Antonio Sanso, cryptography researcher at the Ethereum Foundation, is confident the blockchain will be quantum secure long before a quantum attack is even possible.
”We as the Ethereum Foundation (EF) and Ethereum community are working massively on this topic,” he told Cointelegraph.
“The research part is probably the part that has been already figured out. And we are starting with the execution phase of it. And we’re really confident we’re gonna meet the timeline and the deadline.”
The EF has declared post-quantum (PQ) security a top strategic priority. On Jan. 24, it announced the formation of a Post Quantum team led by Thomas Coratger. Sanso is leading its new biweekly All Core Devs calls on post-quantum security from Feb. 4.
It’s a massive undertaking. He explained that Ethereum’s execution, consensus and data availability layers all need to be upgraded.
”When we talk about having a post-quantum solution, we are not talking about one part — there are all the different big macro areas of Ethereum that need to be migrated,” he said.
“The good thing is that we have been working on it for many months, if not years. So, we have a clear plan in mind, and we are probably going to execute in the next years.”
One-fifth of the way to the finish line
Asked to put a figure on how far work has progressed to date, Sanso said solutions for the different layers are progressing at different rates, “so there is not one percentage for all three. But we are like, ballpark, probably 20%.”
The new biweekly call will discuss the benefits and trade-offs of different approaches. Multi-client post-quantum devnets are now live, and a PQ roadmap will be released soon, targeting what EF researcher Justin Drake calls “a full transition in coming years with zero loss of funds and zero downtime.”
Making Ethereum quantum-resilient is just one part of a complete overhaul of the entire blockchain as part of Lean Ethereum. The aim is to make Ethereum faster, simpler and more decentralized using zero-knowledge (ZK) technology, while also making it resistant to quantum attacks.
Comparison to Bitcoin
The enthusiasm for quantum proofing Ethereum is in stark contrast to Bitcoin, where leaders from Adam Back to Michael Saylor have played down the need for change, pointing to estimates that suggest a quantum computer might be many years or decades away.
Which is true, but with caveats. At DevConnect in Buenos Aires, co-founder Vitalik Buterin noted the median prediction for a quantum computer to break cryptography was 2040, but there was still a 20% chance it could happen by 2030.
But as it happens, less Bitcoin (BTC) is actually vulnerable to quantum attacks, with estimates suggesting around 6 million BTC, mostly in older addresses with public keys exposed, is currently at risk.
Related: Bitcoin doesn’t have 20 years because the quantum threat is already here
However, the vast majority of Ethereum is vulnerable — and all of Solana. The proposed fixes for Bitcoin are simpler as well, even if much larger PQ signatures remain a big problem.
“From the technical perspective, it’s simpler to migrate,” Sanso explained. “But they probably will have an issue at the human level … finding an agreement on what to do.”
“Ethereum, we don’t have this problem, but… technologically, we have more stuff to migrate,” he said. “We share the same fact that we need to change execution transaction signatures, but of the problems we have — between execution layer, consensus and data availability — the execution layer is the easiest. So, then the other two are a bit more complicated.”
What happens if quantum computers arrive early?
Sanso’s own best guess for the quantum computer deadline is the mid-2030s. He expects Lean Ethereum to be complete sometime between 2028 and 2032.
Given how suddenly large language models and ZK-proofs arrived (in the latter case, well ahead of estimates), it’s possible quantum computers may be able to crack blockchains before they’re completely finished.
You can increase protection for your Ether (ETH) right now by sending it to a new, unused address, as the public keys will not be exposed (quantum computers work backwards to derive the private keys from the public ones using Shor’s algorithm).
In the future, smart wallets using a combination of account abstraction and post-quantum signatures will protect your ETH.
“The idea is to have a new algorithm that is post-quantum, probably lattice- or hash-based. And basically, we’ll integrate with account abstraction.”
PQ signatures are much larger
At DevConnect in November, Zknox demonstrated a hardware wallet with a post-quantum Dilithium signature that’s compatible with Ethereum’s existing infrastructure.
However, post-quantum signatures are massive, and the lightest one, called Falcon, is still 10 times larger than the current Elliptic Curve Digital Signature Algorithm (ECDSA) ones.
Sanso explained that coding the lattice solution in Solidity costs a fortune in gas. There’s an Ethereum Improvement Proposal (EIP) for a precompile to handle this automatically outside of the core protocol, which would speed things up and reduce costs.
The wider issue of incorporating signatures 10 times bigger than the current ones into the chain will likely require a range of different measures, including the use of ZK-STARKs to compress down the size.
Emergency quantum upgrade
But Buterin also developed an emergency plan in March 2024 to deal with a quantum attack, which involves a hard fork and a method for ETH owners to prove they are the legit owners of a particular address before being transitioned to PQ addresses holding the equivalent balance.
Sanso said this plan has progressed, and they’ve been working on a way for ETH owners to use ZK-proofs to safely prove they have the correct seed for an address.
”It’s something we have been actively working on. Hopefully, it’s going to be one project that will show this, either at EthCC Cannes or Devcon in India.”
Depending on which EIPs are approved, this system might also be used as part of the planned switch to PQ signatures. Individuals could prove ownership of an address and would then be able to switch off the existing quantum-vulnerable ECDSA part of an account.
”We have this EIP that you can enable yourself, and say, I will kill the elliptic curve part on my EOAs. So, you keep the same address, and the only way for you to move out stuff from your address is a combination of account abstraction and this proof of seeds.”
“Probably, it’s going to be discussed in the next forks, and I think it’s in the right direction if you ask me.”
Sanso pointed out that choosing which EIPs to include will be a long process and ultimately decided by the community.
He said the first All Core Devs PQ “breakout room” call is scheduled for Feb. 4, 2026.
According to Drake, the biweekly sessions will “focus on user-facing security, covering dedicated precompiles, account abstraction and longer-term transaction signature aggregation with leanVM.”
Magazine: Bitcoin vs. the quantum computer threat — Timeline and solutions (2025-2035)
Cointelegraph Features and Cointelegraph Magazine publish long-form journalism, analysis and narrative reporting produced by Cointelegraph’s in-house editorial team and selected external contributors with subject-matter expertise. All articles are edited and reviewed by Cointelegraph editors in line with our editorial standards. Contributions from external writers are commissioned for their experience, research or perspective and do not reflect the views of Cointelegraph as a company unless explicitly stated. Content published in Features and Magazine does not constitute financial, legal or investment advice. Readers should conduct their own research and consult qualified professionals where appropriate. Cointelegraph maintains full editorial independence. The selection, commissioning and publication of Features and Magazine content are not influenced by advertisers, partners or commercial relationships.
