Buterin Calls for Cryptographic Overhaul
Vitalik Buterin has outlined a multi-stage roadmap to replace four components of Ethereum’s cryptographic architecture that could eventually be broken by quantum computers.
In a detailed post on X, Buterin identified the vulnerable areas as consensus-layer BLS signatures, KZG data commitments, ECDSA account signatures, and zero-knowledge proof systems used across applications and layer-2 networks.
Now, the quantum resistance roadmap.
— vitalik.eth (@VitalikButerin) February 26, 2026
Today, four things in Ethereum are quantum-vulnerable:
* consensus-layer BLS signatures
* data availability (KZG commitments+proofs)
* EOA signatures (ECDSA)
* Application-layer ZK proofs (KZG or groth16)
We can tackle these step by step:…
Now, the quantum resistance roadmap.
— vitalik.eth (@VitalikButerin) February 26, 2026
Today, four things in Ethereum are quantum-vulnerable:
* consensus-layer BLS signatures
* data availability (KZG commitments+proofs)
* EOA signatures (ECDSA)
* Application-layer ZK proofs (KZG or groth16)
We can tackle these step by step:…
Quantum Threat Moves From Theory to Planning
Quantum computing poses a structural threat to blockchain networks because sufficiently advanced machines could break public-key cryptography. If that happens, attackers could derive private keys from public keys and drain wallets.
To address the issue proactively, the Ethereum Foundation launched a dedicated Post-Quantum team in January and introduced a seven-fork upgrade roadmap dubbed the “Strawmap” designed to gradually integrate quantum-resistant signatures and STARK-friendly cryptography through 2029.
The initiative reflects a broader recognition that waiting until quantum capability becomes practical would be too late.
Consensus Layer: Replacing BLS Signatures
At the consensus layer, Ethereum currently relies on BLS signatures for validator attestations. Buterin proposes transitioning to hash-based signatures, which researchers generally consider more resistant to quantum attacks.
He also suggested compressing validator attestations using STARKs (Scalable Transparent Argument of Knowledge), enabling thousands of signatures to be aggregated into a single compact proof. This approach would preserve efficiency while upgrading security.
However, such a shift would alter core consensus mechanics, making careful implementation critical.
Data Availability and KZG Tradeoffs
Ethereum currently uses KZG commitments to verify block data availability. While STARKs could replace KZG, they lack a mathematical property known as linearity, which supports two-dimensional data availability sampling.
In practical terms, Ethereum would need to redesign aspects of its data verification process - a technically feasible but complex engineering challenge.
User Accounts and Gas Costs
One of the most immediate friction points lies in user account cryptography. Today, verifying an ECDSA signature costs around 3,000 gas. A quantum-resistant hash-based signature could cost roughly 200,000 gas, representing a dramatic increase.
The disparity becomes even more pronounced for zero-knowledge systems. Verifying a ZK-SNARK currently costs between 300,000 and 500,000 gas, while a quantum-resistant STARK could cost approximately 10 million gas - prohibitively expensive for many privacy applications and layer-2 networks.
To address this, Buterin pointed to Ethereum Improvement Proposal 8141, which introduces protocol-layer recursive signature and proof aggregation.
EIP-8141 and Recursive Aggregation
Under EIP-8141, each transaction would contain a “validation frame” that could be replaced by a STARK verifying correct execution. These frames would then be aggregated into a single proof per block, keeping the on-chain footprint manageable even if individual signatures grow heavier.
Buterin suggested that proof generation could occur at the mempool layer, with nodes propagating validated transactions approximately every 500 milliseconds alongside a proof of validity.
A Long-Term Bet on Security
The Strawmap signals that Ethereum is preparing for a future where quantum computing is not hypothetical but operational. Rather than patching vulnerabilities reactively, the Foundation is proposing structural cryptographic shifts phased in over several years.
While quantum-capable attacks remain years away by most estimates, Ethereum’s leadership appears determined to future-proof the network before the risk materializes.
If executed successfully, the roadmap could redefine Ethereum’s cryptographic backbone - reinforcing its position as a long-term settlement layer in an increasingly competitive blockchain landscape.
