How Far Are We from the Adoption of Quantum-Resistant Blockchains?

# How Far Are We from the Adoption of Quantum-Resistant Blockchains? ## Overview Recently, Microsoft announced progress in quantum computing with the development of their new quantum chip, *Majorana 1*. Researchers in Microsoft have created a new material called a topoconductor and made the Majorana particle—previously only theoretical—a reality. Currently, the chip contains eight qubits, but Microsoft claims it can be scaled to millions of quantum bits. At present, the cryptographic foundation of the entire blockchain ecosystem—hash algorithms and elliptic curve cryptography (ECC)—remains secure. According to a report from Mara, [*Bitcoin vs. Quantum Computing: More Hype Than Reality*](https://www.mara.com/posts/bitcoin-vs-quantum-computing-more-hype-than-reality), breaking ECDSA within an hour would require 217 million physical qubits. Even with five years of computation, it would still take thousands of such qubits. Meanwhile, the most powerful quantum computers today only possess around a hundred qubits. Even though we assume that practical quantum computers are still decades away, the rapid development of AI in recent years has repeatedly shocked us. I am beginning to wonder: if a viable breakthrough were to be discovered, could the combined efforts of exceptionally talented and hardworking scientists and engineering teams from the U.S., China, and around the world push quantum computing into practicality at an unimaginable speed? In this article, based on my understanding, I will explore how far blockchain systems are from quantum resistance. I will also discuss which blockchain systems are actively working toward or have already made strides in quantum resistance. However, I must clarify that I am not an expert in quantum physics, and my knowledge of quantum-resistant cryptography is limited. Everything presented here is based on publicly available information. ## Fundamental Analysis Broadly, any blockchain system can be divided into three layers: the **network layer**, the **consensus layer**, and the **execution layer**. If necessary, upgrading the network layer for quantum resistance is the simplest task. Therefore, my focus will be on the consensus layer and execution layer. The two most commonly used consensus mechanisms are **Proof of Work (PoW)** and **Proof of Stake (PoS)**. For **PoW**, as long as the chosen hash algorithm is secure and reasonable—such as SHA-256, SHA-512, SHA-3, Blake2b, or Blake3—PoW consensus can be considered quantum-resistant. Grover’s algorithm can achieve an O(N)O(\sqrt{N}) complexity reduction, allowing a quantum computer to find a target value in a dataset of size NN more efficiently. This means quantum-based mining machines could mine blocks faster. However, because all PoW blockchains have difficulty adjustment mechanisms, this would only increase the overall mining difficulty rather than compromise PoW's security. For **PoS**, nearly all existing PoS systems are **not** quantum-resistant. They rely on **signature algorithms based on elliptic curve cryptography (ECC)** for signing and for computing verifiable random functions (VRFs). Among PoS blockchains, **Algorand** is planning a gradual transition toward quantum resistance. However, quantum-resistant signature algorithms typically produce significantly larger signatures and public keys than ECC-based ones. This has a substantial impact on consensus message synchronization. As a result, either fewer nodes must participate, or bandwidth requirements must be raised. Additionally, due to **long-range attacks**, quantum computers could easily break the private keys of historical validators, allowing them to create a new longest chain from a fork. In terms of the consensus layer, another important topic is **zk-Rollups**. Most zk-Rollups today rely on **Groth16** for final on-chain verification, which is based on elliptic curve cryptography and is therefore not quantum-resistant. However, using **STARKs** for verification would make zk-Rollups dependent solely on hash functions, making them quantum-resistant. For the **execution layer**, the choice of asymmetric cryptographic methods is the key factor determining quantum resistance. Currently, elliptic curve cryptography still dominates this space. Smart contract execution itself is not directly affected by quantum threats, as all nodes merely compute a deterministic result from a given input—unless they rely on cryptographic components that are vulnerable to quantum attacks. ------ ## Bitcoin (BTC) At the **consensus layer**, Bitcoin can be considered quantum-resistant because it relies solely on hash functions. Even if SHA-256 were to become insecure, upgrading to a new hash function via a hard fork would be far simpler than forcing all users to transition to a new cryptographic algorithm. At the **execution layer**, some parts of Bitcoin can be considered quantum-resistant. Before the **Taproot** upgrade, the most commonly used address format was **P2PKH** (Pay-to-PubKey-Hash), which hashes the public key to generate an address. If an address is only used **once**, it remains difficult for quantum computers to break. However, quantum computers still pose major threats to Bitcoin: 1. **Pre-P2PKH Bitcoin (P2PK addresses):** Before P2PKH was widely adopted, the primary address format was **P2PK** (Pay-to-PubKey), which directly used the ECDSA public key as the address. This format is inherently vulnerable to quantum attacks. **Satoshi Nakamoto's 1 million BTC are stored in this format**, making them completely exposed to quantum threats. 2. **Post-Taproot (P2TR addresses):** After the Taproot upgrade, many users transitioned to **P2TR** addresses, which use Schnorr signatures. Like ECDSA, Schnorr signatures are vulnerable to quantum attacks. Even if all current users were to migrate their assets to quantum-resistant addresses, if **Satoshi Nakamoto’s BTC and other early Bitcoin OGs' addresses** were compromised, the sudden influx of BTC into circulation could crash the market and render BTC nearly worthless. ------ ## Ethereum (ETH) At the **consensus layer**, Ethereum has transitioned from **PoW to PoS**. Since Ethereum’s PoS mechanism needs to support tens of thousands of validators, **signature aggregation** is crucial to reducing communication overhead. Ethereum widely uses **BLS signatures**, which are **based on ECC and are not quantum-resistant**. If Ethereum were to upgrade its consensus algorithm for quantum resistance, it would need to: - Revert to **PoW** (which is already quantum-resistant), - **Reduce the number of participating nodes** to lower networking costs, - Find a **quantum-resistant signature algorithm** with good aggregation performance, or - Use **STARK-based** signatures. Additionally, Ethereum's roadmap includes multiple cryptographic components that **are not quantum-resistant**: - **EIP-4844 upgrade:** Introduces **blob transactions** based on **KZG commitments**, making Layer 2 solutions that depend on blobs vulnerable to quantum attacks. - **Stateless Ethereum roadmap:** Relies on **Verkle Trees**, which currently use **IPA commitments**, another non-quantum-resistant component. At the **execution layer**, Ethereum uses **ECDSA public key hashes** as account addresses. However, because most users **reuse** their accounts under the **account model**, this makes Ethereum significantly vulnerable to quantum attacks. Ethereum also supports **BN254 and BLS12-381** pairing-friendly elliptic curves, which are widely used in cryptographic operations and are also **not quantum-resistant**. Ethereum is a blockchain that continuously evolves and upgrades. However, this also means it carries **technical debt**. Transitioning entirely to quantum resistance would be an **even more complex process** compared to Bitcoin. That said, due to Ethereum’s **somewhat centralized governance**, if a major quantum threat were to emerge, the **Ethereum Foundation** might be able to take a radical approach—similar to the **The DAO** hard fork—forcing a network-wide upgrade and freezing all non-upgraded assets. ## **Solana** At the **consensus layer**, Solana's primary mechanism is a **Byzantine Fault Tolerant (BFT) protocol**, where validators construct **Vote transactions** and broadcast them. Currently, this relies on the **ED25519 signature algorithm**. At the **execution layer**, the situation is the same—Solana's transactions and smart contracts also depend on **ED25519**. Within the Solana ecosystem, some researchers have experimented with **quantum-resistant vault solutions**, such as [solana-winternitz-vault](https://github.com/deanmlittle/solana-winternitz-vault), which implements **Winternitz One-Time Signatures (WOTS+).** However, this is far from a complete solution. To achieve full quantum resistance, **both the consensus and execution layers must transition away from ED25519 to quantum-resistant signature schemes.** ------ ## **Algorand (Algo)** Algorand is one of the few **PoS projects** that has made quantum resistance a part of its roadmap. According to its official article—[*Algorand’s Post-Quantum Blockchain Technology*](https://algorand.co/technology/post-quantum)—it has implemented **state proofs** based on the **FALCON** signature scheme. This ensures that Algorand’s **transaction history is protected from long-range attacks by quantum computers**. Additionally, Algorand is actively working on: - **Integrating FALCON signatures at the execution layer** to replace existing ECC-based signatures. - **Exploring XMSS-based quantum-resistant VRF** as a replacement for the current VRF mechanism, which relies on ECC. I also noticed that **CoinMarketCap categorizes quantum-resistant blockchains as a separate asset class**—[*Top Quantum-Resistant Tokens by Market Capitalization*](https://coinmarketcap.com/view/quantum-resistant/). Below, I will summarize some of the top-ranking tokens from this category. ![image](https://hackmd.io/_uploads/BJQ9_A49yl.png) ------ ## **CKB (Nervos Network)** CKB is a blockchain based on **PoW** and an **extended UTXO model**. Structurally, it is **very similar to Bitcoin** but features optimizations in its PoW design. It also introduces a **Turing-complete RISC-V virtual machine** as its execution engine for smart contracts. ### **Quantum Resistance of CKB** - **Consensus Layer:** Since CKB uses **Nakamoto Consensus (PoW)**, it can be considered **quantum-resistant** at the consensus level. - Execution Layer: - CKB fully supports **account abstraction** and **custom cryptographic primitives**. The blockchain itself does not enforce the use of any specific signature algorithm. - The **unlock scripts** (used for transaction validation) can be programmed flexibly using the **RISC-V VM**, allowing developers to deploy quantum-resistant cryptographic schemes. As an example, the **CKB Core Team** has implemented **SPHINCS+**-based unlock scripts, which you can read more about in their article: [*Quantum Computation: New Challenge to CKB’s Security?*](https://blog.cryptape.com/quantum-computation-new-challenge-to-ckbs-security). Additionally, since **account abstraction** is natively supported, developers could deploy **FALCON- or STARK-based unlock scripts** for quantum resistance. However, there is one caveat: **Most CKB transactions today still use ECC-based unlock scripts.** While these are obfuscated with **hash functions**, they are **not** fully quantum-resistant. If users **reuse addresses**, quantum computers could still pose a significant threat. ------ ## **QRL (Quantum Resistant Ledger)** QRL was **designed with quantum resistance in mind** from the very beginning. In its initial whitepaper, the project proposed: - Replacing **ECDSA** with **XMSS**, a quantum-resistant signature scheme. - Using **Proof-of-Stake (PoS)** for consensus. However, when **QRL's mainnet launched**, it did **not** use PoS. Instead, it adopted a **PoW consensus mechanism based on the RandomX hash algorithm**. Currently, QRL is working on a **new PoS blockchain**: [theQRL/go-zond](https://github.com/theQRL/go-zond). This project: - **Modifies Ethereum’s go-ethereum client** to replace its PoS consensus mechanism with a **quantum-resistant PoS algorithm**. - Uses **XMSS-based signatures** instead of ECC. However, the exact timeline for this upgrade is **still undetermined**. ------ ## **Summary** At present, quantum-resistant signatures **still lag behind ECC-based signatures** in several ways: 1. **Size:** Quantum-resistant public keys and signatures are **much larger** (typically several KB), whereas ECC signatures are **under 100 bytes**. 2. **Performance:** **Generating and verifying** quantum-resistant signatures require **significantly more computation** compared to ECC. 3. **Adoption Barriers:** Upgrading blockchain infrastructure to support quantum-resistant cryptography involves **massive network-wide changes** and may not be a priority for many projects. ### **What Can Be Done?** 1. **Encourage users to follow the "one-time address" principle**—particularly on blockchains like Bitcoin and CKB, where public key hashes provide an extra layer of security. 2. Push for quantum-resistant upgrades sooner rather than later. The more funds remain exposed to quantum threats, the lower the economic security of a blockchain. - **Example:** If **30% of a cryptocurrency’s supply** is stored in quantum-vulnerable addresses, **even if the remaining 70% is quantum-resistant, the market value could still collapse** due to mass liquidations. 3. Recognize the elegance of Nakamoto Consensus (PoW): - Even in a world where quantum computers exist, **Bitcoin and other PoW-based chains can retain their security guarantees** through simple hash function upgrades. - The **historical energy and effort invested in PoW chains** continue to serve as a robust security foundation. In conclusion, while quantum computing remains a distant but looming threat, blockchains must **proactively** prepare for the inevitable shift toward quantum-resistant cryptography.