Is Stellar Preparing for Quantum Computing? Understanding Its Post-Quantum Roadmap
Quantum computing is advancing, and with it comes a long-term threat to the cryptographic systems that secure blockchain networks. Stellar, like most blockchains, currently relies on Ed25519 digital signatures, which could be vulnerable to a sufficiently powerful quantum computer. The Stellar Development Foundation published its Quantum Preparedness Plan (QPP) in June 2026, outlining a three-stage approach to address this risk before it becomes urgent.
This article explains the quantum computing threat in practical terms, describes what the Stellar Development Foundation has announced, and outlines what users and developers should understand about the transition to post-quantum cryptography.
Key Takeaways
The Quantum Threat: What It Actually Means
For Nontechnical Readers
Digital signatures on blockchains work like a lock and key. Your private key signs transactions (proves you authorized them), and your public key lets anyone verify the signature is genuine. The security depends on the mathematical difficulty of deriving the private key from the public key.
Today's computers cannot solve this mathematical problem in any reasonable timeframe. A quantum computer with enough stable qubits could, using an algorithm called Shor's algorithm. If someone could derive your private key from your public key, they could authorize transactions from your account.
The important context: No quantum computer today has anywhere near enough qubits to threaten blockchain cryptography. Current quantum computers have a few thousand noisy qubits. Breaking Ed25519 would require millions of stable, error-corrected qubits. Most estimates place this capability 10 to 30 years in the future, though estimates vary widely.
For Developers
Stellar uses Ed25519 for transaction signatures. Ed25519 is based on elliptic curve cryptography, which is vulnerable to Shor's algorithm on a sufficiently large quantum computer. The specific concerns are:
1. Key derivation attack: Given a public key, a quantum computer could derive the corresponding private key. Every Stellar account publishes its public key, so every account is potentially vulnerable once quantum computers reach sufficient capability.
2. Harvest now, decrypt later: An adversary could record signed transactions and public keys today, then derive private keys once quantum hardware matures. Long-lived accounts with significant assets are the highest-value targets.
3. Signature forgery: With a derived private key, an attacker could sign arbitrary transactions, transferring all assets from the compromised account.
Current State of Quantum Computing
It is important to be precise about where quantum computing actually stands:
| Milestone | Status |
|---|---|
| Quantum computers exist | Yes, but with limited qubits and high error rates |
| Quantum advantage demonstrated | Yes, for narrow, specialized problems |
| Cryptographically relevant quantum computer | No. Not expected for 10-30+ years |
| NIST post-quantum standards finalized | Yes, in 2024 (ML-DSA, ML-KEM, SLH-DSA) |
| Blockchain networks broken by quantum | No. Not a current threat |
Do not believe claims that quantum computers can break blockchain cryptography today. They cannot. The threat is real but distant, and the purpose of quantum preparedness is to complete the migration before it becomes urgent, not to respond to an imminent attack.
What the Stellar Development Foundation Has Announced
The SDF published its quantum preparedness plan in early 2026, describing a phased approach to introducing post-quantum cryptographic support into the Stellar protocol. The plan acknowledges that the transition will take years and needs to begin well before quantum computers pose an actual threat.
Phase Structure
The plan follows a staged approach:
Stage 1: Soroban cryptographic primitives. Post-quantum signature verification functions are introduced as Soroban host functions. Smart contracts can verify quantum-safe signatures, but the network's consensus layer continues using Ed25519. This allows developers to start experimenting with post-quantum cryptography in contract logic without changing the core protocol.
Stage 2: Account-level support. The Stellar protocol is updated to support post-quantum signature types for account authentication. Users can optionally migrate their accounts to use quantum-safe keys while Ed25519 remains supported for backward compatibility.
Stage 3: Network-wide transition. The protocol moves toward requiring quantum-safe signatures for all new accounts and eventually all transactions. Legacy Ed25519 accounts would need to migrate.
Algorithm Selection
The NIST post-quantum cryptographic standards finalized in 2024 provide the foundation:
| Algorithm | NIST Standard | Type | Signature Size | Public Key Size |
|---|---|---|---|---|
| ML-DSA (Dilithium) | FIPS 204 | Lattice-based | 2,420-4,627 bytes | 1,312-2,592 bytes |
| SLH-DSA (SPHINCS+) | FIPS 205 | Hash-based | 7,856-49,856 bytes | 32-64 bytes |
| FN-DSA (Falcon) | FIPS 206 | Lattice-based | 666-1,280 bytes | 897-1,793 bytes |
For comparison, Ed25519 (Stellar's current algorithm) uses 64-byte signatures and 32-byte public keys.
The Size Problem
The most immediate technical challenge is that post-quantum signatures are dramatically larger than Ed25519:
| Algorithm | Signature | Public Key | Combined |
|---|---|---|---|
| Ed25519 (current) | 64 bytes | 32 bytes | 96 bytes |
| ML-DSA-65 (likely first candidate) | 3,309 bytes | 1,952 bytes | 5,261 bytes |
| SLH-DSA-128s (conservative) | 7,856 bytes | 32 bytes | 7,888 bytes |
A standard Stellar transaction envelope that currently fits in a few hundred bytes could grow to several kilobytes with post-quantum signatures. This affects:
This is why the 5,000 TPS roadmap is not just about scaling for institutional settlement. It may also be necessary to maintain current effective throughput when transactions become larger.
Migration Challenges
For Users
Most users interact with Stellar through wallets, exchanges, or applications. The migration to post-quantum keys would ideally be transparent:
The risk is that users who do not migrate remain vulnerable once quantum computers become capable. Abandoned or inactive accounts with significant balances are a particular concern because no one is available to perform the migration.
For Exchanges and Custodians
Exchanges and custodians manage keys for millions of users. The migration involves:
For Anchors and Institutions
Anchors (on/off-ramp providers) and institutional participants need to update their:
Why Crypto-Agility Matters
Crypto-agility is the ability of a system to switch between cryptographic algorithms without requiring a complete redesign. It is important for two reasons:
1. Algorithm uncertainty: While NIST has standardized ML-DSA, SLH-DSA, and FN-DSA, future research could reveal weaknesses in any of these algorithms. A crypto-agile system can switch to a different algorithm without a crisis-level migration.
2. Gradual transition: A network that supports multiple signature types simultaneously allows users and applications to migrate at their own pace, rather than requiring a hard cutover date.
Stellar's multi-phase approach reflects crypto-agility: adding new algorithms alongside Ed25519 rather than replacing it immediately.
Risks of Abandoned Accounts
One of the harder problems in quantum preparedness is handling accounts whose owners are unable or unwilling to migrate:
These accounts will remain on Ed25519 keys and become vulnerable once quantum computers mature. The Stellar community will need to decide how to handle this, and the options (forced migration, account freezing, accepting the risk) all have trade-offs.
What Stellar Users Should Do Now
For Individual Users
For Developers
For Institutions
How Other Blockchains Are Approaching This
Stellar is not alone in addressing quantum preparedness:
| Network | Approach |
|---|---|
| Stellar | Phased plan starting with Soroban primitives, then account-level support |
| Ethereum | Research-phase; Ethereum Foundation has funded PQ research |
| Bitcoin | No formal plan; community discussion ongoing |
| Algorand | State proofs use Falcon signatures (PQ-resistant) |
| QRL (Quantum Resistant Ledger) | Built from scratch with hash-based signatures |
Most major blockchain networks are in the research or early planning phase. Stellar's published multi-phase plan puts it ahead of many peers, though actual implementation timelines remain to be confirmed.
Sources and Further Reading
*Stay ahead of protocol changes on Stellar. LumenQuery provides managed Horizon API and Soroban RPC with real-time network monitoring and protocol upgrade tracking. Start free.*