Ethereum co-founder Vitalik Buterin has identified and proposed a plan to address four areas of the network that he believes are most vulnerable to quantum attacks.
Quantum computing and cryptocurrencies have been in the headlines recently amid growing concerns about Bitcoin and other blockchains’ resistance to quantum-enabled supercomputers.
Buterin sent on Thursday its quantum resistance roadmap for Ethereum, stating that the four areas are: validator signatures, data storage, user account signatures and zero-knowledge proofs.
He said replacing the current BLS (Boneh-Lynn-Shacham) “Lean” consensus signatures with quantum-secure hash-based signatures would fix this component. The tricky part is choosing the right hash function because this choice will likely stick in your memory for a long time.
“This may be the ‘last Ethereum hash function,’ so it is important to choose wisely,” he said.
Ethereum Foundation researcher Justin Drake proposed “Lean Ethereum” in August 2025 – a plan to ensure quantum security of the network.
Quantum secure data and account storage
When it comes to data storage, or “blobs,” Ethereum currently uses a system called KZG (Kate-Zaverucha-Goldberg) to store and verify data.
The plan is to replace it with STARK (Zero-Knowledge Scalable Transparent Argument of Knowledge), which is resistant to quantum effects. “It’s doable, but it takes a lot of engineering,” Buterin said.
Related: Buterin outlines a 4-year roadmap for Ethereum’s acceleration and quantum resilience
The third challenge is user accounts. Ethereum currently uses ECDSA (Elliptic Curve Digital Signature Algorithm) signatures, which are standard cryptographic keys. The solution is to update the network so that accounts can utilize any signature scheme, including a quantum-resistant “mesh-based” one.
However, quantum-secure signatures are much computationally heavier and consume more gas.
“The long-term solution is recursive signature at the protocol layer and evidence aggregation, which could reduce gas costs to almost zero,” he said.
Quantum-resistant evidence is very costly
Quantum-resistant proofs are extremely costly to run on a network, so “the solution is again a recursive signature at the protocol layer and aggregation of proofs,” Buterin said.
Instead of verifying each signature and proof individually on the chain, a single master proof or “validation frame” would allow thousands of them to be verified at once, keeping costs close to zero.
“In this way, a block could ‘contain’ a thousand verification frames, each of which would contain either a 3 kB signature or even a 256 kB proof,” he explained.
Buterin also commented on the Ethereum Foundation’s “Strawmap” on Thursday, stating that he expects a “gradual reduction in both slot time and cut-off time.”
Warehouse: Bitcoin May Take 7 Years to Upgrade to Post-Quantum: BIP-360 Contributor
