Post Quantumize

What is Post Quantumize and why does it exist? Every time you send a crypto transaction, your public key gets permanently recorded on-chain. Quantum computers, once powerful enough, can mathematically reverse-engineer your private key from that public key. Recent research shows this could happen with under 500,000 qubits. Possibly by end of decade. Post Quantumize is a free tool that checks if your wallet's public key is already exposed. Paste any ETH, BTC, SOL or L2 address. Get a real risk score based on live blockchain data. No wallet connection. No sign up. Just answers. It is now ENS and .SOL compatible. Think of it as a smoke detector for your wallet. It doesn't stop the fire. It tells you if you're at risk so you can act now while there's still time. This is v1. We're building toward a full post-quantum migration guide showing people exactly what to do when their wallet is exposed. Check yours at postquantumize.com

Ethereum is going post quantum. pq.ethereum.org

Today is a monumentous day for quantum computing and cryptography. Two breakthrough papers just landed (links in next tweet). Both papers improve Shor's algorithm, infamous for cracking RSA and elliptic curve cryptography. The two results compound, optimising separate layers of the quantum stack. The results are shocking. I expect a narrative shift and a further R&D boost toward post-quantum cryptography. The first paper is by Google Quantum AI. They tackle the (logical) Shor algorithm, tailoring it to crack Bitcoin and Ethereum signatures. The algorithm runs on ~1K logical qubits for the 256-bit elliptic curve secp256k1. Due to the low circuit depth, a fast superconducting computer would recover private keys in minutes. I'm grateful to have joined as a late paper co-author, in large part for the chance to interact with experts and the alpha gleaned from internal discussions. The second paper is by a stealthy startup called Oratomic, with ex-Google and prominent Caltech faculty. Their starting point is Google's improvements to the logical quantum circuit. They then apply improvements at the physical layer, with tricks specific to neutral atom quantum computers. The result estimates that 26,000 atomic qubits are sufficient to break 256-bit elliptic curve signatures. This would be roughly a 40x improvement in physical qubit count over previous state-of-the-art. On the flip side, a single Shor run would take ~10 days due to the relatively slow speed of neutral atoms. Below are my key takeaways. As a disclaimer, I am not a quantum expert. Time is needed for the results to be properly vetted. Based on my interactions with the team, I have faith the Google Quantum AI results are conservative. The Oratomic paper is much harder for me to assess, especially because of the use of more exotic qLDPC codes. I will take it with a grain of salt until the dust settles. → q-day: My confidence in q-day by 2032 has shot up significantly. IMO there's at least a 10% chance that by 2032 a quantum computer recovers a secp256k1 ECDSA private key from an exposed public key. While a cryptographically-relevant quantum computer (CRQC) before 2030 still feels unlikely, now is undoubtedly the time to start preparing. → censorship: The Google paper uses a zero-knowledge (ZK) proof to demonstrate the algorithm's existence without leaking actual optimisations. From now on, assume state-of-the-art algorithms will be censored. There may be self-censorship for moral or commercial reasons, or because of government pressure. A blackout in academic publications would be a tell-tale sign. → cracking time: A superconducting quantum computer, the type Google is building, could crack keys in minutes. This is because the optimised quantum circuit is just 100M Toffoli gates, which is surprisingly shallow. (Toffoli gates are hard because they require production of so-called "magic states".) Toffoli gates would consume ~10 microseconds on a superconducting platform, totalling ~1,000 sec of Shor runtime. → latency optimisations: Two latency optimisations bring key cracking time to single-digit minutes. The first parallelises computation across quantum devices. The second involves feeding the pubkey to the quantum computer mid-flight, after a generic setup phase. → fast- and slow-clock: At first approximation there are two families of quantum computers. The fast-clock flavour, which includes superconducting and photonic architectures, runs at roughly 100 kHz. The slow-clock flavour, which includes trapped ion and neutral atom architectures, runs roughly 1,000x slower (~100 Hz, or ~1 week to crack a single key). → qubit count: The size-optimised variant of the algorithm runs on 1,200 logical qubits. On a superconducting computer with surface code error correction that's roughly 500K physical qubits, a 400:1 physical-to-logical ratio. The surface code is conservative, assuming only four-way nearest-neighbour grid connectivity. It was demonstrated last year by Google on a real quantum computer. → future gains: Low-hanging fruit is still being picked, with at least one of the Google optimisations resulting from a surprisingly simple observation. Interestingly, AI was not (yet!) tasked to find optimisations. This was also the first time authors such as Craig Gidney attacked elliptic curves (as opposed to RSA). Shor logical qubit count could plausibly go under 1K soonish. → error correction: The physical-to-logical ratio for superconducting computers could go under 100:1. For superconducting computers that would be mean ~100K physical qubits for a CRQC, two orders of magnitude away from state of the art. Neutral atoms quantum computers are amenable to error correcting codes other than the surface code. While much slower to run, they can bring down the physical to logical qubit ratio closer to 10:1. → Bitcoin PoW: Commercially-viable Bitcoin PoW via Grover's algorithm is not happening any time soon. We're talking decades, possibly centuries away. This observation should help focus the discussion on ECDSA and Schnorr. (Side note: as unofficial Bitcoin security researcher, I still believe Bitcoin PoW is cooked due to the dwindling security budget.) → team quality: The folks at Google Quantum AI are the real deal. Craig Gidney (@CraigGidney) is arguably the world's top quantum circuit optimisooor. Just last year he squeezed 10x out of Shor for RSA, bringing the physical qubit count down from 10M to 1M. Special thanks to the Google team for patiently answering all my newb questions with detailed, fact-based answers. I was expecting some hype, but found none.

@drakefjustin Just built postquantumize.com in response to your paper. Paste any wallet to see if your public key is exposed on-chain. Live data. Free. ETH · BTC · SOL · All L2s

Meanwhile check your wallets to see if they are Quantum exposed or not and let the devs cook to secure all of us against this. visit postquantumize.com

Google just released a warning for cryptocurrency that the number of qubits required to break ECDSA is 20x less than previously thought. They have proof. They’re (strongly?) recommending crypto upgrade to post-quantum by 2029 now. 4 years!? Timelines are accelerating rapidly.

@0xweb3wizard @ensdomains @ethereum Thanks Wizard. Had to create something for the fams before Q eventually hits.

@postquantumize @ensdomains @ethereum That’s so cool

Gm ENS fam. We have now added .eth @ensdomains search on the Quantum Vulnerability Checker at postquantumize.com

Gm SOL fam. We have added .sol search on our Quantum Vulnerability Checker. Just add your solana addresses or .sol addresses and see if your wallet is quantum hack exposed or not. Do follow for more.

Added ENS search on @postquantumize. Go check if you wallet to see the Quantum Risk Assessment. Do drop your feedbacks.

Today marks an inflection in the Ethereum Foundation's long-term quantum strategy. We've formed a new Post Quantum (PQ) team, led by the brilliant Thomas Coratger (@tcoratger). Joining him is Emile, one of the world-class talents behind leanVM. leanVM is the cryptographic cornerstone of our entire post-quantum strategy. After years of quiet R&D, EF management has officially declared PQ security a top strategic priority. Our journey began in 2019, with the "Eth3.0 Quantum Security" presentation at StarkWare Sessions. Since 2024, PQ has been central to the @leanEthereum vision. The pace of PQ engineering breakthroughs since then has been nothing short of phenomenal. It's now 2026, timelines are accelerating. Time to go full PQ: → PQ ACD: Antonio Sanso (@asanso) kicks off a bi-weekly All Core Devs PQ transactions breakout call next month. These sessions focus on user-facing security, covering dedicated precompiles, account abstraction, and longer-term transaction signature aggregation with leanVM. → PQ foundations: Today we are announcing a $1M Poseidon Prize to harden the Poseidon hash function. We are betting big on hash-based cryptography to enjoy the strongest and leanest cryptographic foundations. Check out our other $1M PQ initiative, the Proximity Prize. → PQ devnets: Multi-client PQ consensus devnets are live! Shoutout to pioneers @zeamETH, @ReamLabs, @PierTwo_com, @geanclient, @ethlambda_lean, as well as established consensus teams Lighthouse, Grandine, and soon Prysm. This incredible teamwork is coordinated by @corcoranwill via weekly PQ interop calls. → PQ workshops: Building on last year's PQ workshop in Cambridge (see photo), the EF is hosting another 3-day PQ event in October. Top experts from around the world will convene. In addition, a PQ day is set for March 29 in Cannes just ahead of EthCC. → PQ FV and AI: Last week Alex Hicks (@alexanderlhicks) ran a specialised maths AI for 8 hours, at a $200 cost. It one-shotted a formal proof one of the hardest lemmas in the foundations of hash-based snarks. Mind-blowing. Applied cryptography will never be the same. → PQ roadmap: A comprehensive breakdown of the EF's proposed PQ strategy will be shared soon™ on pq[.]ethereum[.]org. The roadmap targets a full transition in coming years with zero loss of funds and zero downtime. Stay tuned :) → PQ education: The ZKPodcast (@zeroknowledgefm) is producing a 6-part video series on Ethereum's PQ strategy. EF Enterprise Acceleration is also preparing material for enterprises and nation-states. Finally, Ethereum is now represented on the PQ advisory board that Coinbase announced yesterday. Believe in something. Believe in PQ security.

🚨 Google has sounded the quantum alarm 🚨 Today, they released groundbreaking progress towards breaking crypto using a quantum computer. TLDR - Existing cryptography is dead. Mempool attacks are real. We must migrate to post-quantum now. Thread 🧵

Google Quantum AI just published a landmark paper on quantum threats to every major blockchain. Beyond Bitcoin and Ethereum, no blockchain receives more coverage than Algorand, cited for live post-quantum deployments across signatures, state proofs, key rotation, and smart contracts. The alarm has been sounded. @Algorand has been answering it for years.

Saw some people panicking or asking about quantum computing's impact on crypto. At a high level, all crypto has to do is to upgrade to Quantum-Resistant (Post-Quantum) Algorithms. So, no need to panic. 😂 In practice, there are some execution considerations. It's hard to organize upgrades in a decentralized world. There will likely be many debates on which algorithm(s) to use, resulting in some forks. And some dead project may not upgrade at all. Might be a good to cleanse out those projects anyway. New code may introduce other bugs or security issues in the short term. People who self custody will have to migrate their coins to new wallets. This brings to the question of Satoshi's bitcoins. If those coins move, then it means he/she is still around, which is interesting to know. If they don't move (in a certain period of time), it might be better to lock (or effectively burn) those addresses so that they don't go to the first hacker who cracks it. There is also the difficulty of identifying all his addresses, and not confuse with some old hodlers. Anyway, it's a different topic for later. Fundamentally: It's always easier to encrypt than decrypt. More computing power is always good. Crypto will stay, post quantum.

Now you can save and share your results on X. Just checked my wallet for quantum risk and this is what I found. Quantum Risk Score: 80/100 — HIGH Public Key: EXPOSED postquantumize.com/?ref=share @postquantumize

GM. Just deployed postquantumize.com Paste your wallet address to see if your public key is exposed on-chain and get your quantum risk score. $ETH · $BTC · $SOL · All L2s. Live blockchain data. No wallet connection needed. @postquantumize 🧵

Introducing postquantumize.com Quantum computers are getting closer to breaking crypto wallet security. Paste your wallet and see if your public key is already exposed on-chain. No wallet connect required.