Category: 3. Business

DAMASCUS (Reuters) — Syria will issue new banknotes, removing two zeros from its currency in an attempt to restore public confidence in the severely devalued pound, according to seven sources familiar with the matter and documents reviewed by Reuters.

The step is intended to strengthen the Syrian pound after its purchasing power collapsed to record lows following a 14-year conflict that ended with President Bashar al-Assad’s ouster in December.

Confirming the move, Syria’s Central Bank Governor Abdelkader Husrieh said on Friday the revaluation was a strategic pillar of fiscal and monetary reforms.

“We have formed committees with public and private banks and experts from the central bank to determine the requirements for changes” in the currency, he told Saudi state-owned broadcaster Al Arabiya, describing the new currency as a “necessity.”

He said a time frame to introduce the new currency was still “under review.”

The Syrian pound has lost more than 99% of its value since war erupted in 2011, with the exchange rate now at around 10,000 pounds to the US dollar, compared to 50 before the war.

The sharp depreciation has made daily transactions and money transfers increasingly difficult.

Families usually pay for weekly grocery runs from black plastic bags holding at least half a kilogram of 5,000-pound notes, currently the highest denomination.

In an attempt to ease transactions and improve monetary stability, Syria’s central bank informed private banks in mid-August that it intended to issue new currency by “removing zeros,” according to a document seen by Reuters.

Reuters spoke to five commercial bankers, one central bank source and one Syrian economic official who said the central bank had informed them that two zeros would be removed. They spoke on condition of anonymity to discuss a decision that had not yet been made public.

Meetings on the currency overhaul have been chaired by Central Bank Deputy Governor Mukhlis al-Nazer, according to the commercial bankers who attended the meetings.

Nazer did not reply to a request for comment. Amal al-Masri, the head of the central bank’s Banking Supervision Department, declined to comment. The finance ministry did not respond to a request for comment.

It was not immediately clear whether the revaluation of the pound would need legislative approval. Syria is set to hold its first elections to set up a new legislative assembly in September.

File: A money changer waits for customers while holding bundles of Syrian pounds on a street in Damascus on December 16, 2024 (Louai Beshara / AFP)

Two of the bankers and another Syrian source familiar with the matter told Reuters that Syria had agreed with Russian state-owned money printing firm Goznak to produce the new notes.

They said the deal was finalized when a senior Syrian delegation visited Moscow in late July. Goznak, which also printed Syria’s currency during the Assad era, did not respond to requests for comment.

Political shift

Under Assad, the use of foreign currencies was outlawed, but Syria’s new leaders pledged to create a free-market economy and lifted restrictions to ease cash flow.

While the economy has swiftly dollarized, with US dollar prices everywhere from storefronts to fuel pumps, there are concerns about a Syrian pound liquidity crunch in a country with limited infrastructure for digital payments.

Three of the Syrian bankers said one driving force behind the planned currency overhaul was concern over an estimated 40 trillion pounds circulating outside Syria’s formal financial system. Issuing new notes would grant the government better oversight over the cash in circulation.

It also carries symbolic weight, signaling a clear break from more than five decades of Assad rule. Bashar al-Assad’s face appears on the 2,000-pound purple note, while his father, Hafez, features on the green 1,000-pound one.

A merchant holds a Syrian pound note, bearing a portrait of late Syrian president Hafez al-Assad, at a market in the Kurdish-majority city of Qamishli in northeast Syria on September 10, 2019. T (Delil SOULEIMAN / AFP)

Officials plan an information campaign in the coming weeks before the formal launch of the new notes on December 8, the one-year anniversary of Assad’s ouster.

Two commercial bank directors told Reuters that Syria’s central bank has instructed lenders to be ready for the rollout by mid-October.

Central bank circulars seen by Reuters asked banks to produce detailed reports on their infrastructure, including the number of cameras, cash counters, and storage capacity, and run tests to ensure automated systems could handle the new currency.

All five commercial bankers said they were told that a 12-month “coexistence period” would allow both old and new notes to circulate until December 8.

Karam Shaar, a leading Syrian economist and consultant to the United Nations, said replacing banknotes featuring Assad’s image was a necessary political shift.

File: An employee sits in front of stacks of Syrian pounds as he counts US dollars at an exchange counter in Damascus on May 21, 2025 (LOUAI BESHARA / AFP)

But he warned that the revaluation could confuse consumers, especially the elderly, and there was a lack of a clear regulatory framework or plan for full national implementation, given the gaps in the state’s territorial control.

“Alternatively, Syria could issue higher denominations of the same currency, say 20,000- or 50,000-pound notes, which would achieve similar goals in terms of easing cash handling and storage, while avoiding the substantial cost of a full currency overhaul, which could run into hundreds of millions of dollars,” Shaar told Reuters.

Is The Times of Israel important to you?

Yes, I’ll give

Yes, I’ll give

Already a member? Sign in to stop seeing this

You appreciate our journalism

We’re really pleased that you’ve read X Times of Israel articles in the past month.

You clearly find our careful reporting valuable, in a time when facts are often distorted and news coverage often lacks context.

Your support is essential to continue our work. We want to continue delivering the professional journalism you value, even as the demands on our newsroom have grown dramatically since October 7.

So today, please consider joining our reader support group, The Times of Israel Community. For as little as $6 a month you’ll become our partners while enjoying The Times of Israel AD-FREE, as well as accessing exclusive content available only to Times of Israel Community members.

Thank you,
David Horovitz, Founding Editor of The Times of Israel

Join Our Community

Join Our Community

Already a member? Sign in to stop seeing this

The pitch went like this: Good, safe drinking water has become such a scarce resource that Americans will pay to fill up jugs — 30 or 40 cents to the gallon — at dispensers all across the country.

Hundreds of investors bought thousands of units, believing in the vision laid out by Ryan Wear, founder of a startup called WaterStation Management. They plunked down $8,500 for each vending machine and then waited for the dispensers to throw off a steady stream of cash. Among those lured in was a product manager in Oregon in 2021 and then, several months later, a dentist in Illinois. Each bought dozens of water dispensers, which Wear’s team would install and operate.

The Economic Times earlier reported that Yuzhan’s Chinese staff were leaving. Last month, Bloomberg News reported that Foxconn had asked hundreds of Chinese engineers and technicians to return home from its iPhone factories in India.

The Yuzhan factory makes enclosures, or metal cases, and display modules for older iPhone models and isn’t working on the latest iPhone 17 line as yet. It began production just months ago, and Apple still imports a bulk of its displays, the people said.

Apple and Foxconn representatives didn’t respond to requests for comment.

This paper proposes a QuantumShield-BC framework to provide end-to-end protection for blockchain systems in the quantum age. It incorporates post-quantum digital signatures at the protocol layer, quantum key distribution (QKD) at the network layer, and a Quantum Byzantine Fault Tolerance (Q-BFT) consensus mechanism based on quantum random number generation (QRNG) to provide end-to-end quantum attack resistance, scalability, fairness, and high transaction throughput.

Introduction to QuantumShield-BC

One of the challenges it poses for blockchain technology is that quantum computing has a disruptive capability concerning the cryptographic techniques we use, primarily traditional cryptographic methods such as RSA and ECC. However, the main disadvantage of all these classical methods is their vulnerability once large-scale quantum computers become available and can perform quantum attacks, such as Shor’s algorithm, which efficiently breaks widely used public-key encryption schemes. It has led to the need for quantum-resistant blockchain architectures that ensure the security and safety of these decentralized methodologies against any future threats. Abstract: QuantumShield-BC is a quantum-secured blockchain framework that combines post-quantum cryptography (PQC) and quantum key distribution (QKD) to provide real-time security and resilience against quantum attacks over the long term.

The growing reliance on blockchain technologies for secure transactions, digital identity management, and decentralized applications (DApps) further underscores the necessity of quantum-resistant mechanisms as timelines for such attacks get shorter. However, this dependence on classical encryption introduces the risk of vulnerabilities in existing blockchain security models, as classical encryption can be solved in polynomial time with the aid of quantum computers. QuantumShield-BC addresses this issue by utilizing lattice-based post-quantum digital signatures that can be seamlessly integrated into smart contracts, thereby significantly lowering the barrier to usage on existing protocols while ensuring signature security, even in a quantum adversarial setting. Moreover, Quantum Key Distribution (QKD) is implemented by creating a secure peer-to-peer communication channel to prevent eavesdropping and man-in-the-middle attacks.

Deterministic PRNGs pose a significant attack vector for classical blockchains, as they often lead to nonce prediction in digital signatures, which attackers can exploit. QuantumShield-BC further introduces quantum random number generation (QRNG), providing cryptographically secure random values for generating transaction hashes and executing smart contracts, as well as for the consensus mechanism, significantly augmenting entropy and security. This introduces random deviation, thereby strengthening the protection of classical cryptography against more predictable attacks.

In Fig. 1, in addition to securing each transaction, QuantumShield-BC replaces standard proof-of-stake (PoS) and proof-of-work (PoW) models with a Quantum-enhanced Byzantine Fault Tolerance (Q-BFT) consensus layer, bringing the same transactional protection to consensus mechanisms. By ensuring that validator nodes use post-quantum cryptographic authentication, adversaries cannot forge post-quantum authentication signatures or influence the consensus mechanism. The framework incorporates post-quantum secure multi-party computation (MPC) to preserve the resistance of node selection and block validation against classical and quantum-based cyber attacks.

By fusing classical cryptography robustness with quantum-safe innovations, QuantumShield-BC embodies a transformation in the landscape of blockchain security. The framework combines encryption with lattice-based digital signatures, QKD-secured communication, QRNG-enhanced randomness, and a quantum-resistant consensus protocol to create a next-generation, tamper-proof blockchain ecosystem. With the continued evolution of quantum technology, the fundamental need for a quantum-secured, decentralized system is heightened. In an era where quantum adversaries pose a potential risk, QuantumShield-BC provides the ideal future-proof solution, safeguarding the integrity of blockchain applications across multiple domains.

Workflow diagram of QuantumShield-BC depicting end-to-end transaction processing with PQC-based signing, QKD communication, QRNG-driven leader selection, and Q-BFT consensus.

The workflow diagram of QuantumShield-BC, shown in Fig. 2, illustrates the complete lifecycle of a blockchain transaction secured against quantum threats. It begins with a user-initiated transaction digitally signed using post-quantum cryptography. The transaction is then securely transmitted across blockchain nodes using quantum key distribution (QKD). Validators authenticate the transaction using lattice-based signatures, followed by QRNG-based leader selection to ensure unbiased consensus initiation. The Quantum Byzantine Fault Tolerance (Q-BFT) protocol is executed for multi-party consensus, and upon reaching agreement, the block is finalized and appended to the blockchain. The user receives a confirmation, completing the secure and quantum-resilient transaction flow.

Table 1 presents the key notations used throughout the QuantumShield-BC framework, defining symbols related to transactions, cryptographic operations, consensus mechanisms, quantum processes, and validator interactions in blockchain.

Quantum-secure blockchain layer

The QuantumShield-BC builds a quantum-safe layer on top of the BC, protecting it from quantum adversaries across all three layers (transaction validation, block generation, and ledger) using PQ cryptographic methods. This layer provides the option to replace traditional cryptographic primitives with post-quantum digital signatures and merge quantum-safe hash functions, aided by quantum random number generation (QRNG) to increase entropy in the blockchain. These changes further bolster the blockchain against key stealing, signature forgery, and entropy-based attacks that may become possible with the emergence of quantum CPUs.

Digital signatures are crucial in verifying the authenticity of a transaction and preventing third-party manipulation. Unlike classical cryptographic schemes like RSA or ECDSA, which rely on Shor’s algorithm, QuantumShield-BC adopts a cryptographic stance when it comes to signing and verifying transactions, utilizing PQC algorithms such as CRYSTALS-Dilithium or Falcon post-quantum cryptographic (PQC) technology. The function for transaction verification is defined by

Where (:Vleft(Tright)) is the validity of the transaction, (:{S}_{k}) is the post-quantum digital signature produced with the private key, and (:Hleft(Tright)) is the cryptographic hash of the transaction. The function (:{Verify}_{PQ}) insures that the transaction is signed using a cryptosystem resistant to quantum computations before being included in the blockchain.

The security of the blockchain relies on more secure block generators, which allow data integrity to be secured while still maintaining immutability. QuantumShield-BC: Each block in QuantumShield-BC is tied to the previous one using a quantum-resistant hashing function. The hash of a block can be computed using a post-quantum secure hash function, such as SPHINCS + or Keccak, providing resistance to Grover’s search algorithm. The computation of the block hash is given by

Where (:Hleft({B}_{n}right)) is the hash of the block (:{B}_{n}), (:{B}_{n-1}) is the hash of the previous block, (:{T}_{n}) stands for the transactions that the block contains and (:{S}_{n}) is a digital signature of the block. The function (:{Hash}_{PQ}) secures the hash process against quantum computing attacks.

One of the fundamental weaknesses of classical blockchains is the use of deterministic pseudo-random number generators (DPRNG), which can be vulnerable to entropy prediction attacks. To mitigate this, QuantumShield-BC leverages quantum random number generation (QRNG) to introduce high-entropy randomness in cryptographic operations, such as block generation and nonce generation in smart contracts. We define the quantum entropy function by the following:

Where (:{R}_{Q}) is the quantum entropy, (:QB) is the quantum bits, seqi is the probability for each quantum state. This feature guarantees that roll results are at random, free from the weak state seeds.

QuantumShield-BC also interfaces to a quantum-resistant Merkle tree for secure ledger storage. It is interesting to note that classic Merkle trees are based on hash-based proof of eligibility and could not be trusted alone in the presence of a quantum attack. The approach replaces traditional construction with a post-quantum Merkle tree where each node is signed through a lattice-based DS. The Merkle root calculation is given by

Where (:{M}_{R}) is the post-quantum Merkle root, and (:{L}_{1}parallel:{L}_{2}dots:parallel:{L}_{n}) are the signed transaction leaves. By combining post-quantum signatures at every node layer, the transaction integrity is preserved against quantum adversaries.

QuantumHyperledger/QuantumShield-BC distinguishes itself as a tamper-resistant and robust decentralized ledger via the QRL by combining post-quantum digital signatures, hash hardening algorithms, and QRNG-based entropy. These improvements keep the blockchain operational and resilient to quantum-computing attack vectors as they emerge, meaning that QuantumShield-BC is the future of decentralized, secure applications.

Quantum key distribution (QKD) for secure peer-to-peer communication

QuantumShield-BC enhances blockchain security by utilizing Quantum Key Distribution (QKD) for secure peer-to-peer communication, thereby protecting the cryptographic keys exchanged between blockchain nodes against quantum attacks. Figure 3 illustrates that classic key-exchange mechanisms in cryptography, such as RSA and Diffie-Hellman, lack security against Shor’s algorithm in traditional blockchain networks. QKD, on the other hand, can provide the generation and secure transmission of cryptographic keys based on quantum states, for which eavesdropping and key compromise are not feasible.

Quantum key distribution (QKD) process flow illustrating secure key exchange between blockchain nodes using quantum states and classical reconciliation.

Protected by the no-cloning theorem and superposition in quantum mechanics, 7 QKD allows for an intercept-resilient exchange of cryptographic keys. QuantumShield-BC utilizes the BB84 protocol to exchange a key between the sender and receiver blockchain nodes via quantum state-encoded, polarized photons. The key exchange can then be mathematically described.

Where (:K) denotes the obtained secret key, (:{Q}_{S}) is the quantum state transmitted by the sender node, and (:{Q}_{R}) is the quantum state received by the recipient node. If the eavesdropper attempts to tap the quantum channel, the organization of the quantum state collapses, informing the communicating parties.

After the Quantum Key is exchanged successfully, it is applied to build a safe symmetric encryption channel between blockchain nodes. By encrypting, the transmitted blockchain data is kept private and secure. The encryption with the key generated by the QKD is defined as.

Where (:C) is the encrypted message, (:{E}_{K}left(Mright)) is encryption with the secret key (:K), and (oplus)it is the XOR operation. The recipient decrypts the message with

Here (:{D}_{K}left(Cright)) is the cryptographic decryption operation. Since the encryption key is securely exchanged by using the QKD, the communication is secure against quantum decoherence attacks.

QuantumShield-BC also included post-quantum cryptographic algorithms to supplement QKD in addition to secure key exchange. QKD provides the guarantee of key confidentiality, and post-quantum key encapsulation mechanisms (KEM), such as Kyber and FrodoKEM, are applied to achieve hybrid security for blockchain data exchange. The hybrid encryption, combining QKD and lattice-based encryption, aims to protect against vulnerabilities in one security layer by ensuring the other remains secure. Denote the hybrid key agreement function by

where (:{K}_{H}) is the hybrid secret key for secure communication, (:{K}_{QKD}) is the secret key generated from qa quantum source, and cap K sub cap P cap Q cap C is the key from a post-quantumkey encapsulation mechanism.

QKD-authentication based mechanisms also add a layer of security to blockchain communications. Validator nodes in the blockchain network are authenticated by quantum-secure key exchange method and can defend against Sybil and identity cues attacks. A key QKD-authenticated identity hash is generated in each validator node, as follows:

Where (:{H}_{V}) is the identity of the authenticated validator, (:{ID}_{V}) is the unique identifier for the node, and (:K) is the QKD-derived key. This allows consensus and block validation only by nodes that are quantum-authenticated.

By using QKD for secure key exchange, QuantumShield-BC Se mitigates the risks associated with classical key exchange protocols and adds layer of post-quantum encryption. QKD is integrated with hybrid encryption schemes and QKD-authenticated node validation to secure the blockchain against classical and quantum attack fronts. With this, QuantumShield-BC establishes a channel for communication that will remain for the decentralized networks of the blockchain’s future.

Practical deployment considerations

Theoretically unbreakable, Quantum Key Distribution (QKD) provides secure key exchange; however, practical implementations raise several issues. The significant challenges include the high hardware costs of quantum photon sources, detectors, and synchronization systems, as well as channel loss over long distances, particularly when the channel is a fiber-optic or free-space link. In addition, the scalability of QKD is limited for blockchain networks because of the requirement of individual quantum channels among the nodes. QuantumShield-BC addresses these concerns, supporting a modular integration that allows hybrid PQC-KEM mechanisms to supplement QKD in situations where its deployment is not feasible. Future improvements will investigate satellite-based QKD or trusted node relays to eliminate losses caused by distance and increase the practical applicability of the system.

Quantum-secure consensus mechanism

Introducing a quantum-secure consensus, QuantumShield-BC enhances the security of the blockchain by utilizing post-quantum cryptographic algorithms with Byzantine Fault Tolerance (BFT), as illustrated in Fig. 4. Classic consensus schemes, such as PoW and PoS, are based on cryptographic algorithms that are susceptible to quantum attacks (e.g., Shor’s algorithm, which can crack RSA and ECC). It is ensured that the proposed Q-BFT-based protocol is secure for block validation and transaction verification even in the quantum environment.

Quantum byzantine fault tolerance (Q-BFT) consensus flowchart showing validator authentication, QRNG-based leader selection, and multi-party consensus execution.

In QuantumShield-BC, each validator node is required to verify transactions with a post-quantum cryptographic signature before contributing to the consensus. The authentication is formed using lattice-based digital signatures, so malicious parties cannot forge the validator credentials. The function is the validator authentication function assigned by where quale lector.

where (:{V}_{node}) denotes the validator at the position 1the validator’s authenticating status at the position, (:{S}_{v}) is the post-quantum digital signature produced by the validator at the 11 st position, and cap H of cap B is the cryptographic hashrecord of the candidate block. This prevents the Byzantine Army from joining the consensus by only accepting quantum-resistant signatures to verify a block.

This consensus decision function collects multiple signatures of validator nodes, and the block is appended to the blockchain only if a large enough set of quantum-authenticated validators accept it. This is mathematically modeled as:

Where (:{C}_{V}) is the consensus declared voting result, (:{T}_{i}) is any individual transaction of a block, and (:{P}_{i}) is the post-quantum public key of the validator (::i). QiatumShield-BC can defend against attacks such as quantum Sybil attacks and signature forging by implementing this quantum-secure aggregation process.

QuantumShield-BC uses quantum-resistant threshold cryptography to guarantee that block finalization is not possible unless a sufficiently large number of validators participate. The block confirmation horizon can be derived as follows:

Where (:{Q}_{C}) is a quantum consensus threshold, (:{V}_{{node}_{i}}) is the verification status of single validator nodes, and (:tau:) is a minimum threshold required for consensus. This maintains decentralization in the blockchain and thwart quantum bloc adversaries attempts to effect block finalization.

Leader election in consensus protocols is generally susceptible to predictability attacks. QuantumShield-BC addresses this challenge by using QRNG for unbiased leader election. The leader selection function that uses QRNGs has the form of

Where (:L) is the leader node, (:{R}_{Q}) is the quantum-generated random number, and nn denotes the total number of the validators that participate in the procedure. Thanks to the use of QRNG, QuantumShield-BC makes sure leader election mysterious and non-manipulatable.

In QuantumShield-BC (QSB)-QRNGs are not augmentations of conventional PRNGs(2), but separated quantum entropy sources based on physical behavior of quantum systems. QRNGs, however, take their source of randomness from fundamentally unpredictable quantum processes (such as photon phase noise, radioactive decay, or vacuum fluctuations), in contrast to PRNGs, which rely on deterministic algorithms and seed value(s). Such sources are physically uncloneable and therefore they cannot be mimicked so that they not only quantum mechanically sounds more secure than classical random numbers, but they are not just probabilistically secure (cloning the classical data is a typical classical attack), but they are also physically verifiable. To avoid being attacked by entropy predictability, QuantumShield-BC employs QRNG generated values for leader selection, nonce generation and consensus randomness. Randomness is fed through quantum-proof extractors (such as Trevisan’s extractor) for entropy extraction and uniformity, making the output cryptographically usable (see²⁰ for specifics on the entropy extraction process).

For additional security, the architecture includes a hybrid consensus validation scheme with the quantum multiparty computation (QMPC). This way, several validators can cooperate in validating transactions and without revealing too much about the sensitive cryptographical information. The centralized verification process over multi-party consensus is defined as

.

Where (:{M}_{C}) is the consensus verification output, (:{S}_{i}) is the post-quantum digital signature of the validator (:i), and (:Hleft({T}_{i}right)) is the CM-Hash of the transaction (:{T}_{i}). QuantumShield-BC achieves privacy preserving and quantum-safe consensus validation by using QMPC.

By combining QRPoA with PQC-threshold signature, QRNG leader selection, and QMPC consensus validation, QuantumShield-BC is secure against classical and quantum adversarial attacks. This method allows decentralized blockchain systems to achieve the tamper-proof and security in the quantum scale era because of large-scale quantum computer, and it makes QuantumShield-BC as a future next-generation blockchain consensus framework.

Implementation of quantumshield-BC prototype

The development of the quantumshield-bc prototype takes place in several stages to enable a step-by-step integration of quantum-safe blockchain components. In addition to a post-quantum cryptography (PQC), the OmegaLedger prototype includes quantum key distribution (QKD), quantum-secure consensus algorithms, and quantum random number generation (QRNG) as solutions to boost blockchain immunity against quantum attacks. At each stage, critical security concerns, that is transaction verification, block creation, consensus assurance, and secure p2p communication, are addressed. The main development steps of the prototype are described below.

The first phase of development focuses on incorporating post-quantum digital signatures to transition from classical signatures, RSA and ECC, to post-quantum. QuantumShield-BC uses lattice-based cryptographic methods CRYSTALS-Dilithium and Falcon by signing transactions, ensuring secure transactions. Where the transaction validation function is the formulation of:

Where (:Vleft(Tright)) is the transaction validity, (:{S}_{k}) is the post-quantum digital signature of the sender of the transaction and (:Hleft(Tright)) is the cryptographic hash of the transaction. This prevents non quantum-resistant signatures from being added to the blockchain.

In the second stage, the communication between nodes are being insured using QKD, where nodes use QKD to share an encrypting/decrypting key for the block chain communication. This also closes weaknesses in traditional key exchange schemes like Diffie-Hellman and RSA. The pairwise key agreement between nodes is specified as:

Where (:K) is the parties’ secret key, (::{Q}_{S}) is the quantum state sent by the sender, (:{Q}_{R}) and is the received quantum state of the receiver. If the key is intercepted by an enemy, he will change the quantum state; therefore, key compromise will be noticed immediately.

To derive tamper-proof block generation, QuantumShield-BC employs quantum-resistant hashing for connecting the blocks together within the blockchain. The block hash calculation uses SPHINCS + or Keccak, which are resistant to Grover algorithm attacks. The hash function used to create a block is defined as:

Where (:Hleft({B}_{n}right)) is a hash to the newly created block (:{B}_{n}), (:{B}_{n-1}) to the previous block, (:{T}_{n}) to the transactions in the block; and (:{S}_{n}) is the post-quantum block signature. This ensures that the data cannot be changed and that it will be resistant to quantum attacks.

The upcoming developments will be directed towards the implementation of Quantum Byzantine Fault Tolerance (Q-BFT), a post-quantum consensus protocol that supersedes old-fashioned PoS and PoW mechanisms. It was also observed that validator nodes prove their identity with quantum-secure signatures before joining the consensus. The function for the validator authentication is defined as

Where (:{V}_{node}) denotes validator certification, (:{S}_{v}) is the post-quantum digital signature of the validator, and (:Hleft(Bright)) is the cryptographic hash of the block proposal. Only verified QSC validators are allowed to participate in the consensus.

To achieve the fair leadership selection in consensus, the Quantum Random Number Generation (QRNG) is implemented in order to remove the bias and predictability during the leader selection. We model the leader election as

Where (:L) is the leader, (:{R}_{Q}) is the random number generated by quantum, and (:n) is the number of available validators. QuantumShield-BC relies on QRNG to achieve fair and tamper-free leader election free from pseudo randomness source such as pseudo-random number generator and pseudo-random counterparts.

The last stage comprises the installation of QuantumShield-BC prototype on a testbed for testing its security and performance as well as its defence to quantum attacks. The security of transaction verification, consensus and block generation is proven with quantum attack simulation on quantum computing simulator (i.e., IBM Qiskit or Google Cirq). The integrity of the global blockchain is decided by the multi-party consensus verification function, which is denoted as:

Where (:{M}_{C}) is the consensus validation status, (:{S}_{i}) is the digital signature of validator post-quantum (:i), and (:Hleft({T}_{i}right)) is the hash cryptographic value of transaction (:{T}_{i}). This multi-party validation prevent any but quantum-secure transactions from entering the blockchain.

Incorporating PQ digital signatures, PKI free QKD, quantum-secure hashing, and QRNG-based consensus, the QuantumShield-BC prototype provides an ultra-resilient and temper-proof blockchain platform. By the systematic evolution and incorporation of quantum-safe technology into a blockchain, so that the blockchain is operational, scalable and robust against newly emerging quantum scientific threats, a future user facing quantum-safe blockchain 2.0 can be achieved.

Proposed algorithms

This section presents the core algorithms underpinning the QuantumShield-BC framework. Each algorithm addresses a specific component of the system, including transaction authentication, secure key exchange, quantum-safe consensus, and randomness generation. Together, these algorithms ensure end-to-end quantum resilience, enabling secure, scalable, and tamper-proof blockchain operations in the presence of emerging quantum computational threats.

Post-quantum digital signature algorithm.

Algorithm 1 secures blockchain transactions using post-quantum digital signatures. It begins by hashing the transaction data and generating a signature with a private key using a post-quantum algorithm. The signature is then attached to the transaction and verified using the corresponding public key. This ensures that the transaction is authentic, tamper-proof, and resistant to quantum-based attacks.

Quantum key distribution (QKD) algorithm.

Algorithm 2 enables secure key exchange between blockchain nodes using quantum key distribution. The sender transmits quantum states, which the receiver measures using random bases. Through classical communication, both parties compare bases and retain matching bits to form a raw key. After error correction and privacy amplification, a final secure key is established, ensuring tamper-proof communication against quantum adversaries.

Quantum-resistant hashing algorithm.

Algorithm 3 generates a quantum-resistant hash for a blockchain block using post-quantum cryptographic functions. It concatenates the current block data with the previous block’s hash to form the input. A secure hash function, such as SPHINCS + or Keccak, is then applied to produce a tamper-proof hash. This ensures the integrity and immutability of the blockchain ledger.

Transaction validation algorithm.

Algorithm 4 performs transaction validation using post-quantum cryptographic techniques. It extracts the transaction and its digital signature, computes the hash of the transaction, and verifies the signature using the sender’s public key. If the verification is successful, the transaction is accepted; otherwise, it is rejected. This process ensures that only authentic and quantum-secure transactions enter the blockchain.

QRNG-based nonce and randomness generation algorithm.

Algorithm 5 generates quantum-secure random numbers using a quantum random number generator (QRNG). It begins by producing a sequence of quantum bits, which are measured to obtain raw entropy. A randomness extraction function is then applied to refine the output. The resulting value provides true, unpredictable randomness used for nonce generation, leader selection, and other critical blockchain processes.

QRNG-based leader selection algorithm.

Algorithm 6 selects a consensus leader using quantum-generated randomness. A random number is generated via a quantum random number generator (QRNG) and mapped to a validator index by taking the modulus with the total number of validators. If the selected validator is active, it is assigned as the leader. This approach ensures fair, unpredictable, and tamper-proof leader selection.

Quantum byzantine fault tolerance (Q-BFT) consensus algorithm.

Algorithm 7 establishes consensus using the Quantum Byzantine Fault Tolerance (Q-BFT) mechanism. Each validator verifies transactions using post-quantum signatures and broadcasts its result. The system aggregates validator votes and compares them against a predefined threshold. If the number of valid votes meets or exceeds this threshold, consensus is achieved and the block is approved; otherwise, consensus fails and is retried.

Post-quantum multi-party consensus verification algorithm.

Algorithm 8 performs post-quantum multi-party consensus verification among validators. Each validator independently verifies transaction signatures using post-quantum cryptography. The results are securely shared and aggregated using quantum-secure multi-party computation. If all verifications are successful, consensus is confirmed. Otherwise, the transaction is rejected. This ensures tamper-resistant validation across distributed nodes in a quantum-secure blockchain environment.

Block finalization and addition algorithm.

Algorithm 9 finalizes and appends a validated block to the blockchain. It first checks whether consensus has been achieved. If valid, the block data is hashed using a post-quantum secure hash function and linked to the previous block. The finalized block is then added to the blockchain and broadcast to the network, ensuring integrity, immutability, and resistance to quantum-based tampering.

Quantum-aware network security algorithm.

Algorithm 10 secures validator communication using quantum-aware techniques. It begins by establishing a key via quantum key distribution, followed by validator authentication using post-quantum signatures. All messages are encrypted using the QKD-derived key. Replay and Sybil attacks are mitigated through QRNG-generated nonces and identity checks. The system ensures quantum-resilient, authenticated, and tamper-proof communication across blockchain nodes.

Performance evaluation metrics

Performance Evaluation The performance of QuantumShield-BC is tested through a number of essential performance criteria to measure its security, efficiency, and scalability against quantum threats. The assessment considers transaction validation latency, consensus throughput, cryptographic entropy, and benchmark quantum resistance. These benchmarks guarantee QuantumShield-BC maintains high speed operation and uses post-quantum cryptographic (PQC) primitives, QKD, Quantum Byzantine Fault Tolerance (Q-BFT), and QRNG.

One of the primary performance metrics is the transaction validation time, which measures the time to validate a transaction using post-quantum digital signatures as opposed to the case of standard signatures. The validation time ({T}_{v}) of a transaction can be defined as

Where (:{T}_{Sign}) is the time to compute a post-quantum signature, and (:{T}_{Verify}) is the time to verify the signature based on the underlying post-quantum cryptographic (PQC) scheme. Since lattice-based signatures (e.g., CRYSTALS-Dilithium, Falcon) increase the computational overhead as compared to ECC, we strive to choose PQC schemes with the least latency, to achieve the most efficient QuantumShield-BC.

Another essential metric to consider is consensus throughput, the number of transactions that can be handled per second and that are secure against quantum adversaries. The performance (throughput) of the Q-BFT consensus mechanism can be defined as

Where (:{T}_{Q-BFT}) is the number of transactions (transactions per second), (:{N}_{T}) is the number of transactions validated (:,:cap:T:sub:cap:C:is:the:total:running:time:for:forming:a)decision. Utilizing Quantum-Secure Multi-Party Computation (QMPC), the consensus mechanism ensures secure transaction validation, whilst minimizing the computational overhead caused by post-quantum cryptographic primitives.

QuantumShield-BC, in selecting specific PQC algorithms, makes a balance between computational efficiency and post-quantum security guarantees. We considered both CRYSTALS-Dilithium and Falcon schemes as digital signatures, both of which are NIST post-quantum cryptography standardization finalists. CRYSTALS-Dilithium provides excellent security guarantees and high confidence in being resilient against lattice-based attacks; however, Falcon supports very small signatures with much faster verification speeds, making it more advantageous for high-throughput blockchain environments. We used Falcon for consensus authentication in our prototype, due to its fast signature verification time (1.5 ms per signature), and we opted for Dilithium for transaction signing, where the signature size constraint is less critical. The combination of the two reduces both speed and storage overhead used by the two to perform blockchain operations. We found that total conversion to Dilithium increases validation time by 18%, but this also improves resistance to some attacks based on side-channels¹⁷. These design choices exemplify how modular PQC algorithm customization can align security-performance trade-offs for real systems.

An entropy assessment of QRNG-based blockchain functions is conducted to evaluate the quality of randomness applied to leader selection, nonce generation, and cryptographic key generation tasks. The Shannon entropy formula determines the quantum entropy value, cap R sub cap Qalue, (:{R}_{Q}), is determined by the Shannon entropy formula:

Where (:QB) is the bit pattern ggenerated from the quantum, and p sub i is the probability distribution of the uantum state. Higher entropy values imply better randomness, increased security for cryptographic keys, and greater unpredictability in blockchain operations.

Equation (23) computes the Shannon entropy value derived from quantum bitstreams generated by a QRNG device. Here, the entropy H(Q)=(:-sum:_{i}{p}_{i}{log}_{2}:{p}_{i}) ​ quantifies the uncertainty of measured quantum states. Unlike classical bitstreams, the probabilities (:{p}_{i})​ are obtained from quantum state measurement results, ensuring they reflect hardware-derived unpredictability rather than algorithmic randomness.

In order to measure the quantum resistance of blockchain transactions, we analyze security by running simulations using Shor’s Algorithm to compare the resistance of classical versus post-quantum cryptography. The time complexity for solving the cryptographic key with Shor’s algorithm can be expressed as: $ where ta is the time to guess a while Shor’s key is around Inf:.

Where (:N:indicates:the:length:of) the cryptographic key in bits, since RSA/ECC keys will be broken in polynomial time by Shor’s algorithm, QuantumShield-BC is based on post-quantum cryptographic primitives like Kyber, FrodoKEM, and SPHINCS + that are secure against quantum decryption.

Another relevant measure is the network overhead due to QKD-based encryption. However, QKD’s secure key distribution may lead to extra bandwidth consumption, where cap O sub cap Q is the overhead factor.

Where (:{B}_{Q}) denotes the bandwidth cconsumption of QKD-based encryption, a nd (:{B}_{C}) denotes classical encryption. QuantumShield-BC is lightweight, and the overall communication efficiency is not degraded as QKD key exchange rates are improved and unnecessary quantum-state transmissions are suppressed.

The last evaluation measure is the CTT: the time it takes the network to agree upon a new block and place it on the blockchain. This is given by

Where (:{T}_{B}) is the block confirmation time, (:{T}_{Comm}) denotes the time for communication among validators, (:{T}_{Q-Rand}) is the time for quantum-safe random value generation for leader selection and (:{V}_{C}) is the number of the validators involved. The efficient block generation is one of the most essential requirements of the blockchain with a shorter block confirmation time and quantum resistance.

This allows QuantumShield-BC to be tested against the following performance measures, namely, transaction validation latency, consensus throughput, entropy test, quantum safety test, QKD-induced network overhead, and block confirmation time, to strike a tradeoff among security, efficiency, and scalability. These results support that the insertion of quantum-safe cryptographic features improves the resilience of blockchain-based networks against quantum threats with negligible performance degradation.

Key novelties of QuantumShield-BC

QuantumShield-BC provides a unique and functionally integrated quantum-secure blockchain structure which incorporates post-quantum digital signatures, secure communication through QKD, leader election based on QRNG, and a new Q-BFT consensus protocol in a single framework. In contrast to earlier efforts to improve the security of respective quantum individual layer (PQCs only/QKDs only) QuantumShield-BC is a an integrated layered solution with protocol-level modularity, consolidated quantum cryptographic implementations on each layer (transaction, network and consensus layer, respectively) with an extensive use of quantum secure systems inherent across the multiple layers of the infrastructure. By validation, the prototype embodies a tangible performance benefit over 7000 TPS at 100 validators, and full quantum resistance to Sybil, replay, and MITM attacks, verified through detailed ablation studies quantifying the contribution of each quantum component.

The main novelty of QuantumShield-BC is the use of post-quantum cryptographic (PQC) signatures instead of classical digital signatures, which helps secure transactions against quantum adversaries. Most existing blockchain systems rely on the ECDSA, a cryptographic algorithm whose security can be effectively compromised by applying Shor’s algorithm. Including lattice-based signature schemes, CRYSTALS-Dilithium and Falcon, makes the framework resistant to compromise through quantum-enabled keys. These post-quantum signatures exhibit computational infeasibility for signature forgery but enable efficient transaction validation, thereby preserving blockchain security against the post-quantum threat.

It also features the first-time integration of quantum key distribution (QKD) to achieve safe transport over single-mode fiber-based node-to-node communication by preventing eavesdropping or interception of encryption keys. Quantum computers decrypt public-private key cryptography used in traditional blockchains. Based on quantum mechanics, QKD guarantees that eavesdropping on cryptographic keys disturbs their quantum state, making such efforts detectable. This innovation allows blockchain nodes to securely send encryption keys to each other, creating a quantum-resistant peer-to-peer communication mechanism that cannot be attacked by a man-in-the-middle (MITM).

The second main element of innovation of QuantumShield-BC is the Quantum Byzantine Fault Tolerance (Q-BFT) consensus mechanism that strengthens the fault tolerance of blockchain validators. Sybil Attack Resistant — Classic consensus protocols like PoW and PoS are sybil attack resistant (if an attacker has the majority of computing power or stake, they can process any valid transaction). Using post-quantum digital signatures and multi-party secure computation, Q-BFT guarantees that only quantum-authenticated validators can form consensus. This ensures that adversaries with quantum capabilities cannot control the network and that trust remains decentralized.

An even more fundamental feature of QuantumShield-BC is the application of quantum random number generation (QRNG), which helps with the significant level of unpredictability needed in key cryptographic processes; not just that block generation, nonce selection, and brilliant contract execution are entirely random (all of which can be compromised by classical deterministic PRNGs). Blockchain systems are susceptible to replay attacks and nonce manipulations because classical pseudo-random number generators (PRNGs) allow for an entropy prediction attack¹⁹. QRNG is based on the quantum mechanical principles of superposition and randomness extraction, offering a genuinely unpredictable entropy source: this guarantees that cryptographic randomness is tamper-evident and immune to deterministic weaknesses intrinsic to all classical PRNGs.

In addition to regular blockchain storage, QuantumShield-BC ensures the security of blockchain storage with quantum-resistant hashing techniques, maintaining the characteristics of immutability in the face of quantum attacks. It also means that traditional hashes, like SHA-256, are vulnerable to Grover’s algorithm, and using it on hashes doubles the effectiveness of brute-force attacks against traditional cryptographic hashes. To counter this, the framework uses hash-based digital signatures such as SPHINCS + and quantum-resistant hashing algorithms such as Keccak, which are believed to have a high degree of resistance against potential quantum computational speed-ups. This ensures that blockchain ledger data is secure and unalterable by any quantum computer that can currently break conventional hashing functions.

The leader selection mechanism of a consensus mechanism is generally vulnerable to predictability attacks, because attackers can try to control the election result by using the deterministic randomness source in the leader election process on the blockchain. QuantumShield-BC addresses this issue by utilizing QRNG for leader selection, resulting in an entirely random and immutable selection of validators. While traditional leader election mechanisms are based on deterministic algorithms, the use of quantum-generated randomness prevents the adversarial influence of private information, ensuring safety and transparency in blockchain governance.

In addition, the framework also provides a hybrid cryptographic scheme that merges QKD and post-quantum key encapsulation mechanisms (PQC-KEM), including Kyber and FrodoKEM^17,51. Our hybrid encryption scheme preserves the security of the secondary post-quantum encryption layer even under a compromise of QKD due to implementation-layer issues. Through dual-layer encryption, QuantumShield-BC is more resistant than previous solutions against classical and quantum cyber threats, offering strong security assurances for blockchain transactions and innovative contract executions.

One of the additional characteristics of QuantumShield-BC is that it is resilient to quantum-enhanced replay attacks. For instance, classical blockchains use nonce verification to ensure no transaction occurs twice (essentially timestamp-based checks for duplicates), but using the quantum computer to essentially time travel and trigger a validation bypass by the device’s incorrect timestamps. By integrating QRNG, it is guaranteed that a truly quantum-generated atom is used to generate the next transaction nonce, making any potential replay of an old transaction impossible. These security measures make blockchain transactions highly secure and enable strong protection against double-spending and duplication attacks, which cannot even be carried forward in a quantum computing environment.

QuantumShield-BC is a new kind of quantum-secure blockchain architecture that synergistically integrates these innovations to help make decentralized systems quantum-resistant for years to come. This means that integrating post-quantum cryptography, quantum key distribution, QRNG, and Q-BFT consensus helps to protect against quantum attacks on each part of the blockchain. QuantumShield-BC not only defines a benchmark for secure, decentralized, and tamper-proof blockchain ecosystems but also runs on an out-of-the-box quantum-resilience framework, as opposed to the traditional blockchain systems that will need first-order cryptographic upgrades to maintain their post-quantum securability.

To summarize, the key innovation of QuantumShield-BC include integration in single protocol level of post-quantum digital signature, quantum-key-distribution and quantum-random-number generator coupled with a new Quantum Byzantine Fault Tolerance (Q-BFT) consensus algorithm. Although prior work tends to analyse such technologies in a loose setting or a restricted manner together, QuantumShield-BC enables a complete modular and end-to-end architecture with scalability and quantum resistance empirical performance validation. The unification of cryptographic, communication and consensus resilience into a single deployable blockchain framework is the central contribution of our work.

Sampling procedure

In the context of the Horizon Europe Project “InBestSoil”, the data collection focused on arable management practices in Switzerland. Specifically, those practices related to soil health and soil conservation undertaken within the 2022/2023 production season. Farm selection for the survey was based on specific criteria to ensure that the data collection accurately represented arable agricultural practices in Switzerland. These criteria were designed to target farms that were significantly involved in arable agriculture, which is crucial for assessing arable soil health management practices. Eligible farms were required to meet the following criteria:

• Grow wheat in the preceding season (2021/2022).

• Farm at least 3 hectares of arable land in the preceding season (2021/2022).

• Arable land must have comprised at least 20% of the total farmed area in the preceding season (2021/2022).

We entered a data sharing agreement with the Federal Office of Agriculture to enable our survey campaign via access to contact information of all farmers who met the above selection criterion (see the supplementary material in the data repository for a copy of this contract)¹. The Federal Office of Agriculture implemented our selection criterion on the agricultural data that they collect on a yearly basis from the direct payment applications of all Swiss farmers. Note, at the time of our application to the Federal Office of Agriculture, data for the production season 2022/2023 was not available. This is why we use data from the preceding production season for specifying the selection criteria, as this was the latest data available at the time, from which the Federal Office of Agriculture could make an assessment of which farm contact details to share with us for the survey.

In August 2023, we received the contact details of 15,023 farmers who qualified for the survey from the Federal Office of Agriculture’s records. The information we received included the email address, farm identification number, language spoken, name and form of address. However, as per our data sharing agreement with the Federal Office of Agriculture, this data was allowed exclusively for our use in this project and cannot be shared with any outside partner not party to the aforementioned data sharing contract. The contact data of farmers that was received from the Federal Office of Agriculture will be kept for the duration of the InBestSoil project and stored securely on private institutional servers in encrypted files. All contact information will be deleted at the conclusion of the project (December 2026) and all data presented herewith is strictly anonymised to protect the data and identities of the farmers who took part in the survey. Moreover, we have taken measures to prevent any farmers from being identified via their answers (for example variables such as manager age, wheat areas grown, location etc. have been classified into more homogenous categorical groups), which means that the data we present here is slightly different to the data that we have available for our own analyses, as agreed under the data sharing agreement with the Federal Office of Agriculture.

Survey design and content

While adoption of agricultural practices certainly varies with farm characteristics such as size, labour availability, or participation in agri-environmental schemes, these factors alone are not sufficient to explain farmer behaviour. There is no single set of drivers that consistently predicts adoption across studies or regions⁴³. Instead, adoption depends strongly on local contexts, and the interplay of economic, social, and psychological factors⁴⁴. To capture the complexity of adoption behaviour, the survey included questions on farmers’ priorities, perceptions, self-assessed competencies, and personal goals, as well as their exposure to peer practices, participation in training and advisory services, and sources of information. These dimensions are important because farmers do not make decisions in isolation; their attitudes towards risk, innovation and environmental values can influence their decisions alongside financial considerations. Such data contribute to a more thorough understanding of the multifaceted factors influencing soil health-related decisions. The inclusion of these variables also offer valuable insights into the barriers and drivers of sustainable soil management, essential for shaping targeted and effective agricultural policies and support programs.

The full survey is available within the data repository in French, German and English¹. The final survey was developed over the course of a year, including revisions resulting from three rounds of consultation with external stakeholders, internal consultation and testing with farmers. All participants in the survey were asked to give their informed consent by ticking a box in the online questionnaire, confirming their agreement to participate in the study. Additionally, participants consented to the linking of secondary geographical data with their responses, which was also confirmed by ticking a separate checkbox in the survey. Once the participants had agreed to these, the survey was administered uniformly following the structure outlined below. All questions appeared in the same order and, only if certain exclusion criteria were met – such as when their previous answer ruled out any further sub-questions – were some sub-questions hidden from the view of participants. Inclusive of all sub-questions, the survey contained 57 questions, and answering the questionnaire took farmers a median time of 23 minutes.

The survey design was based on previously implemented surveys regarding agricultural production practices in Switzerland^{45,46,47,48,49}. Specifically, questions on farm information and participation in soil-related programmes were included to assess farmers’ engagement with policy incentives and voluntary schemes. The inclusion of personal characteristics aimed to understand demographic drivers of management behaviour. The questions on management practices were developed in close collaboration with experts from the soil science and agricultural extension fields, and were cross-checked with relevant literature. Data on milling wheat production and related input use were collected to link agronomic decisions with productivity outcomes. Information on structural farm characteristics, such as farm type, location, and land tenure, provides context for understanding the decision-making environment and potential constraints faced by farmers. Finally, a strong focus was placed on behavioural and attitudinal factors, including information sourcing, perceived risks, and personal goals, to account for the cognitive and motivational dimensions of farmer behaviour. The following section provides an overview of the variables investigated within each of these question groups. The collected data are documented in the accompanying datasets¹. Each question group corresponds to a clearly defined set of columns.

Demographic details (Primary dataset columns B-H)

Age, duration farm responsibility, gender, full time equivalent and whether the farm succession is already secured.

Participation in soil health programmes (Primary dataset columns H-S)

Organic farming support, soil cover scheme, reduced tillage scheme, herbicide-free farming scheme, pesticide-free farming scheme, efficient fertiliser use, wider row planting, beneficial insect strip, precision application, cantonal soil health support, cantonal input reduction support, cantonal investment and equipment support.

Management Practices (Primary dataset columns T-CA)

An overview of all management practices addressed in the survey, including their descriptions and the typical machinery used, is provided in Table 1. Farmers were asked about their knowledge about the practices, the application as well as the frequency of application within the last 10 years and whether they know other farmers that use the practice. The practices covered by our survey were selected based on the input of soil scientists and agricultural extension workers based in Switzerland.

Milling Wheat Production (Wheat dataset columns B-M)

Production standard, hectares of milling wheat grown, yield milling wheat, yield milling wheat over last five seasons, quantity synthetic fertiliser, quantity organic fertiliser, sowing density, number of biostimulant treatments, number of herbicide treatments, number of fungicide treatments, number of insecticide treatments and number of plant growth regulator treatments.

Structural Farm Characteristics (Primary dataset columns CD-CP)

Family members employed, farm focus (arable, livestock, permanent crop, others), full time or part-time farm, percentage of rented land, whether the soil has been assessed and a soil management plan exists.

Training and Advice (Primary dataset columns CQ-CZ)

Advice agricultural adviser, advice agricultural retailer, advice cantonal or national institution, consult other farmers, consult social media channels, consult publications or webpages, participation equipment demonstration, participation farmer discussion or training group, participation farm demonstration, participation course.

Behavioural and Attitudinal Factors (Primary dataset columns DA-EK)

Respondents’ self-assessment of their perceived influence of the weather on crop production and ambitiousness of self-set production goals.

Respondents’ self-assessment of their willingness to take risks in the domains of; agricultural production, investment in agricultural technology and crop protection.

Respondents’ self-assessment of their confidence in being able to; find solutions to arable production challenges and achieve production goals by harvest end.

The respondents self-reported importance of the following aspects in decision making;

Maximising yields, minimising input costs, minimising time or labour requirements, minimising production risks, minimising farm exposure to weeds or pests or diseases, adapting to weather patterns, adapting to farmland conditions, improving soil health or structure or fertility, improving biodiversity, minimising environmental impact, expanding farm land, adapting to crop market developments, adapting to changes in direct payment rates or regulations, seeking professional agronomic, seeking casual advice from friends or colleagues and seeking peer approval.

Ethical approval and pre-registration

The survey campaign and research design were both approved separately by the ETH Zürich Ethics Commission as proposal 2023-N-212 as well as the FiBL Ethics Committee as proposal FSS-2023-006. Copies of the approval letters are included in the supplementary material¹. Before launching our survey, we also submitted two research plans for pre-registration of hypotheses via the online platform AsPredicted operated by the University of Pennsylvania (link: AsPredicted). For further information on these, see AsPredicted #153145 and AsPredicted #153146 that were registered on 29^th November 2023.

Survey implementation

The survey was implemented as an online survey formulated with Lime Survey and distributed via email. All eligible farms received an individualised email addressed personally to the recipient and a survey link, connected with a unique token to enable us to link the farmer responses with secondary data available for each farm. The participants were asked to give their permission for this by approving the terms and conditions we made available to them regarding how their data would be handled. By agreeing to the disclosure agreement, the farmers gave their permission for the anonymised data, that they subsequently provide through the survey, to be used exclusively for science and research purposes. Farmers were also given the option to opt out of the survey at any time, with no explanation needed. To incentivise participation in the survey we offered the opportunity to enrol in a lottery of 100 supermarket vouchers worth CHF 150 each and the option to receive a personalised results report comparing the farmers’ answers to the answers of other similar farms. The individualised reports were administered via a bespoke app created using R-Shiny (see technical validation section below for further details).

Prior to the full survey launch, a pilot survey was conducted on a random sample of 1% of eligible farms (150 farms) to test the survey’s functionality and to refine any issues. The pilot survey launched on 30^th November 2023, and the full survey went live six days later, on 6^th December 2023. The survey was closed on 31^st January 2024, after a response period of nearly two months.

Data cleaning

To minimise errors already at the point of data entry, the survey was designed to allow only predefined values or plausible numeric ranges for most variables. Wherever this was not technically feasible, such as in open-text fields or free numeric input, we conducted systematic data cleaning after data collection. Data cleaning involved addressing inconsistencies and missing values. In cases where values were deemed implausible or outliers, they were either removed or corrected if sufficient data from other columns was available. This cleaning procedure was applied to variables related to plant protection product treatments, yield, sowing density, labour input, and demographic information. We include the following to illustrate the approach we took as an example (note all processing codes are available in the supplementary material which outline these decisions on a line-by-line basis):

If in the labour units column, an entry was listed as 48, which was inconsistent with the farm area, this value was corrected to 4.8 using a related column for recalculation. Similarly, we proceeded for the variable age: if a data entry was obviously wrong, such as a year of birth recorded as 60 instead of the demanded format YYYY (1960), and the farmer had entered the column of farming experience 40 years, the value was corrected to ‘1960’ based on logical inference. If no reliable correction could be made, the value was marked as ‘NA’ (Not Available).

To ensure anonymity, apart from removing precise geographical information we also grouped continuous variables such as age and farming experience into categories (e.g. age_group and years_experience_group). The data was anonymised, and no specific details were included that could link individual responses to specific farms. No randomisation was applied to the data. With regard to the secondary data, we also took measures to prevent identification by rounding the variables to the nearest integer (the codes for the processing of this data are also available in the supplementary material).

Development of an Artificial Intelligence-assisted CRISPR-Cas Scan (AIL-Scan) strategy based on an ESM large language model

We assumed that by embedding the functional feature with protein primary sequences, we could trace the natural evolution rules and identify the CRISPR-Cas proteins in the metagenomics data directly without sequence alignments. To identify the CRISPR-Cas proteins, we developed an Artificial Intelligence-assisted CRISPR-Cas Scan (AIL-Scan) strategy (Fig. 1a). It includes the following steps:

1. 1.

   CRISPR-Cas training data is created by extracting CRISPR-associated (Cas) proteins from the NCBI database, classifying them by genes, and removing redundant sequences.

2. 2.

   Supervised fine-tuning of ESM on the CRISPR-Cas training data based on the biological information to predict the Cas protein.

3. 3.

   Feature analyses of Cas proteins, including cleavage activity, CRISPR-loci type, CRISPR loci-length, direct repeats, spacers, evolutionary analyses, MSA, and structures.

We generated our training data using reviewed NCBI gene data. We annotated the Cas1, Cas2, Cas3, Cas4, Cas5, Cas6, Cas7, Cas8, Cas9, Cas10, Cas12, and Cas13. Non-Cas proteins were extracted according to the following rules, without the annotation of Cas, and removing the proteins with sequence similarity over 40%. The Cas protein database was separated into a training or validation database using CD-HIT-2D with a 40% identity threshold to remove the redundant sequences and avoid overfitting. We collected 76567 non-redundant positive sequences and 13047 non-Cas proteins, which were deposited in NCBI before July 5, 2023 (Supplementary Fig. 1). The maximal protein length is less than 1764 amino acids. To obtain the best classification, we introduced the “focal loss” in the classification to solve the unbalance of the input data. We obtained the best model during the 13^th Epoch of model training and obtained 97.75% accuracy for the ESM 2 model with 650 million (650 M) parameters (Supplementary Fig. 2). Using the 15 billion (15B) parameters model, we achieved the best performance in the 9^th Epoch with 98.22% accuracy (Supplementary Fig. 2). This model maintained consistent performance, achieving an accuracy 97.68% on the independent dataset, i.e. TestSet2024, which contains sequences deposited in NCBI from July 6, 2023, to Oct 28, 2024 (Supplementary Tables 1–3). These results indicate a robust generalization of this model. The accuracy and prediction speed of AIL-Scan is comparable to the CRISPRcasIdentifier, which integrates HMMs and machine learning (Table 1 and Supplementary Fig. 3). CASPredict performed with the highest speed among the four software, although its accuracy is lower than the machine learning based software, i.e., AIL-Scan and CRISPRcasIdentifier. However, the NCBI data has been partially annotated by the HMM model, so we turned to validate AIL-Scan’s capability in recognizing “unseen proteins”. We utilized a recent dataset of 3601 Cas12 family protein sequences²⁰, in which 3521 sequences (97.8%) had less than 90% similarity with the training set, meanwhile 3351 sequences (93.1%) had less than 40% similarity with the training set. This test set is named TestSet2025 and is significantly distinct from the training set in sequence space, making it suitable for evaluating generalization ability. AIL-Scan successfully identified 3182 Cas12 proteins, in contrast, the HMM model identified 1240 sequences, demonstrating the strong generalization capabilities of AIL-Scan. Considering the resource consumption, the 650M model is sufficient for the Cas prediction. We used ESM embeddings to reduce dimensionality with t-SNE for 77684 sequences and discovered that ESM can distinguish the differences in various Cas classifications. The ROC curves and AUC indicate the probability that the positive sample’s decision value is greater than the negative sample’s decision value for all the Cas and non-Cas proteins (Fig. 1b). The test loss and test accuracy also indicate that the model generalizes correctly and performs well on unseen data (Fig. 1c). We evaluated the model robustness using the 5-fold cross-validation. The average accuracy is 0.9786 and the standard deviation is 0.0013 (Supplementary Table 4).

We use the Global Microbial Gene Catalog (GMGC) metagenomic database for the Cas protein discovery²¹. We selected 50,000 bins with high quality from GMGC and extracted 20,000 MAGs, including CRISPR-loci, to test the performance of AIL-Scan. The protein sequences were predicted by Prodigal software²². We collected ca. 20,000,000 protein sequences shorter than 1500 amino acids for prediction. In comparison with the established methods, the AIL-Scan predicts 1379 Cas12a sequences.

Development of a trans-cleavage activity prediction model

The trans-cleavage activity of Cas12a has been used in various applications. Although many CRISPR-Cas12a proteins have been identified, few of them have been tested in the trans-cleavage experiments. Therefore, the main challenge encountered during this study lies in dealing with a small sample size coupled with high-dimensional embeddings, which often leads to convergence issues when employing most models. A total of 69 labeled Cas12a proteins (including three known Cas12a) were included in our analysis (Supplementary Data 1). Their trans-cleavage activities were assessed by the fluorophore-quencher (FQ) reporter assay. The trans-cleavage activity was defined as proteins displaying fluorescence intensity twice that of the negative control. Thirty-three proteins were classified as active in trans-cleavage activity, and the remaining 36 proteins were categorized as inactive. To evaluate the performance of our predictive model, a test set comprising 13 randomly selected proteins (approximately 20% of the sample) was used, while the remaining 56 proteins were employed for training purposes. Initially, we recorded the last embedding layers based on our fine-tuned ESM model for all labeled Cas12a protein sequences. These embeddings (1280 dimensions) were utilized as covariates to predict trans-cleavage activity.

Different forms of decision tree models are evaluated in this task. The results of our study demonstrate that Light Gradient Boosting Machine (LightGBM) achieves the highest accuracy among mainstream machine learning models, with an accuracy rate of 69.2% on the test set trained on embeddings. To address dimensionality-related challenges, principal component analysis (PCA) was employed to extract essential embeddings, with prediction performance evaluated across 2–15 principal components. Alongside PCA, we compared 31 alternative methods, including t-SNE, UMAP, and raw data. Detailed comparisons, training procedures, and results are provided in Table 2, Supplementary Table 5, and the supplementary notes. LightGBM, CatBoost, and RandomForest achieve the accuracy of 92.3% in the test set (12 out of 13 proteins are correctly labeled) with 4, 6, and 8 principal components, respectively. We can see that compared to training models directly with embeddings, extracting essential dimensions with PCA provides higher accuracies in predicting trans-cleavage activity (Supplementary Table 5). However, this model is still limited by the small dataset, more experimental data would improve its prediction accuracy. Additionally, we tested our prediction model on two unreported Cas12a proteins, i.e., the trans-cleavage activity of two Cas12a candidates: ArCas12a_1 (derived from Agathobacter rectale) and LeCas12a_3 (derived from Lachnospira eligens_B). Our model predicted that ArCas12a_1 has trans-cleavage activity but not LeCas12a_3. In the experiment, ArCas12a_1 demonstrated significantly stronger trans-cleavage activity than the negative control, while LeCas12a_3 did not (Supplementary Fig. 4). These experimental outcomes were consistent with our model’s predictions, supporting the generalizability and robustness of the prediction model.

CRISPR-Cas12a loci predicted from the metagenomics

We did further feature analyses of Cas12a candidate proteins. Phylogenetic analysis of Cas12 proteins suggests that the identified Cas12a proteins fall into the Cas12a clade (Fig. 2a). The classical CRISPR-loci, comprising essential elements such as Cas1, Cas2, and Cas4, play a pivotal role in type classification. To delve into these features, we employed AIL-Scan to predict Cas1, Cas2, and Cas4 proteins within the same CRISPR loci adjacent to the Cas12a sequence. Subsequently, we meticulously verified 300 predicted CRISPR loci to gain deeper insights manually. Normally, Cas12a is considered to have a unique CRISPR locus, comprising Cas1, Cas2, and Cas4. Intriguingly, the observed count of Cas1, Cas2, and Cas4 proteins was notably lower than that of Cas12a, suggesting the absence of these small Cas proteins in some Cas12a loci (Fig. 2b, c). Further stratification based on the number of integrase proteins led to the classification of CRISPR loci into eight distinct subtypes. The distribution of integrase proteins across these subtypes exhibited a sparse pattern (Fig. 2d). Notably, subtype VIII lacked any integrase proteins, subtype I encompassed Cas1, Cas2, and Cas4, while subtype VI exclusively featured Cas2. This nuanced classification sheds light on the diversity within CRISPR loci and underscores the intricate variations in the composition of integrase proteins among different subtypes. Our observations may provide unreported perspectives on correlations among different CRISPR-Cas systems and integrase proteins. Remarkably, the analyses using the 1000 predicted CRISPR Cas12a loci without manual verification show a strikingly similar distribution pattern as the result from the 300 manually confirmed ones, indicating this distribution is a universal phenomenon (Supplementary Fig. 5). To provide further insights, we measured the length of CRISPR loci, beginning from the start of the Cas12 protein and concluding at the first spacer. Subtype VIII emerged as the shortest, spanning mere 4200 bp, while subtype I is the longest, extending over 6100 bp. Particularly noteworthy were certain subtype I CRISPR loci exhibiting extraordinary lengths of up to 6700 bp, raising the possibility of harboring enigmatic protein elements (Fig. 2e). Aligned with the integrase variation, the numbers of spacers notably decreased in subtypes IV, VI, and VIII, underscoring the pivotal roles of integrases in spacer capture (Fig. 2f). Despite the divergence in spacer numbers, the stem-loop region corresponding to direct repeat sequences remained conserved (Fig. 2g). This consistent conservation hints at a shared structural element, emphasizing the importance of the stem-loop region in CRISPR loci across different subtypes.

a Phylogenetic tree of Cas12 proteins. The identified Cas12a proteins in this work were highlighted in red in the Cas12a family. b Cas12a subtypes with different combinations of accessory proteins, i.e., Cas4, Cas1, and Cas2. c Statistics of Cas12, Cas1, Cas2, and Cas4 from 300 CRISPR-loci, which were verified manually. The features of the first 1000 CRISPR-loci were analyzed in Supplementary Fig. 5. d Statistics of subtypes in the 300 CRISPR-loci. e Sequence length variation in different subtypes. DNA sequence length was calculated from the start codon of the Cas12a gene to the end of the first repeat. f Statistics of spacers in different subtypes. g Sequence alignment of direct repeats in the 300 CRISPR-loci. The sequence corresponding to the stem loop region of crRNA was highlighted with a gray background. h Distribution of Cas proteins in different subtypes and species. The subtypes were colored in the inner circle. The species were labeled in the outer circle. Error bar indicates mean ± s.e.m. measured from three technical replicates. n = 3. Statistical significance was assessed using one-way ANOVA analysis. The symbol ‘#’ indicated that the metagenomes in the corresponding subtypes did not contain spacer sequences. Source data are provided as a Source Data file.

To explore the distribution of the discovered proteins in the organisms, we constructed a phylogenetic tree using 300 candidate Cas12a proteins, which were manually verified, along with three known Cas12a (LbCas12a, FnCas12a, and AsCas12a). 232 Cas12a proteins from the Lachnospiraceae family cluster into one clade. Within this clade, subclade 1 consisted of 62 subtype I Cas12a proteins, 81 subtype VII Cas12a proteins, and a modest representation of other subtypes. Notably, subtype I and subtype IV emerge as the principal constituents within Subclade 2. Furthermore, Subclade 3 is marked by the exclusive presence of 28 subtype VIII Cas12a proteins originating from the Acutalibacteraceae family. It is worth noting, 94.6% of the identified Cas12a proteins originate from enteric microorganisms (Fig. 2h), which may be due to the ease of recovering high-quality genomes from enteric microorganisms. Additionally, the thermostable YmeCas12a (subtype I) is adjacent to subtype I Cas12a proteins (Supplementary Fig. 6).

Cas integrases in CRISPR loci

New insights highlight the structural diversity and functional roles of Cas integrases in CRISPR loci^{23,24,25,26,27}. Cas1, Cas2, and Cas4 are essential for integrating foreign DNA into bacterial CRISPR systems, which generates bacterial immunity²⁶. AlphaFold2²⁸ was applied to predict all protein structures in the eight distinct subtypes, providing insights into their variation, respectively (Fig. 3 and Supplementary Fig. 7). Cas1 proteins, encompassing 92–331 amino acids, are classified into eight types based on structure and sequence (Fig. 3a, b and Supplementary Fig. 7b). Type 8 is the most prevalent Cas1 protein, resembling AfCas1 (PDB: 4N06)²⁹ and its N-terminal and C-terminal domains (NTD, CTD) contain with key catalytic sites in specific helices and loops (Supplementary Fig. 7c). Structural differences across types were analyzed via the Dali server³⁰. The variation in CTD elements does not necessarily hinder foreign DNA acquisition³¹, emphasizing their structural flexibility. Cas2 proteins, containing 70–146 amino acids, also fall into eight subtypes, with type 8 showing notable structural similarities to E. coli Cas2 (PDB: 5DQT)³² but with unique N-terminal helices (Fig. 3c, d and Supplementary Fig. 7d–f). Other subtypes exhibit varied structural deficiencies, such as missing β-sheets or helices, affecting dimer interfaces and potentially altering DNA binding. This diversity underlines Cas2’s adaptability within Cas1–Cas2 complexes (Supplementary Fig. 7f)³³. Cas4 proteins, comprising 79–206 amino acids, exhibit eight types (Fig. 3e, f and Supplementary Fig. 7g, h), with type 8 resembling I-C Cas4 (PDB: 8D3Q)²⁴ but lacking specific helices critical for protospacer cleavage. Structural differences across subtypes, such as missing helices or β-sheets, impact spacer insertion and integration within CRISPR systems (Supplementary Fig. 7i). These findings broaden our understanding of Cas4 structural variations and their functional implications in bacterial immunity. The detailed structural features of integrases are analyzed in the Supplementary Note.

a, c, e The RMSD matrix of Cas1, Cas2, and Cas4 structure models constructed by AlphaFold2. Colors within the heatmap, ranging from dark blue to white, represent the RMSD values ranging from high to low. The protein names were colored based on their structure type classification. The color of each protein name corresponds to the protein structure type displayed in the right panel. b, d, f Typical structure models of Cas1, Cas2, and Cas4, which were classified into different types. Secondary structures were annotated for all protein types. Type 1–7 structures of Cas1, Cas2, and Cas4 were superposed onto each full-length type 8 structure, and secondary structures were labeled. The “αX” in type 1 of (f) indicates that it does not appear in other Cas4 structure types.

Cas12a proteins in the subtypes

The differences in the Cas12a structures are key features of the Cas12a subtypes. We analyzed the motifs of the Cas12a sequences and discovered conserved and distinct motifs in the different subtypes, which are key for the Cas12a functions (Supplementary Fig. 8). The analysis revealed that the catalytic residues within the RuvC and Nuc domains are highly conserved among all subtypes, reflecting their critical roles in enzymatic function. Specifically, the first catalytic aspartate in the triad resides within the conserved motif IGIFRGEERN. The second catalytic glutamate displays subtype-specific distributions, appearing as MED in subtypes I, IV, V, and VI, as M/LEN/D in subtype II, and as MEK/D in subtype VIII. The third catalytic aspartate is consistently located in the motif DADANG, specifically at the second “D”. Additionally, a highly conserved TSKIDP motif was identified across all subtypes, indicating a shared functional mechanism. Other conserved motifs showed variability among subtypes, suggesting distinct sequence characteristics while maintaining overall catalytic and structural integrity. We also built the structure models of 300 Cas12a proteins using AlphaFold2, except for the failed construction, and calculated the root mean square fluctuation (RMSF) for all candidate Cas12a proteins within one subtype (Supplementary Fig. 9). The detailed analyses are appended in the Supplementary Notes. The RMSF reflects the residue-wise structural difference within one subtype. The results suggested that, despite an overall conserved structural architecture, specific regions within the proteins exhibit variability that may reflect structural adaptations specific to each subtype.

Cas12a proteins have distinct cis– and trans-cleavage activities

Cas12a processes the pre-crRNA transcripts into mature crRNA by its endoribonuclease activity. Then the Cas12a–crRNA complex efficiently cis-cleaves a double-stranded DNA (dsDNA), which is initiated by a PAM motif recognition. The cleaved DNA segment that remains bound then induces non-specific degradation of single-strand DNA (ssDNA) (Fig. 4a).

a Scheme of Cas12a activation, cis-, and trans-cleavage. The Cas12a from different subtypes was labeled with different colors. b Binding of Cas12a with crRNAs investigated by electrophoretic mobility shift assay (EMSA). c Binding of Cas12a with DNAs investigated by EMSA. d Scheme of PAM analyses using a double-strand DNA (dsDNA) array. Normalized PAM heatmaps for EvCas12_2 (e), AmCas11a (f), RspCas12a_2 (g), CAGCas12a (h), and RbrCas12a_1 (i). Each heatmap was normalized from 6 genes, including endogenous genes EMX1, DNMT1, and FANCF, 2 sites from eGFP, and 1 site from MERS virus genes. The individual maps were shown in Supplementary Fig. 12. The DNA sequences were listed in Supplementary Table 8. The weblogs of the PAM sequences for each Cas12a variant are shown below the heatmap. Colors within the heatmap range from dark blue to white, illustrating the normalized intensity of each PAM sequence. Source data are provided as a Source Data file.

Therefore, we evaluated the RNA binding efficiency, DNA binding efficiency, cis– and trans-acting DNase activities of sixteen Cas12a proteins from eight subtypes derive from Anaeroglobus micronuciformis (AmCas12a), Eubacterium_G ventriosum (EvCas12a_1 and EvCas12a_2), Erysipelatoclostridium sp. (EspCas12a), Ruminococcus_E sp. (RspCas12a_1 and RspCas12a_2), Agathobacter rectale (ArCas12a), Lachnospira eligens (LeCas12a_1 and LeCas12a_2), UBA3388 sp. (UBACas12a), RC9 sp. (RCCas12a), CAG-127 sp. (CAGCas12a), Ruminococcus_E bromii_B (RbrCas12a_1, RbrCas12a_2, RbrCas12a_3 and RbrCas12a_4) (Fig. 4, Supplementary Fig. 10 and Supplementary Table 6). Remarkably, the direct repeat sequence of these candidate Cas12a proteins is conserved alongside their celebrated counterparts, i.e., LbCas12a (Fig. 2g and Supplementary Fig. 11). Therefore, we chose LbCas12a as the positive control in the following assays, as well as its crRNA scaffold in the screening step. All the Cas12a proteins show RNA and DNA binding ability as expected (Fig. 4b, c, Supplementary Fig. 10c, d, and Supplementary Table 7). However, the DNA binding ability of subtype I and subtype VIII are higher than other Cas12a proteins. According to the inherent trans-DNase activity of Cas12a, as well as the 4 bp PAM length, we developed a simple and efficient PAM detection method. We constructed 6 short dsDNA target arrays by annealing 256 kinds of PAM sequence primer pairs in each well, which target EMX1 site1, DNMT1 site1, FANCF site1, MERS site1, eGFP site1, and eGFP site 3 (Supplementary Table 8). Each dsDNA target was incubated with candidate Cas12a proteins, crRNA and FAM-BHQ reporter to detect fluorescence of each reaction system (Fig. 4d). Using this assay, we determined the PAM preference of EvCas12a_2, AmCas12a, RspCas12a_2, CAGCas12a and RbrCAS12a_1, EcCas12_2, RspCas12a_2, and CAGCas12a recognize T rich PAM, but AmCas12a prefer G-start PAM, RbrCas12a_1 recognize 5-GTV-3 PAM (Fig. 4e–i and Supplementary Figs. 11, 12).

To corroborate the cis-acting DNase activity of candidate Cas12a proteins, we incubated Cas12a proteins with a crRNA and a linearized plasmid dsDNA. All linearized dsDNA were degraded by candidate Cas12a proteins with comparable efficiency to LbCas12a at 37 °C, with the exception of RCCas12a (Fig. 5a and Supplementary Fig 13a). Sanger sequencing of the cleaved DNA ends revealed that AmCas12a introduced INDELs at 18 in NTS and 23 in TS, consistent with other Cas12a orthologs (Supplementary Fig. 13e, f). However, most Cas12a variants exhibited diminished DNase activity, resulting in the production of uncleaved DNA at room temperature (RT), except for subtype VIII Cas12a proteins, which lack integrases. (Fig. 5b and Supplementary Fig. 13b). Subtype II Cas12a variants are slightly less active than LbCas12a in single-strand (ssDNA) degradation, while EspCas12a, EvCas12a_1, EvCas12a_2, and ArCas12a exhibited moderate activity. In contrast, the other Cas12a variants displayed notably lower activity (Fig. 5c and Supplementary Fig. 13c). Most of these Cas12a proteins represent considerable cis cleavage activity but are a bit different in trans-cleavage activity compared to LbCas12a. The ion preference assay reveals that these Cas12a proteins can be activated by Mn²⁺, similar to the LbCas12a³⁴. Divalent Mg ions prove ineffective in activating the trans ssDNA cleavage activity of low-activity Cas12a variants, and Mn²⁺ cation emerges as the catalyst for their trans DNase activity. (Fig. 5d and Supplementary Figs. 13d and 14) To investigate the genome-editing ability of candidate Cas12a in eukaryotic cells, we selected 6 target sites with canonical PAM, which can be recognized by all the tested Cas12a (Fig. 5e and Supplementary Table 9). AmCas12a exhibits an average editing efficiency of 49.6% across six sites, with remarkable peaks at sites 3 (85.4%) and 6 (84.9%). In contrast, EvCas12a_2 displays an average editing efficiency of 20.3%, with its highest performance observed at site 1 (25.8%). RspCas12a_2 and RbrCas12a_2, which lack integrase in the loci, yield modest average editing efficiencies of 14.3% and 17.8%, respectively, with notable peaks at site 3 (26.3% and 37.3%, respectively). ArCas12a shows comparable average editing efficiencies with AmCas12a (45.4%), which gets notable peaks at site 3 (75.8%). LeCas12a_1 shows an average editing efficiency of 6.2% and a maximum efficiency of 25.7% at site 2. UBACas12a exhibits nearly negligible editing efficiency, with the highest activity reaching 2.1%. At site 4, CAGCas12a and LeCas12a_2 demonstrate peak genome-editing efficacy, at 81.7% and 73.8%, respectively, with mean editing efficiencies of 28.8% and 26%. AsCpf1 attains an impressive average editing efficiency of 65.5%, with its maximum at site 6 (84.7%). Finally, LbCas12a shows an average editing efficiency of 25.6% and a maximum efficacy of 53.5% at site 6.

a, b Cleavage of dsDNA by Cas12a subtypes at 37 °C (a) and 25 °C (b). c Trans-cleavage of ssDNA by Cas12 subtypes using fluorescence-labeled ssDNA reporter. d Divalent cation ions’ preference for the Cas12a variants. Colors within the heatmap, ranging from dark blue to white, indicated the trans-cleavage activity from high to low. Time-course kinetic analyses were analyzed in the Supplementary Fig. 14. e Cellular gene editing efficiency on targeting sites. Two sites were selected from FANCF, EMX1, and DNMT1, respectively. The statistical significance was calculated using the LbCas12a as a reference at each site. The detailed sequences were listed in Supplementary Table 9. Error bar indicates mean ± s.e.m. measured from three technical replicates. n = 3. Statistical significance was assessed using a two-tailed unpaired t-test. Source data are provided as a Source Data file.

The AmCas12a–crRNA binary complex

The protein sequence identity of 16 candidate Cas12a proteins to AsCas12a, FnCas12a, and LbCas12a are low, ranging from 30%-46% (Fig.6a and Supplementary Fig. 15). In the three-dimensional structural landscape, Cas12a proteins within the same subclade exhibit a high degree of structural similarity. However, AmCas12a presents a subtle deviation, distinguishing itself somewhat from its subclade I Cas12a counterparts (Fig. 6d, f and Supplementary Fig. 15).

a Domain organization of the AmCas12a protein. Detailed protein sequences and alignments were supplemented by Supplementary Fig. 19. The REC1, REC2, PI, WED, BH, RuvC, and Nuc domains were highlighted with distinct colors, respectively. b The cartoon representation of the structure of the AmCas12a–crRNA and schematic of the crRNA used for structural analysis. The nucleotides of crRNA are labeled with numbers. c The structure of AmCas12 revealed by cryoEM. (PDB: 8KGF, EMDB: EMD-37219) The structure alignments comparison with known Cas12a and other variants was analyzed in Supplementary Fig. 17. The structural domains were distinguished according to the color codes at the bottom. d The RMSD matrix of Cas12 structure models constructed by AlphaFold2. Colors within the heatmap from dark blue to white represent the RMSD values from high to low. e Interaction network of crRNA with residues in AmCas12a. The detailed interactions of crRNA seed regions with AmCas1a were shown in Supplementary Fig. 18. f The Alphafold2 structure models of Cas12as, which were used in this paper. g Mismatch analyses of AmCas12a. Error bar indicates mean ± s.e.m. measured from three technical replicates. n = 3. Source data are provided as a Source Data file.

To understand the molecular details underlying the RNA binding behavior of AmCas12a, we achieved the cryo-EM map of the crRNA binding complex, which consists of AmCas12a and a 44-nt crRNA, at 2.9 Å resolution (Fig. 6b, c, Supplementary Figs. 16 and 17, and Supplementary Table 10). The AmCas12a–crRNA structure maintains a bilobed architecture (Fig. 6c), similar to other Cas12a structures^35,36. Nonetheless, it is noteworthy that the AmCas12a–crRNA complex exhibits a distinct conformation when juxtaposed with its counterparts. Specifically, an observable rotational variance is discernible within the REC domain of AmCas12a when compared to the LbCas12a–crRNA and FnCas12a–crRNA complexes. Relative to LbCas12a and FnCas12a, the REC1 domain of AmCas12a presents a deviation of 7.3° and 9.4°, respectively. Simultaneously, the REC2 domain of AmCas12a manifests a rotational disparity of 4.8° and 6.2°, respectively (Supplementary Fig. 17d, e).

As observed in the LbCas12a and FnCas12a crRNA binary structures, the repeat-derived pseudoknot in the 5’ handle of the crRNA is ordered. However, the crRNA conformation is markedly different from that of the crRNA bound by LbCas12a or FnCas12a. Due to the flexibility of the spacer-derived part of crRNA, it’s almost unclear in the Cas12a–crRNA binary complex^35,36. Notably, an extra RNA stem formed by A(1)–A(5) and U(18)–U(22) within the crRNA spacer region makes a part of spacer region including seed sequence well-defined in the central cavity of AmCas12a and adopt an A-form-like helical conformation, but A(−10)–G(−6) and G(6)–A(15) nucleotides of crRNA are unclear (Fig. 6b and Supplementary Fig. 18). To accommodate the double RNA stem substrate, the REC lobe of AmCas12a rotates away from the NUC lobe. Unsurprisingly, the docking of crRNA to Alphafold-generated AmCas12a causes a severe clash in the REC domain (Supplementary Fig. 15c). The attainment of conformational integrity within the extra RNA stem is orchestrated by intricate interplays involving the ribose and phosphate moieties of the crRNA backbone, engaging in multiple interactions with specific residues within the WED, REC1, and RuvC domains of AmCas12a (Fig. 6e). These include residues T19, H751, K522, and H861 from the WED domain, Y50 and R168 from the REC1 domain and Q1003 from the RuvC domain, all of which are conserved with Cas12a orthologs, except Q1003 which form a hydrogen bond with the phosphate of U(18) (Supplementary Fig. 18). Distinct from the FnCas12–crRNA complex, the spacer segment of crRNA major interacts with the WED domain of AmCas12a.

Compared to the LbCas12a–crRNA complex and FnCas12a–crRNA complex, the divalent Mg ions are in the same location (Supplementary Fig. 17a–c). Consistent with a seed sequence-dependent mechanism of DNA targeting and in broad agreement with previous analyses of AsCas12a, LbCas12a activities in vivo, and FnCas12a activities in vitro^35,37,38, cleavage of DNA substrates with single-nucleotide mismatches in the seed segment was almost completely impaired, while mismatches in the PAM-distal region of the DNA target were mostly tolerated (Fig. 6g).

Specific detection of single-nucleotide mutation by AmCas12a

Cas12a is a promising tool in the next-generation molecule diagnosis, however, it suffers from the PAM limitation³⁹. The oncogene SNP only has a small sequence window to probe, the traditional PAM, TTTV, could not cover all the SNPs. Therefore, we tested whether the AmCas12a can distinguish the SNPs without a traditional PAM. (Fig. 7a) The oncogene mutants, KRAS c.34 G > T (G12C), did not contain the available TTTV in the adjacent sequences (Fig. 7b). Among the Cas12a proteins that have undergone PAM preference testing, AmCas12a, EvCas12a_2, CAGGCas12a, and RbrCas12a_1 showed potential for recognizing the G12C mutation. The results revealed that AmCas12a exhibited the best performance (Supplementary Fig. 20). We designed the crRNA targeting the SNP (Fig. 7b). According to the fluorescence intensity, we selected the crRNAs inducing the strongest signals, i.e., crRNA 1 for the KRAS mutant (Fig. 7c). The AmCas12a can detect ten copies of the KRAS mutant (Fig. 7d). Furthermore, we diluted the target mutant and evaluated the sensitivity of detection. The AmCas12a can even distinguish 0.1% KRAS mutant in the wild-type gene background, which is more sensitive than the Sanger sequencing (Fig. 7e, f).

a Scheme of single-nucleotide mutant detection by Cas12a. b Synthetic crRNA for single-nucleotide KRAS mutation based on the PAM preference of AmCas12a. The single-nucleotide polymorphism (SNP) site was highlighted in red. c AmCas12a detection of KRAS G12C with various crRNAs and Mn²⁺. d Detection limit of KRAS mutant using recombinase polymerase amplification (RPA) integrated with Cas12a. The fluorescent images and fluorescence intensity of the 15-min reaction were shown. The copy numbers of the target DNA were shown on the x-axis. e Sensitivity of the AmCas12a detection. KRAS mutant DNA was spiked in the wild type sequences with various ratios, which were shown in the x-axis. f Sanger sequencing results of wild-type KRAS and mutant with different ratios. NC represented the negative control without target DNA. Error bar indicates mean ± s.e.m. measured from three technical replicates. n = 3. Statistical significance was assessed using a two-tailed unpaired t-test. Source data are provided as a Source Data file.