Ethereum researchers are exploring a way to harden user accounts against future quantum-computing threats without waiting for a disruptive network upgrade. According to Ethereum Foundation project lead Nicolas Consigny, the “SPHINCS-” proposal could start delivering post-quantum protections for as little as $0.07 in on-chain verification costs, avoiding the need for a hard fork.
Consigny shared the idea in a Saturday post on X, linking to a technical paper hosted on Ethresear.ch. The work adapts SPHINCS+, a post-quantum signature scheme standardized by the US National Institute of Standards and Technology (NIST), to run more efficiently on Ethereum’s execution environment.
Key takeaways
- Ethereum could add early post-quantum account protections using Consigny’s “SPHINCS-” approach without requiring a hard fork.
- The proposal targets lower on-chain signature verification costs by adapting SPHINCS+ to the EVM more efficiently.
- “SPHINCS-” is positioned as a transitional step toward a future, even more cost-efficient system called “leanSPHINCS.”
- The broader objective is to reduce long-term risk to Ethereum’s current Elliptic Curve Digital Signature Algorithm (ECDSA) once quantum capabilities advance.
A bridge to post-quantum signatures on the EVM
In the X thread, Consigny points to a paper proposing “SPHINCS-,” a variant designed to make SPHINCS+ signatures cheaper to verify on Ethereum. Unlike some migration plans that require protocol changes, the proposal is intended to reduce on-chain verification costs without mandating a protocol update or a dedicated precompile.
That distinction matters for Ethereum users and developers because it aims to make post-quantum readiness possible on a shorter timeline. Hard forks are expensive in governance and coordination, and they introduce additional operational complexity for wallets, contracts, and infrastructure. A solution that can be introduced with fewer low-level changes lowers the practical barrier to moving away from purely ECDSA-based assumptions over time.
The paper’s core framing is that “SPHINCS-” can function as a bridge—a starting point that brings account protections closer to post-quantum security while the ecosystem works toward a longer-term, more optimized signature scheme.
Why Ethereum is looking beyond ECDSA
The quantum concern is straightforward: if sufficiently capable quantum computers become available, the cryptography underpinning today’s elliptic curve signatures becomes vulnerable. The article attributes the motivation directly to the long-term threat posed to Ethereum’s use of the Elliptic Curve Digital Signature Algorithm (ECDSA).
Consigny’s approach is built around the idea that post-quantum signatures should be available before the ecosystem reaches a point where a dedicated hard fork or a full replacement becomes unavoidable. In other words, the proposal is less about “solving quantum tomorrow” and more about narrowing the window of unpreparedness.
For investors and operators, this shifts the discussion from purely theoretical security to migration readiness. Even if timelines for large-scale quantum attacks remain uncertain, the key economic question becomes how quickly the network can reduce reliance on vulnerable primitives.
“leanSPHINCS” and the direction of travel
In describing SPHINCS-, Consigny also highlights a further goal: eventual migration to “leanSPHINCS.” The paper characterizes leanSPHINCS as a future system intended to cut verification costs even more, with the help of signature aggregation.
This matters because signature verification costs are not just a technical detail—they affect how feasible post-quantum security is for everyday transactions. If aggregation reduces the amount of computation or on-chain work required per authorization, it can help move post-quantum schemes from “prototype-ready” to “economically practical.”
At the same time, the bridge approach implies trade-offs: SPHINCS- is designed to improve efficiency now, but it is still framed as an interim step rather than the final end state.
Quantum risk conversations spread across Bitcoin and Ethereum
The Ethereum proposal lands in a broader wave of crypto security discussions about how quantum advancements could impact blockchain cryptography.
Earlier this year, a post-quantum research effort by Project Eleven awarded a prize to Giancarlo Lelli for work involving a quantum computer capable of cracking a 15-bit elliptic-curve key. As the article notes, Bitcoin keys are 256 bits, far larger than the example that was factored. Still, the demonstration used a variant of Shor’s algorithm—a method that is widely discussed in relation to how quantum computers could theoretically threaten certain public-key cryptosystems.
Separate from the experimental headline, blockchain analytics has also tried to quantify exposure. The article cites Glassnode’s estimates that about 1.92 million BTC (nearly 10% of supply) are considered “structurally unsafe” in a future quantum attack scenario, while another 4.12 million BTC (about 20.6%) are classified as “operationally unsafe” due to key or address management practices.
Glassnode also estimated that the remaining 69.8% (or 13.99 million BTC) appears unexposed, broadly aligning with an earlier Ark Invest estimate that 65% of Bitcoin supply was safe. While these classifications don’t eliminate uncertainty around quantum timelines, they show that market participants are treating quantum risk as something that can be managed—at least partially—through operational practices.
For Ethereum, the SPHINCS- proposal can be viewed through the same lens: rather than waiting for an emergency upgrade, developers are exploring mechanisms to reduce long-term cryptographic fragility in advance.
What to watch next is whether Ethereum implementers can validate the proposal’s practical on-chain performance in real execution conditions—particularly whether the claimed low verification cost remains consistent as systems scale—and how the community plans the longer transition toward leanSPHINCS and any eventual broader post-quantum signature rollout.
