Nicolas Consigny, lead of the Kohaku project at the Ethereum Foundation, published a proposal to protect Ethereum accounts from quantum computing attacks. His estimated cost for the operation: $0.07 per address. No hard fork required.
Why ECDSA Faces a Long-Term Risk
Ethereum relies on ECDSA (Elliptic Curve Digital Signature Algorithm) to secure transactions. The algorithm's security rests on the discrete logarithm problem over elliptic curves: given a public key, finding the private key is computationally infeasible for classical computers. A quantum computer running Shor's algorithm changes that calculation.
In April, researcher Giancarlo Lelli won a prize from startup Project Eleven after cracking a 15-bit elliptic curve key using a variant of Shor's algorithm on an actual quantum device. Bitcoin and Ethereum keys are 256 bits long, many orders of magnitude harder to crack than that 15-bit key. Still, the question is "when," not "whether."
What SPHINCS+ Is and How Consigny Adapted It
SPHINCS+ is a post-quantum signature standard developed by the US National Institute of Standards and Technology (NIST). It builds on hash functions rather than elliptic curves, which means quantum computers offer no computational advantage in breaking it.
Consigny proposed SPHINCS- (an adapted version with reduced overhead). Standard SPHINCS+ produces large signatures, making onchain verification prohibitively expensive. SPHINCS- addresses this through an optimized Merkle tree structure inside the algorithm and trimming security parameters that remain excessive for Ethereum's threat model.
$0.07 Per Address: Where That Number Comes From
Protecting a single account involves one transaction to register the post-quantum signature. Consigny estimated the gas cost at $0.07 under current network conditions. For reference, a standard ETH transfer often runs about the same or cheaper depending on network load.
SPHINCS- does not replace ECDSA at the protocol level. It is a transitional tool: users can voluntarily secure their addresses now, without waiting for Ethereum's full post-quantum transition via a hard fork. No consensus-level changes are needed.
Ethereum's Road to Full Post-Quantum Security
Consigny presented SPHINCS- as a bridge to a longer-term solution called leanSPHINCS. That system is designed for signature aggregation: rather than verifying each signature individually, the network would batch them. This should significantly cut processing load and gas costs.
leanSPHINCS requires a protocol change, so a hard fork. While that work is underway, SPHINCS- gives wallet holders the ability to protect themselves now, without waiting for the next major network upgrade.
How Ethereum Compares to Bitcoin on Quantum Risk
Both networks use ECDSA and share the same underlying vulnerability. The Bitcoin community has debated post-quantum transition for years, with no concrete implementation timeline. Ethereum is moving more deliberately: the SPHINCS- proposal appeared shortly after public discussion of quantum threats to ECDSA picked up in spring 2026.
Ethereum holders would get a practical security tool without any protocol-level changes. If the proposal clears the developer review process and gets implemented, protecting an account comes down to one transaction at $0.07.
What Comes Next
Consigny published the paper on Ethresearch.ch for the Ethereum developer community to review. Practical deployment of SPHINCS- is still some time away: proposals like this go through multiple rounds of technical review and security auditing. The fact that a concrete cost estimate exists shows the quantum threat to Ethereum has moved from theoretical discussion to active engineering work.
Comments
Your email address will not be published. Required fields are marked *