Quantum computing’s impact on crypto may be a small slice of its total impact on the world, but carries outsized economic implications. In exploring this intersection, I see a twofold opportunity emerging. On one hand, there are opportunities around protection – safeguarding today’s multi-trillion dollar crypto market from future quantum attacks. On the other, opportunities around acceleration are emerging – where quantum physics unlocks entirely new cryptographic infrastructure and applications. In short, quantum computing can be seen as both an existential threat and catalyst for the crypto industry. An investment thesis should therefore consider both angles: investing defensively in “quantum-proofing” the crypto ecosystem, and offensively to accelerate quantum-powered crypto applications.
Here, I will first try to briefly answer two important questions relevant to this look into the emerging ecosystem: How soon will quantum computing break crypto? And, what exactly is at risk? And then I will go on to explore potential opportunity areas given the timelines and risk vectors.
For a primer on quantum computing fundamentals, see this video.
Many experts anticipate that a cryptographically relevant quantum computer could arrive by the mid-2030s – or perhaps sooner – but the precise timeline is hard to pin down. A lot of the uncertainty stems from the fact that quantum systems are inherently fragile and noisy, making it challenging to reduce errors arising from decoherence and other quantum noise in order to achieve fault tolerance (when logical error rates can be suppressed to arbitrarily low levels). It’s hard to know how long this will take.
A number of quantum computing developments are already compressing the timeline:
Investments in quantum are soaring: Private and public funding into quantum computing is reaching record highs. In 2024, VC investments in the quantum industry reached a record high of $2.6 billion (majority in US companies at $1.7 billion) and public funding in quantum R&D reached an estimated $44.5 billion ($15 billion in China alone).
Major breakthroughs are happening more frequently: Recent quantum chips like Microsoft’s Majorana-1, Google’s Willow, and AWS’s Ocelot each represent distinct leaps forward in quantum computing: Majorana-1 leverages topological qubits for intrinsic error resistance, Willow demonstrates error rates that decrease with scale, and Ocelot slashes the overhead of error correction by up to 90%, making fault-tolerant quantum computing more attainable and accelerating the timeline by several years. New research by Google suggests a 20-fold decrease in the number of noisy qubits required to factor RSA-2048.
Quantum computing can now be distributed: Oxford researchers recently achieved a milestone by linking two quantum processors via a photonic network, demonstrating the first instance of distributed quantum computing. The ability to enable quantum logic gates across physically separate devices is relevant to creating distributed quantum computing networks (e.g., “Quantum DePIN”).
Rapid scalability advances: Google’s Willow demonstrated qubit scaling correlating with exponential suppression of logical error rates when physical error rate is below a critical threshold. NTT’s load/store quantum architecture separates memory and processing, increasing portability and reducing quantum resource requirements by as much as 40%. Various other approaches suggest error rates are decreasing quickly as well as physical-to-logical qubit overhead.
China’s ascension: China continues to invest heavily in quantum research, with projects like the Zuchongzhi 3.0 processor competing against Western efforts. This geopolitical competition is fueling faster progress and increased urgency from West to East.
It’s important to note public skepticism around some of these claims and the possibility of overreach of preliminary results for the sake of marketing. Nevertheless, they do warrant concern that Q-Day could be sooner than anticipated (who really knows how advanced China’s quantum computers are already?). Given the catalysts already accelerating the timeline, the right time to prepare is now.
It’s important to remember that quantum computers are not being designed to replace classical computers, but rather to solve a class of specific problems much faster using quantum algorithms. Their goal is augmentation, not replacement. To know what is actually at risk, we need to first understand what makes a quantum computer cryptographically relevant.
For crypto(graphy), the primary threats derive from two families of quantum algorithms: Shor’s algorithm (an existential threat to public-key cryptography) and Grover’s algorithm (which weakens hash-based and symmetric cryptography but doesn’t break it completely).
Shor’s algorithm: Turns factoring and discrete-log problems from “practically impossible” into polynomial time on a sufficiently powerful quantum computer. This effectively presents an existential risk to any cryptography based on factoring (e.g., RSA) and discrete-log problems (e.g., every elliptic curve scheme). Beyond blockchains, it can break TLS/HTTPS, compromising the confidentiality and integrity of every website, e-commerce transaction, online banking session, email, and even VPNs.
Grover’s algorithm: Gives a quadratic speed-up for unstructured, brute-force search (e.g., 1 billion queries → 31,623 queries). This presents a manageable risk to hash-based cryptography (e.g., SHA-256) and symmetric schemes (e.g., AES) that don’t base their security on solving mathematical problems. So, they only need to double their parameters to get the same security against Grover’s.
TLDR: If a primitive is vulnerable to Shor, replace it. If it’s only vulnerable to Grover, enlarge its parameters.
Below, we present a table of crypto-relevant primitives to provide a quick look into their hardness assumptions and what’s at risk, what’s not, and why.
All Elliptic curve-based problems are on the same risk timeline as they all require ~2000-2500 logical qubits to break (i.e., potentially late-2020s to mid-2030s). RSA-2048 adds potentially several more years of protection due to its larger input which requires roughly twice the logical qubits to break it.
One acute risk is Satoshi’s ~1 million bitcoins (worth over $100 billion today). These early-mined coins use the old P2PK format that plainly reveal the public key even without spending. They’d have to be burned or left vulnerable to theft as Q-Day approaches, posing a serious ideological dilemma. In fact, the total Bitcoins vulnerable either in P2PK addresses or reused addresses (public key also revealed via spend) is estimated at 6.26 million or over 30% of all mined Bitcoins!
Understanding when quantum computing could break today’s chains and which primitives are at risk doesn’t just sound the alarm – it also reveals a two-sided roadmap for builders and investors.
On one axis lies the protection opportunities: tools and services that harden today’s chains against future quantum attacks. On the other, the acceleration opportunities: entirely new primitives and applications unlocked by quantum hardware’s unique strengths. Just as GPUs accelerated classical linear algebra workloads (e.g., deep learning, ZK proving), quantum hardware could accelerate workloads in other mathematical domains by leveraging superposition and entanglement (e.g., number theory, sampling, simulation, optimization and search), powering novel cryptographic constructions and applications (e.g., faster pricing, bias-free randomness, smarter liquidity, and new cryptographic primitives).
Below is a high-level overview of these opportunity areas. In the rest of the report, I’ll expand on each.
One of the most immediate needs is replacing vulnerable cryptographic algorithms across blockchain networks. Almost all major blockchains (Bitcoin, Ethereum, Solana, etc.) rely on elliptic-curve digital signatures (ECDSA for Bitcoin and Ethereum; Ed25519 for Solana) that are known to be breakable by a sufficiently powerful quantum computer using Shor’s algorithm (solves the discrete logarithm problem). Once you’ve made even one transaction, the signature reveals the public key and a sufficiently powerful quantum-computer can then reveal your private key. Your keys, their coins.
To stay safe, these signatures must be swapped out for post-quantum cryptography (PQC) alternatives that quantum computers can’t crack. Promising PQC algorithms have been developed in recent years, often based on mathematical problems believed to resist quantum attacks (e.g., hash-based vaults, lattices, error-correcting codes). In 2022, the US National Institute of Standards and Technology (NIST) selected several PQC algorithms for standardization (e.g., Dilithium, Falcon and SPHINCS+ to replace ECDSA), paving the way for broader adoption. These algorithms produce larger signatures and keys, but are designed to be computationally difficult for quantum computers.
Upgrading a blockchain to PQC is a massive undertaking. It means updating consensus rules, wallet software, smart contract logic, and more. For instance, Ethereum researchers have explored proposals to integrate PQC signature schemes while maintaining backward compatibility (see also the lattice-based Falcon scheme implemented in smart wallets). One suggested approach is hybrid: allowing accounts to use either the old ECDSA or a new PQC scheme, giving years of leeway to migrate. Vitalik also has outlined a recovery hard fork in the case of a sudden quantum emergency, which involves rolling back the chain post-attack and introducing a new transaction type that can migrate funds to quantum-resistant smart contract accounts. The Ethereum Foundation also recently backed ZKnox, a new research organization focused on PQC.
In the short term, blockchains could theoretically employ stopgap measures like encapsulation of public keys (aka “stealth addresses” leveraging zk-STARKs or lattice-based homomorphic encryption (FHE), for instance, to avoid exposing public addresses onchain) or using longer hashes or symmetric keys to add protection (since these are relatively safe against quantum attacks, aside from a quadratic speedup via Grover’s algorithm). However, the endgame is clear: PQC upgrades are inevitable for any crypto project that intends to survive in the quantum world. Early movers in this space (e.g., PQC-upgraded existing chains, PQC vault services, new PQC-based L1s) stand to gain adoption from institutions recognizing imminent quantum risks.
There is an emerging market gap for wallets, custodians, and hardware security modules (HSMs) that are quantum-secure by design. This ranges from retail crypto wallets (mobile, hardware wallets) that can generate and sign with PQC keys, to institutional custody platforms that ensure large holdings are quantum proof. As mentioned before, virtually all crypto is at risk after making even a single transaction. Beyond using PQC addresses for all transactions, a wallet can build in quantum resistance by enforcing single-use keys or signatures so that each key material is valid for exactly one transaction (a classical alternative to quantum money’s anti-cloning function) – examples include Solana Winternitz Vaults, Shift’s PUF-based one-time signatures, and Zond’s Merkle-tree-based one-time keys. Likewise, custody providers (exchanges, banks holding crypto) will demand quantum security guarantees as we approach the 2030s.
Even with PQC algorithms available, migrating existing users and assets to new keys is non-trivial. Billions of cryptocurrency keys (addresses, smart contract keys, multisigs, etc.) would need to be rotated to quantum-safe addresses to protect all of DeFi (e.g., TVL in multisig bridges and treasuries). As blockchains (especially the majors) often face protracted upgrade cycles, phased rollouts can delay native PQC by years.
This presents an opportunity for middleware that facilitates mass key migration and recovery. For instance, a startup might offer “quantum-safe vault” services to custodians: automatically moving funds from vulnerable addresses to new PQC-protected addresses, with audit trails. Quip Vault and Project 11 are working on this. Another idea is building migration into wallet software – prompting users to upgrade keys through an easy UI long before Q-Day (e.g., one-click migration to stealth address). Productizing such solutions as “quantum-protection-as-a-service” could be a valuable and demanded sector, given the technical complexities of trying to quantum-protect oneself. The emphasis of these services should be on minimizing user friction: the more seamless the migration, the more likely it is adopted before a crisis.
Randomness is a cornerstone of crypto(graphy), used in generating private keys and nonces to executing fair lotteries and securing consensus protocols. In the near term, quantum random number generation (QRNGs) can be integrated into crypto as a general security enhancement. Blockchains and smart contracts rely on randomness for leader election, lotteries, privacy, etc. but producing unbiased, unpredictable true randomness onchain is non-trivial. Quantum physics provides a source of true randomness – measuring quantum states yields fundamentally unpredictable outcomes. Startups are already selling QRNG chips and APIs; API3 partnered with the Australian National University to provide a QRNG API for smart contracts. We may see other crypto startups leveraging QRNG vendors, for instance, to create a quantum randomness oracle that feeds into smart contracts to compete against Chainlink’s VRF-based RNG (built on ECC, using same secp256k1 curve that underlies Ethereum’s signature scheme). QRNGs would provide the crypto industry with stronger guarantees of unpredictability than pseudo-random, deterministic algorithms and even hardware-based “true RNGs” based on thermal or electronic noise. QRNG is certifiably random at the most absolute level of physics known.
How do your browser and the server agree on a symmetric key without exposing it to potential eavesdroppers? Today’s secure channels establish these “shared secrets” using public-key key-exchange protocols, such as Diffie-Hellman or its elliptic-curve variant (ECDH) – allowing two parties to independently compute the same secret key without ever sending it directly. However, these methods are not quantum-secure. To this end, quantum key distribution (QKD) takes a fundamentally different approach: it uses the quantum properties of photons to generate and transmit keys such that any eavesdropping attempt is immediately detectable. While already deployed in high-security niche settings like government networks and bank data centers, broader commercial adoption (e.g., in blockchain networks) faces hurdles that will likely take many years to address.
Current QKD systems rely on the device-dependent protocols, meaning under the assumption that all quantum devices are honest, precisely calibrated, and free of hidden side channels. Device-independent QKD (DI-QKD) removes the need to trust the internal functioning of devices by leveraging Bell-inequality violations and self-testing techniques to certify security solely from observed measurement statistics. DI-QKD represent the pinnacle of QKD security but requires stringent requirements for high detection rates and ultra-low noise.
Device-dependent QKD can rack up costs as high as $300,000 per mile of dedicated fiber and $20M per quantum data center, limiting feasibility to massively funded entities like the major banks or governments. Infrastructure constraints require direct fiber-optic links (no internet routing), restricting current use to point-to-point applications like validator-to-validator channels. Quantum repeaters could extend range but remain experimental. With that said, initial QKD-blockchain proofs-of-concept like JPMorgan’s Kinexys Liink demonstrate that QKD can be utilized for “mission-critical” real-world blockchain applications. However, mass adoption hinges on cost reductions and scalable infrastructure. The telecom industry is projected to invest $6.3 billion between 2025-2030 to address these challenges, focusing on modular QKD hardware and shared fiber networks. Until then, QKD will likely remain a niche tool for only ultra high-assurance crypto applications.
The DePIN sector is starting to demonstrate that crypto can be useful for coordinating shared resources like storage, bandwidth, compute, and more. One vision is using crypto to coordinate shared quantum hardware in the future. A “Quantum DePIN” would let owners of quantum processors offer unused capacity to a network, with users submitting jobs and paying in crypto. The blockchain would handle discovery, payment, and potentially verification of quantum computations, with the goal of democratizing access to these costly machines and incentivizing better utilization.
It might seem a bit far-fetched given the current state of quantum computing (and DePIN). Quantum processors remain scarce, prohibitively expensive, and centrally controlled by cloud providers that can guarantee uptime, service-level agreements, and hardware upgrades. A DePIN model may still be many years away and, even if technically feasible, it may struggle to match the reliability and service guarantees of centralized providers (DePIN classical compute networks still struggle with this).
That said, those very operational and maintenance burdens could become a business case for a DePIN-style marketplace. Power cycling superconducting quantum computers incurs massive costs and downtime. Warm-up and calibration cycles can take days and incur large cryogenics and labor costs, so labs often leave machines running even when idle. By monetizing unused quantum-compute windows, universities and research centers could offset these overheads and transform sunk costs into revenue generation.
Early proofs-of-concepts suggest there is potential. Google’s Willow showed that linking more qubits or interconnected quantum processors can exponentially suppress logical error rates when the underlying physical error rate is below a critical threshold. D-Wave conducted a demonstration of a distributed quantum blockchain using four of its quantum annealing processors networked together, and demonstrated “proof-of-quantum-work,” as an energy-efficient alternative to classical PoW. Beyond experimental consensus mechanisms, a Quantum DePIN could accelerate problem solving across domains like financial optimization, machine learning, supply-chain routing, materials design, and drug discovery. For instance, in the financial domain, quantum computing is being explored to improve or accelerate derivatives pricing, risk modeling, arbitrage discovery, and liquidity efficiency, which may be useful for market makers, MEV bots, and algorithmic trading.
Some of the most intriguing opportunities lie in new cryptographic primitives that are made possibly only by quantum mechanics. These go beyond just fixing what quantum breaks; instead they use quantum properties (like superposition and entanglement) to achieve feats that classical cryptography can’t do or can’t do efficiently. Integrating such primitives into digital asset infrastructure could spawn entirely new classes of applications.
A few examples of quantum-native primitives and their potential crypto use-cases:
Quantum copy-protection: Leverages the no-cloning theorem to encode software in a quantum state that runs but cannot be duplicated. Imagine onchain, physics-enforced DRM for IP/NFTs or private smart-contract code.
Certified deletion: A sender destroys a quantum ciphertext and outputs a classical proof that the plaintext is irrecoverable, even by an all-powerful adversary. Could be useful for verifiable key erasure or GDPR-style data removal from archival nodes.
Quantum position verification: The responder must return a quantum challenge fast enough to prove they occupy a specific location; doesn’t require trusted infrastructure, instead relying on the impossibility of cloning or relaying quantum states. Could enable location-locked signatures to bolster the verifiability of high-value crypto transfers or governance votes.
Unclonable encryption: Unclonable encryption embeds ciphertexts in quantum states so any copy attempt corrupts decryption of all copies, preventing “harvest-now-decrypt-later” attacks. This could be ideal for long-term protection of sensitive data in cloud storage committed to blockchains.
Quantum money: Digital “banknotes” are unique quantum states; that cannot be forged due to the no-cloning theorem and lattice-based hardness. Recent decentralized constructions allow public verification without a central bank, pointing toward a possible future where quantum currencies coexist with classical cryptocurrencies.
While all of these technologies are in nascent research stages and their potential crypto use cases here are entirely hypothetical, they are intriguing ideas to start exploring “moonshot” quantum applications in crypto and digital assets more broadly.
The coming quantum era will reshape the cryptographic foundations of the digital world. For crypto, this is both an existential risk and a generational opportunity. On one side, protect the crypto ecosystem’s value by investing in quantum-safe infrastructure (so blockchains can thrive in spite of quantum adversaries). On the other, accelerate new frontiers by leveraging quantum tech in decentralized models (so crypto can productively evolve through quantum advances). It’s encouraging to see movements like Quantum Punks emerging specifically to promote the latter.
In the near term, we have to focus on protection: pushing forward post-quantum upgrades, widespread key migration, and fortifying wallets and infrastructure. The good news is that the tools to do so (PQC algorithms, etc.) already exist in prototype form. The challenge is actively mobilizing the community before complacency turns into crisis. We need developer-friendly SDKs, seamless migration tooling, and clear protocol standards in place before Q-Day.The timeline may be uncertain, but as I noted, even a small probability of an early quantum breakthrough justifies hedging the risk with proactive measures now (e.g., establishing requisite dev tooling and documentation to support the transition). The cost of being unprepared would far outweigh the effort of quantum-proofing efforts in advance.
At the same time, forward-looking projects are exploring the acceleration opportunities: Truly random beacons, quantum-secure communication channels, new primitives like quantum money, and eventually harnessing quantum computing within blockchain applications. These innovations could fundamentally enhance digital asset security and functionality, potentially solving problems that classical cryptography cannot.
Special thanks to Sylvain, Alex, Nicola, Colton, Fabrizio, Daniel, Antonio, and Catrina for the insightful discussions and feedback.
Disclaimer
This article is prepared for general information purposes only. This post reflects the current views of its authors only and is not made on behalf of Lemniscap or its affiliates and does not necessarily reflect the opinions of Lemniscap, its affiliates or individuals. The opinions herein may be subject to change without this article being updated.
This article does not constitute investment advice, legal or regulatory advice, investment recommendation, or any solicitation to buy, sell or make any investment. This post should not be used to evaluate the making of any investment decision, and should not be relied upon for legal, compliance, regulatory or other advice, investment recommendations, tax advice or any other similar matters.
All liability in connection with this article, its content, and any related services and products and your use thereof, including, without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement is disclaimed. No warranty, endorsement, guarantee, assumption of responsibility or similar is made in respect of any product, service, protocol described herein.
Over 100 subscribers
https://paragraph.com/@lemniscap/quantum-x-crypto