- Buterin identified BLS, KZG, ECDSA, and ZK proofs as Ethereum’s four quantum-vulnerable layers.
- The roadmap replaces BLS and KZG with hash-based signatures and STARK-based systems under a Lean model.
- While the quantum threat is theoretical, Ethereum developers are acting early.
Ethereum co-founder Vitalik Buterin has outlined a quantum resistance roadmap that targets four vulnerable areas in the network.
These include consensus-layer BLS signatures, KZG-based data availability, ECDSA account signatures, and certain zero-knowledge proof systems.
He has warned that meaningful quantum risk could emerge before 2028. Large-scale quantum machines are not active yet, but research progress has forced protocol-level planning now rather than later.
Consensus and Data: Move Away From BLS and KZG
The first target is validator signatures. Ethereum currently relies on BLS signatures at the consensus layer. The proposal is to replace them with hash-based signatures under a “Lean” model. Aggregation would rely on STARK proofs.
Before full Lean finality, a Lean chain could run with far fewer signatures per slot, roughly 256 to 1,024. That reduces aggregation complexity in early phases.
On data availability, Ethereum now uses KZG commitments for erasure-coded blobs. KZG allows linearity, which supports advanced sampling methods. STARKs do not offer this property.
Ethereum may avoid complex 2D sampling and instead maximize 1D PeerDAS. Meanwhile, Proof size is another constraint. KZG provides blob correctness checks with minimal overhead.
A raw STARK proof can exceed the size of a blob itself. Recursive STARKs or alternative constructions would solve this, but require heavy engineering.
It is also important to note that externally owned accounts today rely on ECDSA, which is quantum-vulnerable. The fix is native account abstraction through EIP-8141. This introduces validation frames inside transactions.
Buterin said that the long-term solution is recursive signature aggregation at the protocol layer, which compresses many checks into one proof and pushes gas cost close to zero.
Frame transactions are expected to be part of the Hegota upgrade in the second half of 2026. Ethereum Foundation developers view this as the main off-ramp from ECDSA.
Proof Systems: From 500k Gas to 10 Million
A standard ZK-SNARK verification costs roughly 300,000 to 500,000 gas. A quantum-resistant STARK proof can cost around 10 million gas. That level is not viable for privacy protocols or Layer 2 systems.
So, instead of verifying every signature or proof directly on-chain, a single master proof would validate thousands at once.
Buterin also discussed a mempool-layer model. Every 500 milliseconds, nodes could forward new valid transactions together with a proof that validates them. The overhead becomes fixed, resulting in one proof per 500 milliseconds.
While the quantum risk remains theoretical, Ethereum is acting early. The shift away from BLS, KZG, and ECDSA will require protocol upgrades across consensus, data, accounts, and proof systems.
However, there is no final roadmap yet. Researchers describe current drafts as strawman proposals that require broad agreement.
Related: Vitalik Buterin Tightens Ethereum’s DeFi Standards
Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.
