Quantum computers have been “just ten years in the future” for a long time. However, the quantum computing industry has made major advances in recent years, and the largest quantum computers are growing significantly year-over-year.

While quantum computing has many potential applications, one of the most famous is its potential implications for cryptography. Many of the cryptographic algorithms used to secure the modern Internet are vulnerable to quantum computers, which work very differently from pre-quantum or “classical” cryptography.

These same vulnerable algorithms are also the foundation of blockchain’s security model. As large-scale quantum computing becomes a reality, blockchains will need to make the transition from classical algorithms to ones that will remain secure in the face of the quantum threat.

Modern blockchains are largely built using classical public key cryptography, which means that they are vulnerable to quantum computing. The reason for this is that these algorithms are based on mathematical problems that are hard for classical computers to solve but much easier for quantum ones.

For example, blockchains use elliptic curve cryptography (ECC) to derive public keys from private keys. This process assumes that it’s easy (polynomial complexity) to multiply two large prime numbers together but hard (exponential complexity) to factor the result. This asymmetry makes it possible to build a secure, usable system.

However, Shor’s algorithm — which only runs on a quantum computer — has polynomial complexity for both multiplication and factoring. As a result, it’s infeasible to build a secure, usable system based on the factoring problem.

Shor’s algorithm and Grover’s algorithm, which decreases the complexity of brute-forcing hash functions, pose a significant threat to the security of traditional blockchains. Once sufficiently large quantum computers are available, they will be able to derive private keys from public keys and may be able to find hash collisions for blocks, enabling them to replace a single block in the chain without replacing everything that follows it.

While quantum computing poses a serious threat to blockchains built using classical computing, the threat is still several years in the future. Also, post-quantum algorithms are available, making it possible for blockchains to transition over before large-scale quantum computing is a real threat.

Post-quantum cryptography operates similarly to classical public-key cryptography but uses problems that are still “hard” for quantum computers. For example, some public key cryptography is based on hash functions that are secure against Grover’s algorithm and lack the vulnerability to Shor’s algorithm that threatens classical public key cryptography.

While post-quantum cryptography lacks the maturity of classical cryptography, official algorithms have already been selected and standardized by the National Institute of Standards and Technology (NIST), similar to past cryptographic algorithms like the Advanced Encryption Standard (AES). For example, CRYSTALS-Dilithium is a selected post-quantum digital signature algorithm.

When transitioning to post-quantum cryptography, blockchains have the option to build from scratch or transition existing platforms to more secure algorithms. The Quantum Resistant Ledger (QRL) is an example of a blockchain built to be quantum-resistant from the start, using XMSS for digital signatures and Merkle trees for address security.

Other proposals for addressing the quantum risk to blockchain involve transitioning existing blockchains to new cryptography. This might involve a transition phase, where both classical and post-quantum algorithms are used together, followed by a full movement to post-quantum cryptography. Under this scheme, the state of the pre-quantum ledger would be finalized within post-quantum blocks that are secure against tampering.

Currently, the vast majority of blockchains continue to use classical cryptography despite the fact that quantum computers exist and are improving rapidly. This isn’t a problem for the moment because quantum computers large enough to use Shor’s and Grover’s algorithms effectively are far in the future.

The reason why many blockchains haven’t proactively made the transition to post-quantum algorithms is that this migration includes significant challenges or downsides. Some of these include:

• Computational Overhead: One common disadvantage of post-quantum algorithms is that they use longer keys or digital signatures than their classical counterparts. Making the move to these algorithms will require more computational power and network bandwidth. This could limit the range of devices that can operate as blockchain nodes — decreasing the security of their consensus algorithms — and decrease the throughput and scalability of blockchains.

  
  

• Algorithmic Standardization: NIST recently completed its contest for selecting post-quantum algorithms, and full guidance was published in 2024 for three of the selected algorithms. As a result, libraries offering secure, standardized implementations of selected algorithms may not be as available and accessible to developers. The decentralized nature of blockchain may also mean that different blockchains may select non-standardized algorithms or be waiting for ones that offer smaller key sizes and signature lengths for increased efficiency.

  
  

• Validator Adoption: Making the move to post-quantum cryptography will require a hard fork of a blockchain’s protocol since the digital signature and hash algorithms used by a blockchain are a core component of its operations. Completing this hard fork requires a majority of validators to follow the fork. This means that, even if the code is ready to move to a post-quantum state, blockchains also need to convince validators to accept the additional costs associated with operating as nodes on a post-quantum blockchain.

While most blockchains haven’t yet made the post-quantum leap, this transition is inevitable. Eventually, quantum computers capable of breaking the classical algorithms used by modern blockchains will be available. At this point, making the transition is a matter of survival for existing blockchains.

Until that point, the decision of when to make the switch depends on various factors. For example, regulators may pressure financial institutions to use post-quantum cryptography, forcing a transition. Alternatively, blockchains may make the transition to be proactive or as a marketing point.

Whether building from scratch or upgrading an existing blockchain, implementing post-quantum cryptography requires careful design and implementation. Design errors or an insecure implementation could render a post-quantum blockchain vulnerable to attack. For guidance and support throughout your post-quantum transition, reach out to Halborn.