Ethereum is beginning to publicly formalize its post-quantum security efforts. Will Corcoran, a researcher at the ETH Foundation, used a presentation at the Ethereum Institutional Forum in New York to present both the threat model and the protocol work already underway. The effort matters well beyond ETH, he argued, because the main bottleneck is not unique to a single chain: every proof-of-stake network built on current cryptographic assumptions will ultimately face the same scaling problem.
Alongside the conference, the Ethereum Foundation launched pq.ethereum.org, a new portal that brings together the project roadmap, technical resources, FAQs for institutions and a registration form for a post-quantum retreat in Cambridge in October 2026. Corcoran presented the site as a way to consolidate years of research and respond to what he described as growing interest from institutions asking how Ethereum plans to prepare for a future in which quantum computers can break elliptic curve cryptography.
Ethereum eyes post-quantum industrial standard
This future is predicted to be still years away, but Corcoran said Ethereum is already working in a narrow window. He highlighted current estimates for “Q Day”: the arrival of a cryptographically relevant quantum computer, clustered around 2032, while the current roadmap targets key post-quantum components for the “L” or “M” branch of the protocol, around 2029 or so.
The central argument of the presentation was that post-quantum security cannot be reduced to a simple exchange of signatures. Ethereum today leverages elliptic curve cryptography across the entire stack: validator attestations at the consensus layer, blob-proof data at the data layer, and transaction and wallet signatures at the execution layer. If this cryptography is broken, a large part of the network security model is broken.
But its replacement introduces a second-order problem. Ethereum’s current BLS signatures are compact and aggregate extremely efficiently: 10,000 signatures are always compressed to 96 bytes. The proposed post-quantum replacement, a hash-based system that Corcoran calls Lean Sig, is about 3,000 bytes per signature, and naively aggregating them would produce about 30 megabytes of data per location.
This compromise is not simply a technical inconvenience. Corcoran has repeatedly linked it to Ethereum’s decentralization constraint, arguing that larger signatures would increase bandwidth requirements, reduce the number of viable home validators, and weaken the security properties of the chain. According to him, the whole design challenge lies downstream from this point.
“So making Ethereum post-quantum secure is not as simple as swapping the signature schemes, because that change ripples through everything else,” he said. “Larger signatures would result in greater bandwidth, which would result in fewer local validators, less decentralization, and weaker security guarantees. So a change would ripple across everything.”
Ethereum’s proposed answer is a combination of LeanSig with a proof system called Lean Multisig, which Corcoran described as a STARK-based aggregation engine. Instead of transmitting all signatures directly, the system aims to prove that they have been correctly verified and compress the result to around 125 kilobytes. He called this roughly 250x compression “the moon calculation” that makes post-quantum consensus viable on Ethereum.
Corcoran also used his speech to emphasize that this is no longer a purely theoretical thread of research. He said Ethereum was already operating devnets with 10 client teams, had shipped four devnets so far, and was built around three-slot finality and four-second slots as the basis for the design. The broader effort, he added, spans more than eight years of research, about $25 million in funding and about 1,500 contributors across more than 250 organizations and teams.
For Ethereum, the immediate message is that post-quantum readiness is becoming a visible part of its long-term protocol agenda. For the rest of cryptography, Corcoran’s assertion was broader.
“In reality, every proof-of-stake blockchain faces the same challenge, and that challenge is the ability to aggregate hash-based signatures at scale. That’s non-negotiable,” he said. “When we can implement LeanSig, LeanMultisig and Lean consensus, we believe this could truly become the de facto industry standard. »
At press time, ETH was trading at $2,154.
Featured image created with DALL.E, chart from TradingView.com
Editorial process as Bitcoinist focuses on providing thoroughly researched, accurate and unbiased content. We follow strict sourcing standards and every page undergoes careful review by our team of top technology experts and seasoned editors. This process ensures the integrity, relevance and value of our content to our readers.
