Bitcoin core developer Matt Corallo has publicly countered claims that no serious work is being done on post-quantum cryptography (PQC) for Bitcoin. His statement was prompted by Blockstream's preview of a new opcode, OP_SHRINCSVERIFY, which enables SHRINCS—a hybrid hash-based signature scheme designed for post-quantum security. Developer Jonas Nick will present this proposal at the OPNEXT 2026 conference on April 16, 2026.
The SHRINCS design, detailed by Nick in a December post, combines a stateless scheme like SPHINCS+ with a stateful scheme based on unbalanced XMSS. This aims to provide efficient signing when a wallet's state is intact, with a stateless fallback if the state is lost. A key advantage is signature size: for the first signature (q=1), SHRINCS produces a 324-byte signature, which Nick claims is more than 11 times smaller than the smallest NIST-standardized alternative, ML-DSA, in that setting.
Corallo emphasized that this work is part of ongoing, public research, not a sudden development. The OPNEXT 2026 conference schedule further underscores institutional interest, featuring sessions like "Quantum Bitcoin" by Alex Pruden of Project 11 and a "Quantum/Investor fireside" with Robert Mitchnick of BlackRock and David Duong of Coinbase. However, Nick's proposal is still under discussion, with open questions about hardware performance, signature limits, and wallet design.
Simultaneously, Ethereum co-founder Vitalik Buterin has unveiled a comprehensive quantum resistance roadmap for the Ethereum ecosystem. In a social media post, Buterin identified several network components vulnerable to quantum computing advances: consensus-layer BLS signatures, data availability systems using KZG commitments, externally owned account (EOA) signatures based on ECDSA, and application-layer zero-knowledge proofs like KZG or Groth16.
His proposed solutions include replacing BLS signatures with hash-based options like Winternitz variants, using STARK-based aggregation for verification, and introducing native account abstraction via EIP-8141 to allow EOAs to support quantum-resistant signature methods. Buterin acknowledged the high gas costs of quantum-resistant alternatives—around 200,000 gas compared to 3,000 gas for current ECDSA—but expects efficiency improvements and aggregation techniques to mitigate this.
For proof systems, the roadmap proposes bundling multiple transaction checks into a single STARK proof before on-chain verification to manage higher costs. This initiative aligns with the Ethereum Foundation's recent announcement prioritizing network capacity expansion while ensuring long-term security and resilience.
