David respectively, the QSDC channels are proven to be secure [69,70]. All these quantum cryptographic protocols have been demonstrated to be unconditionally secure with mathematical rigor.

(2)

Anonymity: The protocol employs a blinding mechanism. Voter Alice utilizes her unique identity identifier $I{D}_A$ and the quantum measurement result $M{R}_A$ to perform an XOR operation on the ballot content M, generating a blinded ballot $P=I{D}_A\oplus M{R}_A\oplus M$. The Counter, David, can only receive the blinded sequence and cannot associate the ballot content with a specific voter without authorization from the VMC for unblinding, thus guaranteeing the anonymity of the voting.

(3)

Non-repudiation: The ballot sequence $S_m$ is composed of a unique sequence number $SN$ and the blinded ballot information P. A voter cannot deny the ballot because each voter’s $SN$ and $ID$ are unique. If a voter has an objection to the voting result, they can publish their sequence number $SN$ for arbitration. If the ballot result is proven correct, the VMC will declare the arbitration failed; consequently, the voter cannot repudiate the voting result.

(4)

Unforgeability and Verifiability: The ballot sequence is strongly bound to the unique sequence number $SN$, which is generated by hashing $I{D}_A$. Any tampering with the ballot content (such as a Man-in-the-Middle attack) will lead to a hash verification failure. Furthermore, the arbitration mechanism allows the VMC to recover the original ballot content $M^{\prime }$ using the stored $M{R}_{A^{\prime }}$ and compare it with the publicized result, ensuring the transparency and fairness of the counting process.

3.

Resistance to Entangle–Measure Attack

Attacker Eve attempts to intercept the quantum sequence $S_A$ during its transmission from the VMC to Voter Alice. Eve introduces an auxiliary probe state $|E\rangle$ and applies a unitary operation $U_E$ on the traveling qubits in $S_A$ and her probe to steal information. Subsequently, she sends the manipulated sequence $S_A^E$ to Alice, hoping to deduce Alice’s measurement results ($MRA$) by measuring her probe $|E\rangle$.

Assume that the initial GHZ state prepared by the VMC is $|{\psi }_{000}\rangle ={\displaystyle \frac{1}{\sqrt{2}}}(|000\rangle +{|111\rangle )}_{acv}$. Eve performs a $U_E$ operation in her auxiliary state $|E\rangle$ and the qubit of $S_A$. According to Alice’s operations on the sequence, there are two cases.

(1)

Case 1: For the qubit which Alice chooses to measure.

$$\begin{array}{c}{U}_E{|0\rangle }_a|E\rangle ={\alpha |0\rangle }_a|e_{00}{\rangle +\beta |1\rangle }_a|e_{01}\rangle \\ U_E{|1\rangle }_a|E\rangle ={\beta |0\rangle }_a|e_{10}{\rangle +\alpha |1\rangle }_a|e_{11}\rangle \end{array}$$

where ${|\alpha |}^2+{|\beta |}^2=1$, $\langle e_{00}|e_{01}\rangle =\langle e_{10}|e_{11}\rangle =0$, and $\langle e_{ij}|e_{ij}\rangle =1$ for $i,j\in \{0,1\}$.

Once Alice measures it with $\{|0\rangle ,|1\rangle \}$ basis, measurement will destroy entangled properties between it and the qubit at the corresponding position of $S_B$, and it collapses to $|0\rangle$ or $|1\rangle$. If $\alpha =1$, $\beta =0$, then $U_E|0\rangle |E\rangle =|0\rangle |e_{00}\rangle$, $U_E|1\rangle |E\rangle =|1\rangle |e_{11}\rangle$. Next, Eve measures auxiliary state in her hand with basis $\{|e_{00}\rangle ,|e_{11}\rangle \}$ and deduces based on measurement results.

(2)

Case 2: For the qubit which Alice dose reflection.

After Eve applies $U_E$, the entangled state ${|\mathsf{\Psi }\rangle }_{acvE}$ evolves into:

$$\begin{array}{cc}\hfill {|\mathsf{\Psi }\rangle }_{acvE}& ={\displaystyle \frac{1}{\sqrt{2}}}\left[{(U_E|0\rangle }_a{|E\rangle )|00\rangle }_{cv}+{(U_E|1\rangle }_a{|E\rangle )|11\rangle }_{cv}\right]\hfill \\ & ={\displaystyle \frac{1}{2}}[\alpha |e_{00}\rangle {(|{\psi }_{000}\rangle }_{acv}+|{\psi }_{001}{\rangle }_{acv})+\alpha |e_{11}\rangle {(|{\psi }_{000}\rangle }_{acv}-|{\psi }_{001}{\rangle }_{acv})\hfill \\ & +\beta |e_{01}\rangle {(|{\psi }_{010}\rangle }_{acv}+|{\psi }_{011}{\rangle }_{acv})+\beta |e_{10}\rangle {(|{\psi }_{010}\rangle }_{acv}-|{\psi }_{011}{\rangle }_{acv})]\hfill \end{array}$$

Alice does not perform any quantum operation on them, so they still retain their original entanglement relation. As long as Eve measures the auxiliary states in her hand with the basis $\{|e_{00}\rangle ,|e_{01}\rangle ,|e_{10}\rangle ,|e_{11}\rangle \}$, there will be a certain error rate.

For instance, assuming that the initial state is $|{\psi }_{000}\rangle$, if Eve measures the auxiliary state in her hand with the basis $\{|e_{00}\rangle ,|e_{01}\rangle ,|e_{10}\rangle ,|e_{11}\rangle \}$ before Bob makes eavesdropping detection, Eve gets $|e_{00}\rangle$ or $|e_{11}\rangle$ with the probability of ${\displaystyle \frac{1}{2}}{\left|\alpha \right|}^2$ and gets $|e_{01}\rangle$ or $|e_{10}\rangle$ with the probability of ${\displaystyle \frac{1}{2}}{\left|\beta \right|}^2$, which cannot accurately judge whether the qubit belongs to the case 2. If Eve measures the auxiliary state after Bob adopts eavesdropping detection, then protocol passes the eavesdropping detection with a correct probability of ${\displaystyle \frac{1}{2}}{|\alpha |}^2$ and cannot pass the eavesdropping detection with an error probability of $(1-{\displaystyle \frac{1}{2}}|\alpha {|}^2)$; thus, the eavesdropping behavior will be detected. That is to say, there is a probability of ${\displaystyle \frac{1}{2}}{|\alpha |}^2$ to get the correct GHZ state $|{\psi }_{000}\rangle$ and there is a probability of $(1-{\displaystyle \frac{1}{2}}|\alpha {|}^2)$ to get other GHZ states $|{\psi }_{001}\rangle$, $|{\psi }_{010}\rangle$ or $|{\psi }_{011}\rangle$, and then Eve’s eavesdropping behavior can be discovered by Bob.

In addition, as Eve cannot get the key $K_{AC}^{\prime }$, she cannot know the position of the quantum bits in case 1 and 2 and cannot distinguish the qubits in case 1 and 2, thus she cannot get the information related to $MRA$.

4.

Resistance to Intercept–Resend Attack

Assume attacker Eve intercepts the operated sequence $S_A^{\prime }$ (or $S_C^{\prime }$) and resends a forged sequence to the VMC. In the protocol, the legitimate users apply reflection or measurement based on the secret updated authentication key $K_{AC}^{\prime }$. Because Eve lacks $K_{AC}^{\prime }$, she cannot distinguish which operation is. Any attempt to measure the intercepted sequence to forge a replacement will inevitably destroy the initial multi-partite GHZ entanglement correlations. During the VMC’s joint GHZ state measurement in the eavesdropping detection phase, this disruption will manifest as a detectable error. If Eve attempts to evade detection by blindly guessing $K_{AC}^{\prime }$ to deduce the exact operational positions, she introduces an expected error rate of $1-{\left({\displaystyle \frac{1}{2}}\right)}^{2n}$, where $2n$ represents the number of relevant qubits. As the sequence length $n\to \infty$, this error rate asymptotically approaches 1. Therefore, Eve’s intercept–resend attack will be definitively detected, ensuring the protocol’s robust information-theoretic security.

4.1.2. Transaction Security

The blockchain transaction scheme proposed in this paper is based on a semi-quantum signature architecture. Its security is guaranteed by the fundamental principles of quantum mechanics [27]. Unlike traditional signature schemes based on computational complexity, this scheme achieves quantum security at the information-theoretic level.

1.

Key Confidentiality and Signature Security

The security of the transaction system relies primarily on the confidentiality of the secret key $K_{AB}$ and the signature S. At the beginning of the protocol, the signer Alice and the verifier Bob establish a shared private key $K_{AB}$ via the Semi-Quantum Key Distribution (SQKD) protocol. Existing research has proven that the SQKD protocol possesses security equivalent to that of fully quantum QKD protocols, capable of resisting key theft by attackers with infinite computing resources. During the signature generation phase, Alice employs the One-Time Pad algorithm to generate the ciphertext $S=E_K\left(TA\right)$. According to Shannon’s information theory, this encryption is unconditionally secure when the key is random and used only once. The encryption key $K=H\left(K_{AB}\right|\left|M\right)$ is generated by a one-way hash function. Since an attacker, Eve, cannot reverse the hash function and does not possess $K_{AB}$, she cannot crack K to access the signature content. Even if the third party Trent intercepts the intermediate information $\tilde{M}$, due to the lack of $K_{AB}$, the probability of him successfully guessing the key is only ${\displaystyle \frac{1}{2^n}}$ (where n is the key length), which is negligible when n is sufficiently large.

2.

Unforgeability and Non-repudiation of Transactions

Unforgeability is the core for ensuring the safety of blockchain assets. In this scheme, generating a legitimate signature S requires both the shared private key $K_{AB}$ and the quantum measurement result $MRA$. An external attacker, Eve, possesses neither $K_{AB}$ nor access to Alice’s local quantum measurement values $MRA$; thus, she cannot construct a valid signature that satisfies the verification equation $TB=T\oplus MRA\oplus M$. Furthermore, although Trent participates in the preparation of quantum states, he is defined as a semi-trusted party. Since Trent cannot access $K_{AB}$ and cannot predict Alice’s random measurement results for the particle sequence A, he is computationally incapable of forging a legitimate transaction signature, thereby eliminating the risk of malicious behavior by a centralized authority. If a dispute arises between the transacting parties (e.g., Alice denies sending a transaction or Bob denies receiving it), Trent can perform arbitration using the immutable timestamp and hash value $\tilde{M}$.

3.

Resistance to Quantum Channel Attacks

Addressing potential eavesdropping threats during quantum communication, this scheme introduces a decoy state detection mechanism in the particle transmission phase (Steps 6–9). Assume that Eve intercepts the quantum sequence and performs measurement attacks on the quantum sequence with the $U_e$ operation and the auxiliary particle $|e\rangle$. Then Eve’s attack system can be described as:

$$U_e|0\rangle |e\rangle =\alpha |0\rangle |e_{00}\rangle +{\alpha }^{*}|1\rangle |e_{01}\rangle .$$

$$U_e|1\rangle |e\rangle ={\beta }^{*}|0\rangle |e_{10}\rangle +\beta |1\rangle |e_{11}\rangle .$$

$$\begin{array}{cc}\hfill U_e|+\rangle |e\rangle & ={\displaystyle \frac{1}{\sqrt{2}}}\left(\alpha |0\rangle |e_{00}\rangle +{\alpha }^{*}|1\rangle |e_{01}\rangle +{\beta }^{*}|0\rangle |e_{10}\rangle +\beta |1\rangle |e_{11}\rangle \right)\hfill \\ & ={\displaystyle \frac{1}{2}}\left\{|+\rangle \left(\alpha |e_{00}\rangle +{\alpha }^{*}|e_{01}\rangle +{\beta }^{*}|e_{10}\rangle +\beta |e_{11}\rangle \right)\right\}\hfill \\ & +{\displaystyle \frac{1}{2}}\left\{|-\rangle \left(\alpha |e_{00}\rangle -{\alpha }^{*}|e_{01}\rangle +{\beta }^{*}|e_{10}\rangle -\beta |e_{11}\rangle \right)\right\}.\hfill \end{array}$$

$$\begin{array}{cc}\hfill U_e|-\rangle |e\rangle & ={\displaystyle \frac{1}{\sqrt{2}}}\left(\alpha |0\rangle |e_{00}\rangle +{\alpha }^{*}|1\rangle |e_{01}\rangle -{\beta }^{*}|0\rangle |e_{10}\rangle -\beta |1\rangle |e_{11}\rangle \right)\hfill \\ & ={\displaystyle \frac{1}{2}}\left\{|+\rangle \left(\alpha |e_{00}\rangle +{\alpha }^{*}|e_{01}\rangle -{\beta }^{*}|e_{10}\rangle -\beta |e_{11}\rangle \right)\right\}\hfill \\ & +{\displaystyle \frac{1}{2}}\left\{|-\rangle \left(\alpha |e_{00}\rangle -{\alpha }^{*}|e_{01}\rangle -{\beta }^{*}|e_{10}\rangle +\beta |e_{11}\rangle \right)\right\}.\hfill \end{array}$$

where ${|\alpha |}^2+|{\alpha }^{*}{|}^2=1,|{\beta }^{*}{|}^2+{|\beta |}^2=1$, which are determined by the normalized vector. If Eve wishes his attacks to be undetected, i.e., the measurement result of $U_e|0\rangle |e\rangle$ is $\alpha |0\rangle |e_{00}\rangle$ with probability 1, Eve may set ${\alpha }^{*}=0$. For the measurement of $U_e|1\rangle |e\rangle$ to be $\beta |1\rangle |e_{11}\rangle$, Eve can set ${\beta }^{*}=0$. Thus, for $\{|0\rangle ,|1\rangle \}$, Eve’s attack system can be described as:

$$U_e|0\rangle |e\rangle =\alpha |0\rangle |e_{00}\rangle .$$

$$U_e|1\rangle |e\rangle =\beta |1\rangle |e_{11}\rangle .$$

when ${\alpha }^{*}={\beta }^{*}=0,\alpha =\beta =1$, for $\{|+\rangle ,|-\rangle \}$, Eve’s attack system can be described as:

$$U_e|+\rangle |e\rangle ={\displaystyle \frac{1}{2}}\left\{|+\rangle \left(\alpha |e_{00}\rangle +\beta |e_{11}\rangle \right)\right\}+{\displaystyle \frac{1}{2}}\left\{|-\rangle \left(\alpha |e_{00}\rangle -\beta |e_{11}\rangle \right)\right\}.$$

$$U_e|-\rangle |e\rangle ={\displaystyle \frac{1}{2}}\left\{|+\rangle \left(\alpha |e_{00}\rangle -\beta |e_{11}\rangle \right)\right\}+{\displaystyle \frac{1}{2}}\left\{|-\rangle \left(\alpha |e_{00}\rangle +\beta |e_{11}\rangle \right)\right\}.$$

Therefore, Eve’s entanglement measurement attacks will trigger the decoy particles to change their initial states. In the subsequent detection step, Trent announces the positions and preparation bases of the decoy particles, and the communicating parties compare the measurement results to calculate the error rate. Eve’s attack behavior will significantly increase the bit error rate or phase error rate of the channel. Once the error rate exceeds a preset threshold, the protocol is immediately terminated. Therefore, any form of intercept–resend or entangle–measure attack will be detected by the system in real-time, safeguarding the security of the transaction signature.

4.2. Performance Analysis

This section provides a comprehensive evaluation of the system’s overall performance from two dimensions: the operational efficiency of the consensus mechanism and the communication and computational overhead of transaction signatures. The results of the simulation and analysis indicate that while introducing unconditional quantum security, the proposed scheme successfully maintains high system throughput and execution efficiency through the optimized protocol design, achieving an effective balance between security and practicality.

4.2.1. Consensus Efficiency

The SQDPoS consensus mechanism significantly optimizes the performance bottlenecks of traditional Byzantine Fault Tolerance (BFT) algorithms by combining the DPoS architecture with semi-quantum technology. First, in terms of communication complexity, this scheme adopts the Delegated Proof of Stake mechanism, delegating high-frequency block generation and verification tasks to a small number of elected block producer nodes ($m\ll N$). This design reduces the communication complexity of the block confirmation phase to $O\left(m\right)$, ensuring that the system maintains second-level block confirmation speeds and high throughput (TPS).

To further verify the advantages of this scheme in consensus efficiency, we conducted comparative simulations of SQDPoS against the QDPoS scheme proposed by Li et al. [43] and the classical consensus of DPoS. Figure 7 illustrates the trends in transaction performance (TPS) for these three consensus mechanisms on different node scales. The numerical simulations were conducted using Python 3.7.8 on a standard workstation (Intel Core i5-10210U CPU @ 1.60 GHz, 16 GB RAM). To isolate the algorithmic overhead, we modeled a simplified network environment with the following baseline parameters: the classical network bandwidth was uniformly set to 100 Mbps, with an average point-to-point propagation delay of 50 ms. The block size was fixed at 2 MB, and the average transaction size was set to approximately 500 bytes. Crucially, regarding the cryptographic overhead, semi-quantum operations were parameterized with microsecond-level latencies, reflecting their lightweight nature. In contrast, full-quantum operations required by baseline schemes were assigned significantly higher millisecond-level latency penalties to accurately reflect current physical hardware bottlenecks and decoherence rates.

Classical DPoS exhibits the highest throughput, stabilizing around 3000 TPS. This serves as a theoretical baseline, since classical DPoS relies purely on mature classical communication without any quantum physical overhead. The throughput of the SQDPoS proposed in this paper is slightly lower than the classical baseline. This minor decrease is attributed to the necessary overhead brought about by the semi-quantum voting and signature verification processes introduced to achieve quantum security. However, since the complex voting phase occurs only once per Epoch, the system retains high efficiency suitable for practical applications. In contrast, the QDPoS scheme of Li shows a lower throughput. Although QDPoS also utilizes a DPoS architecture, its reliance on full-quantum operations—specifically the preparation, distribution, and maintenance of high-dimensional entangled states, or the requirement for quantum memory—introduces significant latency in the simulated network environment. The current throughput comparison was conducted via a numerical simulation implemented in Python. This model isolates and evaluates the theoretical algorithmic and cryptographic overheads of the three consensus mechanisms (i.e., classical baseline, our semi-quantum approach, and the full-quantum approach) by modeling their quantum resource consumption and communication complexity.

In terms of computational load, the complexity of the Borda count method used for node election is only $O(N·M)$. This algorithm requires extremely low computation, allowing for the rapid sorting and establishment of block producer nodes on-chain, thereby guaranteeing the smoothness of consensus switching.

However, there was a limitation in our current empirical evaluation. Due to the nascent stage of semi-quantum communication technologies and the current lack of large-scale physical hardware facilities, we were unable to conduct empirical network simulations on a real-world testbed. Consequently, real-world network parameters, such as physical variable latency, bandwidth constraints, and specific hardware bottlenecks, are not reflected in the current theoretical model. In our future research, as physical semi-quantum facilities and advanced network simulators become accessible, we plan to validate the system’s performance under actual deployment conditions.

4.2.2. Transaction Efficiency

Transaction efficiency primarily depends on the Qubit Efficiency and computational complexity of the semi-quantum signature scheme. Following the well-established convention in the semi-quantum cryptographic literature [71,72,73,74], we employ the theoretical efficiency of the qubit $\eta$ to measure channel utilization during the transaction process. By definition, $\eta ={\displaystyle \frac{b_s}{q_s+b_t}}$, where $b_s$ is the number of message bits, and $q_s$ and $b_t$ are the numbers of transmitted quantum bits and classical bits respectively, excluding the decoy particles utilized for eavesdropping detection.

In the protocol of this scheme, the quantum resources and the classical communication volume required to generate a signature for a message of length n are optimized, resulting in an ideal theoretical efficiency of approximately $16.7\%$ (i.e., $\eta \approx {\displaystyle \frac{n}{3n+3n}}$). Figure 8 presents a comparison of qubit efficiency between this scheme and other representative semi-quantum schemes (Refs. [71,72,73,74]).

The comparative analysis is conducted based on this idealized baseline to ensure an equitable comparison from apples-to-apples, as the counterpart schemes also report efficiencies under ideal communication conditions without decoy overhead. This metric outperforms many existing semi-quantum signature schemes, indicating that this scheme occupies fewer channel resources when transmitting transaction information of the same length. Although lower than ideal full-quantum schemes, the proposed scheme trades a small amount of efficiency for extremely high user compatibility, which is more aligned with current realistic scenarios where quantum device penetration is low.

Regarding verification complexity, this scheme abandons the Quantum Swap Test and quantum one-way functions common in traditional quantum signatures, avoiding multiple repetitive operations caused by probabilistic verification. Verifiers only need to perform standard Bell basis measurements to achieve deterministic verification. This significantly reduces the depth and complexity of the quantum circuit, making the transaction verification process more efficient and capable of adapting to the demands of high-frequency blockchain transaction scenarios. Furthermore, for the user side initiating transactions, the system adopts an asymmetric resource requirement design. It only requires users to possess “semi-quantum” capabilities such as performing Z-basis measurements or particle reflection, without the need for expensive quantum state preparation sources or entanglement sources. This design greatly reduces the hardware costs and technical barriers for ordinary users to access the quantum blockchain, enhancing the overall practicality of the system.

Real-world quantum communication involves complex physical constraints. In practical deployments, realistic factors such as quantum channel noise, hardware imperfections, and necessary error-correction overheads will inevitably reduce the final communication throughput. In future work, we will optimize the anti-interference capability and communication performance of the SQDPoS system for real-world scenarios to mitigate the quantum state distortion caused by noise and hardware non-ideality while controlling the error correction overhead. And conduct physical-level simulations and small-scale experiments, optimize resource allocation according to the performance parameters of actual quantum hardware, and improve the practicality and stability of the system in real environments so as to promote its engineering implementation.

4.3. Comparative Analysis

To comprehensively evaluate the overall performance of the semi-quantum blockchain system proposed in this paper, we conducted a multi-dimensional comparative analysis against existing representative quantum blockchain schemes. Comparison targets include the QKD-based blockchain scheme proposed by Kiktenko et al. [38], the quantum entanglement-based blockchain scheme by Gao et al. [75], and the QDPoS scheme of Li et al. [43]. The detailed results of the comparison are summarized in

Table 2. Comparison of the proposed scheme with other quantum blockchain schemes.

Comparison Metric	Ours	Kiktenko et al. [38]	Gao et al. [75]	Li et al. [43]
User Capability	Semi-Quantum	Full Quantum	Full Quantum	Full Quantum
Consensus Mechanism	SQDPoS	BFT	Quantum DPoS	QDPoS
Chain Structure	Classical Chain	QKD Encrypted Comm	GHZ Entanglement	Quantum State Entanglement
Non-repudiation	Yes	No	Yes	Yes
Comm Complexity	$O\left(m\right)$	$O\left(N^2\right)$	$O\left(m\right)$	$O\left(m\right)$
Byzantine Fault Tolerance	Yes	Yes	Yes	Yes
Resist Computing Attacks	Yes	No	Yes	Yes
Quantum Resource Cost	Semi-quantum	QKD	Quantum Memory	Entanglement Maintenance
Consensus Time Complexity	$O\left(1\right)$	$O\left(N\right)$	$O\left(n\right)$	$O\left(n\right)$

. The specific evaluation criteria and metrics utilized in Table 2 are explicitly defined as follows:

• User Capacity and Quantum Resource Cost: Categorized strictly by the physical hardware requirements required for a node. Semi-quantum requires only fundamental optical operations, whereas Full Quantum schemes demand expensive, state-of-the-art setups like quantum memory or continuous entanglement maintenance.
• Consensus Mechanism and Chain Structure: Defines the core algorithmic foundation used to achieve network agreement and the architectural nature of the distributed ledger.
• Security: Assesses the protocol’s cryptographic resilience to withstand attacks from quantum computers and its inherent capability to guaranty that a sender cannot deny the authenticity of their submitted transactions.
• Communication Complexity: Defined as the asymptotic number of message exchanges required among participating nodes to reach consensus on a single block, where N denotes the total network size, and m denotes the size of the elected proxy committee.
• Consensus Time Complexity: Evaluated by the asymptotic number of sequential time rounds or communication phases necessary to finalize a block generation process.
• Byzantine Fault Tolerance: Assessed by the architectural capacity of the consensus protocol to maintain ledger consistency and liveness in the presence of malicious or arbitrarily faulty nodes.

Firstly, with regard to the user capability and quantum resource cost, the proposed scheme significantly reduces the physical barrier to entry. It only requires participants to possess semi-quantum capabilities, meaning that nodes only need to perform basic operations such as measuring and reflecting photons. In contrast, the schemes in Refs. [38,43,75] all demand full quantum capabilities from their nodes. Specifically, the scheme in Ref. [75] relies heavily on quantum memory to store and process GHZ entanglement states, and the scheme in Ref. [43] requires continuous entanglement maintenance for its quantum state entanglement chain. This gives our proposed scheme a huge advantage in hardware feasibility and deployment cost.

Secondly, in terms of communication and consensus efficiency, the SQDPoS consensus method used in the proposed scheme can elect representative proxy nodes, which is much more scalable than traditional methods. As block broadcasting and verification are managed by a limited number of proxies, the communication complexity of our scheme and those in Refs. [43,75] is kept at $O\left(m\right)$ (where m is the number of proxies). However, the scheme in [38] utilizes a traditional BFT consensus over QKD-encrypted channels, requiring point-to-point connections between all participating nodes, resulting in an unscalable communication complexity of $O\left(N^2\right)$. Moreover, because our complex quantum voting phase occurs only once per epoch, subsequent continuous block generation achieves a consensus time complexity of $O\left(1\right)$. In contrast, the BFT scheme in [38] has a time complexity of $O\left(N\right)$, and the full-quantum DPoS schemes in [43,75] require $O\left(n\right)$ time complexity per block due to the heavy full-quantum operations required for individual block generation.

Furthermore, analyzing the Byzantine Fault Tolerance (BFT) and chain structure, the proposed scheme, along with those given in Refs. [38,75], can provide robust Byzantine fault tolerance. Additionally, the proposed scheme achieves this robustness while maintaining a classical chain structure for the ledger. This avoids the fragility of storing sensitive quantum states. The schemes in Refs. [43,75] construct chains using GHZ entanglement and quantum state entanglement, respectively, which are highly susceptible to decoherence and face a greater risk of disconnection in local quantum blockchains.

Finally, regarding security properties, the proposed scheme utilizes semi-quantum cryptography to guaranty the non-repudiation of transactions and successfully resists computing attacks from quantum adversaries. While the schemes in Refs. [43,75] also provide these features through full-quantum signatures, the scheme in Ref. [38], which relies solely on QKD to encrypt classical communication channels, cannot inherently provide non-repudiation. Since the keys shared by each pair of nodes via QKD are symmetric, a sender can deny their messages, making it vulnerable to internal node repudiation. Thus, our scheme strikes an optimal balance between unconditional security and practical network efficiency.

In contrast, the scheme proposed in this paper adopts an innovative semi-quantum architecture, which significantly lowers the hardware threshold on the user side. In our scheme, ordinary users are only required to possess basic capabilities for quantum measurement or particle reflection, eliminating the need for expensive entanglement sources, quantum memory, or QKD transmitters. This design enables classical users to access the quantum blockchain network at an extremely low hardware cost, substantially enhancing the practical feasibility of the system.

In summary, although full-quantum blockchain schemes possess unique advantages in theoretical security, they are currently constrained by the immaturity of quantum memory technology and the prohibitive costs of full-quantum nodes. By minimizing quantum resource requirements while guaranteeing quantum security, the semi-quantum scheme proposed in this paper provides a more efficient, cost-effective solution with greater potential for practical application.

5. Conclusions

This paper proposes a pioneering semi-quantum blockchain architecture to address the severe security threats posed by quantum computing while simultaneously overcoming the prohibitive hardware costs and limited scalability of existing full-quantum blockchains. The main contributions are summarized as follows.

We engineered the Semi-Quantum Delegated Proof of Stake (SQDPoS) consensus mechanism. By adapting foundational semi-quantum voting protocols and originally integrating the Borda count method alongside a dynamic malicious behavior penalty model, this architectural innovation effectively resolves node centralization and election fairness issues in hybrid networks, while guaranteeing the information-theoretic privacy and authenticity of votes.

We designed a practical semi-quantum transaction verification framework. By successfully bridging semi-quantum signature technologies with decentralized ledger scenarios, this framework realizes unconditional security in key distribution and transaction non-repudiation. Crucially, it enables classical users with limited capabilities (measure-and-reflect only) to participate securely, drastically reducing the deployment threshold.

Theoretical analysis and numerical simulations demonstrate that the proposed scheme significantly reduces hardware requirements through its asymmetric resource design, effectively achieving an optimal balance among post-quantum security, engineering practicality, and system scalability.

Looking ahead, we will further optimize the semi-quantum communication efficiency of the SQDPoS system, develop anti-noise mechanisms for complex network environments, and design lightweight error-correction protocols and adaptive resource scheduling strategies to address practical constraints such as quantum channel noise and hardware non-idealities. We will also conduct empirical network evaluations and physical-level simulations on real-world testbeds to bridge the gap between theoretical design and engineering implementation, thereby enhancing the system’s robustness and practicality in actual deployment scenarios and advancing the engineering application of semi-quantum blockchain technology.