New paper from our team. Post-quantum HD wallets with full non-hardened public key derivation. Watch-only wallets, xpubs, hierarchical key management, etc. all with provable security under standard lattice assumptions. BIP32 non-hardened derivation depends on the linear algebra of elliptic curves. You add an offset to a parent public key and get a valid child public key. Post-quantum lattice schemes break this in two ways. Some schemes round their public keys during key generation, which destroys linearity. And even without rounding, each derivation adds noise that changes the statistical profile of derived keys, breaking unlinkability. In this work, we built two constructions. The first uses ML-DSA for hardened-only derivation with full security proofs. The second, the main result, uses Raccoon-G, a variant of Raccoon with Gaussian-distributed secrets. We skip the rounding step and publish the full public key to preserve linearity. On top of this, Gaussians are stable under addition, so derived keys stay in the same distributional family as fresh ones. That gives you non-hardened derivation with provable unlinkability and unforgeability under standard lattice assumptions. The tradeoff is larger keys and signatures, and a bounded derivation depth. In practice the depth bound is not restrictive since real wallet structures like BIP44 only use non-hardened derivation for the last two levels anyway. We implemented both constructions in Rust. Paper and Github below.