The quantum clock on blockchain signing

Every blockchain transaction ever signed on transparent ledgers is a permanent public record. That permanence, the property that makes blockchains trustworthy, is trending toward liability.

The cryptography behind blockchain signing was designed before quantum computers were a practical concern. That era is ending, not in a distant future, but within a planning horizon that matters to anyone operating financial infrastructure on-chain.

The threat

Most blockchain signatures use ECDSA and Ed25519. Both rely on math problems that classical computers can't solve in any useful timeframe. Quantum computers running Shor's algorithm solve them efficiently and much more quickly. Previously, it was thought to require infeasibly large amounts of special quantum computing power.

In March 2026, Google Quantum AI published ZK-verified attack circuits establishing that the threshold for breaking blockchain signatures is roughly 20 times lower than prior estimates. The same month, Google set an internal deadline of 2029 for their own post-quantum migration. When the people building the hardware tell you the timeline, it's worth listening.

The critical point for blockchain: The target is not just encrypted data. It is signing keys. Every key that has ever signed a transaction has its full public key permanently visible on the ledger. A future quantum adversary already has everything they need. Nation-states are collecting this data today under the Harvest Now, Decrypt Later model. The U.S. Federal Reserve published a paper in 2025 specifically addressing this risk for distributed ledger networks.

For stablecoin operators, the highest-value targets are administrative keys: the keys that control minting, pausing, and ownership of smart contracts.

Where the industry stands

NIST finalized three post-quantum cryptographic standards in August 2024. Since then, activity has accelerated. Here's where the chains we work with stand as of June 2026:

Algorand is the most advanced. Falcon post-quantum signatures are in production for state proofs, with Falcon transaction signatures in active development. We added support for Algorand to Brale in January 2026 partly because of this. For customers where quantum resistance is a near-term requirement, it's available today.

Ethereum formed a dedicated PQ team in January 2026 and launched pq.ethereum.org as a central coordination hub. More than 10 client teams are running weekly post-quantum interoperability devnets. EIP-8141, which introduces native account abstraction enabling opt-in PQ signatures per account, is being considered for the Hegotá hard fork in H2 2026, with a full L1 target of 2029. The approach (letting individual accounts opt into post-quantum schemes without waiting for a full protocol change) is pragmatic.

Solana made a significant move in April 2026. Both major client teams (Anza and Firedancer) independently selected Falcon as their primary post-quantum solution. Firedancer, shipping this year, already supports multiple signature backends.

XRP Ledger published a formal four-phase roadmap in April 2026 targeting full post-quantum readiness by 2028. Validator testing is underway now, with testnet integration planned for H2 2026.

Aptos proposed AIP-137 in December 2025, adding an optional post-quantum account type using NIST-standard SLH-DSA. It's in governance.

Cardano announced a 2026 roadmap for quantum security and unveiled Project Nightstream, a post-quantum initiative backed by researchers from Google and Microsoft. The approach is lattice-based, starting with post-quantum-signed checkpoints via Mithril to protect historical ledger data, with a gradual rollout to manage performance impact.

Hedera laid out a post-quantum roadmap at Hedera Dev Day 2026. Their hash-based internals (SHA-384) are already quantum-resistant. They plan to add user-facing PQC keys after FIPS 206 (FN-DSA/Falcon) is finalized, expected by 2027.

Stellar published its Quantum Preparedness Plan on June 9, 2026. The three-stage path starts this year by adding NIST-standard ML-DSA signature verification (ML-DSA-44 and ML-DSA-65) to Soroban smart contracts, introduces opt-in quantum-safe signer types for existing accounts in 2027 (no change to addresses, balances, or history), and deprecates Ed25519 in a final stage timed to quantum progress.

Most EVM L2s we support have not yet published concrete migration plans. We monitor all of them closely.

The broader picture: In April 2026, Naoris Protocol launched the first blockchain built entirely on post-quantum cryptography, validating over 100 million transactions with NIST-standard algorithms on its mainnet. The technology works. The question is how fast the ecosystem migrates.

Outside of blockchain, the migration is already well underway. Over two-thirds of TLS traffic through Cloudflare now uses post-quantum key exchange, and all major browsers prefer it by default.

Regulatory pressure is building

NIST calls for quantum-vulnerable algorithms to be deprecated after 2030 and disallowed after 2035. The NSA requires quantum-safe algorithms for new national security systems by January 2027. Canada has issued its own mandate. For financial infrastructure operators (which is what stablecoin issuers are) these timelines will become compliance requirements.

What we're doing

We've been tracking this actively since early 2026. Our approach:

What this means for customers

If you need quantum resistance today, we support Algorand. For other chains, the practical advice: receive stablecoins into dedicated addresses you don't reuse for outgoing transactions. An address that has never signed outbound has not exposed its public key on-chain, which raises the bar substantially.

We won't tell you blockchain is quantum-safe, because it's not. It's an industry-wide migration in progress, with major chains now publishing concrete timelines. Brale is at the front of it, and we'll communicate migration guidance chain-by-chain as post-quantum account types become available.

We'll continue publishing updates as this evolves.