Aptos Proposes Quantum-Resistant Signatures to Future-Proof Blockchain Security

Aptos has unveiled AIP-137, introducing SLH-DSA-SHA2-128s as its first post-quantum signature scheme to protect against future quantum computing threats.

The proposal, drafted by Aptos Labs Head of Cryptography Alin Tomescu, aims to prepare the network for quantum computers that are cryptographically relevant before they become an urgent concern.

The initiative arrives as quantum computing transitions from theoretical speculation to tangible reality, with IBM discussing scaling paths and NIST publishing finalized post-quantum standards.

While experts debate whether quantum threats will materialize in five or fifty years, Aptos is choosing conservative preparation over reactive scrambling.

Conservative Security Over Performance

AIP-137 prioritizes security assumptions over efficiency by selecting SLH-DSA-SHA2-128s, a stateless hash-based signature scheme standardized by NIST as FIPS 205.

The scheme relies exclusively on SHA-256, a hash function already embedded throughout Aptos infrastructure, requiring no new cryptographic assumptions.

This conservative approach addresses past failures in post-quantum cryptography, where schemes like Rainbow, a NIST finalist based on multivariate cryptography, were broken entirely on commodity laptops in 2022.

By building on proven hash functions rather than exotic mathematical assumptions, Aptos minimizes the risk of classical attacks defeating supposedly quantum-secure schemes.

The trade-off is between size and speed. Signatures will measure 7,856 bytes, 82 times larger than Ed25519, while verification takes approximately 294 microseconds, roughly 4.8 times slower.

These performance costs are deliberate, accepting efficiency losses in exchange for ironclad security guarantees that don’t introduce untested cryptographic assumptions into the system.

Alternative schemes like ML-DSA offer smaller signatures and faster verification but depend on the hardness of structured lattice problems, introducing new mathematical assumptions.

Falcon delivers even better performance with compressed signatures around 1.5 KB, but requires floating-point arithmetic, which makes implementation error-prone.

Aptos is reserving these aggressive optimizations for future proposals once SLH-DSA establishes a conservative baseline.

Preparing Without Mandating Migration

The proposal explicitly avoids forced migration, keeping Ed25519 as the default signature scheme while introducing SLH-DSA as an optional layer that governance can enable when quantum threats warrant activation.

Users requiring post-quantum assurances can adopt the scheme selectively without disrupting the broader network.

This measured approach aligns with broader industry perspectives on quantum preparedness.

MicroStrategy founder Michael Saylor recently argued that “quantum computing won’t break Bitcoin—it will harden it,” suggesting that networks that upgrade proactively will see security improve while supply dynamics tighten, as lost coins remain frozen.

His view reflects a growing consensus that quantum threats, while serious, present opportunities for networks prepared to evolve their cryptographic foundations.

For Aptos, implementation includes feature flags allowing controlled deployment across validators, indexers, wallets, and development tools.

The phased rollout gives the ecosystem time to adapt infrastructure before quantum computers become capable of breaking current cryptography.

Industry-Wide Quantum Concerns Mount

The proposal reflects broader anxiety in the crypto industry about the timelines for quantum computing.

Solana co-founder Anatoly Yakovenko recently warned that Bitcoin has a 50% chance of facing quantum breakthroughs within five years, urging accelerated adoption of quantum-resistant schemes as AI acceleration compresses development timelines.

Experts estimate 30% of Bitcoin’s supply, roughly 6-7 million BTC worth hundreds of billions of dollars, remains vulnerable in older address formats that expose public keys directly.

Tech giants are racing toward quantum supremacy with aggressive timelines. IBM plans to build 100,000-qubit chipsets by decade’s end, while PsiQuantum targets one million photonic qubits within the same timeframe.

Microsoft claims quantum computing is now “years, not decades” away following recent chip breakthroughs, while Google’s Willow chip solved problems in five minutes that would take classical computers billions of years.

Gavin Brennen from Macquarie University told Cryptonews that estimates for breaking 256-bit elliptic curve signatures have dropped from requiring 10-20 million qubits to around one million.

“A plausible timeline for cracking 256-bit digital signatures is by the mid-2030s,” Brennen said.

Grayscale’s 2026 Digital Asset Outlook also acknowledged quantum computing as a long-term cryptographic challenge but dismissed near-term price impacts, noting cryptographically relevant quantum computers remain unlikely before 2030.

However, the asset manager emphasized that most blockchains will ultimately require post-quantum upgrades as the technology advances toward practical viability.