In a livestream broadcast titled “Post-Quantum Cardano,” ADA founder Charles Hoskinson laid out a roadmap for making the blockchain quantum-resistant. His remarks come amid rapid developments in quantum computing hardware, including breakthroughs from Microsoft and other tech heavyweights, as well as newly released US government standards for post-quantum cryptography.
Hoskinson opened the session by highlighting the accelerating pace of progress in quantum computing: “The quantum computer world is heating up quite a bit, and a lot of magical amazing things are happening… It is my belief that in 5–10 years we’ll probably make substantial progress to the point where we really have to start thinking about updating and modernizing the cryptography.”
He also pointed to the recent actions by the US National Institute of Standards and Technology (NIST), which, in August 2024, finalized several post-quantum encryption standards to begin guiding the industry forward: “Turns out it’s not just my belief—it’s the United States government’s belief as well […] The National Institute of Standards and Technology (NIST) proactively got together […] and they created some standards.”
NIST has published new Federal Information Processing Standards (FIPS) numbered 203, 204, 205, and 206, which define algorithms intended to resist quantum attacks. Hoskinson noted the significance of this for the global cryptographic community, as these standards will likely spur hardware manufacturers to incorporate specialized circuitry that can handle post-quantum algorithms more efficiently.
Currently, Cardano’s security model—like most major blockchains—relies heavily on elliptic curve cryptography. Hoskinson warned that Shor’s algorithm, which can run on large-scale quantum computers, poses a theoretical threat to such elliptic curve systems:
“The problem is we have this thing called Shor’s algorithm […] if you have a quantum computer, it can kill the security of that [elliptic curve] […] So what a lot of people in the blockchain space do is they say, ‘Oh well, we got a post-quantum signature scheme, so we’re good.’ But that couldn’t be further from the truth.”
He stressed that security in a post-quantum world extends beyond just swapping one signature scheme for another. Instead, blockchains must define comprehensive security models that consider what kind of adversaries they will face—an adversary with a quantum computer also has capabilities like side-channel attacks, hardware infiltration, or even “offline” brute force attempts against older, stored data.
The Three-Step Plan For Cardano
Hoskinson laid out a clear, three-phase approach for transitioning Cardano into a fully quantum-resistant system over the coming years.
1. Develop A Quantum-Secure Model
Cardano’s foundational cryptographic protocols must be audited against a “canonical quantum adversary.” This means systematically reviewing every algorithm for potential vulnerabilities once a capable quantum computer emerges.
“First, we have to develop a Quantum secure model for Cardano, end to end, so we would audit all the algorithms Cardano is using and ask which ones are vulnerable […] That in itself is an interesting question, because there are various opinions in the cryptographic community about what we should assume a quantum adversary can do,” Hoskinson said.
2. Separate Cardano Into Two Chains
Hoskinson next proposed creating a separate, post-quantum proof chain—a “meta” layer that can serve as an immutable checkpoint system for Cardano’s main chain. “You want to separate Cardano into two pieces: there’s Cardano [main chain] […] then we have a proof chain […] basically it runs as an audit log of history so you have an unforgeable system with signatures related to the original history. Over time, this can become a programmable proof chain.”
He pointed to Mithril—Cardano’s existing technology for generating compact certificates of state—as a potential starting point. Updating Mithril with a post-quantum signature scheme would create a secure companion to the classical elliptic curve-based main chain without immediately disrupting its performance.
Hoskinson also mentioned new innovations like lattice fold plus—a compact “folding scheme” from researchers Dan Boneh and Binyu Chen—that could offer powerful cryptographic proof tools for this future proof chain.
3. Full Integration
Finally, once the new proof chain matures and post-quantum schemes become more efficient (and gain hardware support), Cardano can merge these elements into the main chain. “Then the third phase is eventual integration […] as the PQSS schemes get more advanced plus we develop a post-quantum VRF […] we can put that into the chain and merge the meta chain and the main chain together.”
This last phase would require substantial redesign of Cardano’s core protocols, possibly reconsidering the extended UTXO model and incorporating new authenticated data structures or ledger architectures.
Hoskinson cautioned that post-quantum algorithms are typically 5–10 times slower and yield larger signatures than their classical elliptic curve counterparts. However, he expressed optimism that hardware manufacturers—prompted by NIST’s finalized standards—will incorporate specialized circuitry to speed up these new cryptographic techniques.
“We had to wait for NIST to say, ‘Yo dawg, we have standards now,’ […] because now that they’re here, hardware manufacturers will start building custom capabilities to speed [post-quantum signature schemes] up,” Hoskinson remarked.
He also clarified that no algorithm remains secure forever in the face of continuous advances in computing. This dynamic “cat and mouse” reality is common in cryptography: “Quantum computers are just another bomb, and the Enigma machine is the classical crypto […] It’s an eternal journey and they’re never going to stop.”
According to Hoskinson, the timeframe for Cardano’s transition will likely span several years:
- 2025–2026: Establish a formal research agenda and define Cardano’s quantum security model.
- Mid-Term (2–3 years): Build out a post-quantum proof chain (e.g., via Mithril) to audit and checkpoint the main chain.
- Long-Term (3+ years): Merge the two chains, adopt post-quantum VRFs and signature schemes throughout, and possibly revamp the ledger model.
Concluding his remarks, Hoskinson emphasized the need for collaboration both within and beyond the Cardano ecosystem. He expects discussions to take place at Intersect (the Cardano governance entity), the Technical Steering Committee (TSC), and with leading cryptographers at institutions like Stanford, Carnegie Mellon, and the University of Edinburgh.
“Cardano is not caught with its pants down […] We have some of the best cryptographers in the world working at IO […] It’s a fundamental thing, and every protocol has to be systematically checked,” the Cardano founder concluded.
At press time, ADA traded at $0.797.
