Coinbase Explores Post-Quantum Encryption For Blockchain

Quantum computers are expected to be built at a size that is commercially useful in a mere few years, from maybe just 2028 to the mid-2030s, depending on the estimate and the exact capacity targeted.

This would be great for solving extremely complex mathematical problems to solve questions about material sciences in semiconductors, aerospace, battery, or solve proteins 3d configuration, or discover new lifesaving pharmaceuticals.

But the same capacity could be used to break encryption methods on which the modern world is built. This is why, for example, all major US banks are being forced to speed up their adoption of lattice-based cryptography, a method that is believed to be quantum-proof.

In the same way, cryptocurrencies could be in danger if the encryption that makes cryptos so secure could suddenly be broken.

这尤其成问题，因为未来的量子计算机可能会破解今天收集的数据的加密，即使这些数据目前仍然无法破解，但以后可以解码，这种方法被称为“现在收集，以后解密”（HNDL）。

In that context, the leading actors in blockchain and cryptocurrencies are moving fast as well to prepare for the eventual emergence of quantum computers.

其中之一是 Coinbase, which published its report “Quantum Computing & Blockchain” addressing these concerns and looking into the possible solution the blockchain community could and should adopt in time to avoid any real security issue.

“We have high confidence that a large-scale, fault-tolerant quantum computer (FTQC) will eventually be built. As such, blockchains and the wider cryptographic ecosystem must prepare for this eventuality.”

Coinbase’s Quantum Report Overview

In the overview of this report, Coinbase starts by reminding that the National Institute of Standards and Technology (NIST) recommends that post-quantum (PQ) migrations should be carried out by 2035. It also points out that this timeline for preparation, leaving only 9 years, might even be optimistic.

“We are not confident that cryptographically relevant quantum computers (CRQC) will not exist by 2035 or later, as recent research raises the possibility that the timeline may be shorter.”

The report is divided into 6 major segments plus an annex of “additional readings”, covering the topic extensively:

1. Quantum Computing Overview and the Current State of the Art.
2. Post-Quantum Cryptography (PQC).
3. Post-Quantum Cryptography and the Consensus Layer.
4. Post-Quantum Cryptography and the Execution Layer.
5. Post-Quantum Plans for Major Blockchains.
6. Post-Quantum Security Beyond Signing.

Quantum Computing Overview

This first part resumes what a quantum computer is, what it can do, and how the technology has progressed so far.

In short, quantum computers use superposition and other quantum effects to grow their computing power exponentially for each additional “qubit” (the quantum equivalent of normal computer bits), instead of linearly.

“ The power of quantum computers is directly related to the fact that, to describe a superposition with N qubits, one needs a list of 2^N parameters. When (say) N=1000, this is already more parameters than could be written down in the observable universe.”

As mentioned, such a computer would be ideal for simulations of the physical world and breaking encryption. It could also be used to train more efficiently AIs, a topic we uncovered previously in our article “Does Quantum Computing Have A First Real-World Use Case“。

The main limit in building a quantum computer is the hardware, which is incredibly hard to manufacture and to keep in a quantum state long enough that qubits can be trusted and perform any useful calculation.

This can be improved from two fronts: reducing the physical error rate for two-qubit gates and designing fault-tolerance schemes able to cope with higher error rates.

“To perform fault-tolerant quantum computation (FTQC), one will also constantly need to measure the physical qubits, to find out where errors have occurred and what needs to be done to correct them.”

Recent improvement in error correction indicates that 99.9% accurate two-qubit gates

might be sufficient, a much lower and realistically achievable number than initially expected (99.9999%). More importantly, this has already been achieved by Quantinuum (part of 霍尼韦尔 (HON ), 点击链接查看相关投资报告) and Google for individual qubits.

If this accuracy can be maintained when scaling to tens or hundreds of thousands of physical qubits, it will theoretically suffice for FTQC.

The report also gives an overview of the main hardware type being explored by quantum computing companies and researchers:

• Superconducting.
• Trapped-ion.
• Neutral atom.
• 光子学。
• 拓扑.

In conclusion, the article notes that while not immediately ready, there is no reason to assume that quantum computers will not be able to break the highest levels of current encryption, and blockchain/cryptocurrencies will not exist.

后量子密码学 (PQC)

Post-quantum cryptography is essential if we want the financial system as a whole, as well as military systems, to stay safe from quantum computers.

This type of encryption should also be able to run on normal-design and capacity computers.

“Post-quantum cryptography is run on classical computers and is secure against quantum attackers. This is in contrast to things like QKD (quantum key distribution), which requires the (honest) users to use quantum systems.”

Two of the leading methods are lattice-based and hash-based:

• Lattice-based: Traditional cryptographic methods like RSA and ECC are built on periodic structures in groups that Shor’s algorithm can solve efficiently by finding their “period”. In contrast, lattice-based cryptography does not rely on such structures.
• Hash-based: A very secure, but also very computing-power-hungry encryption method.

“The faster signing variant of SLH-DSA hash-base cryptography has signatures about 250 times larger than ECDSA with signing time about 1,000 times slower. Deploying these schemes on blockchains will clearly be very challenging.”

来源: Coinbase

The NIST plays a major role in setting the tone here. In 2024, the National Institute of Standards and Technology (NIST) finalized three different post-quantum cryptography (PQC) standards :

• FIPS 203 – ML-KEM – 一种基于格密码学的密钥封装机制 (KEM)，旨在作为量子安全密钥建立的主要构建模块（例如，在 TLS 或 VPN 中）。
• FIPS 204 – ML-DSA – 一种主要的数字签名方案，也是基于格的，旨在用于软件签名、证书和身份验证等用例。
• ‍FIPS 205 – SLH-DSA – 一种无状态的基于哈希的签名方案，特意基于不同的假设构建，作为“备份”，以防未来的研究揭示基于格的系统存在弱点。

来源: NIST

Post-Quantum Cryptography and the Consensus Layer

This segment of the report concerns itself with how blockchain specifically could be impacted by quantum-proof encryption, with a focus on the consensus layer.

“Generally, key concerns in migrating to PQ safety is the size of data and cost of computation. An additional challenge is orchestrating active switchover of cryptographic keys by users. ”

The main vulnerabilities stem from Shor’s algorithm, which a powerful PQ computer may use to break classical public-key cryptography.

Blockchains that migrated away from energy-intensive Proof-of-Work and instead rely on solutions to the Byzantine Fault Tolerance (BFT) problem could be more vulnerable. Here it is Shor’s algorithm that is the main threat, as the math behind this method could be solved by quantum computers.

The situation is even worse for blockchains that rely on aggregate and threshold signatures for consensus.

In this system, notably used by Ethereum, votes may be aggregated or thresholded in order to reduce the costs associated with sending validator signatures, verifying, and storing them. 这些区块链 do not have any easy plug-and-play replacement in order to make them post-quantum secure.

However, the report explained that  Bitcoin’s Proof-of-Work-based Nakamoto Consensus (NC) is only theoretically threatened by another decryption method,  Grover’s attack on hash functions

“In practice, however, Grover’s quadratic speedup does not translate to a real speedup for the puzzle sizes due to the much slower time per qubit operation in a quantum computer versus a highly optimized ASIC used for mining today. Thus, Nakamoto consensus mechanisms are essentially post-quantum secure. ”

Post-Quantum Cryptography and the Execution Layer

This segment of the report concerns itself with how blockchain specifically could be impacted by quantum-proof encryption, with a focus on the execution layer.

Cryptographic signatures attached to transactions authenticate the sender and authorize state changes. All compact signature schemes, such as ECDSA and Schnorr, would need to be replaced with PQ alternatives.

One risk is that the new post-quantum encryption systems are a lot less tried-and-tested than the traditional ones.

“Regarding lattice-based schemes like ML-DSA or FN-DSA, we may be actually downgrading security, since we will be moving to a signature scheme which has much less mileage and has not been studied to nearly the depth of schemes like ECDSA and EdDSA.”

Any scheme for the adoption of post-quantum signing will ideally meet fully a series of criteria defined in this report:

• P1: The transition does not compromise our current security posture.
• P2: The new scheme provides post-quantum security, either as-is or by enabling a fast switch to post-quantum security.
• P3: The new scheme does not add significant cost to the current way of working, at least as long as no quantum threat is imminent.
• P4: The new scheme requires minimal (if any) changes to the blockchain and current way of working, as long as no quantum threat is imminent.

The report then explores different possible strategies and compares them.

Strategy 1 generates private keys as hash outputs. This method allows, when the quantum threat is coming closer, to sign using ECDSA or EdDSA, as a signature can be constructed based on the owner’s knowledge of the preimage of the private key.

Strategy 2 moves to 2-out-of-2 hybrid/double signing. This strategy works by adding a post-quantum signature scheme and requiring that every transaction include both an ECDSA/EdDSA signature as well as a post-quantum signature (e.g., ML-DSA).

Strategy 3 moves to 1-out-of-2 (or more) signing. Similar to strategy 2, but instead of requiring both signatures, it suffices to provide a signature either using the elliptic-curve scheme or the post-quantum scheme.

来源: Coinbase

All these methods will require account holders to transfer their balances to new accounts protected by PQ signature schemes, which will be a problem in itself.

“There are millions of owned accounts UTXOs, and at the current transaction rates of blockchains like Bitcoin and Ethereum, it may take months just to commit the sheer volume of switchover transactions. ”

总体而言， Coinbase recommends using the “move to 1-of-2” strategy, as it deals with the threat without adding cost until it is needed.

Post-Quantum Plans for Major Blockchains

比特币

Bitcoin’s current approach is to ensure that all UTXO public keys can be hidden behind a hash function. This could be mitigated with a change in how public keys are managed.

“The BIP-360 proposal introduces a new taproot output type called Pay-to-Merkle-Root (P2MR) that removes this public key altogether. Once this proposal is enabled on Bitcoin main net, transitioning a P2TR output to a P2MR output will remove this vulnerability.”

同时， some core 比特币 开发私奔者s are exploring hash-based signatures for Bitcoin. At least, proof-of-work is making the mining network rather secure, which is a strong point for Bitcoin from a quantum risk perspective.

However, a wait-and-see approach is mostly favored at the moment. Coinbase points out that this is not without causing issues, notably as it could damage the prospect of Bitcoin as people start to worry about quantum-related risks.

“We remark that the wait-and-see approach has a price in that it causes market uncertainty. Thus, waiting for the exact migration plan can make sense, but it should come with a clear statement of strategy and preparation to enable speedy migration if needed.”

Ethereum

While more vulnerable to a quantum computer, the Ethereum community also published a detailed plan for mitigating the related issues.

The current plan is to transition to hash-based signatures for both the consensus and execution layers. If a standard cryptographic hash function is used, then this does not introduce new security assumptions to Ethereum.

A debate is still ongoing between stateless and stateful signature options, with stateful shorter signatures a better option for the consensus layer and stateless for the execution layer, so that account owners are protected from mistakes in state management.

总体而言， Coinbase visualized a post-quantum Ethereum where “validators attest to each block using a stateful hash-based signature scheme, and all the attestations on a specific block will be aggregated into a single proof using a hash-based succinct proof system”.

索拉纳

Solana created a new vault type, called the Solana Winternitz Vault, a hash-based signature scheme that has a manageable signature size (although signatures are two orders of magnitude bigger than ECDSA signatures).

Once Solana token holders have moved their assets to a new Winternitz-based address, the assets are no longer exposed to a quantum attacker.

In itself, this could prove a major advantage for Solana, as it is a lot more ahead than Bitcoin & Ethereum when it comes to being quantum-ready.

Others: Algorand, Sui, Aptos

Algorand 是其中之一 the first blockchain platforms to deploy post-quantum (PQ) signature schemes in production across both consensus-related mechanisms and the execution layer. This is still partially a work in progress, but it also demonstrates that blockchain technology can move to be quantum-ready quickly in some cases.

阿普托斯 uses a system where the user’s address is not derived from the hash of the user’s public key. Thus, users who want to become post-quantum secure need only sign a transaction that updates their authentication key to a post-quantum public key. There is no need to move assets to a new account.

同时， 穗 概述了 a number of strategies for migrating to a post-quantum secure chain, but it is not yet clear which of these strategies will be deployed.

Post-Quantum Security Beyond Signing

Transaction signatures and integrity of the blockchain are not the only topics where quantum computers could wreak havoc by breaking encryption.

一个例子是 threshold signatures, which are used to protect signing keys throughout the blockchain ecosystem.

In that case,  MLDSA, a lattice-based analogue of the Schnorr signature scheme, could be used. A hash-based signature scheme, such as either variant of SLH-DSA, could also be used for applications that need a stronger security assurance.

另一种是 collision-resistant hash functions, used in Merkle trees, Patricia trees, and hash-based proof systems. A priori, this is not a topic where quantum computers are a threat. But potentially, some new quantum algorithm could change that.

The pre-quantum TLS protocol is at risk of an attack called harvest-now-decrypt-later (HNDL). Luckily, post-quantum TLS is already widely deployed on the Internet. For example, in February 2026, over 60% of Cloudflare’s Internet traffic uses the hybrid post-quantum secure cipher suite X25519MLKEM768.

同时， 零知识证明系统, used in privacy systems, should not be affected. Other privacy systems with quantum-vulnerable transaction data that is meant to remain hidden forever could be more at risk of harvest-now-decrypt-later threats.

投资于 Coinbase

该报告来自 Coinbase on quantum risks and readiness of the cryptocurrency and blockchain ecosystem is an important one, and reflects on the role played by the company in being a leader of the industry and its innovation. This is a direct consequence of the size and importance the company has taken on over the past few years.

2025年， Coinbase 拥有 8 万个活跃账户，是世界上最大的比特币托管机构，持有 2.4 万枚 BTC，占比特币总供应量的 12%。

Today, besides Coinbase’s main app and crypto exchange, the company has a series of complementary offerings:

• Coinbase 一个，这是一项高级会员服务，提供零交易费、更高的权益奖励，并与加密税计算器、加密研究等合作伙伴达成交易。
• Coinbase 先进的，适合专业的加密货币交易者。
• Coinbase 钱包，用于在交易所之外自行保管加密货币以及 NFT。
• Coinbase Earn，这是一项堆叠服务，加密货币所有者可以锁定他们的加密货币，以便从网络赚取利息，其中 230 亿美元由 Coinbase的客户。
• Coinbase 卡，这是一张使用加密货币进行购买的 Visa 借记卡，使用美元支付时返还 1% 的比特币，使用 ETH 支付时返还 1.5% 的 USDC。该卡可在所有接受 Visa 借记卡的地方使用。
• 美元硬币作为与美元等值的数字稳定币，USDC 正在寻求打造“数字美元”。

Coinbase 是许多比特币 ETF 的重要合作伙伴，并负责保管比特币，这使其成为这些产品行业的重要参与者，使个人和机构投资者更容易拥有 ETF。

近期， Coinbase has been actively working on “tokenizing” its stock (and other securities), currently listed “normally” on the Nasdaq.

从早期雄心勃勃的开始， Coinbase has grown into becoming a cornerstone of the Bitcoin and crypto industry, especially in the US markets.

This has by far not been a smooth ride, Coinbase having to deal with cybersecurity attacks, unclear regulations, and lawsuits by the SEC, and see its customer services and safety protocol playing catch-up with the company’s growth.

Volatility and risks are a given in the crypto space (and really all investments), and quantum computing could bring some disruption.

But in any case, today’s more mature and dominant Coinbase is well-positioned to capitalize on crypto becoming increasingly mainstream through the growing trends of Bitcoin ETFs, stablecoin, and stock tokenization.

(You can read more from us about the pros and cons of Coinbase 作为加密货币交易所Coinbase Review – Is it Really the Best Platform?.

您还可以阅读更多关于 Coinbase in 我们专门针对该公司撰写的投资报告。.)

最新动态 Coinbase (COIN) 股票新闻和动态