Solana co-founder Anatoly Yakovenko has issued a stark warning that artificial intelligence could crack cryptographic signature schemes designed to resist quantum computers. In a series of posts on X, Yakovenko argued that the crypto industry does not fully understand the implementation vulnerabilities in post-quantum cryptography (PQC) and that AI-powered attacks pose a more immediate threat than hypothetical quantum machines.
The discussion began when developer @shek_dev posted on X that Solana was about to get “quantum-mogged,” referencing a live GitHub pull request from contributor abishekk92 that introduced a formal verification suite for a Falcon-512 signature verifier—a quantum-resistant signature scheme. The pull request involved thousands of lines of formal verification, including Lean proofs, Kani harnesses, and Miri memory safety checks, covering byte-level codec canonicality and NTT kernel correctness.
Yakovenko responded directly, stating that the biggest current risk is AI breaking PQC signature schemes. He noted that the industry has limited understanding of both the mathematical attack surface and the real-world deployment gaps. He proposed two countermeasures: 2-of-3 multi-signature wallet support for PQC, and native protection built directly into the transaction processor through Program Derived Addresses (PDAs). In a separate reply, he suggested a syscall to lift PDA is_signer status to the transaction processor level, with fees charged to valid signers at the end of each block.
Benchmarks from the formal verification branch showed zero change in compute units against master—195,786 CUs on both sides. The new try_prepare_pubkey function costs approximately 99k CUs, similar to the original. However, Yakovenko emphasized that formal verification does not yet cover whole-pipeline NTT correctness as a formal statement, leaving gaps that AI could exploit.
Yakovenko also criticized Ethereum layer-2 networks on May 2, stating: “Ethereum L2s are not quantum safe, abandon all hope.” He pointed out that most L2 wallets still rely on the Elliptic Curve Digital Signature Algorithm (ECDSA) with the secp256k1 curve, which becomes vulnerable once public keys are exposed on-chain. This opens the door to “harvest now, decrypt later” attacks, where adversaries collect encrypted data today and decrypt it once quantum computing—or AI-powered decryption—evolves sufficiently.
Falcon-512 is being adopted because it resists attacks from quantum computers using Shor’s algorithm. However, Yakovenko’s broader message is that even next-generation cryptographic solutions are not foolproof, and the industry must prepare for unexpected risks as AI continues to advance.
