Vitalik Buterin Outlines Ethereum's Post-Quantum Security Plan

Why it matters

The proactive stance on quantum threats is a strategic move to harden Ethereum's core infrastructure, addressing vulnerabilities in four key areas: consensus-layer signatures (BLS), data availability (KZG commitments), user account signatures (ECDSA), and application-layer zero-knowledge proofs. This overhaul is designed to future-proof the network against the day a cryptographically relevant quantum computer becomes a reality, an event some analysts predict could occur between 2028 and the mid-2030s. A primary challenge is the significant overhead of quantum-resistant cryptography. Verifying a standard ECDSA signature costs about 3,000 gas, whereas a quantum-resistant hash-based signature could require around 200,000 gas. Similarly, quantum-resistant STARK proofs for ZK-rollups could see verification costs jump to nearly 10 million gas from the current 300,000 to 500,000 gas for ZK-SNARKs. To mitigate these costs, the roadmap proposes protocol-layer recursive aggregation. This technique would bundle thousands of signatures or proofs into a single master proof, or "validation frame," keeping on-chain verification costs near zero. This is part of a broader strategy to manage the increased computational load of post-quantum algorithms. The transition for user accounts hinges on native account abstraction, particularly through EIP-8141. This will allow individual wallets to upgrade from the vulnerable ECDSA to quantum-resistant signature schemes, such as lattice-based or hash-based options. One such upgrade, "frame transactions," is being considered for the Hegota hard fork expected in the latter half of 2026. This entire effort is part of a larger development plan, dubbed the "Strawmap," which outlines roughly seven hard forks through 2029. The Ethereum Foundation has formalized this push by creating a dedicated post-quantum security team and offering a $1 million prize to accelerate research in quantum-resistant cryptography. This positions the post-quantum transition alongside other key objectives like increasing transaction throughput to 10,000 TPS on Layer 1. The urgency is underscored by the "harvest now, decrypt later" threat, where adversaries could be storing encrypted data today to decrypt once powerful quantum computers are available. While the Bitcoin community remains divided on the immediacy of the quantum threat, Ethereum developers are taking a more proactive approach to ensure long-term security and maintain trust.

Key numbers

• This overhaul is designed to future-proof the network against the day a cryptographically relevant quantum computer becomes a reality, an event some analysts predict could occur between 2028 and the mid-2030s.
• Verifying a standard ECDSA signature costs about 3,000 gas, whereas a quantum-resistant hash-based signature could require around 200,000 gas.
• Similarly, quantum-resistant STARK proofs for ZK-rollups could see verification costs jump to nearly 10 million gas from the current 300,000 to 500,000 gas for ZK-SNARKs.
• The transition for user accounts hinges on native account abstraction, particularly through EIP-8141.

What happens next

• This overhaul is designed to future-proof the network against the day a cryptographically relevant quantum computer becomes a reality, an event some analysts predict could occur between 2028 and the mid-2030s.
• Verifying a standard ECDSA signature costs about 3,000 gas, whereas a quantum-resistant hash-based signature could require around 200,000 gas.
• Similarly, quantum-resistant STARK proofs for ZK-rollups could see verification costs jump to nearly 10 million gas from the current 300,000 to 500,000 gas for ZK-SNARKs.

Sources

• detailed a multi-stage roadmap
• The proactive stance
• This overhaul is designed
• Verifying a standard
• This technique would
• One such upgrade, "frame
• The Ethereum Foundation
• This positions the post-quantum
• The urgency is underscored

Quick answers