Welcome back to the Project Eleven bulletin. This week, we launched QuanBot, a real-time tracker for quantum-vulnerable Bitcoin, and upgraded the Bitcoin Risq List. We also published multiple deep dives:
1. A two-part blog on post-quantum migration for EdDSA-based blockchains, including a proposed rescue path for some ECDSA wallets, and
2. An analysis of the impact quantum computers have on HD wallets.
We’ll cover each in more detail below.
Circle has announced Arc, an open, Layer-1, EVM-compatible blockchain purpose-built for stablecoin finance. Arc uses USDC as the native gas token, so fees are dollar-denominated. In short, Circle is building its own chain to optimize for predictable fees, fast settlement, and compliance-oriented features tailored to stablecoins and tokenized money.
From a post-quantum perspective, Arc’s EVM compatibility typically implies the Ethereum account model, with externally owned accounts (EOAs) secured by secp256k1/ECDSA, although the litepaper does not specify signature algorithms or any post-quantum readiness at launch. If EOAs are used, any account that signs onchain exposes its public key, which a future quantum adversary could exploit to recover the private key. In prior research on USDC’s Ethereum contracts, we observed admin roles controlled by single-key EOAs or multisigs that had already exposed their public keys. To mitigate similar risks, critical roles should be migrated to post-quantum (PQ) keys well before large-scale quantum computers arrive, ideally by adopting NIST-approved PQ signature schemes when the platform supports them or by deploying new implementations controlled by fresh, unused keys. The litepaper does not mention PQ cryptography. Overall, we are still waiting for a complete picture of Arc’s infrastructure and post-quantum decisions.
Last week, we debuted QuanBot, a live bot that tracks quantum-vulnerable BTC in real time on X. It flags coins sent to addresses known to be vulnerable to quantum attacks and alerts users when their own transaction behavior, such as address reuse or partial spends, may expose keys. In short, there’s no more guesswork about which BTC addresses are at risk. QuanBot provides immediate, transparent warnings as vulnerable coins move across the network. You can learn more in this blog post.
To complement QuanBot, we’ve released v2 of the Bitcoin Risq List, an open-source, automated database that updates weekly and covers every Bitcoin address currently at risk from a future quantum adversary, across all address types. Search any address to see whether it’s vulnerable and why (e.g., a reused public key, or a legacy P2PK). The site also breaks down at-risk balances by vulnerability type and charts how those totals change over time. Our goal is to replace speculation with hard data so the community can quantify the risk and secure funds before quantum computers arrive. You can learn more in this blog post.
Last week we released a two-part analysis that unpacks a recent paper on post-quantum migration for EdDSA-based blockchains. In Part 1, we explain how the approach works and why it makes one-click post-quantum upgrades feasible on EdDSA chains.
Part 2 explores how far this approach can extend to ECDSA wallets on networks such as Bitcoin and Ethereum. Classic ECDSA lacks a built-in seed-to-key link, but many popular wallets use deterministic derivation (BIP-39 + BIP-32). For those wallet-specific zero-knowledge circuits, implementing PBKDF2-HMAC-SHA-512 → BIP-32 derivation → secp256k1 public key and address encoding could prove that an address derives from a user’s seed and bind a new PQ key to that address. In practice, some ECDSA accounts could migrate to PQ keys without moving funds if the derivation path is known and the user still holds the mnemonic. Recognition of that binding typically depends on an offchain or auxiliary registry.
We also outline a pre-quantum fallback: cross-signed commitments (as in yellowpages). Users make a one-time, bidirectional signature (old key ↔ PQ key), timestamped in an auditable log. This creates a verifiable binding between the legacy address and the PQ key before Q-Day, without putting the old public key onchain or relying on heavy proofs. Whether via cross-signing or zero-knowledge proofs, practical strategies are emerging to retrofit both new and old chains for the quantum era, and the clock is ticking to implement them.
In an HD wallet, if all keys come from the same seed, why isn’t every address vulnerable once one address is vulnerable?
The short answer is that reusing one address does not automatically put your other HD addresses at risk. In a BIP‑32 HD wallet (such as Ledger Live, Trezor Suite, Electrum, etc.), each address has its own private key. They all come from the same seed, but they do not “share the same private key”. Reusing one address can endanger that key in a quantum future, but it doesn’t automatically pull the rest down with it.
Practical tips:
- Don’t reuse addresses. After you spend, that public key is exposed forever; don’t keep using it.
- Assume address‑level risk. One exposed address ≠ whole wallet.
- Treat xpubs as sensitive. Avoid sharing account xpubs widely.
- Stay standard. Use mainstream and up-to-date wallets. These keep addresses as leaves and avoid odd derivation depths.
- Watch for PQ upgrades. Over time the ecosystem will add post‑quantum options. When they arrive, move long‑term funds to PQ‑safe addresses.
PostQuantum’s article “How You, Too, Can Predict Q-Day (Without the Hype)” reframes Q-Day, the point when quantum computers can break today’s public-key cryptography, as a planning exercise grounded in measurable progress, not qubit headlines. It recommends tracking three practical metrics: logical-qubit capacity, logical-operations budget, and logical-operations throughput, and using the CRQC Readiness Benchmark (Q-Day Estimator) and the Quantum Threat Tracker to produce defensible, regularly updated forecasts tailored to your systems. These forecasts are inputs for early post-quantum cryptography (PQC) migration, not dates to wait for.
Accurate Q-Day estimates help developers and policymakers gauge urgency; however, Q-Day itself should not be conflated with the time frame for migration. Any blockchain still relying on vulnerable cryptography must complete its transition well before Q-Day. Once a cryptographically relevant quantum computer exists, remaining classical keys could be compromised immediately, with catastrophic results. The stakes are large: over 6 million BTC (about 30% of the supply) sit in addresses with exposed public keys, all of which a quantum attacker could steal if defenses are not in place. The prudent path is to act early, add quantum-resistant options to wallets and infrastructure as they become available, and steadily move funds to safer accounts long before the quantum threat arrives.
IBM Consulting, Keyfactor, Quantinuum, and Thales have launched the Quantum-Safe 360 Alliance, pooling cross-industry expertise to provide unified guidance and services that accelerate PQC readiness for organizations. The alliance’s first initiative is a comprehensive white paper offering a practical roadmap and actionable guidance for enterprises beginning their PQC transition, covering cryptographic agility, migration strategies, and best practices for implementing quantum-safe infrastructure. By sharing resources and knowledge, the group delivers interoperable solutions and cybersecurity best practices across platforms and sectors to help modernize cryptographic systems and prepare digital infrastructure for emerging quantum threats. This coordinated effort underscores the broader importance of proactive, collaborative preparation for the quantum era, recognizing that no single organization can address the looming PQC challenges alone.
Is the World Adopting Post-Quantum Cryptography Fast Enough? - A year after NIST’s first PQC standards and a 2035 U.S. mandate, the focus has flipped to implementation: supply chains are embedding PQC, but readiness is uneven and side-channel-resilient deployments remain a major hurdle.
Terra Quantum Brings Quantum Gravity to Quantum Computing: Advance Reduces Errors Without Added Complexity - Terra Quantum unveils a “Quantum Memory Matrix” add-on, validated on IBM hardware, that reduces errors by up to ~35% and boosts fidelity, offering a drop-in way to make today’s quantum chips more reliable without redesigning the system.
Quantum-Resistant Transition Framework for Bitcoin - Draft BIP by Bitcoin Foundation for Quantum-Resistant Transition. It proposes a phased soft-fork adding OP_CHECKSIG_PQ and migrating to SLH-DSA (SPHINCS+) with an eventual freeze of legacy ECDSA/Schnorr UTXOs, drawing swift pushback over unrealistic quantum claims, giant signatures, missing alternatives (e.g., ML-DSA), and fund-recovery risks.
Sectigo research reveals 96% of organizations are concerned about the impact of shorter SSL/TLS certificate lifespans on their business - Sectigo’s 2025 State of Crypto Agility Report surveyed 272 IT leaders with Omdia, finds 96% worried about 47-day TLS lifespans by 2029, fewer than 1 in 5 feel prepared, only 5% have fully automated certificate management, and 90% see certificate-automation work as the on-ramp to PQC readiness.
Until next time,
The Project Eleven Team
[email protected]