The threat quantum computing poses to blockchain has been a topic of debate in the crypto industry for years. But by 2026, this narrative is shifting from theoretical discussion to concrete engineering action. On May 7, NEAR Protocol officially announced the integration of post-quantum cryptography into its network. Just days earlier, on May 5, Kaspa completed the most significant hard fork upgrade in its mainnet’s history. These two public blockchains are taking distinctly different approaches—one proactively reconstructing its security architecture from the cryptographic foundation, the other leveraging a unique consensus mechanism to pursue systemic defense.
Behind these moves lies a series of accelerating threat signals. On March 30, 2026, Google Quantum AI, together with Ethereum Foundation researchers and a Stanford cryptography professor, published a landmark whitepaper systematically evaluating the resources required for quantum computers to break cryptocurrency cryptography. Their findings: breaking the 256-bit elliptic curve cryptography (ECC) used by Bitcoin and Ethereum would require fewer than 500,000 physical quantum bits (qubits)—about 20 times less than previous academic estimates. On April 24, independent Italian researcher Giancarlo Lelli used a publicly available, rentable quantum computer to successfully crack a 15-bit elliptic curve private key in about 45 minutes, claiming a 1 BTC bounty from Project Eleven. This stands as one of the largest public demonstrations of an elliptic curve quantum attack to date. The contours of the quantum threat are moving from academic papers to verifiable engineering boundaries.
The Threat Landscape: How Close Is Quantum Computing?
Before dissecting the two technical approaches, it’s crucial to clarify the current coordinates of the quantum threat. Quantum computing doesn’t pose a uniform risk to blockchain; instead, there are multiple attack surfaces and varying levels of urgency.
The core threat comes from Shor’s algorithm. This quantum algorithm can break elliptic curve cryptography (ECDSA) in polynomial time, directly impacting the digital signature schemes that underpin the vast majority of blockchains. Once quantum computers with the necessary capabilities mature, attackers could derive private keys from public keys, thereby gaining control over corresponding crypto assets.
According to a Decrypt report on May 11, 2026, several cryptocurrency companies are adopting NIST-approved post-quantum cryptographic algorithms, upgrading user-facing wallets and custodial infrastructure. Their goal is to deploy quantum-safe protection ahead of protocol-level upgrades on blockchains like Bitcoin and Ethereum. The industry is accelerating its response.
Another threat is the so-called "Harvest Now, Decrypt Later" attack strategy. Attackers are currently collecting and storing encrypted data on a large scale, waiting for quantum computing capabilities to mature before decrypting it in the future. For blockchain, this means every transaction broadcast on the network today could be stored and potentially decrypted down the line.
A report from Project Eleven, released on May 10, 2026, warns that if the quantum threat materializes by 2030, beginning migration in 2029 may be too late. The report also notes that the primary obstacle to adopting post-quantum cryptography is coordination, not technology. Large systems may require five to more than ten years to transition, necessitating simultaneous action from users, exchanges, custodians, wallet providers, and miners.
It’s worth noting that not all industry participants agree on the urgency. On May 10, 2026, the CEO of BitGo publicly disputed the 2030 quantum threat timeline, arguing that related reports come from "companies relying on quantum panic." There is a clear split within the industry on how imminent the threat is.
Additionally, industry research and analysis groups have published quantum vulnerability assessments for major public blockchains, identifying Bitcoin as one of the most vulnerable. Google Quantum AI’s research ranks Cardano as the world’s second most prepared blockchain for quantum attacks. Against this backdrop, NEAR and Kaspa have chosen different defense strategies.
The NEAR Approach: Protocol-Level Post-Quantum Cryptography Integration
NEAR Protocol has chosen a proactive defense path, starting from the cryptographic foundation.
According to the NEAR team, NEAR Protocol currently supports two signature schemes: EdDSA and ECDSA, neither of which are quantum-safe. The core of the new update is adding FIPS-204 (ML-DSA, formerly known as CRYSTALS-Dilithium), a lattice-based post-quantum signature scheme approved by NIST and formally standardized as one of the first NIST post-quantum cryptography standards in August 2024.
FIPS-204 is a module lattice digital signature algorithm. Lattice-based cryptography is widely regarded as one of the most promising directions for post-quantum cryptography, striking a strong balance between security and performance. In August 2024, NIST formally approved standards FIPS 203, 204, and 205, providing the industry with a concrete technical baseline.
A standout feature of NEAR’s upgrade is the user experience for key rotation. Once the solution goes live, any NEAR account holder can rotate their key and switch to a post-quantum secure signature scheme with a single transaction—no complex address migration required. This is possible thanks to NEAR’s account model, where each account is controlled by rotatable "access keys" rather than being permanently bound to a specific key pair. Unlike Bitcoin and Ethereum users, who must create new addresses and transfer assets, NEAR users can rotate keys with a simple on-chain transaction.
NEAR’s early design team considered post-quantum security from the outset. This long-term vision now gives NEAR a structural advantage over other public blockchains.
Wallet ecosystem support is also noteworthy. Near One has partnered with hardware wallet manufacturers like Ledger to plan post-quantum support. Most hardware wallets currently lack quantum-safe signature support, so Near One is working directly with manufacturers to accelerate the rollout of new solutions.
On the cross-chain front, NEAR’s chain signature MPC network already supports threshold signatures for over 35 public blockchains. The Defuse team is developing quantum-safe cross-chain signature solutions for NEAR Intents users, aiming to provide a quantum-safe environment for ecosystems slower to migrate to post-quantum cryptography.
The testnet version is scheduled for launch by the end of Q2 2026, with mainnet deployment to follow after security audits and community coordination.
The NEAR team has also raised a longer-term question: If quantum computers can break elliptic curve encryption, how can ownership of crypto assets without physical possession be proven? Near One warns that this could trigger a broader crisis of crypto asset ownership.
The Kaspa Approach: Systemic Defense via GHOSTDAG Consensus Mechanism
In contrast to NEAR’s cryptography-first approach, Kaspa’s quantum security narrative is built on the unique advantages of its consensus layer and architecture.
Kaspa’s core innovation lies in the GHOSTDAG protocol. Unlike traditional blockchains that process blocks sequentially and isolate parallel blocks, GHOSTDAG enables blocks to coexist and be ordered in consensus. The protocol sorts parallel blocks by identifying a set of "blue" blocks and deterministically resolving conflicts, preventing the runaway "orphan block" problem common in high block-rate linear chains.
From a quantum security perspective, GHOSTDAG and the blockDAG architecture provide unique security properties on two fronts. First, the parallel block generation mechanism significantly raises the attack threshold. Kaspa’s mainnet currently achieves a block generation rate of 10 blocks per second, with a future target of 100 blocks per second. Even if an attacker had quantum computing power and attempted an attack, the high block rate allows honest nodes to continuously produce large numbers of blocks, making it much harder for attackers to control the majority of hashpower in a short time. Second, GHOSTDAG combines PoW and DAG-based consensus mechanisms, enhancing Kaspa’s resistance to 51% attacks.
Meanwhile, Kaspa community developers have proposed quantum-resistant wallet upgrades. A developer known as bitcoinSG has suggested moving from the current P2PK address format to a P2PKH-Blake2b-256-via-P2SH design, hiding public keys until funds are spent and thus reducing exposure to quantum attacks. This solution is implemented at the wallet layer, not the consensus layer, and is backward compatible—users, wallets, and exchanges can adopt the new format without a hard fork.
On May 5, 2026, Kaspa completed the Covenant-Centric hard fork, introducing native assets, enhanced covenant functionality, and zero-knowledge proof capabilities. This upgrade transforms Kaspa from a fast payment system into a programmable smart contract platform. While not directly targeting quantum security, it expands Kaspa’s programmability, providing a more flexible foundation for future security upgrades.
However, Kaspa’s quantum defenses are not foolproof. In-depth analysis has revealed Kaspa’s "quantum Achilles’ heel." Kaspa relies on UTXO commitment technology using the MuHash algorithm, which allows incremental updates to the network’s state fingerprint. But MuHash is based on the elliptic curve discrete logarithm problem—the very mathematical challenge that Shor’s algorithm can solve. If attackers can reverse-engineer these commitments, they could construct entirely different UTXO sets that still match the original MuHash, and the system would treat them as valid. This risk is especially pronounced after data pruning—Kaspa prunes old data for efficiency, so nodes rely entirely on these commitments rather than the full transaction history for validation.
Addressing this issue presents a dilemma: adopting post-quantum cryptography could double the block header size, severely impacting the efficiency Kaspa relies on. Relying on archival nodes introduces trust assumptions, undermining decentralization.
Additionally, former Kaspa core contributor Shai Wyborski has publicly stated that no PoW system can fully resist quantum mining attacks—this vulnerability is universal among PoW systems.
Comparing the Two Approaches: Facts, Strengths, and Limitations
The table below provides a structured, multi-dimensional comparison of NEAR and Kaspa’s quantum defense strategies based on currently available information:
| Comparison Dimension | NEAR Protocol | Kaspa |
|---|---|---|
| Core Technical Approach | NIST-standard post-quantum cryptography (FIPS-204 lattice signatures) | GHOSTDAG consensus + blockDAG + wallet-layer public key hiding |
| Security Standardization | Uses NIST-approved FIPS-204, highly standardized | Proprietary protocol, no NIST-standard post-quantum algorithms |
| Deployment Timeline | Q2 2026 testnet, mainnet deployment TBD | Consensus layer live; wallet upgrade proposal stage, optional adoption |
| User Migration Cost | Key rotation with a single transaction, low cost | Wallet address format migration requires user action |
| Consensus Layer Quantum Security | Covers signature layer only; full consensus quantum security still evolving | PoW hash functions offer some quantum resistance, but UTXO commitments are potentially vulnerable |
| Scalability Trade-offs | FIPS-204 signatures are large, increasing storage and bandwidth needs | Post-quantum upgrade faces trade-off between data size and efficiency |
| Governance Model | Near One-led centralized decision-making, high execution efficiency | Community-driven proposals, potentially longer coordination cycles |
| Known Technical Risks | Long-term lattice cryptography security still under review | MuHash algorithm potentially vulnerable to Shor’s algorithm |
Based on this table, the core differences between the two approaches can be summarized as follows:
NEAR’s approach is a cryptographic replacement strategy. Its strengths are high standardization, clear security guarantees, and low user migration costs, but its coverage is currently limited to the signature layer. Full quantum security for the consensus and validator layers remains a work in progress.
Kaspa’s approach is an architectural resistance strategy. Its strengths include a high block generation rate that naturally increases attack costs, and PoW hash functions that are relatively quantum-resistant. However, its main weakness lies in the UTXO commitment mechanism’s reliance on elliptic curve math, and current technical solutions cannot simultaneously achieve quantum security and high performance.
Industry Context: The Quantum Security Race
NEAR and Kaspa’s choices are not isolated—they must be viewed within the broader industry race toward quantum security.
Among major public blockchains, quantum security strategies are clearly stratified. In March 2026, the Ethereum Foundation launched the "Post-Quantum Ethereum" website, elevating quantum security to a top strategic priority and forming a dedicated quantum security team. Coinbase has established a quantum advisory board, and NIST has announced migration timelines for quantum security. Ethereum’s roadmap suggests Layer 1 upgrades could arrive by 2029, but full migration of the execution layer may take even longer.
In terms of quantum readiness, Google Quantum AI’s research ranks Cardano as the world’s second most prepared blockchain for quantum attacks. Cardano’s structural advantages position it well for future migration to post-quantum cryptography. The report also notes that Ethereum and Solana have the broadest attack surfaces due to always-visible public keys.
Another key industry trend is emerging: competitive, parallel advancement of quantum security at the wallet and protocol layers. Several crypto companies are adopting NIST-approved post-quantum cryptographic algorithms to upgrade wallets and custodial infrastructure. Some developers focus on wallet upgrades, while others insist that only protocol-level changes can fully protect users. As the CEO of Silence Laboratories warned, "If wallets upgrade for the post-quantum era but the blockchain doesn’t, it won’t work."
Looking at industry trends, one conclusion is becoming clear: quantum security will no longer be an optional feature for public blockchains, but a mandatory infrastructure upgrade. NEAR’s architectural advantage gives it a head start in this transition, while Kaspa must carefully balance performance optimization with security upgrades.
Risks and Limitations: Boundaries of Both Approaches
While acknowledging the strengths of both approaches, it’s also essential to highlight their substantive risks.
NEAR faces four core challenges. First, while lattice cryptography has passed NIST standardization, the cryptographic community continues to debate its long-term security under large-scale quantum attacks. Its security proofs are not as mature as those for hash-based signatures. Second, NEAR’s post-quantum upgrade currently covers only the account signature layer. Consensus, validator communication, and block synchronization still require quantum-safe upgrades. Third, FIPS-204 signatures are relatively large—ML-DSA signatures of 2,420 bytes can generate about 0.48 GB/s of signature data, and larger parameter sets could approach 1 GB/s. For blockchains that require global replication and full-node validation, this means increased storage, bandwidth, and verification costs. While NEAR’s account model reduces user-side complexity, node storage and verification costs will still rise. Fourth, Near One’s centralized governance ensures efficient decision-making, but if the technical direction is flawed, correction mechanisms remain unclear.
Kaspa faces a more fundamental challenge. The incompatibility between the elliptic curve math underlying MuHash commitments and quantum attacks cannot be sidestepped with wallet-layer upgrades. This is a consensus security issue—once quantum computing reaches a critical point, the verifiability of historical block data is at risk. No final solution has emerged. Possible paths include migrating to quantum-resistant protocols and designating a historical cutoff after which chain state is no longer fully trusted. Former Kaspa core contributors have also stated that no PoW system can fully withstand quantum threats. Without protocol-level post-quantum cryptography upgrades, Kaspa’s quantum security narrative will remain structurally incomplete.
There’s also a common industry challenge. The significant increase in post-quantum signature sizes means higher storage, bandwidth, and verification costs for globally replicated, full-node validated blockchains. Several generations of hardware improvements will be needed before this becomes operationally routine.
Conclusion
2026 is shaping up to be a pivotal year for blockchain’s quantum security transformation. NEAR and Kaspa represent two distinct philosophies—one proactively replacing its security foundation with post-quantum cryptography, the other leveraging unique consensus design for systemic architectural advantages. These approaches are not mutually exclusive; rather, they reflect deep differences in design philosophy and security priorities.
NEAR’s strengths lie in standardization, clarity, and a user-friendly migration path. Its forward-looking architecture is translating into real competitive advantage as quantum threats accelerate. Kaspa’s high block production rate naturally reduces attack windows, but its consensus layer’s reliance on elliptic curve cryptography presents a significant vulnerability.
Quantum security is evolving from an optional feature to an essential infrastructure upgrade for public blockchains. In this transition window, the correctness of technical choices and execution efficiency will have a deeper impact on the long-term competitive landscape than ever before. For industry participants, understanding where each public blockchain stands in this race—and the logic behind its chosen path—is the foundation for making rational decisions.
