The cryptographic foundations of major blockchains like Ethereum and Solana face a long-term existential threat from quantum computing, known as "Q-Day." As processors like IBM's Osprey and Google's Sycamore scale, the risk grows that a sufficiently powerful quantum computer could use Shor's algorithm to break the Elliptic Curve Digital Signature Algorithm (ECDSA) and RSA, which secure smart contracts and transactions today.
To ensure the viability of digital assets, developers are being urged to migrate to post-quantum cryptography (PQC). Regulatory timelines are tightening: the EU's Coordinated Implementation Roadmap targets 2026–2030 for PQC deployment, while the United States aims for full quantum-resistant security by 2035.
The migration process is multi-faceted. Developers must first audit their cryptographic exposure, identifying contracts and wallets with exposed public keys that are vulnerable. The National Institute of Standards and Technology (NIST) recommends algorithms like CRYSTALS-Dilithium (ML-DSA), FALCON, and SPHINCS+. For most EVM-based developers, Dilithium is the practical starting point due to NIST backing and growing toolchain support.
A critical step is deploying a hybrid signing layer, allowing contracts to verify signatures using both ECDSA and PQC methods for backward compatibility. Smart contract verification logic must be updated, potentially replacing the `ecrecover` function in Solidity. Furthermore, zero-knowledge proof components (like Groth16, Halo2, PlonK) that rely on elliptic curves also require upgrades, with Ethereum evaluating FRI, STIR, and WHIR.
Testing on post-quantum testnets is essential. Projects like QRL's Project Zond and QANplatform offer EVM-compatible testnets with PQC functionality. Finally, coordinating key migration for end-users—especially for DeFi protocols and multi-sig contracts—is vital, often requiring incentive programs and clear deadlines to deprecate ECDSA support.
Parallel to blockchain concerns, encrypted messaging apps like Signal and Threema are also preparing for quantum threats. IBM researchers are collaborating with these platforms to redesign protocols. Cryptographer Ethan Heilman notes that messaging may face a more immediate "store-and-forward" attack risk than Bitcoin, as encrypted communications can be recorded now and decrypted later. Signal has already introduced PQXDH and SPQR protocol upgrades, while Threema is exploring integration of the NIST-standardized ML-KEM algorithm.
