QANplatform

The blockchain industry has metrics for throughput, latency, and finality. It has no metric for developer onboarding friction. There are metrics the blockchain industry tracks obsessively. Transactions per second. Block time. Finality. Speed. Dashboards everywhere. Real-time graphs. Leaderboards. You know what nobody tracks? How long it takes a developer to go from "I want to build on-chain" to "I have something deployed that works." Not the tutorial. The real path. The one with the broken RPC endpoints, the documentation that describes a version nobody runs anymore, the error messages that assume you already know what the error means. And when you actually ask developers what that journey looked like, the answers are quietly impressive. Not because it was easy. Because they pushed through something that was genuinely hard, and built something real anyway. The tooling in Web3 is good now in the places that got attention. Wallets, bridges, DEX interfaces. It is still a maze in the places that matter most. The parts that touch new builders. The onboarding layer. The moment someone capable decides whether the ecosystem is worth their time. Most of the people who made it through never complained loudly. They just adapted, documented, helped the next person, and kept building. The developers who are in Web3 earned it. The ones who could have been in Web3 just decided their time was worth more than the friction. Both of those things are true at the same time.

Every transaction you have ever signed on-chain left a message in a dead language. Permanently public. Permanently recorded. Safe, because no one could read it. Shor's algorithm is the translation key. The messages did not become vulnerable on Q-Day. They were written vulnerable. The translator just had not been built yet. Everything signed before the quantum transition is archived and waiting.

He built a legal practice on one promise: that anchoring agreements to a blockchain made them the most cryptographically verifiable contracts ever written. He was right. Until it turned out the math underneath them had an expiration date. It is a Friday afternoon in 2028. Daniel is a law firm partner. Between 2020 and 2023 he built an entire practice around anchoring legal agreements to public blockchains. Immutable. Timestamped. Cryptographically verifiable. He gave talks. He wrote papers. He brought in fourteen enterprise clients. He is staring at an email from the firm's new cryptographic security consultant. The summary is this: Nearly every agreement anchored on-chain during those years was signed with ECDSA. The public keys are permanently recorded on the ledger. And in a post-quantum world, where quantum computers can break elliptic curve math, a sophisticated adversary could forge a signature mathematically indistinguishable from the original. Not altering the document, but destroying the ability to prove beyond doubt who signed it. Daniel's entire practice was built on one promise. We can prove who signed what, and when, beyond any reasonable doubt. He reads the consultant's recommendation. "Review evidentiary reliance on pre-2024 on-chain signatures before introducing them in any proceedings." He picks up the phone to call the first client on the list. He puts it back down. He picks it up again.

5/🧵 The performance trade-off is an architecture problem. Not a mathematics problem. If you design the block structure, the signature aggregation, and the consensus layer around post-quantum primitives from day one, the numbers look very different than if you try to transplant them into a system that was never designed to carry them. This is why the question is not "will your chain go quantum-safe?" The question is: at what point in the construction did quantum-safety enter the design? Before the first block. Or after the first billion. One of those is an engineering decision. The other is a political negotiation at civilizational scale, with no central authority, no globally enforced deadline, and no second chance if the timing is wrong.

4/🧵 And that is the fourth dimension of the trilemma. Every chain that retrofits quantum-resistant cryptography onto an existing architecture will be forced to renegotiate its entire balance. More security means larger signatures. Larger signatures mean less throughput. Less throughput means pressure to centralize validators. Centralized validators mean a weaker decentralization guarantee. Pull one thread. The whole knot moves. There is one important counterpoint worth knowing. Benchmarking research published in late 2025 showed that the lattice-based scheme ML‑DSA can outperform ECDSA in verification speed at higher security levels: for example, ML‑DSA at its highest security level achieved a verification time of 0.14 ms on an ARM‑based laptop, compared to 0.88 ms for ECDSA on the same hardware.

In 2017, Vitalik Buterin named the problem every blockchain builder lives with. The Trilemma. Security. Scalability. Decentralization. Pick two. You cannot fully have all three at once. Every L1 architecture ever built is essentially a bet on which one to sacrifice. 🧵

Read the blog: medium.com/qanplatform/ap…

April Milestones: Enterprise-Ready Architecture, macOS Launch, and SDK Maturity April marked a definitive turning point for QANplatform. Following in-depth strategic planning, we aligned our engineering roadmap with the rigorous demands of our upcoming government and enterprise partners. We celebrated full cross-platform availability with the macOS release of QAN XLINK and made significant strides in SDK maturity across Go, Python, Java, and more. Read the full recap on our blog, link in the comments 🔗👇

Tiffany has priced cyber risk for eleven years. Ransomware. State-sponsored breaches. AI exploits. She had never declined to quote. Until she tried to count the public keys. It is a Monday morning in 2029. Tiffany prices cyber risk for a living. Eleven years in. She is not easily surprised. The application on her screen is from a crypto exchange. They want quantum-transition liability coverage for the eighteen months it will take them to complete their migration. She has seen six of these this month alone. She opens their cryptographic asset inventory. Active wallets, signing infrastructure, hot wallet architecture. All migrated or in progress. Clean. Then she scrolls to the section the exchange marked low priority. Historical transaction records, 2017 to 2024. She pulls the number of unique public keys ever broadcast by users during that window. A public key exposed every time someone made a withdrawal. Every time anyone signed anything on-chain. All of it permanently sitting on public ledgers the exchange does not own, cannot modify, and cannot take down. Keys they were never authorized to rotate. Belonging to users who have since left, lost access, or simply do not know this conversation is happening. She looks at the number. Forty-one million. Not forty-one million dollars of exposure. Forty-one million individual cryptographic attack surfaces. Each one a direct mathematical path to a private key. Each one permanent. She types one line into the file. "Decline to quote. Unquantifiable tail risk. Historical on-chain exposure falls outside any actuarial model currently available." Then she opens the next application. A different exchange. Larger. She already knows what she is going to find.

Elliptic curves for anyone to understand. You pick a point on a curve. You multiply it by a secret number to get a new point. That new point is your public key. The secret number is your private key. Multiplying is easy. Reversing the multiplication is hard. A quantum computer makes it not hard.

Watch the video 👉youtu.be/7ifQTeVm0bw Read the blog 👉 medium.com/qanplatform/st…

Exciting update: QAN technology is being integrated into two government, finance and enterprise focused products, one of them already having a signed pilot. To support this, we are restructuring onto an Ethereum-based foundation, aligning with the operational standards these sectors require. Our core values remain unchanged: QVM stays, quantum security via XLINK continues, and EVM compatibility is strengthened. Watch the full announcement, or read through it on our blog. Links in the comments 👇

Every chain that calls quantum risk "years away" is making a bet with someone else's assets.

Somewhere in the 1990s, a cryptographic decision was made that nobody questioned. In 2026, 25,000 developers woke up holding the bill for it. Nobody asked the developers. Not when the cryptographic assumptions were baked into every protocol. Not when the standards were finalized. And not when the migration timelines started appearing in government memos. The engineers just woke up one day holding the bill for a decision that was made in the 1990s. Here is what that bill actually looks like. There are roughly 20,000 to 30,000 active blockchain and Web3 developers globally. Not millions. Tens of thousands. A remarkably small group to be maintaining infrastructure that holds trillions in value. Every single one of them is writing against cryptographic primitives, ECDSA, secp256k1, SHA-256, that were designed before quantum computing was an engineering concern rather than a physics thought experiment. They did not choose those primitives. They inherited them. And they built entire ecosystems on top. Now here is the ask. Migrate. Rotate keys across millions of wallets. Upgrade signature schemes on live networks with billions in locked value. Coordinate hard forks across decentralized communities that agree on almost nothing. Rewrite SDKs, auditing frameworks, tooling, documentation, and mental models across an industry that is already running at full capacity just keeping up with what it has. Oh, and do it before a timeline nobody can pin down precisely, against a threat that is invisible until the day it is not. This is not a product roadmap item. It's a civilizational infrastructure problem. Handed to a generation of developers who were just trying to build. And the cruelest part is this. The developers who are most exposed are not the ones who made the original design choices. They are the ones who arrived later, learned the tools that existed, shipped real things, and are now being told the foundation those tools sit on has an expiration date. Post-quantum cryptography is not complicated because the math is hard, though it is. It is complicated because ML-DSA and ML-KEM, the NIST-standardized algorithms meant to replace what we have, are not drop-in replacements. Signature sizes are 30 to 40 times larger. Key generation behavior is different. The entire security proof rests on different mathematical hardness assumptions that most working developers have never had reason to study. The tooling is immature. The libraries are young. The audit standards for post-quantum smart contract security do not fully exist yet. So what is the actual solution? It is not telling developers to become post-quantum cryptographers on top of everything else they are already doing. It is building the quantum-safe layer underneath them. Into the protocol. Into the base layer. So that a developer writing a smart contract in 2026 does not have to understand lattice-based cryptography any more than a developer writing a web app today needs to understand the TLS handshake. The best infrastructure becomes invisible. It solves the hard problem at the layer where the hard problem belongs, and hands developers a clean surface to build on. We understand this and we are not asking developers to carry the quantum migration. We ship the solution ourselves.

The myth Chains can just upgrade to post-quantum cryptography when the time comes. The reality Immutable smart contracts cannot be patched. Keys cannot be rotated on behalf of users who have lost access. Coordination across millions of independent wallets has no enforcement mechanism. "When the time comes" assumes a clean handoff that decentralized systems have no architecture to deliver.

Bitcoin's security is not a lock. It is a clock. And for the first time in history, we can hear it ticking. Satoshi Nakamoto owns roughly 1.1 million Bitcoin. Those coins have shown no confirmed outgoing activity. The public keys are permanently exposed on the blockchain for anyone, and eventually any machine, to see. It is an open ledger. Go look. Here is why that matters in a way most people have never thought about. Early Bitcoin wallets used a format called Pay-to-Public-Key. P2PK. In that format, your actual public key, not just a hashed address, but the raw public key itself, is visible on-chain the moment you receive funds. Modern wallets are slightly better. They hide your public key behind a hash until you spend. But the moment you send a transaction, your public key is exposed. Forever, immutably, on thousands of nodes across the planet. Plus Taproot, Bitcoin's newest address format, reintroduces a variation of this problem embedding the public key directly in the address once again. There are an estimated 6.9 million Bitcoin sitting in addresses with permanently exposed public keys right now. And here is the uncomfortable geometry of this. A quantum computer running Shor's algorithm does not need your permission or your cooperation to derive your private key from your public key. It needs computation time and your public key. One of those things is improving exponentially. The other is already public. The sleeping wallets are not the only problem. They are the most visible symptom of it. Every chain that launched before post-quantum cryptography was a serious engineering consideration, which is essentially every major chain alive today, was designed around the assumption that public keys are safe to expose. That assumption was reasonable in 2009. It was reasonable in 2015. It is becoming less reasonable every year, and there is no clean way to fix it retroactively on a decentralized network where nobody is in charge. Ethereum has made post-quantum security a strategic priority, launching a dedicated research effort, development test networks, and millions in funding. Addressing the threat would likely involve large-scale coordination, potentially requiring many independent wallets to migrate to new cryptographic standards before ‘Q-Day.’ While the network can coordinate upgrades, there is no central authority that can force all users to act, and wallets whose owners have lost access, died, or are inactive may never be upgraded meaning the success of any transition depends heavily on voluntary adoption at scale, with no fixed or reliable deadline. Coordination theory has a name for this kind of problem. It calls it nearly impossible. The chains that will survive the quantum transition are not the ones that will scramble to patch. They are the ones that treated quantum-safe cryptography, specifically NIST-standardized algorithms like CRYSTALS-Dilithium, as a founding architectural decision, not a future upgrade. Because you cannot retrofit a foundation. You can only build on one.