- The plan targets BLS, KZG, ECDSA, and zk proofs vulnerable to Shor’s algorithm as quantum risk timelines shorten.
- ETH2030 adds six quantum-resistant signature schemes, 13 EVM precompiles, and recursive STARK aggregation.
- A Post-Quantum Security team and dual-signature consensus enable phased migration before full fork activation.
Vitalik Buterin released a detailed roadmap warning that quantum computing threatens Ethereum’s core cryptography. The roadmap, shared publicly online, outlines how future quantum machines could break today’s security. It explains why Ethereum developers are already preparing defenses as early as 2026.
Four Cryptographic Pillars at Risk
Buterin identified four Ethereum components vulnerable to quantum attacks. These include consensus-layer BLS signatures, KZG-based data availability, ECDSA account signatures, and zero-knowledge proofs. Notably, all rely on elliptic curve cryptography or discrete logarithms.
According to Buterin, Shor’s algorithm could break these systems once sufficiently powerful quantum computers exist. Research platform Metaculus estimates a 20% chance such machines arrive before 2030. As a result, Ethereum’s risk window may be shorter than previously assumed.
In response, the Ethereum Foundation formed a Post-Quantum Security team in January 2026. The group, led by Thomas Coratger, includes $2 million in research prizes. At Devconnect Buenos Aires, Buterin warned elliptic curve cryptography could fail before the 2028 U.S. election.
Building a Post-Quantum Ethereum Stack
ETH2030 now implements a full post-quantum cryptography stack. The system spans 46 source files across seven packages and includes six quantum-resistant signature algorithms. Developers tested the stack across 48 packages, with more than 20,900 tests passing.
However, quantum-safe signatures increase costs. Buterin noted ECDSA verification costs about 3,000 gas, while quantum-resistant checks may reach 200,000 gas. To address this, the roadmap relies on recursive STARK aggregation under EIP-8141, compressing many signatures into one proof.
ETH2030 also adds 13 custom EVM precompiles, including an NTT precompile at address 0x15. These tools accelerate lattice-based cryptography and STARK proof verification.
Consensus, Data, and Fork Activation
At the consensus layer, ETH2030 introduces dual-signature attestations, combining post-quantum and legacy cryptography. This allows gradual validator migration without immediate disruption. Finality systems adapt through a dedicated adapter supporting quantum-safe verification.
For data availability, KZG commitments are replaced with Merkle-based and lattice-based alternatives. These rely on hash security and Module-LWE assumptions. Although more complex, they avoid elliptic curve dependencies.
All post-quantum features activate at the I+ fork level. On February 27, 2026, developers successfully ran the system on a Kurtosis devnet, producing blocks and verifying all new precompiles.
