Vitalik Buterin Outlines Ethereum's Quantum Security Plan

The primary threat comes from Shor's algorithm, which, if run on a sufficiently powerful quantum computer, could break the elliptic curve cryptography that secures user accounts (ECDSA) and validator signatures. This would allow an attacker to derive a user's private key from their public key, potentially leading to widespread theft of funds. Buterin himself warned in November 2025 that quantum computers could pose a threat to Ethereum's security model as early as 2028. The roadmap targets four key areas of vulnerability: validator signatures, data storage, user account signatures, and zero-knowledge proofs. For user accounts, the plan is to move away from the vulnerable ECDSA signatures. The long-term solution involves leveraging account abstraction, specifically ERC-4337, which allows users to upgrade their wallets to use quantum-resistant signature schemes without requiring a network-wide hard fork. To counter the threat to validator signatures, the proposal suggests replacing the current BLS signatures with hash-based alternatives. For data storage, the plan is to transition from KZG commitments to STARKs, which are inherently quantum-resistant. While technically manageable, this shift requires significant engineering effort to integrate with Ethereum's existing data availability systems. A major challenge with post-quantum cryptographic signatures is their increased size and computational cost, which could lead to higher gas fees. To mitigate this, the roadmap proposes using protocol-layer recursive proof aggregation. This would allow thousands of signatures or proofs to be bundled and verified as a single transaction, keeping on-chain costs near zero. Some of these changes could be introduced as early as the "Hegota" upgrade, anticipated in the second half of 2026.