Post-Quantum Cryptography for Cryptocurrency: What You Need to Know Now

Ben Bevan 7 November 2025 21 Comments

Right now, billions of dollars in cryptocurrency are sitting in wallets that could be stolen by a computer that doesn’t even exist yet. It sounds like science fiction, but it’s not. The same math that protects your Bitcoin and Ethereum - Elliptic Curve Digital Signature Algorithm, or ECDSA - is vulnerable to future quantum computers. And if someone cracks it, they could sign transactions as you, drain your wallet, and no one could stop them. This isn’t a distant fear. Experts say there’s a 50% chance it happens by 2031. The fix? Post-quantum cryptography - and it’s already being tested, debated, and quietly built into the next generation of blockchain systems.

Why Your Crypto Wallet Is at Risk

Every time you send Bitcoin or Ethereum, you sign the transaction with a private key. That signature is verified using ECDSA, a system that’s been trusted since Bitcoin’s birth in 2009. It’s fast, compact, and efficient - perfect for a blockchain that needs to process thousands of transactions per second. But ECDSA relies on a mathematical problem that’s hard for regular computers to solve… but not for quantum ones.

A quantum computer running Shor’s algorithm could crack ECDSA in minutes, not billions of years. That means anyone who collects your public key today - which is visible on every blockchain - could wait until quantum computers are powerful enough, then decrypt your private key and steal your coins. This is called a “harvest now, decrypt later” attack. And according to Chainalysis, around 4 million BTC - worth over $114 billion as of late 2023 - are sitting in addresses where the public key is exposed. That’s not a small number. That’s the entire market cap of dozens of major companies.

What Is Post-Quantum Cryptography?

Post-quantum cryptography (PQC) is a set of new mathematical algorithms designed to resist attacks from both classical and quantum computers. Unlike ECDSA, these algorithms don’t rely on factoring large numbers or solving elliptic curve problems. Instead, they use entirely different math - like lattices, hash functions, or multivariate polynomials - that even quantum computers struggle with.

In 2022 and 2023, NIST - the U.S. government agency that sets cryptographic standards - finalized two PQC algorithms as the global baseline: Crystals-DILITHIUM for digital signatures and Crystals-KYBER for key exchange. These are now the gold standard. They’ve been tested by cryptographers worldwide for years. No major flaws have been found. And they’re the only ones with enough confidence to be considered for real-world use.

The Big Problem: Size and Speed

Here’s where things get messy. PQC isn’t just a drop-in replacement. It’s bulky.

- A Bitcoin ECDSA signature is 72 bytes. - A Crystals-DILITHIUM signature is 2,420 bytes - over 33 times larger.

That means one block on Bitcoin’s network, which currently holds around 3,000 transactions, would only fit 120 DILITHIUM signatures. That’s a 96% drop in throughput. Ethereum’s average transaction fee of $1.50 could jump to $50 or more without major upgrades. Even the smallest wallets would see higher fees just to move coins.

Hash-based schemes like SPHINCS+, used by Quantum Resistant Ledger, are even worse - signatures can be 8,000 bytes. That’s fine for storing long-term value, but terrible for everyday payments.

Performance isn’t much better. Signing a transaction with ECDSA takes 0.03 milliseconds. With DILITHIUM, it’s 1 millisecond. That might sound tiny, but when you’re processing millions of transactions, it adds up. Nodes would need faster hardware. Miners would need more bandwidth. The whole system slows down.

Hybrid transaction module with overlapping traditional and quantum-resistant signature layers, shown as a transparent prototype.

Who’s Already Doing It?

Most major blockchains - Bitcoin, Ethereum, Solana - haven’t changed a thing. But a few projects are leading the charge.

- Quantum Resistant Ledger (QRL) launched in 2018. It uses hash-based signatures and has been running quantum-resistant since day one. Its market cap is around $35 million - tiny compared to Bitcoin’s $570 billion - but it proves the model works.

- Ethereum has been researching PQC since 2021. They published EIP-3037 proposing a migration path. Their roadmap now lists quantum resistance as a long-term goal, with research wrapping up by 2025. But a full upgrade? That’s likely years away. It would require a hard fork - a major network change that needs near-universal agreement. Good luck getting thousands of miners, exchanges, and wallet providers to sync up.

- IPFS added quantum-resistant storage options in early 2023. Not for payments, but for files. If your data is stored on a blockchain, it needs protection too.

- JPMorgan Chase filed a patent in January 2023 for quantum-resistant distributed ledger tech. Banks aren’t waiting. They’re building.

Hybrid Systems: The Bridge to the Future

No one’s going to rip out ECDSA overnight. The safest path is hybrid cryptography - using both old and new systems together.

Imagine a transaction signed with both ECDSA and DILITHIUM. Even if a quantum computer breaks ECDSA, the DILITHIUM signature still holds. It’s like locking your door with two different keys. One might fail, but the other keeps you safe.

NIST recommends this approach for transitional periods. Some wallets are already testing it. Users can move funds to hybrid addresses that support both signature types. It’s not perfect - it doubles the signature size - but it buys time. And time is exactly what we need.

Minimalist quantum-resistant crypto storage device with labeled zones and glowing data flow from blockchain network.

What Should You Do Right Now?

You don’t need to panic. But you do need to act.

1. Move coins out of legacy addresses. If your Bitcoin is in a P2PKH address (starting with “1”), your public key is exposed every time you spend. Switch to native SegWit (bech32, starting with “bc1”). These don’t reveal your public key until you spend - meaning they’re slightly more resistant to quantum attacks.

2. Consider holding some funds in quantum-resistant chains. If you’re worried about long-term security, allocating a small portion of your portfolio to QRL or similar projects isn’t a bad hedge. They’re not as liquid, but they’re designed for the future.

3. Don’t reuse addresses. Every time you use a public key, you give attackers more data. Always generate a new address for each transaction. Most modern wallets do this automatically.

4. Stay informed. Follow Ethereum’s research updates. Watch for NIST’s upcoming publication SP 1800-39, expected in mid-2024. It’ll give clear guidance on how to implement PQC in blockchain systems.

The Race Against Time

Quantum computers are advancing faster than most people realize. Google, IBM, and startups are hitting milestones every year. The machines that can break ECDSA might not be here yet - but the data to crack them is already being collected.

The cryptocurrency industry has a choice: wait until it’s too late, or start building the future now. The cost of delay isn’t just technical. It’s financial. If a major quantum attack happens and $100 billion in Bitcoin vanishes overnight, trust in the entire ecosystem collapses. Prices crash. Investors flee. The whole market could reset.

The solution isn’t magic. It’s math. It’s code. It’s hard work by cryptographers and developers who understand the stakes. And it’s already happening - quietly, slowly, but undeniably.

The question isn’t whether post-quantum cryptography will come to cryptocurrency. It’s whether you’ll be ready when it does.

Can quantum computers break Bitcoin right now?

No. Current quantum computers don’t have enough stable qubits to run Shor’s algorithm on ECDSA. The machines needed are still years away - possibly a decade or more. But the threat isn’t about today. It’s about tomorrow. Attackers are already harvesting public keys from the blockchain, storing them, and waiting for the right hardware to appear.

What’s the difference between Crystals-DILITHIUM and SPHINCS+?

Crystals-DILITHIUM is a lattice-based signature scheme. It’s faster and has smaller signatures than SPHINCS+, which is hash-based. DILITHIUM signatures are around 2,420 bytes; SPHINCS+ can be 8,000 bytes. DILITHIUM is better for high-throughput systems like payment networks. SPHINCS+ has stronger theoretical security guarantees because it relies only on hash functions - but its size makes it impractical for frequent transactions.

Will Bitcoin ever adopt post-quantum cryptography?

It’s possible, but unlikely without a hard fork. Bitcoin’s community values stability and consensus. Any major change to the signature scheme would require near-unanimous agreement from miners, developers, exchanges, and users. That’s extremely difficult. A hybrid approach - adding PQC as a new signature type alongside ECDSA - is more likely. But even that would need broad adoption before it becomes the norm.

Is Quantum Resistant Ledger (QRL) a good investment?

QRL is not a high-growth asset - its market cap is small compared to Bitcoin or Ethereum. But it’s a real-world testbed for quantum-resistant blockchain tech. If you believe quantum threats are real and want to hold crypto that’s already protected, QRL is one of the few options available. It’s not a speculative play. It’s a security play.

How long will it take for PQC to be widely adopted in crypto?

Industry experts estimate the first major hard fork implementing hybrid PQC will happen between 2026 and 2028. Full adoption could take until 2030 or later. The delay isn’t because the tech is unready - it’s because coordination across decentralized networks is slow. The sooner projects start testing and planning, the smoother the transition will be.