A Handful of Blockchain Projects Claim Quantum Resistance Before the Threat Arrives

QRL launched with XMSS hash-based signatures as its only option in 2018

The Quantum Resistant Ledger went live on June 26, 2018, built from the ground up around the eXtended Merkle Signature Scheme. XMSS belongs to the family of hash-based signature algorithms that NIST approved in its post-quantum standardization process, and QRL adopted it years before that approval was finalized. Every transaction on the network — transfers, token creation, multisig operations — signs exclusively with XMSS. There is no fallback to ECDSA, no hybrid mode, no legacy compatibility layer.

Peter Waterland, the project's founder and a former emergency medicine physician in the United Kingdom, described the design philosophy as deliberately narrow. "The decision to exclude elliptic curve cryptography entirely was not popular in 2016 when the codebase was being written," Waterland said in a February 2026 interview with The Block. "Hash-based signatures were slower, the key sizes were larger, and very few people in the blockchain space thought quantum computing would matter within their lifetimes."

The tradeoffs remain visible. XMSS signatures on QRL are approximately 2.5 kilobytes each, compared to 64 bytes for an ECDSA signature on Bitcoin. Block sizes run larger, transaction throughput is lower, and the one-time nature of each XMSS key pair — a tree of pre-computed hashes that gets consumed leaf by leaf — forces users to manage key exhaustion in a way that no mainstream blockchain requires. The network processes fewer than 200 transactions per day. Its market capitalization, hovering around $18 million as of April 2026, places it outside the top 500 cryptocurrencies by any ranking service.

That obscurity does not invalidate the cryptographic choice. XMSS's security rests on the hardness of finding collisions in cryptographic hash functions — a problem that Shor's algorithm cannot efficiently solve. Grover's algorithm, the other major quantum speedup, reduces the effective security of a hash function by half (from 256-bit to 128-bit equivalent), but 128-bit security remains well beyond any projected quantum capability. QRL is, by construction, the most quantum-resistant blockchain in existence. Whether anyone will use it is a separate question.

IOTA's Coordicide plan includes a post-quantum signature migration path

IOTA, the directed acyclic graph (DAG) protocol originally designed for Internet of Things micropayments, has a complicated history with quantum resistance. The project launched in 2016 using the Winternitz one-time signature scheme (WOTS) through a custom hash function called Curl-P. Independent cryptographers from MIT and elsewhere identified critical weaknesses in Curl-P in 2017, and the IOTA Foundation replaced it with standard Kerl — a Keccak-384 wrapper — later that year.

The switch to Kerl preserved one-time signature semantics but introduced severe usability constraints. Addresses could only be used once for sending; reusing a WOTS address after a transaction progressively leaked private key material. The IOTA Foundation acknowledged that users lost funds through accidental address reuse, a failure mode that does not exist on any ECDSA or Ed25519 chain. The Chrysalis upgrade in April 2021 abandoned WOTS entirely and moved to Ed25519, which is, ironically, vulnerable to Shor's algorithm.

IOTA's long-term roadmap, anchored by the Coordicide initiative that aims to remove the centralized coordinator node, includes provisions for a future migration to NIST-standardized post-quantum algorithms. The IOTA Foundation's documentation references both CRYSTALS-Dilithium and Falcon as candidates for transaction signing in a post-coordinator network. No implementation timeline has been published. The coordinator itself — a single point of trust that validates every transaction on the IOTA mainnet — remains operational as of May 2026, and Coordicide has been in development for over four years without a mainnet launch date.

The trajectory illustrates a pattern that recurs across quantum-resistant blockchain claims: the announcement of intent often runs years ahead of delivery.

Algorand added Falcon signature support through a state proof upgrade

Algorand stands apart from the other projects on this list because its PQC implementation is already running in production. In September 2022, the Algorand protocol deployed state proofs — compact cryptographic certificates that allow light clients and cross-chain bridges to verify Algorand consensus decisions without trusting a third party. Those state proofs sign with Falcon-512, one of the four algorithms NIST selected in its post-quantum cryptography standardization process.

Silvio Micali, the Turing Award-winning cryptographer who founded Algorand, framed the decision as a matter of engineering discipline rather than urgency. "State proofs need to remain verifiable for years, potentially decades, after they are generated," Micali said during a presentation at the Algorand Decipher conference in November 2022. "Using Falcon ensures that a state proof created today will still be trustworthy even if the elliptic curve assumptions collapse tomorrow."

The scope of the implementation, however, is narrow. Falcon signatures protect state proofs — the interoperability layer — but not individual user transactions. Every Algorand account still signs transactions with Ed25519. A quantum attacker targeting Algorand funds would bypass the Falcon-protected state proof layer entirely and go after the Ed25519 keys directly, the same way such an attacker would target Solana or any other Ed25519 chain.

Algorand's research team has published papers exploring full transaction-level PQC migration, including a lattice-based scheme that could replace Ed25519 for account signing. No governance proposal for the migration has been submitted. Algorand's market capitalization of approximately $2.1 billion as of April 2026 makes it the largest blockchain with any post-quantum cryptographic implementation in production, but the qualifier "any" does heavy lifting in that sentence — the protection covers infrastructure, not user funds.

Solana's Winternitz vault prototype stores PQC keys alongside Ed25519

Solana introduced the Winternitz vault as a SIMD (Solana Improvement and Development) proposal in late 2025. The vault is not a protocol-level change. It is an on-chain program that allows users to store funds behind a hash-based one-time signature alongside the standard Ed25519 key. Withdrawals from the vault require both signatures, creating a hybrid construction where the quantum-vulnerable Ed25519 layer is backstopped by a quantum-resistant Winternitz layer.

The design carries significant constraints. Winternitz one-time signatures (WOTS+) can, as the name indicates, only sign a single message per key. Each withdrawal from the vault consumes the current Winternitz key and derives a new one from a pre-committed hash chain. If the chain runs out — WOTS+ trees are finite — the user must create a new vault. Signature sizes balloon to roughly 1.2 kilobytes compared to Ed25519's 64 bytes. Transaction costs increase. Wallet interfaces must account for key exhaustion in a way that no current Solana wallet does.

Anza, the development organization behind the Agave validator client (formerly Solana Labs), and Jump Crypto's Firedancer team have both indicated interest in broader PQC integration. Internal discussions at Solana's Breakpoint 2025 conference referenced a potential migration to Falcon or CRYSTALS-Dilithium for account signing, but no formal proposal exists. The Winternitz vault remains opt-in, experimental, and used by fewer than 300 accounts on mainnet-beta as of April 2026.

Solana's approach reflects the tension between backward compatibility and forward-looking security. A full protocol-level migration to post-quantum signatures would touch every wallet, every program invocation, and every validator's signature verification pipeline. The Winternitz vault sidesteps that disruption by offering quantum resistance as an optional add-on — a shelter for cautious users, not a retrofit of the entire system.

Ethereum's roadmap places quantum resistance in the Splurge phase beyond 2029

Vitalik Buterin has addressed Ethereum's quantum exposure more explicitly than the leadership of any other top-five blockchain. In a March 2024 blog post titled "How Ethereum's Multi-Phase Roadmap Handles the Quantum Threat," Buterin categorized quantum resistance under the "Splurge" — the final, catch-all phase of Ethereum's development roadmap that follows the Merge, Surge, Scourge, Verge, and Purge. The Splurge has no target date.

"Ethereum does not need to solve quantum resistance at the protocol level tomorrow," Buterin said during a panel at ETHDenver in February 2026. "Account abstraction gives individual wallets the freedom to adopt post-quantum signature schemes right now, without waiting for a hard fork. The protocol just needs to verify whatever signature the wallet presents."

The account abstraction path that Buterin referenced  — codified in ERC-4337 and increasingly supported by wallet providers — decouples signature verification from the protocol layer. A smart contract wallet using ERC-4337 can implement CRYSTALS-Dilithium, Falcon, or any other algorithm without requiring changes to the Ethereum Virtual Machine. The transaction is signed off-chain with the post-quantum scheme, and the smart contract verifies it on-chain using custom logic.

The practical adoption of PQC through ERC-4337 remains negligible. Fewer than 4% of Ethereum transactions in April 2026 originated from ERC-4337 accounts, according to data aggregated by Dune Analytics. Of those, an even smaller fraction — too small to register in on-chain analytics — used non-ECDSA signature schemes. The tooling exists. The migration has not started.

Ethereum's core developers have discussed more aggressive approaches. A "quantum emergency" plan, outlined in Ethereum Improvement Proposal discussions in late 2025, would freeze all externally owned accounts (EOAs) with exposed public keys and require proof of private key knowledge through a quantum-safe mechanism before unlocking funds. The plan is a last resort — disruptive, technically complex, and politically fraught — but its existence signals that the developer community takes the threat seriously enough to sketch contingency measures, even as the official roadmap defers the work to an unscheduled future phase.

Most quantum-resistant claims remain unaudited by independent cryptographers

Beyond QRL, IOTA, Algorand, Solana, and Ethereum, dozens of smaller projects market themselves as quantum resistant. Chains like Nexus, xx Network, and Mochimo list quantum resistance as a headline feature. Privacy-focused projects including Abelian and QANplatform claim lattice-based signature integration. Several Layer 2 protocols assert that their off-chain computation layers are "quantum-safe by design" without specifying which algorithms enforce that property.

The gap between marketing language and cryptographic substance is, in many cases, wide. A quantum-resistant blockchain requires more than a post-quantum signature algorithm — it requires that the algorithm be correctly implemented, that the key generation process is sound, that the protocol does not leak private information through side channels, and that the entire system has been audited by researchers who specialize in post-quantum cryptanalysis. Few of the projects making quantum claims have published third-party audit reports covering their PQC implementations specifically.

Peter Waterland, whose QRL project has undergone multiple independent security reviews including a formal audit by Red4Sec and X41 D-Sec, offered a blunt assessment. "Putting a lattice-based signature into a GitHub repository and calling the chain quantum resistant is like bolting a padlock onto a screen door," Waterland said. "The signature is one component. The hash functions, the randomness source, the state management, the key lifecycle — all of those need to be quantum-resistant too, and all of them need to be audited."

NIST's standardization process provides a baseline of algorithmic trust. XMSS, Falcon, CRYSTALS-Dilithium, and SPHINCS+ have all undergone years of public cryptanalysis. But standardization of the algorithm does not guarantee correctness of a specific implementation. OpenSSL, the most widely used cryptographic library in the world, has shipped critical vulnerabilities in its implementations of well-established algorithms — Heartbleed being the most infamous example. Post-quantum libraries are younger, less battle-tested, and supported by smaller developer communities.

The blockchain industry's relationship with quantum resistance in 2026 resembles the broader technology sector's relationship with Y2K preparation in 1997: awareness is high, urgency is low, and the line between genuine engineering and opportunistic marketing is difficult for non-specialists to discern. QRL built its entire protocol around the problem. Algorand deployed Falcon in a limited but meaningful capacity. Solana and Ethereum have published proposals that range from functional prototypes to aspirational roadmap items.

The rest of the ecosystem, for the most part, has done neither — and the gap between those who have started and those who have not will only matter once harvest-now-decrypt-later data begins to be decrypted. If post-quantum migration timelines hold — and if the major chains execute their upgrades before a cryptographically relevant quantum computer reaches sufficient scale — the current period of scattered, uneven preparation may prove adequate. If the timelines slip, the projects that treated quantum resistance as a marketing checkbox rather than an engineering requirement will be the first to face consequences.