Post-Quantum Cryptography Migration Guide for Smart Contract Developers

Frequently Asked Questions

01.What is post-quantum cryptography and why does it matter for smart contracts?

Post-quantum cryptography refers to cryptographic algorithms designed to resist attacks from quantum computers running Shor's algorithm, which can break the elliptic curve cryptography used by Ethereum and Bitcoin today. For smart contracts, the risk is direct: every externally owned account that has sent a transaction has exposed its public key on-chain permanently, making it a target for harvest-now-decrypt-later attacks once a cryptographically relevant quantum computer exists.

02.Which NIST post-quantum algorithms should smart contract developers use?

NIST finalized three post-quantum standards in August 2024. ML-KEM (FIPS 203, derived from CRYSTALS-Kyber) handles key encapsulation. ML-DSA (FIPS 204, derived from CRYSTALS-Dilithium) handles digital signatures and is the primary replacement for ECDSA in smart contract signing contexts. SLH-DSA (FIPS 205, derived from SPHINCS+) provides a stateless hash-based alternative for high-assurance use cases. Most Web3 teams will adopt ML-DSA first due to its balance of signature size and verification speed.

03.How does ERC-4337 account abstraction enable post-quantum migration for Ethereum wallets?

ERC-4337 account abstraction replaces externally owned accounts with smart contract wallets that implement custom signature validation logic inside a validateUserOp function. This means the wallet can accept ML-DSA or SLH-DSA signatures instead of ECDSA, without waiting for a protocol-level hard fork. Migrating to an ERC-4337 smart account today positions a protocol to swap signature schemes incrementally as quantum threats evolve, and it also unlocks key rotation, social recovery, and session keys as side benefits.