Why Vitalik Buterin sees quantum computing as a real threat to Ethereum’s cryptography, what experts expect and how the network can prepare.
Buterin warns that quantum computers could threaten Ethereum’s cryptography sooner than expected and outlines how the network can prepare safely.Buterin sees a nontrivial 20% chance that quantum computers could break current cryptography before 2030, and he argues that Ethereum should begin preparing for that possibility.
A key risk involves ECDSA. Once a public key is visible onchain, a future quantum computer could, in theory, use it to recover the corresponding private key. Buterin’s quantum emergency plan involves rolling back blocks, freezing EOAs and moving funds into quantum-resistant smart contract wallets.that elliptic curve cryptography, the backbone of Ethereum and Bitcoin, “could break before the next US presidential election in 2028.” He also urged Ethereum to move onto quantum-resistant foundations within roughly four years. According to him, there is a nontrivial chance of a cryptographically relevant quantum computer arriving in the 2020s; if so, then the risk belongs on Ethereum’s research roadmap. It should not be treated as something for a distant future bucket.more than 350 million unique Ethereum addresses, highlighting how widely the network has grown even though only a small share of those addresses hold meaningful balances or remain active.Most of Ethereum’s security rests on the elliptic curve discrete logarithm equation, which is the basis for the elliptic curve digital signature algorithm . Ethereum uses theYour address is a hash of that public key. On classical hardware, going from private key to public key is easy, but going backwards is believed to be computationally infeasible. That asymmetry is why a 256-bit key is treated as effectively unguessable., proposed in 1994, shows that a sufficiently powerful quantum computer could solve the discrete log equation and related factorization equations in polynomial time, which would undermine schemes like Rivest-Shamir-Adleman , Diffie-Hellman and ECDSA. The Internet Engineering Task Force and the National Institute of Standards and Technology both recognize that classical elliptic curve systems would be vulnerable in the presence of a cryptographically relevant quantum computer . Buterin’s Ethereum Research post on a potential quantum emergency highlights a key subtlety for Ethereum. If you have never spent from an address, only the hash of your public key is visible onchain, and that is still believed to be quantum safe. Once you send a transaction, your public key is revealed, which gives a future quantum attacker the raw material needed to recover your private key and drain the account. So, the core risk is not that quantum computers break Keccak or Ethereum’s data structures; it is that a future machine could target any address whose public key has ever been exposed, which covers most user wallets and many smart contract treasuries.that put the chance of quantum computers capable of breaking today’s public key cryptography at roughly one in five before 2030. The same forecasts place the median scenario around 2040. His argument is that even this kind of tail risk is high enough for Ethereum to prepare in advance.the audience that “elliptic curves are going to die,” citing research that suggests quantum attacks on 256-bit elliptic curves might become feasible before the 2028 US presidential election. Some coverage compressed this into a headline like “Ethereum has four years,” but his message was more nuanced:Once CRQCs exist, ECDSA and related systems become structurally unsafe. Migrating a global network to post-quantum schemes takes years, so waiting for obvious danger is itself risky. In other words, he is thinking like a safety engineer. You do not evacuate a city because there is a 20% chance of a major earthquake in the next decade, but you do reinforce the bridges while you still have time.pairs new quantum chips, Nighthawk and Loon, with a goal of demonstrating fault-tolerant quantum computing by 2029. It also recently showed that a key quantum error correction algorithm can run efficiently on conventional AMD hardware.titled “How to hard-fork to save most users’ funds in a quantum emergency.” It sketches what Ethereum could do if a sudden quantum breakthrough blindsides the ecosystem.Traditional externally owned accounts that use ECDSA would be frozen from sending funds, which would cut off further theft through exposed public keys., that they control the original seed or derivation path — e.g., a Bitcoin Improvement Proposal 32 HD wallet preimage, for a vulnerable address.Because STARK proofs are large, the design anticipates batching. Aggregators submit bundles of proofs, which lets many users move at once while keeping each user’s secret preimage private. Crucially, this is positioned as a last resort recovery tool, not Plan A. Buterin’s argument is that much of the protocol plumbing needed for such a fork, includingIf Buterin is leaning on public forecasts, what are hardware and cryptography specialists actually saying? On the hardware side, Google’s Willow chip, unveiled in late 2024, is one of the most advanced public quantum processors so far, with 105 physical qubits and error-corrected logical qubits that can beat classical supercomputers on specific benchmarks. Yet Google’s quantum AI director has been explicit that “the Willow chip is not capable of breaking modern cryptography.” Hefinds that breaking 256-bit elliptic curve cryptography within an hour using surface code-protected qubits would require tens to hundreds of millions of physical qubits, which is far beyond anything available today.for years that once cryptographically relevant quantum computers exist, they will break essentially all widely deployed public key systems, including RSA, Diffie-Hellman, Elliptic Curve Diffie-Hellman and ECDSA, through Shor’s algorithm. This applies both retrospectively, by decrypting harvested traffic, and prospectively, by forging signatures.There is no expert consensus on a precise “Q-Day.” Most estimates sit in a 10-to-20-year window, although some recent work entertains optimistic scenarios where fault-tolerant attacks on elliptic curves could be possible in the late 2020s under aggressive assumptions. Policy bodies like the US White House and the NIST take the risk seriously enough to push federal systems toward PQC by the mid-2030s, which implies a nontrivial chance that cryptographically relevant quantum computers arrive within that horizon. Seen in that light, Buterin’s “20% by 2030” and “possibly before 2028” framing is part of a broader spectrum of risk assessments, where the real message is uncertainty plus long migration lead times, not the idea that a code-breaking machine is secretly online today.that it will cost around $7.1 billion for US federal agencies to migrate their systems to post-quantum cryptography between 2025 and 2035, and that is just one country’s government IT stack.Account abstraction and smart-contract wallets Moving users from bare EOAs to upgradeable smart contract wallets, through ERC-4337-style account abstraction, makes it much easier to swap out signature schemes later without emergency hard forks. Some projects already demo Lamport-style or eXtended Merkle Signature Scheme -style quantum-resistant wallets on Ethereum today.Ethereum will need to pick one or more PQC signature families and work through trade-offs in key size, signature size, verification cost and smart contract integration.Elliptic curves are not just used for user keys. BLS signatures, KZG commitments and some rollup proving systems also rely on discrete log hardness. A serious quantum resilient roadmap needs alternatives for those building blocks as well. On the social and governance side, Buterin’s quantum emergency fork proposal is a reminder of how much coordination any real response would require. Even with perfect cryptography, rolling back blocks, freezing legacy accounts or enforcing a mass key migration would be politically and operationally contentious. That is part of why he and other researchers argue for:Treating post-quantum migration as a gradual opt-in process that users can adopt long before any credible attack rather than a last-minute scramble.Prefer wallets and custody setups that can upgrade their cryptography without forcing a move to entirely new addresses.Track Ethereum’s eventual post-quantum signature choices and be ready to migrate once robust tooling is available. Quantum risk should be treated the way engineers think about floods or earthquakes. It is unlikely to destroy your house this year, but likely enough over a long horizon that it makes sense to design the foundations with that in mind. This article does not contain investment advice or recommendations. Every investment and trading move involves risk, and readers should conduct their own research when making a decision.DATs bring crypto’s insider trading problem to TradFi: Shane Molidor
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Why Thomas Muller, Lionel Messi’s Latest Trophies Don’t Count Towards Incredible RecordsWhy Thomas Muller, Lionel Messi's Latest Trophy Does Not Count Towards Incredible Records
Read more »
How a Cleveland native helped mold his young legacy during Ohio State football’s win vs. MichiganOhio State football defeated Michigan, and a running back from Cleveland was a big reason why.
Read more »
Morning Crypto Report: Vitalik Buterin Issues Zcash (ZEC) Warning, XRP Teases 69% Price Rise, $100,000 BTC Is Real in 2025: Bollinger BandsCrypto enters the final Sunday of November with ZEC facing a governance warning from Vitalik Buterin, XRP preparing for a December built on a 69% historical return and Bitcoin pressing into a setup that puts $100,000 within reach.
Read more »
Ripple’s Best Year Ever – So Why Is XRP Still Down YTD?XRP entered 2025 at $2.32 but it's now at $2.20 - why so?
Read more »
Gentrification is good, actuallyWhy Dallas can and must avoid New York City’s original sin.
Read more »
Uncommon Knowledge: Trump Closes Venezuelan Airspace, but Not NATO AirspaceWhy is the president talking tough with Maduro while his allies tiptoe around Putin?
Read more »