Press enter or click to view image in full size

The quiet threat beneath immutable ledgers
Blockchain is designed for permanence. Transactions, once confirmed, are recorded on a ledger intended to endure. That permanence is the source of trust, but it also creates a structural liability. What cannot be changed cannot be retroactively protected. As quantum computing advances, the cryptography that supports this permanence is approaching a point where the assumptions that secure today’s public-key cryptography could fail. The risk is not abstract. It is a timing problem. Anything recorded on-chain under today’s signature schemes may remain exposed to signature-forgery risk if those schemes become vulnerable faster than networks can migrate.

What “Harvest Now, Decrypt Later” means and how it maps to blockchains
The timing risk has a classical analogue. In traditional security, Harvest Now, Decrypt Later (HNDL) means adversaries capture encrypted data today and decrypt it in the future when stronger computation becomes available. Public blockchains are different because transaction data is not encrypted. Instead, they rely on digital signatures to anchor ownership and authorization. The analogous risk is harvest now, derive later. According to Navigating the Quantum Computing Threat, “by utilizing Shor’s algorithm, an adversary equipped with a sufficiently powerful quantum computer can derive the ECDSA secret key Ks solely from the public-key Kp” (Feng et al., p. 28). The authors add that this “poses a significant security risk to blockchain systems” because an attacker could “successfully forge the identity of any wallet, validate themselves on the blockchain, and potentially initiate the transfer of assets from the breached wallet” (Feng et al., p. 28). In practice, adversaries can record on-chain activity and any public keys that are revealed or can be recovered from signatures today, then attempt exploitation later if quantum computers can derive private keys from those public keys.

Press enter or click to view image in full size

Migration is necessary and difficult
Addressing the risk requires two coordinated tracks. Even once a quantum-resistant replacement is chosen, migration is not simple. The paper cautions that “the process of directly replacing ECDSA with another compatible digital signature algorithm that is secure against quantum attacks, presents several challenges. The migration process itself is complex and time-consuming, raising concerns about compatibility and potential issues during the transition” (Feng et al., p. 28). In addition to protocol-level signature migration, the paper considers wallet-level mitigations. Many production wallets rely on BIP39, and while quantum attacks could target keys derived from public keys, “the security of the BIP39 Seeds or recovery phrases held by current users remains intact due to the quantum-resistant properties of hashing. If we are able to design an alternative post-quantum algorithm that leverages the Seed to accommodate inactive users and preserve the address mapping, it could partially mitigate the impact of migration” (Feng et al., pp. 28–29). These approaches are complementary: protocol changes protect future signatures, while BIP39-based tooling can help migrate existing users safely.

Time as an attack vector for authenticity, not secrecy
The core risk for blockchains is not decrypting private data. It is an authenticity failure. If quantum computers eventually enable private-key derivation from public-key material, signature validity collapses for affected accounts, and any resulting forgeries would be visible but not reversible on an immutable ledger. The National Institute of Standards and Technology (NIST) has issued post-quantum standards for digital signatures and key establishment to guide migration planning. In parallel, the Autonomys Research Team emphasizes efficiency, since “larger signature sizes contribute to increased network bandwidth and higher costs associated with the consensus algorithm,” and without care, validation can become “slow and impractical” (Feng et al., p. 30).

Press enter or click to view image in full size

Conclusion: preparedness over promises
Cryptography will change. Resilient networks plan for change. Industry pathways under consideration include adopting NIST-selected post-quantum signature schemes and phasing key rotation. In parallel, the Autonomys Research Team is evaluating those options and exploring its own migrations, including preserving address mapping from BIP39 seeds to support safe user migration. Our focus is methodical readiness: establishing performance baselines, building migration tooling, and defining key rotation procedures so that, when standards and tooling stabilize, transition becomes execution rather than crisis.

About Autonomys

The Autonomys Network — the foundation layer for AI3.0 — is a hyper-scalable decentralized AI (deAI) infrastructure stack encompassing high-throughput permanent distributed storage, data availability and access, and modular execution. Our deAI ecosystem provides all the essential components to build and deploy secure super dApps (AI-powered dApps) and on-chain agents, equipping them with advanced AI capabilities for dynamic and autonomous functionality.

X | LinkedIn | Discord | Telegram | Blog | Docs | GitHub | Forum | YouTube

Sources

• Autonomys Research Team — “Navigating the Quantum Computing Threat”, research led by Chen Feng, Head of Research, Autonomys Network, to be published by Computer Science Review, 2025. Some paraphrased content referencing McKinsey Digital — “When and How to Prepare for Post-Quantum Cryptography”, May 2022.
• NIST IR 8547 (IPD) — “Transition to Post-Quantum Cryptography Standards”, November 2024.
• Global Risk Institute & Quintessence Labs — “Quantum Threat Timeline Report 2024”, 2024.