The Quantum Objection, Assessed
Quantum computing is becoming a recurring objection in institutional blockchain evaluations. In most cases, it shouldn’t be, according to Nethermind’s recent report, Quantum risk and institutional blockchain strategy: An institutional assessment.
This report provides a probability-weighted, source-cited assessment of the quantum threat and Ethereum’s response, based on publications from NIST, BIS, the G7 Cyber Expert Group, the NSA, and NCSC UK, alongside independent expert surveys.
The central finding: Ethereum’s post-quantum transition is on track to complete roughly 3–5 years before a cryptographically relevant quantum computer (CRQC) is likely to exist.
“The more relevant question for institutional allocators isn’t whether quantum will eventually threaten on-chain cryptography. It will.
“The question is whether deferring blockchain exposure actually changes your risk profile. The answer is no,” said Michał Zając, chief strategy officer and head of research, Nethermind.
Why this matters now
This report addresses three questions that recur in board level and risk committee discussions. All claims are cited against primary sources: expert surveys, hardware
benchmarks, NIST-finalised standards, and published regulatory timelines.
How real is the quantum threat to blockchain infrastructure?
Is Ethereum’s migration plan credible?
What does waiting actually cost relative to acting early?
Key Findings
- The quantum computer timeline is measurable, not imminent
Expert surveys assign less than 5% probability to a CRQC before 2028, and 15–35% probability in the 2029–2033 window.
Current quantum processors cannot break any deployed cryptographic standard. The gap between today’s largest devices and the threshold required to threaten ECDSA is approximately three orders of magnitude.
This is relevant context for risk sizing, not a reason to dismiss the threat.
2. Blockchain quantum exposure is structurally different from traditional infrastructure
Most institutional risk assessments treat blockchain and traditional infrastructure as sharing the same quantum vulnerability profile. They don’t.
On blockchain-based systems, the threat is specific: public keys are permanently exposed on-chain once an account has transacted.
A future CRQC could derive private keys from that public record via Shor’s algorithm, enabling signature forgery and fund theft.
This applies to any chain using ECDSA or EdDSA, including Ethereum, Bitcoin, and most L2s. The mitigation is pre-emptive key rotation to post-quantum schemes.
By contrast, the “harvest now, decrypt later” threat that dominates traditional
risk assessments, where adversaries store encrypted data today for future quantum decryption, primarily affects TLS connections, VPNs, and stored ciphertext in conventional banking infrastructure.
An institution deferring blockchain adoption while continuing to operate RSA-based TLS and ECDH-secured VPNs is not reducing its quantum exposure.
It is maintaining full vulnerability through traditional infrastructure while forgoing the platform furthest along in building the defence.
3. Ethereum has a phased, NIST-aligned post-quantum roadmap targeting completion by 2030
Ethereum’s transition proceeds in three phases: algorithm research and testnet deployment through 2027; consensus layer migration and hybrid signature mode through 2029; full deprecation of classical signatures by 2030.
The cryptographic choices, hash-based signatures (SPHINCS+, XMSS) endorsed by NIST’s finalised standards, prioritise security margin over performance.
Under median threat forecasts, full transition completes with an estimated 3–5 year buffer before a CRQC becomes probable.
For context, no other major L1 has published a comparable phased migration plan with NIST-aligned algorithm choices and defined completion targets.
Bitcoin’s UTXO model offers some structural advantages (unexposed public keys for unspent outputs) but has no coordinated PQ transition roadmap. Solana and most L2s are even earlier still.
This doesn’t make Ethereum the only viable chain, but it is the one where the PQ migration path is most legible for institutional due diligence.
4. Existing on-chain assets have a defined fallback
For institutions already deployed on Ethereum, the question isn’t only whether the roadmap is completed on time.
It’s what happens if quantum capability arrives earlier than expected. Ethereum’s roadmap includes an emergency contingency: a ZK proof-based fund recovery system that would allow users to prove ownership of pre-quantum accounts without exposing vulnerable private keys.
This mechanism is already specified at the protocol level and is designed to activate if a CRQC materialises before the full transition completes. It does not require users to have migrated in advance.
This is a meaningful risk mitigant for any institution holding assets on Ethereum today, and a relevant differentiator against chains that lack an equivalent fallback.
5. Every major regulatory deadline points to the same window
NIST deprecates 112-bit security algorithms (RSA-2048, ECC P-256) in 2030 and disallows all legacy non-PQ cryptography by 2035.
NSA’s NSM-10 requires federal systems to be quantum-safe by 2035. NCSC UK targets completed cryptographic migration by 2035. BIS Paper 158 calls for cryptographic agility as a foundational principle for financial institutions now.
Ethereum’s roadmap completes ahead of every one of these deadlines.
6. Delay compounds quantum risk rather than reducing it
Blockchain integration takes 3–5 years from evaluation to production deployment.
Institutions that defer until quantum is “solved” face a specific set of consequences: competitors will have built operational capability in the interim, institutional
standards will have been set without their input, and their migration timelines will be compressed against the regulatory deadlines listed above.
Nethermind Recommends
If you’re already deployed on Ethereum
Conduct a cryptographic inventory of exposed public keys across your accounts and contracts. Monitor the ZK-proof recovery mechanism specification as it develops. Align your internal migration timeline with Ethereum’s Phase 2 (hybrid signature mode, targeting 2029) as the trigger for key rotation planning.
If you’re evaluating blockchain entry
Build post-quantum readiness into your platform due diligence now. Assess candidate chains on three criteria: whether they have a published PQ migration roadmap, whether their algorithm choices align with NIST-finalised standards, and whether they have a fallback mechanism for pre-migration assets. Ethereum currently leads on all three.
What to watch in the next 12 months
IBM and Google quantum hardware announcements (specifically logical qubit counts, not physical), NIST’s PQ standard adoption rate across financial infrastructure, and Ethereum’s testnet deployment milestones for hash-based signatures.
