Ethereum's Path to Quantum Security: Buterin Reveals Comprehensive Strategy
Four critical components requiring modifications have been identified by Ethereum's co-founder: validator signatures, data storage mechanisms, user accounts, and proofs, though implementation will pose significant challenges.
A comprehensive strategy to tackle four critical areas of the network most susceptible to quantum threats has been identified and put forward by Vitalik Buterin, co-founder of Ethereum.
Recent headlines have been dominated by discussions surrounding quantum computing and cryptocurrency as worries escalate regarding the ability of Bitcoin and other blockchain networks to withstand quantum-capable supercomputers.
On Thursday, Buterin shared his roadmap for quantum resistance in Ethereum, noting that the four critical areas are: signatures from validators, storage of data, signatures for user accounts, and zero-knowledge proofs.
According to his statement, substituting the existing BLS (Boneh-Lynn-Shacham) consensus signatures with quantum-safe hash-based "Lean" signatures would resolve that particular element. The challenging aspect lies in selecting the appropriate hash function, as this decision will probably remain in place for an extended period.
"This may be 'Ethereum's last hash function', so it's important to choose wisely," he said.
In August 2025, Justin Drake, a researcher with the Ethereum Foundation, put forward "Lean Ethereum," a strategy designed to achieve quantum-security for the network.
Quantum safe data storage and accounts
With respect to data storage, commonly referred to as "blobs", Ethereum presently employs a system known as KZG (Kate-Zaverucha-Goldberg) for the purpose of storing and verifying data.
The strategy involves replacing this with STARKs (Zero-Knowledge Scalable Transparent Argument of Knowledge), which offer resistance to quantum threats. "It's manageable, but there's a lot of engineering work to do," said Buterin.
User accounts represent the third challenge. Currently, Ethereum relies on ECDSA (Elliptic Curve Digital Signature Algorithm) signatures, which function as standard cryptographic keys. The remedy involves upgrading the network to enable accounts to utilize any signature scheme, including quantum-resistant "lattice-based" alternatives.
Nevertheless, quantum-safe signatures demand significantly more computational resources and would result in higher gas consumption.
"The long-term fix is protocol-layer recursive signature and proof aggregation, which could reduce these gas overheads to near-zero," he said.
Quantum-resistant proofs are very expensive
Running quantum-resistant proofs onchain comes at an extremely high cost, so "the solution again is protocol-layer recursive signature and proof aggregation," said Buterin.
Rather than verifying each signature and proof separately onchain, a singular master proof or "validation frame" would handle the verification of thousands simultaneously, maintaining costs at nearly zero levels.
"This way, a block could 'contain' a thousand validation frames, each of which contains either a 3kB signature or even a 256kB proof," he explained.
On Thursday, Buterin also provided commentary regarding the Ethereum Foundation's "Strawmap", expressing his anticipation of seeing "progressive decreases of both slot time and finality time."