The slow-moving threat that blockchains can’t ignore
Quantum computers still look like lab toys: Racks of hardware, error-prone qubits and almost no real-world applications. Yet if you check the roadmaps of major layer-1 blockchains, a new priority now sits next to scaling and modularity: post-quantum security.
The concern is simple even if the math isn’t. Most major blockchains rely on elliptic-curve signatures (ECDSA and Ed25519) to prove that a transaction came from the owner of a private key. A sufficiently powerful quantum computer running
Shor’s algorithm
could, in theory, recover those private keys from their public counterparts and let an attacker sign fake transactions.
A visual representation of ECDSA
There is also a “harvest now, decrypt later”
. Adversaries can copy public blockchain data today and wait for quantum hardware to catch up. Once it does, old addresses, long-dormant
and some smart contract patterns could become vulnerable even if networks switch to safer algorithms later.
For long-lived public ledgers that cannot be rolled back, quantum planning is becoming an important long-term consideration. With the National Institute of Standards and Technology (NIST)
formal post-quantum standards and governments setting 2030-plus migration timelines,
teams now treat quantum safety as a slow-moving and irreversible risk, and a few networks are already shipping their first countermeasures.
What quantum computers actually threaten in crypto
Quantum computers don’t magically “break blockchains”; they target specific algorithms.
The big one for crypto is public key signatures.
Bitcoin, Ethereum and many other chains rely on elliptic-curve schemes (ECDSA and Ed25519) to prove that a transaction came from the holder of a private key. A sufficiently powerful quantum computer running Shor’s algorithm could recover those private keys from their public keys, making it possible to forge signatures and move funds without permission.
Not everything breaks equally. Hash functions like SHA-256 and Keccak are much more robust. Quantum search algorithms such as Grover’s algorithm provide only a quadratic speed-up there, which designers can mostly offset by increasing hash sizes and security margins. The area most likely to need future upgrades is signatures rather than
proof-of-work (PoW)
hashing or basic transaction integrity.
For blockchains, these areas will require long-term cryptographic upgrades to maintain expected security properties as standards evolve.
unspent transaction outputs (UTXOs)
in Bitcoin, reused addresses on account-based chains, validator keys and signature-based randomness beacons in proof-of-stake (PoS) systems all become attractive targets.
Because cryptography migrations in critical infrastructure often take a decade or more, layer 1s have to start planning well before quantum machines are strong enough to attack them.
Did you know?
” is used informally to describe the year in which quantum computers become cryptanalytically relevant, similar to how “Y2K” referred to the “year 2000.” Some early estimates suggested a 2030 horizon.
Why quantum security just jumped onto layer-1 roadmaps
Quantum risk has been discussed in academic circles for years, but it only recently became a concrete roadmap item for layer-1 teams. The turning point was the shift from theory to standards and deadlines.
From 2022 to 2024, the NIST
and began standardizing the first wave of post-quantum algorithms — including lattice-based schemes such as Cryptographic Suite for Algebraic Lattices (CRYSTALS)-Kyber for key establishment and Dilithium for digital signatures — alongside alternatives such as Stateless Practical Hash-based Incredibly Nice Collision-resistant Signatures (SPHINCS)+. This gave engineers something they could design around instead of a moving research target.
At the same time, governments and large enterprises began talking about “
crypto agility
” and setting migration timelines for critical systems that extend into the 2030s. If you run a public ledger that is meant to hold value and legal agreements for decades, being out of sync with that transition becomes a governance problem.
Layer 1s also respond to headlines. Each time a major hardware or research milestone is announced in quantum computing, it revives the conversation about long-term security. Teams begin to question whether today’s signature schemes will remain safe across the full lifetime of a network. They also consider whether it is better to build post-quantum options now, while they are still optional rather than under pressure later.
Did you know?
The National Cyber Security Centre in the UK has
that organizations should identify quantum-safe cryptography upgrade paths by 2028 and complete migration by around 2035.
The first wave: Which layer-1 networks are preparing
A small but growing group of layer 1s has moved from speculation to concrete engineering work as they try to add quantum resilience without breaking what already works.
Algorand: State proofs and live PQ transactions
Algorand is the clearest example of post-quantum ideas in production. In 2022, it
State Proofs, which are compact certificates of the chain’s history signed with FALCON, a lattice-based signature scheme selected by the NIST. These proofs are designed to be quantum safe and are already used to attest to Algorand’s ledger state every few hundred blocks.
More recently, Algorand has
demonstrated
full post-quantum transactions on mainnet using Falcon-based logic signatures, positioning itself as a potential quantum-safe validation hub for other chains.
Cardano: Research-first roadmap to a PQ future
Cardano still relies on Ed25519 today, but its core teams and foundation have framed quantum readiness as a long-term differentiator. Public materials and recent talks by founder Charles Hoskinson
a plan that combines a separate proof chain, Mithril certificates and post-quantum signatures aligned with the NIST’s Federal Information Processing Standards (FIPS) 203 to 206. The idea is to add a quantum-resilient verification layer over the chain’s history rather than force an abrupt cut-over for every user at once.
Ethereum, Sui, Solana and “quantum-ready” newcomers
On Ethereum, research groups have
mapping out a task list for post-quantum migration, including new transaction types, rollup experiments and zero-knowledge-based wrappers that let users add quantum-safe keys without rewriting the base protocol overnight.
Meanwhile, Sui’s team has published a dedicated
quantum-security roadmap
and, together with academic partners, proposed an upgrade path for EdDSA-based chains like Sui, Solana, Near and Cosmos that avoids disruptive hard forks.
Solana has already rolled out an optional quantum-resistant vault that uses hash-based one-time signatures to protect high-value holdings, giving users a way to park funds behind stronger assumptions.
Beyond the majors, a crop of newer layer 1s markets itself as quantum secure from day one, typically by baking post-quantum signatures into the base protocol. Most are small and unproven, but together they signal that quantum posture is starting to matter in how networks present their long-term credibility.
Did you know?
One of the earliest dedicated blockchains built with quantum resistance in mind is the Quantum Resistant Ledger, launched in 2018, which uses hash-based eXtended Merkle Signature Scheme (XMSS) signatures rather than standard elliptic-curve schemes.
Under the hood: Why going post-quantum isn’t a simple swap
Upgrading to post-quantum signatures sounds straightforward; doing it on a live global network is not. The new algorithms behave differently, and those differences show up everywhere, from block size to wallet user experience (UX).
Most of the leading candidates fall into three buckets:
Lattice-based signatures such as Dilithium and Falcon, which the NIST is sta...