The cryptocurrency industry is not ready to transition to post-quantum cryptography, despite advancements in quantum computing. This was stated by the developers at Quantus.

The project team released a study titled The State of Quantum: What Crypto Can’t Afford to Ignore, which ForkLog reviewed. It indicates that wallets, exchanges, custodians, validators, bridges, and governance systems are at risk.

Source: ForkLog.

Most of the market still relies on traditional signature schemes—ECDSA and Ed25519. Theoretically, Shor's algorithm could enable quantum computers to break these systems once they achieve sufficient power.

In August 2024, NIST finalized the first standards for post-quantum cryptography—ML-KEM and ML-DSA. These are positioned as a response to the impending collapse of classical approaches.

Blockchains Are More Complex Than Traditional IT

Experts at Quantus assert that the cryptocurrency market faces stricter constraints than conventional IT infrastructure.

In centralized services, cryptography can be updated via patches. In blockchains, user-controlled fund storage, decentralized governance, and public keys can remain on the network for years.

The report mentions a scenario called "harvest now, decrypt later": data is collected today to be decrypted later when sufficiently powerful quantum machines become available.

Quantus CEO and CTO Christopher Smith stated that the industry will not receive a "clear alarm signal" before the hypothetical Q-Day.

"The crypto market needs to build infrastructure in advance, not under pressure," he said.

There is currently no timeline for the arrival of quantum computers capable of breaking modern schemes. In May, IBM Quantum's global sales director, Petra Florizun, stated that quantum computing is moving beyond laboratory experiments and starting to be applied to real-world problems.

Impact on Bitcoin

A separate section of the study focuses on Bitcoin. Quantus claims that a standard transaction of the first cryptocurrency using ECDSA requires about 97 bytes for the signature and public key. The ML-DSA-87 variant increases this size to approximately 7187 bytes.

A direct transition to post-quantum signatures without changes to the network architecture would significantly reduce the number of transactions per block, according to the authors.

The report also mentions BIP-360—a proposal for migrating the Bitcoin blockchain to quantum protection. The document describes the Pay-to-Merkle-Root format as a step to reduce key exposure risks.

The authors of BIP-360 noted that the proposal does not address all issues. Concerns remain regarding wallet compatibility, block space load, and the fate of old addresses.

Quantus's Own Solution

The project claims that post-quantum cryptography creates a new version of the "blockchain trilemma": large signatures impact scalability, while privacy adds additional costs.

Quantus proposes offloading some of the burden outside the main chain using ZK mechanisms. The document mentions Wormhole Addresses, Plonky2, STARK-like proof aggregation, and Poseidon2.

Tech Giants Are Already Moving

The report provides examples of major tech companies transitioning to post-quantum protection:

  • Signal with the PQXDH protocol;
  • Google with hybrid X25519Kyber768 in Chrome;
  • Apple with the PQ3 system for iMessage.

Quantus concludes that mass consumer services began preparing for the post-quantum era earlier than a significant portion of the crypto market.

In April, Lightning Labs' CTO Olaoluwa Osuntokun presented a prototype tool to protect Bitcoin wallets from potential quantum attacks.