Close Menu
    Altcoins

    Vitalik Buterin Discusses Quantum Computing and Its Impact on Ethereum Security

    Ethan CarterBy No Comments9 Mins Read
    Vitalik Buterin Discusses Quantum Computing and Its Impact on Ethereum Security

    Key takeaways

    • Buterin perceives a significant 20% likelihood that quantum computers may compromise existing cryptography before 2030, advocating for Ethereum to start preparations.

    • A major concern pertains to ECDSA. If a public key becomes visible on-chain, a future quantum computer might theoretically exploit it to derive the associated private key.

    • Buterin’s quantum contingency plan includes reversing blocks, freezing EOAs, and transitioning funds to quantum-resistant smart contract wallets.

    • Mitigation encompasses smart contract wallets, NIST-approved post-quantum signatures, and crypto-agile infrastructure that can seamlessly switch schemes.

    In late 2025, Ethereum co-founder Vitalik Buterin took an unusual step by quantifying a risk often framed in science fiction terms.

    Citing the forecasting platform Metaculus, Buterin stated there is “approximately a 20% chance” that quantum computers capable of undermining current cryptography could emerge before 2030, with the median expectation closer to 2040.

    A few months later at Devconnect in Buenos Aires, he warned that elliptic curve cryptography, the foundation of Ethereum and Bitcoin, “could be compromised before the next US presidential election in 2028.” He urged Ethereum to transition to quantum-resistant foundations within approximately four years.

    019ada9e b87a 7507 be63 ccfeba9ca4fc

    He argues that there is a considerable risk of a cryptographically significant quantum computer arriving in the 2020s; if this occurs, the risk should be incorporated into Ethereum’s research agenda and not relegated to a distant future.

    Did you know? As of 2025, Etherscan data reveals over 350 million unique Ethereum addresses, underscoring the network’s vast growth, even as a small portion of these addresses maintain meaningful balances or remain active.

    Why quantum computing poses a challenge to Ethereum’s cryptography

    Most of Ethereum’s security relies on the elliptic curve discrete logarithm (ECDLP) equation, forming the basis for the elliptic curve digital signature algorithm (ECDSA). Ethereum employs the secp256k1 elliptic curve for these signatures. Simply put:

    • Your private key is a large random number.

    • Your public key is a point on the curve derived from that private key.

    • Your address is a hash of that public key.

    On classic hardware, transitioning from private key to public key is straightforward, but reversing the process is assumed to be computationally infeasible. This asymmetry underpins the notion that a 256-bit key is considered effectively unguessable.

    019adaa0 6a32 7e72 8c69 ca35b07afeea

    Quantum computing jeopardizes that asymmetry. Shor’s algorithm, proposed in 1994, indicates that a sufficiently powerful quantum computer could resolve discrete log equations and related factorization problems in polynomial time, jeopardizing schemes like Rivest-Shamir-Adleman (RSA), Diffie-Hellman, and ECDSA.

    The Internet Engineering Task Force and the National Institute of Standards and Technology (NIST) concur that classical elliptic curve systems would be susceptible if a cryptographically relevant quantum computer (CRQC) were available.

    Buterin’s Ethereum Research post regarding a potential quantum emergency underscores a critical nuance for Ethereum. If an address has never been used for a transaction, only the hash of its public key is available on-chain, which is still considered quantum-safe. However, upon sending a transaction, the public key is disclosed, providing future quantum attackers the information needed to retrieve the private key and deplete the account.

    Thus, the main risk is not that quantum computers will compromise Keccak or Ethereum’s data structures; rather, it is that a future machine could focus on any address whose public key has ever been disclosed, covering most user wallets and many smart contract reserves.

    What Buterin expressed and how he characterizes risk

    Buterin’s recent comments can be distilled into two primary points.

    The first revolves around the probability estimate. Rather than making a personal conjecture, he referenced Metaculus’s forecasts which suggest a 20% likelihood that quantum computers capable of undermining present-day public key cryptography may appear before 2030. The same forecasts place the median projection around 2040. His point is that even this type of tail risk is significant enough for Ethereum to take proactive measures.

    The second is the 2028 context. At Devconnect, he reportedly informed the audience that “elliptic curves are going to perish,” citing research that indicates quantum assaults on 256-bit elliptic curves could become viable before the 2028 US presidential election. Some reports condensed this into headlines like “Ethereum has four years,” but his takeaway was more intricate:

    • Current quantum computers cannot presently attack Ethereum or Bitcoin.

    • Once CRQCs are developed, ECDSA and similar frameworks become fundamentally unsecure.

    • Shifting a global network to post-quantum algorithms requires years, which makes awaiting overt threats itself perilous.

    In essence, he thinks like a safety engineer. You don’t evacuate a city due to a 20% chance of a major earthquake in the next decade, but you do reinforce bridges while you still can.

    Did you know? IBM’s latest roadmap pairs the latest quantum chips, Nighthawk and Loon, with a goal of demonstrating fault-tolerant quantum computing by 2029. It also revealed that a notable quantum error correction algorithm operates efficiently on conventional AMD hardware.

    Insights into the “quantum emergency” hard-fork strategy

    Long prior to these public alerts, Buterin outlined in a 2024 Ethereum Research piece titled “How to hard-fork to save most users’ funds in a quantum emergency.” This document sketches out how Ethereum might react if a sudden quantum advancement catches the ecosystem off guard.

    Imagine an announcement about large-scale quantum computers becoming operational, with attackers actively plundering ECDSA-secured wallets. What would happen then?

    Identify the attack and revert

    Ethereum would revert to the last block before significant quantum-related theft became apparent.

    Disable traditional EOA transactions

    Legacy externally owned accounts (EOAs) using ECDSA would be frozen from sending funds, effectively halting further theft from exposed public keys.

    Direct everything through smart-contract wallets

    A new transaction type would enable users to prove, through a zero-knowledge STARK, their control of the original seed or derivation path — e.g., a Bitcoin Improvement Proposal (BIP) 32 HD wallet preimage for a vulnerable address.

    The proof would also detail the new validation code for a quantum-resistant smart contract wallet. Once confirmed, control of the funds would transfer to that contract, enforcing post-quantum signatures from that point forward.

    Bundle proofs for gas efficiency

    Given that STARK proofs are sizable, the design anticipates batching. Aggregators would submit groups of proofs, allowing multiple users to proceed simultaneously while keeping each user’s secret preimage confidential.

    Importantly, this is presented as a recovery mechanism of last resort, not as the primary strategy. Buterin argues that much of the protocol infrastructure required for such a fork, including account abstraction, robust ZK-proof systems, and standardized quantum-safe signature schemes, can and should be developed.

    Thus, quantum emergency readiness evolves into a design requisite for Ethereum infrastructure rather than merely an intriguing theoretical consideration.

    Expert views on timelines

    If Buterin is relying on public forecasts, what are hardware and cryptography specialists articulating?

    On the hardware side, Google’s Willow chip, revealed in late 2024, is among the most sophisticated public quantum processors to date, featuring 105 physical qubits and error-corrected logical qubits that can surpass classical supercomputers on specific benchmarks.

    Nevertheless, Google’s quantum AI director has been clear that “the Willow chip cannot break modern cryptography.” He estimates that breaking RSA would necessitate millions of physical qubits and is at least a decade away.

    Academic resources indicate a similar direction. One extensively referenced analysis suggests that breaking 256-bit elliptic curve cryptography within an hour using surface code-protected qubits would require tens to hundreds of millions of physical qubits, far exceeding current capabilities.

    On the cryptography front, NIST and academic institutions at places like the Massachusetts Institute of Technology have warned for years that once cryptographically relevant quantum computers become available, they will undermine nearly all commonly implemented public key systems, including RSA, Diffie-Hellman, Elliptic Curve Diffie-Hellman, and ECDSA, via Shor’s algorithm. This applies both retrospectively, by decrypting harvested traffic, and proactively, by forging signatures.

    That’s why NIST has dedicated nearly a decade to its Post Quantum Cryptography competition and, in 2024, finalized its first three PQC standards: ML-KEM for key encapsulation and ML-DSA and SLH-DSA for signatures.

    There is no expert consensus on a specific “Q-Day.” Most estimates fall within a 10-to-20-year timeframe, although some recent studies explore optimistic scenarios where fault-tolerant attacks on elliptic curves could be feasible in the late 2020s under aggressive assumptions.

    Policy entities like the US White House and NIST consider the risk significant enough to guide federal systems toward PQC by the mid-2030s, implying a considerable chance that cryptographically relevant quantum computers will emerge within that period.

    In this context, Buterin’s “20% by 2030” and “possibly before 2028” assessments are part of an extensive range of risk evaluations, where the essential takeaway is uncertainty along with lengthy migration timelines, rather than the notion that a code-breaking apparatus is clandestinely functioning today.

    Did you know? A 2024 National Institute of Standards and Technology and White House report estimates that migrating US federal systems to post-quantum cryptography will cost approximately $7.1 billion between 2025 and 2035, and this is only for one country’s governmental IT stack.

    Necessary changes for Ethereum if quantum advances accelerate

    Numerous threads are already converging regarding the protocol and wallet:

    Account abstraction and smart-contract wallets

    Transitioning users from basic EOAs to upgradeable smart contract wallets via ERC-4337-style account abstraction facilitates the seamless replacement of signature schemes later without necessitating emergency hard forks. Various projects are already demonstrating Lamport-style or eXtended Merkle Signature Scheme (XMSS)-style quantum-resistant wallets on Ethereum now.

    Post-quantum signature schemes

    Ethereum needs to select (and rigorously test) one or more PQC signature families (likely arising from NIST’s ML-DSA/SLH-DSA or hash-based designs) while considering various trade-offs related to key and signature sizes, verification expenses, and smart contract compatibility.

    Crypto agility across the stack

    Elliptic curves are not exclusively for user keys. BLS signatures, KZG commitments, and several rollup proving systems depend on discrete log hardness. A comprehensive quantum-resilient roadmap must include substitutes for those foundational elements as well.

    From a sociopolitical and governance standpoint, Buterin’s quantum emergency fork proposal serves as a reminder of the extensive coordination any genuine response would necessitate. Even with flawless cryptography, reverting blocks, freezing legacy accounts, or implementing a mass key migration would be politically and operationally contentious. This underlines why he and other researchers advocate for:

    • Establishing kill switch or quantum canary mechanisms that can autonomously trigger migration protocols once a smaller, deliberately vulnerable test asset is demonstrably compromised.

    • Approaching the transition to post-quantum systems as a gradual opt-in process, allowing users to adopt changes well in advance of any credible threats instead of scrambling at the last minute.

    For individuals and organizations, the immediate checklist is more straightforward:

    • Opt for wallets and custody arrangements that can update their cryptography without necessitating a shift to entirely new addresses.

    • Limit unnecessary address reuse to minimize the exposure of public keys on-chain.

    • Remain informed about Ethereum’s eventual post-quantum signature selections and be prepared to transition once efficient tooling is available.

    Quantum risks should be managed similarly to how engineers regard floods or earthquakes. While it’s improbable that it will devastate your home this year, the likelihood over an extended timeframe warrants designing infrastructure with that consideration.

    Share.
    Avatar photo

    Ethan is a seasoned cryptocurrency writer with extensive experience contributing to leading U.S.-based blockchain and fintech publications. His work blends in-depth market analysis with accessible explanations, making complex crypto topics understandable for a broad audience. Over the years, he has covered Bitcoin, Ethereum, DeFi, NFTs, and emerging blockchain trends, always with a focus on accuracy and insight. Ethan's articles have appeared on major crypto portals, where his expertise in market trends and investment strategies has earned him a loyal readership.

    Related Posts