The slow-moving threat that blockchains can’t ignore
Quantum computers still look like lab toys: Racks of hardware, error-prone qubits and almost no real-world applications. Yet if you check the roadmaps of major layer-1 blockchains, a new priority now sits next to scaling and modularity: post-quantum security.
The concern is simple even if the math isn’t. Most major blockchains rely on elliptic-curve signatures (ECDSA and Ed25519) to prove that a transaction came from the owner of a private key. A sufficiently powerful quantum computer running Shor’s algorithm could, in theory, recover those private keys from their public counterparts and let an attacker sign fake transactions.
There is also a “harvest now, decrypt later” angle. Adversaries can copy public blockchain data today and wait for quantum hardware to catch up. Once it does, old addresses, long-dormant wallets and some smart contract patterns could become vulnerable even if networks switch to safer algorithms later.
For long-lived public ledgers that cannot be rolled back, quantum planning is becoming an important long-term consideration. With the National Institute of Standards and Technology (NIST) publishing formal post-quantum standards and governments setting 2030-plus migration timelines, layer-1 teams now treat quantum safety as a slow-moving and irreversible risk, and a few networks are already shipping their first countermeasures.
What quantum computers actually threaten in crypto
Quantum computers don’t magically “break blockchains”; they target specific algorithms.
The big one for crypto is public key signatures.
Bitcoin, Ethereum and many other chains rely on elliptic-curve schemes (ECDSA and Ed25519) to prove that a transaction came from the holder of a private key. A sufficiently powerful quantum computer running Shor’s algorithm could recover those private keys from their public keys, making it possible to forge signatures and move funds without permission.
Not everything breaks equally. Hash functions like SHA-256 and Keccak are much more robust. Quantum search algorithms such as Grover’s algorithm provide only a quadratic speed-up there, which designers can mostly offset by increasing hash sizes and security margins. The area most likely to need future upgrades is signatures rather than proof-of-work (PoW) hashing or basic transaction integrity.
For blockchains, these areas will require long-term cryptographic upgrades to maintain expected security properties as standards evolve.
Old unspent transaction outputs (UTXOs) in Bitcoin, reused addresses on account-based chains, validator keys and signature-based randomness beacons in proof-of-stake (PoS) systems all become attractive targets.
Because cryptography migrations in critical infrastructure often take a decade or more, layer 1s have to start planning well before quantum machines are strong enough to attack them.
Did you know? The term “Y2Q” is used informally to describe the year in which quantum computers become cryptanalytically relevant, similar to how “Y2K” referred to the “year 2000.” Some early estimates suggested a 2030 horizon.
Why quantum security just jumped onto layer-1 roadmaps
Quantum risk has been discussed in academic circles for years, but it only recently became a concrete roadmap item for layer-1 teams. The turning point was the shift from theory to standards and deadlines.
From 2022 to 2024, the NIST selected and began standardizing the first wave of post-quantum algorithms — including lattice-based schemes such as Cryptographic Suite for Algebraic Lattices (CRYSTALS)-Kyber for key establishment and Dilithium for digital signatures — alongside alternatives such as Stateless Practical Hash-based Incredibly Nice Collision-resistant Signatures (SPHINCS)+. This gave engineers something they could design around instead of a moving research target.
At the same time, governments and large enterprises began talking about “crypto agility” and setting migration timelines for critical systems that extend into the 2030s. If you run a public ledger that is meant to hold value and legal agreements for decades, being out of sync with that transition becomes a governance problem.
Layer 1s also respond to headlines. Each time a major hardware or research milestone is announced in quantum computing, it revives the conversation about long-term security. Teams begin to question whether today’s signature schemes will remain safe across the full lifetime of a network. They also consider whether it is better to build post-quantum options now, while they are still optional rather than under pressure later.
Did you know? The National Cyber Security Centre in the UK has indicated that organizations should identify quantum-safe cryptography upgrade paths by 2028 and complete migration by around 2035.
The first wave: Which layer-1 networks are preparing
A small but growing group of layer 1s has moved from speculation to concrete engineering work as they try to add quantum resilience without breaking what already works.
Algorand: State proofs and live PQ transactions
Algorand is the clearest example of post-quantum ideas in production. In 2022, it introduced State Proofs, which are compact certificates of the chain’s history signed with FALCON, a lattice-based signature scheme selected by the NIST. These proofs are designed to be quantum safe and are already used to attest to Algorand’s ledger state every few hundred blocks.
More recently, Algorand has demonstrated full post-quantum transactions on mainnet using Falcon-based logic signatures, positioning itself as a potential quantum-safe validation hub for other chains.
Cardano: Research-first roadmap to a PQ future
Cardano still relies on Ed25519 today, but its core teams and foundation have framed quantum readiness as a long-term differentiator. Public materials and recent talks by founder Charles Hoskinson outline a plan that combines a separate proof chain, Mithril certificates and post-quantum signatures aligned with the NIST’s Federal Information Processing Standards (FIPS) 203 to 206. The idea is to add a quantum-resilient verification layer over the chain’s history rather than force an abrupt cut-over for every user at once.
Ethereum, Sui, Solana and “quantum-ready” newcomers
On Ethereum, research groups have started mapping out a task list for post-quantum migration, including new transaction types, rollup experiments and zero-knowledge-based wrappers that let users add quantum-safe keys without rewriting the base protocol overnight.
Meanwhile, Sui’s team has published a dedicated quantum-security roadmap and, together with academic partners, proposed an upgrade path for EdDSA-based chains like Sui, Solana, Near and Cosmos that avoids disruptive hard forks.
Solana has already rolled out an optional quantum-resistant vault that uses hash-based one-time signatures to protect high-value holdings, giving users a way to park funds behind stronger assumptions.
Beyond the majors, a crop of newer layer 1s markets itself as quantum secure from day one, typically by baking post-quantum signatures into the base protocol. Most are small and unproven, but together they signal that quantum posture is starting to matter in how networks present their long-term credibility.
Did you know? One of the earliest dedicated blockchains built with quantum resistance in mind is the Quantum Resistant Ledger, launched in 2018, which uses hash-based eXtended Merkle Signature Scheme (XMSS) signatures rather than standard elliptic-curve schemes.
Under the hood: Why going post-quantum isn’t a simple swap
Upgrading to post-quantum signatures sounds straightforward; doing it on a live global network is not. The new algorithms behave differently, and those differences show up everywhere, from block size to wallet user experience (UX).
Most of the leading candidates fall into three buckets:
Lattice-based signatures such as Dilithium and Falcon, which the NIST is standardizing, are fast and relatively efficient but still come with larger keys and signatures than today’s elliptic-curve schemes.
Hash-based signatures like SPHINCS+ are built on conservative assumptions, yet they can be bulky and, in some variants, are effectively one-time use, which complicates how everyday wallets work.
Code-based and multivariate schemes play a role in key exchange and specialized applications but are less common in layer-1 plans so far.
For blockchains, these design choices have knock-on effects. Bigger signatures mean heavier blocks, more bandwidth for validators and more storage over time. Hardware wallets and light clients have to verify more data. Consensus is affected, too, because PoS systems that rely on verifiable random functions or committee signatures need quantum-resistant replacements, not just new keys for user accounts.
Then there is the migration problem. Billions of dollars are locked in legacy addresses whose owners may have lost keys, died or simply stopped paying attention. Networks have to decide how far to go:
Support hybrid signatures (classical plus PQ) so users can opt in gradually
Introduce new transaction types that wrap old keys in quantum-safe schemes
Or create incentives and deadlines for rekeying long-dormant funds.
None of those choices is purely technical. They touch governance, legal treatment of assets and what happens to coins whose owners never show up to upgrade.
What users, builders and investors should watch next
Quantum risk does not require an immediate scramble, but it does change how different stakeholders evaluate a network’s long-term credibility.
For everyday users, the most practical step is to pay attention to how your ecosystem talks about crypto agility, which is the ability to add and rotate cryptographic primitives without a disruptive hard fork.
Over the coming years, expect to see new account types, hybrid signature options and wallet prompts to upgrade keys for high-value holdings. The first implementations will probably arrive in bridges, sidechains and rollups before they reach the main layer 1.
For developers and protocol designers, the priority is flexibility. Smart contracts, rollups and authentication schemes that hard-code a single signature algorithm will age badly. Designing interfaces and standards that can plug in multiple schemes, both classical and post-quantum, makes it far easier to follow NIST and industry guidance as it evolves.
For investors and governance participants, quantum readiness is turning into another dimension of technical due diligence. It is no longer enough to ask about throughput, data availability or maximal extractable value (MEV). The deeper questions are:
Does this chain have a documented post-quantum roadmap?
Are there prototypes or live features such as state proofs, vaults or hybrid transactions, or just marketing language?
Who is responsible for making the migration decisions when the time comes?
If large-scale quantum attacks become practical in the distant future, networks that update their cryptography will be better aligned with recommended security standards.
Layer 1s that treat quantum as a slow governance-level risk and start building escape hatches now are effectively betting that their chains will still matter decades from today.