Skip to main content

Sui's Post-Quantum Leap: Stateless Signatures Signal a New Cryptographic Arms Race

· 9 min read
Dora Noda
Dora Noda
Software Engineer

On March 31, 2026, Google Quantum AI published a paper with an alarming conclusion: a future quantum computer could break Bitcoin's 256-bit elliptic curve cryptography with fewer than 500,000 physical qubits — and do it in roughly nine minutes. That timeline shrinks every quarter. Within days, Algorand surged 50% as markets repriced the quantum-resistant narrative. Then on May 2, 2026, two developments landed almost simultaneously: Sui began running a working post-quantum stateless signature implementation on testnet, and Solana's Anza and Firedancer validator clients shipped Falcon-512 signature verification, prompting Solana co-founder Anatoly Yakovenko to warn Ethereum L2 users to "abandon all hope" on quantum safety.

The cryptographic arms race that security researchers have been predicting for years is no longer theoretical. It is live, on testnet, and reshaping how blockchains think about their survival timelines.

Why Quantum Computing Changes Everything for Blockchains

Every public blockchain in production today relies on elliptic curve cryptography (ECC) — specifically, algorithms like ECDSA and EdDSA — to secure transactions, validator signatures, and consensus messages. ECC's security comes from the computational difficulty of the elliptic curve discrete logarithm problem (ECDLP). Classical computers would take longer than the age of the universe to brute-force a 256-bit private key. A sufficiently powerful quantum computer running Shor's algorithm could do it in minutes.

The practical question has always been: how far away is "sufficiently powerful"? For years the answer was "decades." Google's March 2026 paper compressed that estimate dramatically. The team demonstrated that a cryptographically relevant quantum computer (CRQC) requires fewer physical qubits than previously modeled — and that error-correction overhead can be reduced through architectural improvements that are actively being pursued.

G7, EU, and U.S. regulatory frameworks have already started the clock: planning is required by 2026, infrastructure migration by 2030–2032, and full transition by 2035. The projected Q-Day — the point when a CRQC can break live production signatures — is now centered around 2029. That is less than three years away for any blockchain that hasn't started.

What Makes Sui's Stateless Signature Approach Different

Not all post-quantum upgrades are equal. The most straightforward approach — swap ECDSA for a NIST-approved lattice scheme and redeploy — creates a cascade of operational problems. Most stateful post-quantum schemes (like hash-based XMSS) require signers to maintain and update internal state with every signature. For blockchain validators running hot wallets at thousands of transactions per second, managing stateful keys creates failure modes and coordination overhead that break the operational model entirely.

Sui's testnet implementation targets a stateless design. The likely candidates — FALCON (FN-DSA, the basis of NIST FIPS 206), CRYSTALS-Dilithium (ML-DSA, FIPS 204), or post-quantum zk-STARKs — share a critical property: signers do not need to update key state between uses. For Sui validators and wallet holders, this means the upgrade path preserves the operational model they already depend on.

The zk-STARK route is particularly interesting for Sui's specific architecture. EdDSA chains can layer post-quantum zk-STARKs on top of existing accounts, where a single proof allows all of an account's future transactions to switch to a quantum-safe mode. This construction also solves a problem that plagues every ECC-based chain: "sleeping" accounts — wallets whose owners have lost access or whose seed phrases sit in cold storage for years — become quantum-vulnerable the moment a CRQC can derive the private key from a public address. Under the zk-STARK model, proof of seed ownership can substitute for a live signature, protecting dormant addresses without requiring funds to move or addresses to rotate.

Mysten Labs co-founder Adeniyi Abiodun has offered to coordinate with the Bitcoin ecosystem and open-source Mysten's quantum research, suggesting the Sui team views its approach as broadly applicable rather than narrowly proprietary.

Sui's Built-In Advantage: Cryptographic Agility

Sui was designed with cryptographic agility from the start. The Move VM supports multiple signature schemes simultaneously — the same property that lets Sui accounts use different cryptographic primitives today will let the network add post-quantum schemes with minimal breaking changes for existing dApps.

This matters enormously. Many blockchains treat the signature scheme as a protocol constant baked into consensus. Upgrading it requires a hard fork, a migration window, and coordination across every wallet, exchange, and application that touches the chain. Sui's agility means the transition can be incremental: new accounts can adopt PQ schemes immediately while legacy accounts migrate on their own schedule, with the network running both simultaneously.

The testnet rollout specifically validates whether PQ signatures remain stable under production load. The concern isn't just verification correctness — it's whether the signature scheme can handle Sui's throughput without degrading latency, and whether edge cases in the Move VM's signature verification paths behave correctly under the new scheme. Three months of PQ load on testnet before a mainnet decision is a reasonable validation threshold.

The Non-EVM Lead: Solana and Algorand Have Already Filed In

Sui is not running this race alone. Solana's Anza and Firedancer clients shipped Falcon-512 verification in late April 2026, making it the second major non-EVM L1 to demonstrate production-ready PQ verification. Falcon-512 has the smallest signature footprint among NIST-standardized post-quantum algorithms — critical for a network with Solana's throughput architecture, where post-quantum signature bloat would otherwise hit bandwidth and storage costs hard.

Algorand went further: in November 2025, it executed the world's first post-quantum transaction on mainnet using FALCON signatures, before any other major L1. Algorand's state proofs already use Falcon to provide quantum-secure attestations of chain state, compressing 256 block headers into certificates that external chains and light clients can verify without trusting any single party. When Google's March 2026 Quantum AI whitepaper cited Algorand as a real-world example of PQC deployment, ALGO surged 50% in a week as markets noticed which networks had actually shipped.

The pattern is becoming clear: Sui, Solana, and Algorand — all non-EVM L1s — are the three networks with live or near-live PQ implementations. The Move family and Solana's high-performance architecture share a common property: their validator and wallet stacks were rebuilt from scratch, making it easier to add new cryptographic primitives without carrying a decade of ECC assumptions in every corner of the codebase.

Ethereum's Quantum Gap and the L2 Problem

Yakovenko's "abandon all hope" comment targeted Ethereum L2s specifically, and the critique has teeth. Ethereum's base layer is actively preparing: the Ethereum Foundation launched a post-quantum security hub in March 2026 with more than ten client teams involved, and EIP-8141 — targeting the Hegotá hard fork in H2 2026 — would introduce native account abstraction, allowing individual accounts to choose their own signature verification scheme. The Foundation's roadmap targets completion of core PQ infrastructure by approximately 2029.

But L2s are a different problem. Most Ethereum rollups — Arbitrum, Optimism, zkSync, and others — inherit Ethereum L1's ECDSA assumptions in their fraud proof systems, validator key management, and bridge contracts. A meaningful PQ migration would need to reach not just users and L1 validators, but the entire network of rollup sequencers, bridge operators, and DA layer components built around those assumptions. The coordination surface is an order of magnitude larger than an L1 upgrade alone.

The 37 million ETH staked in proof-of-stake consensus represents the most concentrated exposure: every validator message and attestation uses ECDSA. A CRQC could forge attestations, steal staked ETH, or rewrite recent transaction history before the network can detect and exclude the adversary. PQ migration for Ethereum's validator set alone is a multi-year coordination exercise, not a patch.

Infrastructure Will Bear the Heaviest Load

The performance implications of PQ signatures are not abstract. Lattice-based signatures like FALCON and ML-DSA are significantly larger than their ECC equivalents — estimates range from 5x to 30x for signature sizes, and CPU verification cost increases by 3x to 10x depending on the scheme and optimization level.

For RPC infrastructure — the nodes that index, validate, and serve blockchain data to applications — this changes the economics of operating at scale. A single RPC node handling thousands of signature verifications per second under Ed25519 will face a meaningfully different load profile under FALCON. Transaction sizes inflate, block space costs shift, and the computational budget per request grows. Operators who have tuned their infrastructure for current signature overhead will need to reprice rate limits and worker pool sizes.

This is not a distant problem: if Sui's testnet validation succeeds and mainnet deployment follows, RPC operators will need to adapt before the transition completes, not after.

What Comes Next

The testnet milestone marks the beginning of a multi-step process, not a finish line. Sui's team needs three months of PQ load stability on testnet before any mainnet timeline becomes credible. The specific signature scheme choice — FALCON vs. Dilithium vs. a custom zk-STARK construction — will determine the exact performance trade-offs the network accepts. Wallet providers need time to update signing libraries. Application developers need to audit their contract assumptions.

But the race has started, and the non-EVM networks are clearly ahead. By the time Google's quantum timeline reaches 2029, the blockchain networks that waited for a definitive Q-Day announcement will have months, not years, to migrate. The ones that used 2026–2028 to harden testnet implementations and validate the upgrade path will be in a fundamentally different position.

Sui's stateless signature approach — if it proves stable — offers a model that other chains can study: preserve operational continuity, protect dormant accounts, and maintain throughput, all while removing the cryptographic assumption that a quantum computer could eventually exploit. Whether that model becomes a template for the industry, or remains a non-EVM edge, depends largely on what the testnet data shows over the next quarter.

BlockEden.xyz operates high-performance RPC and API infrastructure for Sui, Aptos, and 20+ blockchains. As post-quantum signature schemes reach production, our infrastructure team is actively evaluating the performance and capacity implications for our node operations. Explore our Sui and Aptos API services built for the demands of the next generation of blockchain infrastructure.

Share on Twitter