AIP-137 Proposal: How Aptos Is Preparing for the Quantum Computing Era

• Aptos has proposed AIP-137 to introduce optional post-quantum signatures without affecting existing accounts.
• The upgrade relies on NIST-approved SLH-DSA, built on SHA-256, to reduce long-term quantum risks.
• Adoption would be selective, with higher costs accepted in exchange for stronger security guarantees.

The Aptos network has taken an early step toward preparing for a future shaped by quantum computing. A new proposal, AIP-137, outlines how the blockchain could support post-quantum digital signatures at the account level.

The idea is not to replace today’s cryptography, but to add an optional layer for users who want protection against risks that may emerge as quantum machines advance.

The proposal was shared publicly by the Aptos team as part of a broader discussion on long-term network security. It reflects growing awareness that quantum computing is no longer a distant concept.

Many steps have been laid out by IBM on how a quantum system can scale, and the regulators have begun working on standards for post-quantum cryptography.

In the US, the National Institute of Standards and Technology has published several standards under the FIPS program, including FIPS 205, which plays a critical part in the proposal.

Also Read: Aptos (APT) Struggles at $2.30 but $4.25 Recovery Target Remains Possible

AIP-137 Introduces SLH-DSA-SHA2-128s Support

AIP-137, in essence, proposes to add support for SLH-DSA-SHA2-128s, which is a stateless hash-based signature scheme and is standardized as FIPS 205.

SLH-DSA is derived from SPHINCS+, which is based on SHA-256. SHA-256 is already widely used within the Aptos framework for transaction hashing and data commitment.

There are minimal additional assumptions. If SLH-DSA fails, this would imply there is a flaw in SHA-256. The plan doesn’t force any change to a new technology. People are free to continue using Ed25519 as the default.

New post-quantum signature schemes will be an add-on feature, to be switched on and only controlled by users who need better long-term security.

The plan takes a cautious stance and doesn’t try to foresee how soon a quantum computer that can break cryptography might emerge, whether this is in five years or fifty.

Aptos Chooses Security-First Approach in Early Stage

AIP-137 options have obvious trade-offs. Compared with Ed25519, the signature sizes of SLH-DSA are much larger, with a difference of around 82 times. The verification time is also longer.

For the x86_64 platform, the verification of the post-quantum signature takes several hundred microseconds, which is around 4.8 times longer than the previous approach. Future increased demand may lead to network traffic and a slight congestion problem.

Although it will have its own set of expenses, only a few users with security demands, for instance, organizations or applications, are projected to adopt the use of post-quantum accounts.

Also Read: Aptos (APT) Price Alert: Can It Hit $14.50 Next?