Over the past decade, the "quantum computing threat to blockchain" has consistently been regarded within the industry as a distant theoretical concern. Both investors making portfolio decisions and project teams planning their technical roadmaps have tended to defer this risk to some undefined point in the future. The core pillar of this perception—that breaking 256-bit elliptic curve cryptography would require tens of millions of physical quantum bits—was decisively shattered in March 2026.
On March 30, 2026, the Google Quantum AI team, together with Ethereum Foundation researcher Justin Drake and Stanford cryptography professor Dan Boneh, released a white paper systematically evaluating the actual resources required for quantum computers to break cryptocurrency cryptography. The conclusions diverged significantly from prior academic consensus: their proposed optimizations show that breaking the elliptic curve cryptography protecting mainstream cryptocurrencies would require fewer than 500,000 physical qubits, with computations completed in just a few minutes—a figure roughly 20 times lower than previous estimates. The white paper’s abstract notes that Shor’s algorithm can solve this problem with ≤1,200 logical qubits and ≤90 million Toffoli gates, or with ≤1,450 logical qubits and ≤70 million Toffoli gates; on superconducting architectures, these circuits can run in minutes using fewer than 500,000 physical qubits.
This shift in estimates compresses the quantum threat timeline from "decades of discussion" to "a response required within a few years." Google has set its internal deadline for post-quantum cryptography migration at 2029. According to a report published in May 2026 by post-quantum security startup Project Eleven, quantum computers with cryptographic significance could emerge as early as 2030, with a probability exceeding 50% by 2033. This outlines a broadly predictable preparation window for the industry.
Meanwhile, multiple independent research reports have further quantified the risk exposure. A May 2026 report from Citibank estimates that 6.5 to 6.9 million BTC are at potential quantum risk due to exposed public keys, representing about one-third of the current circulating supply and valued at approximately $45 billion at current prices. Glassnode provides independent analysis, showing about 6.04 million BTC (30.2% of total issuance) facing quantum risk, with structural exposure (P2PK, multisig, Taproot) accounting for roughly 1.92 million, and operational exposure (address reuse and user behavior) about 4.12 million. The Google white paper also estimates that the top 1,000 Ethereum wallets by balance hold roughly 20.5 million ETH, all in a state of public key exposure.
Against this backdrop, the race for quantum resistance among mainstream public chains has officially accelerated.
Comprehensive Comparison: Post-Quantum Migration Across Five Chains
As of May 2026, BNB Chain, NEAR, TRON, Ethereum, and Solana have all publicly announced post-quantum cryptography migration plans or technical research reports, with significant differences in their technical approaches, implementation timelines, and architectural readiness. On August 13, 2024, NIST officially approved three post-quantum cryptography standards (FIPS 203, FIPS 204, FIPS 205), providing a unified technical baseline for all chains. FIPS 204 is based on CRYSTALS-Dilithium, FIPS 205 on SPHINCS+, and NIST is also developing an additional alternative standard based on FALCON.
The following table provides a side-by-side comparison of core parameters for the five public chains, based on publicly available information as of May 20, 2026:
| Comparison Dimension | NEAR | TRON | BNB Chain | Ethereum | Solana |
|---|---|---|---|---|---|
| Post-Quantum Signature Scheme | FIPS-204 (ML-DSA) | Specific scheme not yet announced (testnet phase) | ML-DSA-44 + pqSTARK aggregation | leanXMSS (hash-based signature) and multiple parallel schemes | Falcon signature scheme |
| Current Progress | Technical solution finalized, testnet expected to launch end of Q2 2026 | Q2 2026 testnet, Q3 mainnet launch | Migration testing completed and research report released on May 14, 2026 | Public roadmap released, dedicated post-quantum security team established in Jan 2026 | Roadmap published, Winternitz Vault running for over two years |
| Target Completion | No full rollout date announced | Mainnet launch in Q3 2026 | No full rollout date announced | L1 protocol layer target 2029, execution layer migration expected to extend | Multi-year phased migration, no hard deadline |
| Transaction Data Size Change | Not yet announced | Not yet announced | From ~110 bytes to ~2.5 KB | Larger signatures, zkVM compression (scale >1000x) | Specific data not yet announced |
| Throughput Impact | Not yet announced | Not yet announced | Test environment shows 40%-50% decrease | Compression tech mitigates, aiming to maintain performance | Official assessment: "impact is controllable, won’t severely affect performance" |
| Architectural Advantage | Account model decoupled from cryptography, single transaction enables key rotation | Claims "world’s first quantum-resistant network," aggressive timeline | Large global developer community, efficient consensus aggregation (43:1) | Dedicated team, public roadmap, years of academic accumulation | High-performance chain design, small Falcon signature size |
| User Migration Difficulty | Extremely low (single on-chain transaction rotates key) | Not yet announced | Address format unchanged, compatible with existing wallets and SDKs | Relies on EIP-8141 and account abstraction | Ownership verified via original mnemonic, migrated to new address |
The divergence in quantum resistance strategies among these five chains fundamentally reflects their overall preferences in security, technical architecture, and ecosystem priorities. These differences may shape the next wave of infrastructure competition.
NEAR: According to an official technical article published by NEAR One CTO Anton Astafiev on May 6, 2026, NEAR plans to adopt FIPS-204 (ML-DSA) as its first post-quantum secure signature option, with the testnet version targeted for launch by the end of Q2 2026. NEAR’s account architecture differs fundamentally from Bitcoin and Ethereum: the latter two bind blockchain addresses directly to cryptographic technology, while NEAR accounts are designed to be decoupled from cryptography, with each account controlled by a "access key" that can be rotated. This design offers inherent technical compatibility for adding new signature schemes. Once the update goes live, NEAR account holders can rotate their keys with a single transaction, eliminating the need for complex migration procedures. As of May 20, 2026, NEAR tokens were priced at $1.5862, with a market cap of approximately $2.055 billion and a 90-day gain of 57.33%, reflecting positive market feedback on its technical progress.
TRON: On April 26, 2026, TRON founder Justin Sun announced on X that TRON would enable quantum-resistant features on its testnet in Q2, with a mainnet upgrade in Q3, describing it as the "world’s first quantum-resistant network." However, TRON has not yet disclosed the specific post-quantum signature scheme or performance test data, so the "world’s first" claim awaits verification through actual deployment.
BNB Chain: On May 14, 2026, BNB Chain released the "BSC Post-Quantum Cryptography Migration Report," revealing that it had completed migration testing for transaction signatures and consensus layer quantum-resistant cryptography, using ML-DSA-44 and pqSTARK aggregation. The report shows that single transaction size increased from about 110 bytes to 2.5 KB; block size in 2,000 TPS scenarios rose from about 130 KB to 2 MB; and TPS in test environments dropped by about 40%-50%. Consensus layer aggregation is highly efficient, with pqSTARK compressing validator signature data by roughly 43 times, and additional validator overhead remaining manageable. As of May 20, 2026, BNB tokens were priced at $638.7, with a market cap of about $86.087 billion, a 90-day gain of 5.13%, and a one-year range from $570.4 to $1,375.7.
Ethereum: On March 24, 2026, the Ethereum Foundation launched a dedicated public roadmap website, aiming to complete a full post-quantum security upgrade of the L1 protocol layer by 2029, with execution layer migration expected to take several additional years. In January 2026, the Foundation formally established a dedicated post-quantum security team led by Thomas Coratger. More than 10 client teams are building and releasing post-quantum interoperability development networks weekly. On February 26, 2026, Vitalik Buterin officially unveiled the quantum resistance roadmap, identifying four cryptographic domains requiring post-quantum upgrades: consensus layer BLS signatures, data availability (KZG commitments and proofs), externally owned account signatures (ECDSA), and application-layer zero-knowledge proofs. In the consensus layer, the current BLS validator signature scheme will be replaced by a hash-based scheme called leanXMSS, with aggregation handled by a minimal zero-knowledge virtual machine (leanVM) to restore scalability. The "LeanMultisig" compression scheme can reduce data volume by more than a thousandfold.
Solana: On April 27, 2026, the Solana Foundation released its post-quantum migration roadmap, selecting the Falcon signature scheme as its preferred post-quantum standard. The two main validator client developers, Anza and Firedancer, have independently completed technical evaluations and reached consensus. The roadmap includes three phases: ongoing quantum research and evaluation of Falcon and alternatives; adoption of post-quantum schemes for new wallets when quantum threats become credible; and migration of existing wallets to the chosen scheme. Within the Solana ecosystem, the Winternitz Vault quantum-resistant component developed by Blueshift has been running for over two years and was cited in the Google Quantum AI white paper as a leading example of proactive quantum defense.
Quantum Security "Performance Tariff": The Real Cost of Post-Quantum Migration
Of the five public or semi-public post-quantum cryptography schemes, only BNB Chain has released comprehensive performance test data so far. Testing shows that the increase in data volume from post-quantum signatures is the main cause of performance degradation: single transactions grow from about 110 bytes to 2.5 KB, and block size in 2,000 TPS scenarios expands from about 130 KB to 2 MB. In high-load, cross-region network environments, TPS drops by about 40%-50%.
Meanwhile, consensus layer optimization is relatively effective. pqSTARK aggregation compresses six validator signatures from about 14.5 KB to roughly 340 bytes, a compression ratio of about 43:1.
Overall, current data suggests that the bottleneck for post-quantum migration is not the consensus protocol itself, but network bandwidth and data propagation efficiency. Researchers in the BNB Chain report explicitly state that post-quantum readiness is technically feasible, but the tradeoff is "significant." The challenge of quantum resistance is fundamentally more a data engineering problem than a pure cryptography issue.
Ethereum’s approach uses different optimization strategies. In the consensus layer, the current BLS validator signature scheme will be replaced by leanXMSS hash-based signatures, with aggregation handled by a minimal zero-knowledge virtual machine (leanVM) to restore scalability. The "LeanMultisig" compression scheme uses STARK-like proof systems to compress and verify large-scale signatures, reducing data volume by more than a thousandfold. Solana, meanwhile, believes that the Falcon signature scheme’s efficiency makes its performance impact on high-speed networks "controllable and not severely disruptive."
Examining the Validity of the "World’s First Quantum-Resistant Network" Narrative
TRON founder Justin Sun’s claim on X that TRON is the "world’s first quantum-resistant network" has attracted widespread market attention. However, current verifiable public information reveals several factual gaps with this statement:
First, TRON has not announced the name of its specific post-quantum signature scheme. At the same time, NEAR (ML-DSA/FIPS-204), Solana (Falcon), Ethereum (leanXMSS), and BNB Chain (ML-DSA-44) have all publicly disclosed their scheme names and technical documentation, while TRON’s technical details remain undisclosed.
Second, TRON has not published performance test data or user migration plans. BNB Chain has released a full-chain test report, and NEAR has clarified the specific user-side key rotation process. By comparison, TRON’s technical transparency is lower.
Third, in terms of timeline, Solana’s Winternitz Vault, based on Winternitz one-time signatures, has been running for over two years. If the criterion is "quantum-resistant components already live and usable," Solana leads TRON in terms of time. If the criterion is "first testnet deployment of a NIST-standardized scheme," NEAR is ahead in terms of completeness.
TRON’s "world’s first" narrative serves more as brand marketing and market positioning. Its actual technical delivery and timeline fulfillment will need ongoing validation during Q2 and Q3 of 2026.
Industry Impact: From Individual Defense to Ecosystem Competition
Quantum security has evolved from a research topic for individual projects to a multi-chain industry race. As of May 2026, all five mainstream public chains have completed path selection or technical validation, with Cardano, Hedera, and other ecosystems also advancing related research.
This competition is also extending to off-chain infrastructure. In January 2026, Coinbase announced the formation of an independent Quantum Computing and Blockchain Advisory Committee as part of its post-quantum security roadmap. CEO Brian Armstrong emphasized that security is the top priority and urged early preparation before quantum hardware matures. In May 2026, several cryptocurrency companies began adopting NIST-approved post-quantum cryptography algorithms, upgrading user-facing wallets and custody infrastructure, aiming to deploy quantum security protection ahead of protocol-level blockchain upgrades.
This trend indicates that quantum security capability is forming a multi-layered structure—protocol layer, wallet layer, custody layer—with defense relying on a single layer unlikely to meet future security needs.
If an ecosystem achieves a decisive quantum-resistant security advantage, it could attract more institutionally focused capital in the future. Ethereum Foundation researcher Justin Drake has publicly stated that the goal is to make Ethereum the "first quantum-secure global financial system," not just to address threats. This fundamentally constitutes a strategic contest for the high ground in blockchain security narratives.
Conclusion
The quantum threat timeline has been significantly compressed in recent months, but it remains a solvable engineering challenge. The varied strategies of the five public chains together sketch a roadmap for transformation: some pursue deep technical redundancy (Ethereum), some leverage architectural advantages to reduce migration friction (NEAR), some use speed narratives to capture market mindshare (TRON), some confront performance costs with empirical testing (BNB Chain), and some maintain a high-performance orientation to preserve efficiency (Solana).
The race for quantum resistance will not produce a single winner, but ecosystems that strike the optimal balance among technical transparency, performance tradeoffs, and user experience will undoubtedly secure a stronger position in this industry-wide cryptographic paradigm shift.
