Crypto group ushers in post-quantum security

Despite warnings by the cybersecurity community about the urgent need to start preparing now for the advent of quantum computing, many organizations have yet to get their quantum security efforts into high gear. Not so with blockchain and cryptocurrency group the Ethereum Foundation (EF).

EF researcher Justin Drake wrote on X recently about the initiative: “After years of quiet R&D, EF management has officially declared [post-quantum] (PQC) security a top strategic priority,”

The PQC security initiative includes breakout sessions for developers, $1 million prizes to harden a key hash function used to protect Ethereum-related applications and to resolve a gap in zero-knowledge proof theory, a multi-day workshop, multiclient development networks and more.

Here’s what you need to know about EF’s PQC security initiative — and why now is the time to modernize your security operations for the coming quantum computing era.

[ Learn more: Accelerate PQC Migration — How to Leverage CBOMs ]

Why the EF’s PQC security initiative matters

Shujaatali Badami, a quantum-IoT research engineer, said the move by EF is the most serious post-quantum effort  from any major blockchain project to date.

“The Ethereum Foundation didn’t just write a blog post. They built a dedicated engineering team, launched live multiclient devnets, committed $2 million in research prizes, and wired post-quantum work directly into Ethereum’s core governance. That’s a fundamentally different level of commitment than what we’ve seen from anyone else in the space.”
—Shujaatali Badami

Yuval Hertzog, co-founder of cryptographic research organization the Tide Foundation, said EF’s announcement is an overdue admission of "cryptographic mortality."

"For a long time, the blockchain space treated quantum threats as a problem for the 2050s. Therefore it’s a problem for the generation after us. By elevating PQC to a top-tier priority, Ethereum is signaling that the transition isn’t just a theoretical exercise but an impending open-heart surgery for digital infrastructure.”
—Yuval Hertzog

Why PQC security is essential

Ethereum secures over $650 billion in assets, which puts it among the top 25 stock exchanges worldwide, said Michael Bell, CEO of Suzu Labs. With EF’s level of commitment, “the rest of the crypto ecosystem can’t treat this as theoretical anymore,” he said.

“They’re not studying the problem. They’re engineering the fix.”
—Michael Bell

The foundation’s elevating PQC security to a strategic priority reflects a broader shift happening across the digital ecosystem, said David Sequino, CEO and co-founder of OmniTrust. “The cryptography that secures today’s blockchains was never designed to withstand quantum computing,” he said. 

“Forward-looking platforms recognize that protecting trust in decentralized systems requires preparing now by inventorying cryptographic assets, evaluating algorithm dependencies, and planning coordinated upgrades before quantum capabilities become practical.”
—David Sequino

Garrison Buss, CTO and co-founder of QuSecure, said that because blockchain networks are built on long-term trust, waiting for the threat to materialize is not an option. He said EF is acknowledging that cryptography is a strategic dependency rather than a background component of the system. “Public blockchains rely on digital signatures for identity and transaction authorization, so any credible threat to those signatures affects the entire network,” Buss said. “Creating a dedicated post-quantum team signals that Ethereum is moving from research interest to migration planning.”

“The more important signal is not urgency about quantum itself but recognition that cryptographic transitions must be managed years before the threat becomes practical. The real shift is governance around cryptography, not fear of quantum computers.”
—Garrison Buss

The quantum shift — and the upending of cybersecurity

The National Institute of Standards and Technology (NIST) has predicted that quantum-capable computers will be rolled out between 2030 and 2035 — but stresses that now is the time to start preparing.

Roger Grimes, a CISO advisor at KnowBe4, said that moving to PQC will take most cryptocurrencies a year or longer — unless an emergency is declared. “Most blockchains and backends of most cryptocurrencies are already quantum-resistant, but it is the wallets and related asymmetric keys they use that pose the problem,” Grimes said. “A quantum attacker could compromise a wallet’s keys and pretend to be that person and transfer value without the appropriate authorization.”

“I get a lot of cryptocurrency holders asking me about quantum threats. They always ask me, ‘Is this something to worry about?’ And the answer is, ‘Yes, but cryptocurrency value pales in comparison to the world’s other financial sectors, like banking, stocks, and credit cards.’ While we need to worry about the cryptocurrency ecosystems, it’s really not the biggest problem we all need to worry about.”
—Roger Grimes

Adam Everspaugh, a cryptography expert with Keeper Security, said EF's announcement marks another milestone in a race to fundamentally upend computer security as we know it. “Quantum computers will render the public-key encryption that currently safeguards personal data, financial transactions, health care systems, cloud platforms, government operations, and critical infrastructure obsolete once they reach sufficient scale,” he said. 

The worry isn’t what quantum systems can do today but what they will be capable of in the near future, a scenario that cybercriminals are actively preparing for, Everspaugh said.

“Sensitive  information stolen today will be exposed and weaponized years from now if organizations fail to prepare.”
—Adam Everspaugh

The threat shouldn’t be taken lightly because quantum computers that can crack open modern cryptography are likely to arrive within the next decade, Everspaugh said, posing a threat to nation-states, organizations, and individuals.
Why the time to act on post-quantum security is now

Tim Callan, chief compliance officer at Sectigo, said the change will mean those systems will struggle to integrate new algorithms.

"Organizations need to act now to carefully plan and execute their transition to ensure they remain secure and compliant in the quantum era.”
—Tim Callan

Learn how a Cryptography Bills of Materials (CBOM) can help you achieve crypto-agility — and secure your software supply chain.