Blog

Protocol Update

Is Stellar Preparing for Quantum Computing? Understanding Its Post-Quantum Roadmap

Quantum computing is advancing, and with it comes a long-term threat to the cryptographic systems that secure blockchain networks. Stellar, like most blockchains, currently relies on Ed25519 digital signatures, which could be vulnerable to a sufficiently powerful quantum computer. The Stellar Development Foundation published its Quantum Preparedness Plan (QPP) in June 2026, outlining a three-stage approach to address this risk before it becomes urgent.

This article explains the quantum computing threat in practical terms, describes what the Stellar Development Foundation has announced, and outlines what users and developers should understand about the transition to post-quantum cryptography.

Key Takeaways

  • Quantum computers capable of breaking Ed25519 signatures do not exist today. The threat is years or decades away, but preparation needs to start now.
  • The Stellar Development Foundation published a formal Quantum Preparedness Plan in June 2026 with three stages, beginning with Soroban smart contract primitives.
  • NIST finalized post-quantum cryptographic standards in 2024, providing the algorithms that Stellar and other networks will adopt.
  • Post-quantum signatures are significantly larger than Ed25519 signatures (thousands of bytes vs. 64 bytes), which has real implications for network throughput and costs.
  • Users do not need to take immediate action, but developers should begin planning for crypto-agility in their applications.
  • The Quantum Threat: What It Actually Means

    For Nontechnical Readers

    Digital signatures on blockchains work like a lock and key. Your private key signs transactions (proves you authorized them), and your public key lets anyone verify the signature is genuine. The security depends on the mathematical difficulty of deriving the private key from the public key.

    Today's computers cannot solve this mathematical problem in any reasonable timeframe. A quantum computer with enough stable qubits could, using an algorithm called Shor's algorithm. If someone could derive your private key from your public key, they could authorize transactions from your account.

    The important context: No quantum computer today has anywhere near enough qubits to threaten blockchain cryptography. Current quantum computers have a few thousand noisy qubits. Breaking Ed25519 would require millions of stable, error-corrected qubits. Most estimates place this capability 10 to 30 years in the future, though estimates vary widely.

    For Developers

    Stellar uses Ed25519 for transaction signatures. Ed25519 is based on elliptic curve cryptography, which is vulnerable to Shor's algorithm on a sufficiently large quantum computer. The specific concerns are:

    1. Key derivation attack: Given a public key, a quantum computer could derive the corresponding private key. Every Stellar account publishes its public key, so every account is potentially vulnerable once quantum computers reach sufficient capability.

    2. Harvest now, decrypt later: An adversary could record signed transactions and public keys today, then derive private keys once quantum hardware matures. Long-lived accounts with significant assets are the highest-value targets.

    3. Signature forgery: With a derived private key, an attacker could sign arbitrary transactions, transferring all assets from the compromised account.

    Current State of Quantum Computing

    It is important to be precise about where quantum computing actually stands:

    MilestoneStatus
    Quantum computers existYes, but with limited qubits and high error rates
    Quantum advantage demonstratedYes, for narrow, specialized problems
    Cryptographically relevant quantum computerNo. Not expected for 10-30+ years
    NIST post-quantum standards finalizedYes, in 2024 (ML-DSA, ML-KEM, SLH-DSA)
    Blockchain networks broken by quantumNo. Not a current threat

    Do not believe claims that quantum computers can break blockchain cryptography today. They cannot. The threat is real but distant, and the purpose of quantum preparedness is to complete the migration before it becomes urgent, not to respond to an imminent attack.

    What the Stellar Development Foundation Has Announced

    The SDF published its quantum preparedness plan in early 2026, describing a phased approach to introducing post-quantum cryptographic support into the Stellar protocol. The plan acknowledges that the transition will take years and needs to begin well before quantum computers pose an actual threat.

    Phase Structure

    The plan follows a staged approach:

    Stage 1: Soroban cryptographic primitives. Post-quantum signature verification functions are introduced as Soroban host functions. Smart contracts can verify quantum-safe signatures, but the network's consensus layer continues using Ed25519. This allows developers to start experimenting with post-quantum cryptography in contract logic without changing the core protocol.

    Stage 2: Account-level support. The Stellar protocol is updated to support post-quantum signature types for account authentication. Users can optionally migrate their accounts to use quantum-safe keys while Ed25519 remains supported for backward compatibility.

    Stage 3: Network-wide transition. The protocol moves toward requiring quantum-safe signatures for all new accounts and eventually all transactions. Legacy Ed25519 accounts would need to migrate.

    Algorithm Selection

    The NIST post-quantum cryptographic standards finalized in 2024 provide the foundation:

    AlgorithmNIST StandardTypeSignature SizePublic Key Size
    ML-DSA (Dilithium)FIPS 204Lattice-based2,420-4,627 bytes1,312-2,592 bytes
    SLH-DSA (SPHINCS+)FIPS 205Hash-based7,856-49,856 bytes32-64 bytes
    FN-DSA (Falcon)FIPS 206Lattice-based666-1,280 bytes897-1,793 bytes

    For comparison, Ed25519 (Stellar's current algorithm) uses 64-byte signatures and 32-byte public keys.

    The Size Problem

    The most immediate technical challenge is that post-quantum signatures are dramatically larger than Ed25519:

    AlgorithmSignaturePublic KeyCombined
    Ed25519 (current)64 bytes32 bytes96 bytes
    ML-DSA-65 (likely first candidate)3,309 bytes1,952 bytes5,261 bytes
    SLH-DSA-128s (conservative)7,856 bytes32 bytes7,888 bytes

    A standard Stellar transaction envelope that currently fits in a few hundred bytes could grow to several kilobytes with post-quantum signatures. This affects:

  • Network throughput: Larger transactions mean fewer transactions per ledger at current capacity
  • Storage costs: The ledger grows faster, accelerating state archival needs
  • Transaction fees: If fees are partially based on transaction size, costs increase
  • Bandwidth: Validators need to propagate larger transactions across the network
  • This is why the 5,000 TPS roadmap is not just about scaling for institutional settlement. It may also be necessary to maintain current effective throughput when transactions become larger.

    Migration Challenges

    For Users

    Most users interact with Stellar through wallets, exchanges, or applications. The migration to post-quantum keys would ideally be transparent:

  • Wallet software updates to support new key types
  • Users generate new quantum-safe key pairs
  • Users authorize the key migration using their existing Ed25519 keys
  • New transactions use quantum-safe signatures
  • The risk is that users who do not migrate remain vulnerable once quantum computers become capable. Abandoned or inactive accounts with significant balances are a particular concern because no one is available to perform the migration.

    For Exchanges and Custodians

    Exchanges and custodians manage keys for millions of users. The migration involves:

  • Generating and securely storing new key material (which is larger)
  • Updating signing infrastructure to handle new algorithms
  • Coordinating key rotation across potentially millions of accounts
  • Maintaining backward compatibility during the transition period
  • For Anchors and Institutions

    Anchors (on/off-ramp providers) and institutional participants need to update their:

  • Transaction signing infrastructure
  • Key management systems
  • Hardware security modules (HSMs) to support new algorithms
  • Compliance and audit systems to handle new key formats
  • Why Crypto-Agility Matters

    Crypto-agility is the ability of a system to switch between cryptographic algorithms without requiring a complete redesign. It is important for two reasons:

    1. Algorithm uncertainty: While NIST has standardized ML-DSA, SLH-DSA, and FN-DSA, future research could reveal weaknesses in any of these algorithms. A crypto-agile system can switch to a different algorithm without a crisis-level migration.

    2. Gradual transition: A network that supports multiple signature types simultaneously allows users and applications to migrate at their own pace, rather than requiring a hard cutover date.

    Stellar's multi-phase approach reflects crypto-agility: adding new algorithms alongside Ed25519 rather than replacing it immediately.

    Risks of Abandoned Accounts

    One of the harder problems in quantum preparedness is handling accounts whose owners are unable or unwilling to migrate:

  • Lost keys: If a user has lost access to their account but it still holds value, no one can perform the migration
  • Deceased users: Accounts belonging to deceased individuals with no estate planning for crypto assets
  • Inactive organizations: Companies that created Stellar accounts but no longer exist
  • Long-term holders: Users who purchased XLM, stored it, and have not interacted with the network in years
  • These accounts will remain on Ed25519 keys and become vulnerable once quantum computers mature. The Stellar community will need to decide how to handle this, and the options (forced migration, account freezing, accepting the risk) all have trade-offs.

    What Stellar Users Should Do Now

    For Individual Users

  • Do not panic. Quantum computers cannot break your keys today.
  • Stay informed. Follow Stellar Development Foundation announcements about quantum preparedness milestones.
  • Keep your wallet software updated. When post-quantum support is available, your wallet will need to be updated to use it.
  • Consider key rotation practices. Getting comfortable with generating new keys and migrating accounts is good practice regardless of quantum concerns.
  • For Developers

  • Design for crypto-agility. Do not hard-code Ed25519 assumptions into your application logic. Abstract signature verification so the algorithm can be swapped.
  • Monitor Soroban SDK updates. Post-quantum verification primitives will appear in the Soroban SDK before they reach the core protocol.
  • Test on testnet. When post-quantum features become available on Stellar's testnet, start testing your applications with the new signature types.
  • Plan for larger transactions. If your application logic depends on transaction size limits, plan for the increase that post-quantum signatures will bring.
  • For Institutions

  • Assess your exposure. How many accounts do you manage? What is their total value? How long will migration take?
  • Evaluate your HSM capabilities. Do your hardware security modules support the NIST post-quantum algorithms?
  • Include quantum preparedness in your roadmap. Budget time and resources for the migration before it becomes urgent.
  • How Other Blockchains Are Approaching This

    Stellar is not alone in addressing quantum preparedness:

    NetworkApproach
    StellarPhased plan starting with Soroban primitives, then account-level support
    EthereumResearch-phase; Ethereum Foundation has funded PQ research
    BitcoinNo formal plan; community discussion ongoing
    AlgorandState proofs use Falcon signatures (PQ-resistant)
    QRL (Quantum Resistant Ledger)Built from scratch with hash-based signatures

    Most major blockchain networks are in the research or early planning phase. Stellar's published multi-phase plan puts it ahead of many peers, though actual implementation timelines remain to be confirmed.

    Sources and Further Reading

  • Stellar Development Foundation Quantum Preparedness Plan
  • NIST Post-Quantum Cryptography Standardization (FIPS 203, 204, 205, 206)
  • Shor's Algorithm and its implications for elliptic curve cryptography
  • Stellar Core Advancement Proposals (CAPs) repository

  • *Stay ahead of protocol changes on Stellar. LumenQuery provides managed Horizon API and Soroban RPC with real-time network monitoring and protocol upgrade tracking. Start free.*

    Related Resources

  • Stellar Horizon API — Access account and transaction data with managed API infrastructure
  • Soroban RPC API — Build and test smart contracts using the latest Soroban SDK features
  • Stellar API Provider Comparison — Compare infrastructure options for production Stellar applications