Project Eleven testnet proves quantum-resistant transactions work today as Aptos proposes first governance vote on post-quantum signatures—preparing for a threat that may arrive sooner than expected.

On December 17, 2025, the Solana Foundation announced that it had successfully deployed post-quantum digital signatures on a testnet, demonstrating that quantum-resistant blockchain transactions are not only theoretically possible but "practical and scalable using current technology." The announcement came one day after the foundation revealed its partnership with Project Eleven, a post-quantum security firm that conducted a comprehensive threat assessment of Solana's cryptographic infrastructure.

Just two days later, on December 18, Aptos Labs proposed AIP-137, a governance vote that would introduce SLH-DSA—a NIST-standardized post-quantum signature scheme—as an optional account type. If approved by token holders, Aptos would become one of the first production blockchains to natively support quantum-resistant accounts.

These moves aren't purely preventative—they're strategic responses to accelerating quantum computing progress. Google's announcement of its Willow quantum chip in December 2024 demonstrated error-corrected quantum computation that solved problems in under five minutes that would take classical supercomputers 10 septillion years. While Willow's 105 qubits are nowhere near the estimated 13 million qubits needed to break Bitcoin's encryption, the pace of advancement has shifted quantum threats from distant theory to concrete planning priority.

The Quantum Threat: Why Blockchains Are Vulnerable

Every major blockchain today relies on elliptic curve cryptography (ECC) to secure transactions and wallets. While classical computers would take millions of years to break ECC by trying every possible private key, quantum computers could use Shor's algorithm to solve these problems in hours or days once sufficiently powerful.

How Current Blockchain Cryptography Works

  • Elliptic Curve Digital Signature Algorithm (ECDSA): Used by Bitcoin and Ethereum. It relies on the assumption that reversing the derivation of a public key from a private key is computationally infeasible.
  • Ed25519: Used by Solana, Aptos, Cardano, and Polkadot. While faster and smaller than ECDSA, it shares the same vulnerability to the elliptic curve discrete logarithm problem (ECDLP).

What Quantum Computers Could Do to Blockchains

1. Wallet Theft: Once a public key is exposed via a transaction, a quantum computer could derive the private key, allowing funds to be stolen.

2. Validator Impersonation: Attackers could forge validator signatures to propose fraudulent blocks or censor transactions.

3. Harvest Now, Decrypt Later: Attackers could record encrypted traffic or transactions today and decrypt the private keys once quantum hardware matures.

Google Willow: The Wake-Up Call

In December 2024, Google's Willow chip achieved a technical breakthrough with 105 qubits featuring dramatically improved error correction. It performed a benchmark computation in under 5 minutes that would take a classical supercomputer 10 septillion years.

While there is a massive gap between 105 qubits and the estimated 13 million qubits needed to break Bitcoin, the timeline for cryptographically-relevant quantum computers (CRQCs) has accelerated. Blockchain transitions traditionally take 5-10 years, meaning networks must start implementing quantum-resistant cryptography now to complete migration in time.

The risks are nil in the short term. This whole thing is decades away. It's ridiculously early... That said, it's reasonable to be quantum-ready.

— Adam Back, Blockstream Co-founder, on the urgency of quantum threats.

Solana's Response: Project Eleven Partnership

Project Eleven conducted a comprehensive assessment of Solana's cryptographic vulnerability across user wallets, validators, and core network cryptography. The key finding was that while Solana's reliance on Ed25519 makes it vulnerable, migration to post-quantum signatures is technically feasible.

Abstract visualization of a quantum shield protecting the Solana and Aptos blockchain networks
Solana and Aptos are pioneering the transition to post-quantum cryptography to secure assets against future threats.

Testnet Deployment Success

Project Eleven deployed a functioning post-quantum signature system on a Solana testnet. They claimed that end-to-end quantum-resistant transactions are practical and scalable using current technology, with no major performance degradation that would prevent mainnet deployment.

The Solana Winternitz Vault Precedent

Solana already introduced optional quantum-resistant wallet protection via the Winternitz Vault in January 2025. While this tool is purely user-facing and opt-in, it proved that Solana could integrate post-quantum cryptography without breaking existing infrastructure.

Aptos' Response: AIP-137 Governance Proposal

Aptos Improvement Proposal 137, authored by Aptos Labs' Head of Cryptography Alin Tomescu, proposes adding SLH-DSA-SHA2-128s as the first post-quantum signature scheme for Aptos accounts.

Why SLH-DSA?

Aptos explicitly chose the most conservative post-quantum scheme. SLH-DSA relies only on SHA-256 hash function security. If SHA-256 is secure, SLH-DSA is secure. This avoids the risks associated with newer lattice-based math used in other standards like ML-DSA.

The trade-off is size. SLH-DSA signatures are approximately 7.8KB, compared to just 64 bytes for current Ed25519 signatures—making them 122x larger. Aptos argues that efficiency can be sacrificed in favor of security when preparing for existential threats.

Performance Trade-Offs and Migration

The shift to post-quantum cryptography comes with significant data overhead. A current Solana block averages ~1.2MB; with SLH-DSA, that same block could be 120x larger due to signature overhead. Verification times also increase, posing challenges for high-throughput chains.

Migration Strategies

  • Opt-In (Aptos approach): New accounts can use post-quantum signatures while existing ones remain unchanged. This avoids disruption but fragments security.
  • Hard Fork: A mandatory migration that ensures uniform security but requires perfect coordination.
  • Soft Fork: Backward-compatible additions that gradually incentivize migration over years.

Conclusion: Preparing for the Inevitable

Solana's testnet deployment and Aptos' governance proposal represent the blockchain industry's transition from theoretical acknowledgment to concrete action. Whether quantum computers arrive in 5 years or 50, these early moves establish the technical feasibility and governance frameworks necessary for eventual mass migration.

In the race between quantum computers and blockchain migration, the advantage goes to those who start running today.