Quantum Threat Timeline for Blockchain: 2026-2030 Guide
Table of Contents
Table of Contents
Share

NIST FIPS 203, 204, 205 and IR 8547 set 2030 and 2035 deadlines. Audit ECDSA exposure and migrate blockchain keys before quantum harvest-now attacks mature.
Frequently Asked Questions
- No cryptographically relevant quantum computer exists yet. The Global Risk Institute's March 2026 expert survey put the probability of one emerging within 10 years at 28 to 49 percent, rising to 51 to 70 percent within 15 years. Most estimates cluster the highest-risk window between 2030 and 2035, which is why NIST set 2030 as its deprecation date for ECDSA and RSA rather than treating the threat as decades away.
- Harvest now, decrypt later describes an adversary recording encrypted data or exposed public keys today so a future quantum computer can break the underlying key later. For blockchain this is worse than for typical encrypted traffic because every public key that has ever appeared on-chain is permanently public and immutable. An attacker does not need to intercept anything; the exposed key is already sitting in the ledger history waiting to be harvested.
- ECDSA, used by Bitcoin and pre-merge Ethereum accounts, and Schnorr signatures, used in Bitcoin Taproot, both rely on the elliptic curve discrete logarithm problem, which Shor's algorithm solves in polynomial time on a sufficiently large fault-tolerant quantum computer. Symmetric primitives like SHA-256 and AES-256 are far more resistant because Grover's algorithm only offers a quadratic speedup against them, not an exponential break.
- FIPS 203 (ML-KEM, based on CRYSTALS-Kyber), FIPS 204 (ML-DSA, based on CRYSTALS-Dilithium), and FIPS 205 (SLH-DSA, based on SPHINCS+) are the three post-quantum cryptography standards NIST finalized on August 13, 2024. ML-KEM handles key encapsulation, ML-DSA is the primary lattice-based digital signature standard, and SLH-DSA is a conservative hash-based signature backup with different security assumptions than the lattice-based pair.
- CoinShares institutional research found approximately 1.6 million BTC, about 8 percent of total supply, sitting in legacy Pay-to-Public-Key outputs where the public key is already visible on-chain. Broader estimates that include reused Pay-to-Public-Key-Hash addresses run higher, but CoinShares notes only a small fraction of those UTXOs would cause meaningful market disruption if compromised, since most are dormant early-era coins rather than active exchange balances.
Don't Miss What's Next
Subscribe to newsletter
post-quantum cryptography
blockchain security
NIST FIPS 203
ECDSA migration
Get in Touch
Our team will get back to you within 24 hours.













