GitHub Devnet Live
Post-Quantum Cryptography

Why post-quantum
by design.

Quantum computers will eventually break the public-key cryptography securing every blockchain in production today. The question is not whether migration pressure will arrive — it is whether a protocol can absorb it safely. URUZ was designed to reduce retrofit risk at core trust boundaries.

The Threat

What quantum computing actually breaks.

The risk is concentrated in public-key cryptography — specifically digital signatures. A sufficiently powerful quantum computer running Shor's algorithm could recover private keys from public keys. For a blockchain, this means one thing: an attacker who holds your public key can forge your signature and take your funds.

Every chain in production today uses ECDSA or BLS signatures. Both are broken by Shor's algorithm. Bitcoin, Ethereum, Solana, and every chain launched in the last decade share the same vulnerability. The question is not which chains are at risk — all of them are. The question is which chains can actually fix it.

Most engineering roadmaps place cryptographic relevance in the early-to-mid 2030s. Breaking elliptic-curve cryptography would require thousands of stable logical qubits. That is approximately 8–12 years away — which sounds comfortable until you consider how long it takes to upgrade a decentralized global protocol.

What "harvest now, decrypt later" means for blockchains

For encrypted data, the threat is immediate: an adversary can record encrypted traffic today and decrypt it once quantum hardware exists. For blockchains, the threat is different. Blockchains are integrity systems built on digital signatures — past transactions remain safe. But once a cryptographically relevant quantum computer exists, any exposed public key can be used to derive the corresponding private key and authorize new transactions.

Every address that has ever sent a transaction has its public key exposed on-chain. Permanently.

The Migration Problem

Why retrofitting is the hard problem.

Migrating an established blockchain to post-quantum cryptography is one of the most technically and politically difficult problems in distributed systems. The Ethereum Foundation has acknowledged it will take many years and requires coordination across hundreds of client teams, wallet developers, exchanges, and users.

Existing chains — retrofitting PQ
Signature scheme change requires network-wide hard fork — every client must upgrade simultaneously or the chain splits.
User migration is opt-in and slow — funds in ECDSA addresses remain vulnerable until manually moved to PQ addresses.
PQ signatures are significantly larger - this impacts throughput assumptions, fee models, and networking.
Staking and validator key migration — must happen without disrupting consensus, under tight timing constraints.
Years of coordination — governance, client diversity, and ecosystem fragmentation all slow the process.
URUZ — PQ native
ML-DSA (Dilithium) from genesis - no legacy migration burden for core trust anchors.
No legacy address format to protect — there are no ECDSA addresses in URUZ. Every user starts on post-quantum infrastructure.
Protocol designed for larger signatures - architecture and networking are built for post-quantum signature overhead from day one.
No legacy validator-key transition burden - participation starts with post-quantum cryptographic assumptions.
Cryptographic agility by design — the protocol layer can upgrade signature primitives without a network-wide hard fork.
The URUZ Approach

Post-quantum is not a feature. It is the foundation.

URUZ uses ML-DSA (Module-Lattice Digital Signature Algorithm), standardized as FIPS 204 by NIST in 2024. It is designed for resistance against both classical and quantum adversaries.

How it is used in the protocol

URUZ applies post-quantum signatures to its canonical trust anchors so that long-term history integrity remains protected under the same cryptographic assumptions.

Why checkpoints specifically

Checkpoints define irreversible history. Protecting them with post-quantum signatures secures the highest-value trust boundary for long-term network integrity.

NIST FIPS 204 (ML-DSA / Dilithium) is the same standard being evaluated by Ethereum, the US federal government, and financial infrastructure providers for post-quantum migration. URUZ is aligned with that direction from genesis at core trust anchors.

What comes next

Future work expands post-quantum coverage and efficiency while preserving cryptographic agility and operational safety. See the Roadmap for phased milestones.

Context

The window for action.

2016 – 2024
NIST PQ standardization
NIST runs a decade-long evaluation of post-quantum algorithms. Dilithium (ML-DSA), Falcon, and SPHINCS+ selected as standards in 2024. FIPS 204 published.
2025 – 2026
URUZ genesis — PQ native from block 0
URUZ launches with post-quantum-first trust assumptions, reducing long-term migration burden at core trust anchors.
2027 – 2030
Established chains begin migration
Major ecosystems are actively evaluating or planning PQ migration paths, each with multi-year coordination across clients, wallets, exchanges, and users.
Early-to-mid 2030s
Cryptographically relevant quantum hardware
Most engineering roadmaps place CRQC capability here. Chains that have not completed migration can face an acute risk window. PQ-native designs reduce that window materially, but operational hardening is still required.
Learn more

Understand the full protocol.

Technology Deep Dive Read the FAQ