Below is a regularly updated list detailing our products, contributions, and expertise in the realm of post-quantum cryptography for blockchains.
The March 2026 Google / Stanford / Ethereum Foundation whitepaper, which reduced the ECDLP break to under half a million physical qubits, acknowledges Alex Pruden (CEO) and Conor Deegan (CTO) for discussions on the quantum vulnerabilities of cryptocurrencies along with multiple citations of our work, including the Bitcoin Risq List.
The Bitcoin Risq List is the canonical real-time public tracker of quantum-vulnerable BTC, identifying 6.9M BTC (at the time of writing) at immediate risk through exposed public keys. It is the dataset that every serious conversation about Bitcoin's quantum exposure references.
In December 2025 we announced and deployed a working post-quantum signature system on a Solana testnet with the Solana Foundation, covering threat assessment across infrastructure, wallets, validators, and cryptographic assumptions. End-to-end quantum-resistant transactions were executed and benchmarked.
Our Lattice HD Wallets paper is the first post-quantum construction that recovers BIP32's full non-hardened public-key derivation with provable security, using a modified Raccoon-G scheme with Gaussian secrets and unrounded public keys. Hardened-only ML-DSA wallets are also specified. Without this, payment processors and watch-only wallets simply do not work in a post-quantum world.
The PQ Registry is the first open, schema-validated catalogue of post-quantum signatures and KEMs with parameter sizes, security assumptions, maturity, and risk ratings in one place. It covers the NIST finalists (ML-KEM, ML-DSA, SLH-DSA), pipeline candidates (FN-DSA, HQC), and blockchain-optimised schemes (SHRINCS, SHRIMPS, leanSig, XMSS).
ML-DSA-B, built with the BLAKE3 team, replaces SHAKE inside NIST's ML-DSA to deliver up to 60x faster pre-hashing, 20% faster signing, and 30% faster verification at equivalent security. Hashing dominates 60 to 80% of ML-DSA runtime, so this is the single largest practical speedup available to anyone shipping lattice signatures today. We authored similar changes to SLH-DSA.
THINCS searches the SPHINCS+ / SLH-DSA parameter space for the smallest valid configuration given a user's signing budget and security level. NIST's default assumes up to 2^64 signatures per key; most real keys need a tiny fraction of that. For firmware, certificate authority, blockchain, and vault use cases, THINCS produces meaningfully smaller signatures and faster operations than FIPS 205 defaults.
Hardware wallets: the post-quantum upgrade problem is the first concrete audit of why most deployed Ledger and Trezor devices cannot ship post-quantum signing: 50 to 64 KB SE RAM vs 50 to 100 KB ML-DSA working sets, 2,420 byte ML-DSA signatures vs 64 byte ECDSA, and immutable classical-signed bootloaders.
Public write-ups of what quantum breaks and how, per protocol:
- Bitcoin address exposure vectors
- Ethereum attack surface: EOAs, BLS validator keys, admin roles, bridges, rollup verification keys, KZG commitments
- Stablecoins: admin-key compromise paths for USDT, USDC, DAI and the treasury/mint implications
As per Ripple's April 2026 quantum-readiness roadmap, Project Eleven is leading their Phase 2 for post-quantum readiness: hybrid post-quantum signing, validator-level testing, Devnet benchmarking, and a post-quantum custody wallet prototype for XRPL. Ripple states our work "significantly" moved their Phase 2 timeline forward.
Our survey of Bitcoin post-quantum proposals is the reference evaluation of BIP-360 (P2MR), quantum-safe Taproot, P2TRH, NTC / STARK-compressed PQ signatures, and the commit-reveal family.
Yellowpages enables Bitcoin holders to bind an existing address to a new post-quantum keypair via a timestamped, publicly verifiable proof, without moving coins on-chain. Free, audited, open source. It is the only deployed mechanism today that gives BTC holders a credible ownership record for a future post-quantum migration or fork.