Welcome back to the Project Eleven bulletin. This week we published “Quantum Attack Vectors in Ethereum,” a blog post analyzing post-quantum vulnerabilities in Ethereum’s cryptography and the implications of those vulnerabilities. We also updated the Q-Day Clock with the latest quantum-computing milestones and announced our first research grant recipient, Dr. Doruk Gür.
Join us today (09/03/25 - 13:00 ET) for the Project Eleven State Space on X where we break down what’s next for quantum and digital assets. Don’t miss it!
Vitalik Buterin recently highlighted Metaculus’s crowd forecast for Q-Day: a median around 2040 and, as he put it, ‘seemingly about a 20% chance’ of arriving by 2030. That spread underscores how hard it is to predict when quantum machines will break modern cryptography. Hardware progress is uneven and assumptions differ. The planning takeaway: even if the median is a decade away, a credible tail risk in the 2020s is reason enough to start post-quantum preparations now.
Our latest blog post maps Ethereum’s quantum attack surface. In short: signatures are the weak link; hashes are not, and Ethereum has multiple vulnerabilities. Shor’s algorithm puts elliptic-curve signatures at risk, ECDSA for externally owned accounts (EOAs) and BLS for validators, once the public keys are visible. By contrast, Keccak-256–based primitives (addresses, Merkle proofs) get only a quadratic speedup from Grover’s algorithm. We show where keys appear onchain: EOA transactions expose full ECDSA public keys; validator deposits reveal BLS keys; and even features like KZG commitments and onchain SNARK verifier keys embed elliptic-curve public keys/points. The risk isn’t limited to users. In our earlier USDC analysis, many privileged roles (proxy admin, minter, pauser, etc.) were ordinary EOAs that had already revealed public keys, so the surrounding stablecoin infrastructure inherits the same exposure.
Two attack modes to plan for. First, the slow grind: keys that have been public onchain for years, old wallets, validator keys, and embedded elliptic-curve keys, could be recovered offline once a cryptographically relevant quantum computer (CRQC) exists. Second, the mempool race: in extreme cases, an adversary could derive a key from a freshly broadcast signature and front-run the transaction, which is less likely given Ethereum’s timing, but worth accounting for. The playbook is simple: reduce key exposure and migrate critical roles to post-quantum signatures well before Q-Day. For contracts like USDC, rotate admin/ops keys to PQ schemes as soon as the platform supports them. For users and validators, build crypto-agility so that, when PQ options arrive, upgrades are routine, not emergency surgery.
A new paper by Dallaire-Demers et al., “Brace for impact: ECDLP challenges for quantum cryptanalysis,” proposes a graded set of elliptic-curve discrete logarithm (ECDLP) challenges on a secp256k1-shaped curve with smaller primes. By stepping the field size down from 256 bits to as low as 6 bits, the authors create public-key “puzzles” that mirror incremental progress on Shor’s algorithm. Each rung is calibrated against classical Pollard-rho records, and Shor’s circuits are compiled into logical counts and mapped to physical resources under several error-correcting codes. Their resource estimates place a full 256-bit break of secp256k1 roughly in the 2027–2033 window under optimistic but plausible assumptions. In plain terms: if hardware keeps improving, a circuit to recover a real Bitcoin or Ethereum private key could be feasible in the early 2030s. This “challenge ladder” gives the community an open, reproducible benchmark to track progress and, the authors argue, a clear signal to start migrating assets to post-quantum signatures now.
There’s an active discussion on superpositions digging into the ‘challenge ladder’ from the 6-bit rungs up to a 256-bit target, plus how to turn it into real incentives. Members float onchain bounties and even prediction-market-style payouts for each step; note that surpassing the best classical record (~129 bits) could be a sharp perception shift; and raise practical issues like how to publicly verify a claimed quantum solve and how hash-based signatures fit on EVM (with key-state management as the real lift). If you want to follow or weigh in, the thread is here.
Craig Gidney’s recent post makes a simple but critical point: factoring 21 is over a hundred times harder than factoring 15, not because the field has stalled, but because the circuit for 21 needs thousands of entangling gates while the 15 demo needed only a few dozen. In his example, the 21 circuit uses about 2,400 entangling gates (191 CNOTs plus 369 Toffolis), versus roughly 21 for 15, a jump driven by how many real modular multiplications you must perform and how little structure you can exploit at 21. That’s why ‘factoring a slightly bigger number’ isn’t a small step up; it’s a big leap in circuit depth and error sensitivity. These small-n demos are still useful as engineering checkups, but they are not timelines for when cryptography breaks. The right things to watch are the resources that actually move the needle, error-corrected gate counts, logical-qubit reliability, and evidence that error correction and architectures are scaling cleanly.
IBM Research-Zurich’s Alessandro Curioni warns that a quantum computer capable of breaking today’s public-key cryptography could arrive by the end of the decade, a reminder that timelines keep moving earlier. For blockchains, that compression matters: upgrades aren’t the flip of a switch. Public keys are already onchain across ecosystems, user accounts, validators and block producers, and privileged admin or governance roles, and changes must ripple through wallets, custody systems, HSMs, nodes/clients, and protocol software. The takeaway is schedule risk. Build crypto-agility now (post-quantum signature support and verification paths), begin rotating long-lived and privileged keys where feasible, and stand up pre-Q-Day attestations or registries so assets can be bound to quantum-safe keys well before any cryptographically relevant quantum computer (CRQC) appears.
Node.js 24.7 has just added built-in post-quantum algorithms, ML-KEM for key encapsulation and ML-DSA for signatures, exposed in both node:crypto and the Web Crypto API. That matters because these are NIST-standard primitives available out of the box, so teams don’t have to rely on extra add-ons to try them. For blockchain developers, this enables prototyping PQ components in the parts you control, wrap sensitive secrets with ML-KEM and trial ML-DSA for off-chain admin and ops, while onchain auth remains ECDSA/BLS.
Quantum secured blockchain framework for enhancing post quantum data security - The paper proposes QuantumShield-BC, a modular “quantum-secured” blockchain framework that combines post-quantum signatures, quantum key distribution (QKD), and quantum-randomness–driven consensus to harden transaction signing and key exchange for applications like IoT/5G and smart cities.
'Something Changed:' Developer Warns Quantum Computing Could Break Bitcoin in Three Years - Bitcoin.com reports that developer Hunter Beast, author of BIP-360, warns that faster-than-expected quantum advances could break Bitcoin’s elliptic-curve cryptography within about three years, urging swift progress toward quantum-resistant upgrades.
Phasecraft raises $34M to bring quantum computing closer to solving real-world challenges - Tech.eu reports that UK quantum-algorithms startup Phasecraft raised a $34M Series B, co-led by Plural, Playground Global, and Novo Holdings’ Quantum Fund, to push its hardware-agnostic algorithms toward practical “quantum advantage” in areas like materials, energy, and life sciences.
Quantum Circuits Integrates With NVIDIA CUDA-Q to Advance Creation And Testing of First Quantum Applications Based on Dual-Rail Qubits - Quantum Circuits integrated NVIDIA’s CUDA-Q into its Aqumen platform so developers can prototype hybrid GPU-plus-quantum applications on its AquSim simulator now and later run them on its dual-rail, error-detecting QPUs.
A Coordinated Implementation Roadmap for the Transition to Post-Quantum Cryptography - The European Commission’s roadmap outlines coordinated actions and timelines for EU Member States to transition public sector and critical infrastructure to post-quantum cryptography. They emphasized inventories, risk assessments, crypto-agility (including hybrid deployments), and synchronized governance to ensure a quantum-safe shift.
noble v2 brings quantum-safe building blocks to JavaScript - Noble v2 adds noble post-quantum, a lightweight JS/TS library that provides NIST post-quantum algorithms, ML-KEM, ML-DSA, and SLH-DSA, with simple APIs for Node and the browser.