SingaporeBNB Chain’s quantum hardening test dropped throughput 40%.
Lattice signatures bloated transactions from 110 bytes to 2.5 KB, BNB Chain’s test found; the bottleneck was bandwidth, not verification speed.
Bitcoin and Ethereum are pursuing different upgrade paths; no chain has shipped a quantum-resistant mainnet.
Sources: CoinDesk
WHAT BREAKS
Every Bitcoin and Ethereum address is secured by ECDSA over the secp256k1 curve. Shor's algorithm (1994) turns the underlying discrete-logarithm problem from intractable to tractable on a sufficiently large quantum computer — meaning a future machine could derive a private key from any public key it sees on-chain.
THE SIGNATURE BLOAT
ECDSA signatures are 64–72 bytes because elliptic curves pack a lot of security into small numbers. Lattice-based post-quantum schemes like Dilithium and Falcon get their hardness from high-dimensional math that does not compress — signatures balloon by 20–40x, which is what blew up BNB's transaction size from 110 bytes to 2.5 KB.
WHY BANDWIDTH IS THE CEILING
A blockchain's throughput is bounded by block size divided by average transaction size, times block frequency. Verification speed rarely binds — gossip propagation across thousands of geographically dispersed nodes does. Make each transaction 20x larger and you either cut throughput proportionally or raise the block size and lose validators on slow links.
HARVEST NOW, DECRYPT LATER
Adversaries are assumed to be archiving the entire chain today. Any address that has ever spent has its public key sitting in that archive, waiting for the day a cryptographically-relevant quantum computer exists. Migration is not a future problem — coins that don't move to PQ addresses before Q Day are exposed retroactively.
THE UPGRADE PATHS DIVERGE
Bitcoin's culture favors a soft fork adding a new PQ-signature opcode (BIP-360 style), letting users opt in by moving coins. Ethereum, with account abstraction already shipped, can let each wallet swap its own signature scheme without a chain-wide hard fork. BNB's test points to the third path: rebuild the base layer and absorb the throughput hit.
NIST'S WINNERS
After an eight-year competition, NIST standardized three post-quantum signature schemes in 2024: ML-DSA (Dilithium), SLH-DSA (SPHINCS+), and FN-DSA (Falcon). Each trades differently between signature size, verification speed, and the cryptographic assumption it leans on — there is no single winner, which is why blockchains are testing different ones.