2026 年 7 月 14 日

A whole new era of cryptography is on the rise, and some don’t realize that there’s a quiet arms race happening in the background of the entire tech industry. A new generation of computers, quantum computers, is being built that could one day break the cryptography protecting everything from your bank account to your Bitcoin wallet. The crypto and blockchain world is particularly exposed, and the clock is ticking. Post-quantum cryptography (PQC) is the industry’s answer. Here’s everything you need to know, in five minutes.

Post-Quantum Cryptography (PQC): What Is It?

Let’s start with the basics. Every cryptocurrency (Bitcoin, Ethereum, Solana, all of them) relies on cryptography to keep your funds safe. When you send crypto, your wallet creates a digital signature using your private key. That signature proves the transaction came from you, not someone else. The entire system works because the math behind that signature is so ridiculously complex that no computer on Earth can reverse-engineer your private key from your public information. 

For nearly every chain, that math is elliptic curve cryptography (ECC). A normal computer would need billions of years to break it. So far, so good.

The problem is quantum computers. Unlike regular computers that process information as 0s and 1s (one at a time), quantum computers use “qubits” that can be 0 and 1 simultaneously. This doesn’t make them faster at everything, but it makes them extraordinarily good at certain kinds of math problems. And it turns out that the specific type of math protecting your crypto wallet is exactly the kind of problem quantum computers are built to solve.

🔐  Simple analogy:
The cryptography protecting your wallet is like a lock with a trillion possible combinations.

A normal computer tries each one, one at a time. Takes forever.

A quantum computer doesn’t just guess faster; it takes a mathematical shortcut straight to the answer. Suddenly, that lock isn’t so safe.


So what is PQC? Post-quantum cryptography is a new set of cryptographic algorithms designed to replace the current ones. Here’s the important part: PQC does not use quantum computers. It’s new math that runs on regular, everyday computers but is designed to be uncrackable by both normal and quantum machines.

Instead of relying on the type of math that quantum computers are good at breaking, PQC uses entirely different mathematical problems, like finding the point closest to a target in a vast grid of points in hundreds of dimensions (called “lattice” problems). These problems are so hard that no known algorithm, classical or quantum, can solve them efficiently.

In August 2024, after eight years of evaluating 82 candidate algorithms from 25 countries, NIST (the U.S. National Institute of Standards and Technology) finalized three official PQC standards. These are now the playbook for the entire industry, the replacement algorithms that everyone from Google to the U.S. military is adopting.

What Is the Significance of PQC?

PQC is one of the most consequential shifts in the history of blockchain, and here’s why.

The entire value proposition of cryptocurrency rests on one thing: cryptographic security. Your funds are only yours because nobody can forge your digital signature. If quantum computers break that signature scheme, they don’t just hack one wallet; they undermine the fundamental trust model that makes blockchain work. Every wallet, every transaction, on nearly every chain runs on the same family of cryptographic signature schemes (ECDSA and EdDSA). A sufficiently powerful quantum computer could, in theory, compromise all of it.

And the risk isn’t just theoretical. You may have heard the phrase “harvest now, decrypt later.” The wording doesn’t quite fit blockchains (more on that below), but the danger it describes is very real.

Everything on a public blockchain is permanently visible. Every transaction you send exposes your public key, and a sufficiently powerful quantum computer can reverse-engineer your private key from it. An attacker can copy all on-chain data right now, store it cheaply, and wait. When quantum computers become powerful enough, whether that’s in 5 years or 15, they can go back and crack everything they’ve been collecting. Strictly speaking, “decrypt” is the wrong word here: blockchain data isn’t encrypted in the first place, so there’s nothing to decrypt. What a quantum computer would actually do is compute private keys from data that was always public. The threat is the same either way; the data doesn’t expire, and the blockchain doesn’t forget.

⚠️  How much is actually at risk?

Approximately 4 million BTC (~$250 billion) sits in addresses with exposed public keys, per a widely cited Deloitte analysis; broader 2026 estimates put the figure near 7 million BTC.

On Ethereum, every wallet that has ever sent a transaction has exposed its public key by design.

About 25% of the bitcoins then in circulation were held in vulnerable address formats.


Beyond the direct theft risk, PQC will reshape the competitive landscape of blockchains. Chains that adopt quantum-resistant signatures early will attract institutional capital that needs long-term security guarantees. Regulated entities, banks, custodians, and funds will increasingly require PQC compliance before committing assets to a chain. The migration itself is a massive engineering challenge: PQC signatures are 10–100x larger than current ones (thousands of bytes vs. 70 bytes for ECDSA), which means bigger blocks, more storage, and higher fees unless the transition is managed carefully.

There are also second-order effects. PQC will force upgrades to zero-knowledge proof systems, consensus mechanisms, and key management infrastructure. It will create a new competitive axis, “quantum readiness”, that projects, exchanges, and custodians will market and compete on. And it will drive a wave of protocol upgrades across every major chain that could take the better part of a decade to complete.

The bottom line: PQC isn’t just about swapping one algorithm for another. It’s a generational infrastructure upgrade that will determine which blockchains survive and which ones become liabilities.

Is It Doomed?

No. And that’s the good news.

The quantum threat is real, but it’s not imminent, and the industry isn’t sleeping on it. Today’s most powerful quantum computers have at most a few thousand physical qubits, and raw qubit count isn’t even the whole story. Breaking the 256-bit elliptic curve cryptography that protects Bitcoin and Ethereum would require fewer than about 500,000 physical qubits running error correction, per a 2026 Google estimate. Most experts place “Q-Day”, the day a quantum computer can actually break current cryptographic schemes, somewhere between 2030 and 2040, though some estimates put it as early as the late 2020s. Google is planning to have its entire infrastructure quantum-safe by 2029, which gives you a sense of the timeline the biggest players are working toward.

In April 2026, a researcher cracked a 15-bit ECC key using quantum hardware and won a 1 BTC bounty. For context: Bitcoin uses 256-bit elliptic curve cryptography. Cracking 15-bit is like picking a lock with 5 tumblers when the real lock has 77. But it covered a 512x larger key space than the previous attempt just months earlier, so progress is undeniably accelerating.

Here’s what’s actually being done:

ChainWhat They’re DoingWhere They Are
BitcoinBIP-360 proposes P2MR, a quantum-resistant address type (a soft fork). A companion draft, BIP-361, adds a phased sunset: Phase A (about 3 years in) blocks new funds to vulnerable addresses; Phase B (about 2 years after that) disables the old signature scheme for most spending, with a quantum-safe rescue path. Candidate signature schemes under research include ML-DSA (Dilithium) and SLH-DSA (SPHINCS+).Under discussion. No activation date set, but proposals are on the table and gaining support.
EthereumThe Ethereum Foundation’s Architecture team (Vitalik Buterin among its maintainers) published a “Strawmap” in February 2026 targeting quantum resistance across consensus, accounts, data availability, and ZK proofs. PQC is integrated into the long-term roadmap.Quantum-safety upgrades are sketched into forks through the end of the decade; full migration is expected to take longer. Active research underway. A quantum resistance roadmap was published recently.

ThunderCore has also been hard at work looking at how we will tackle the PQC world, and more will be shared on this as we delve deeper. 

Beyond individual chains, the broader industry is moving. NIST finalized the standards in 2024. Google has committed to PQC by 2029. The U.S. federal government has made PQC adoption a mandate for all agencies. Signal, Apple’s iMessage, and Chrome have already begun adding post-quantum protections to their encryption protocols. The infrastructure for a post-quantum world is being built right now.

What we can do is keep ourselves educated, keep an eye out for new developments, and see what every chain and project has in store for us.