The Quantum Computing Landscape in 2026
Quantum computing has progressed from theoretical curiosity to engineering reality. Understanding the current state is critical for assessing the urgency of XDC's post-quantum migration.
Current Quantum Hardware Milestones
| Milestone | Organization | Date | Significance |
|---|---|---|---|
| Willow — 105 qubits | Google Quantum AI | Dec 2024 | Below-threshold error correction demonstrated for first time |
| Condor — 1,121 qubits | IBM | Dec 2023 | Largest gate-based quantum processor; followed by Heron (133q, lower error) |
| Atom Computing — 1,225 qubits | Atom Computing | Oct 2023 | Neutral atom platform; high connectivity |
| 10K logical qubits target | IBM Quantum | ~2030 | IBM's published roadmap for error-corrected logical qubits |
| DARPA CRQC benchmark | DARPA | ~2033 | Most cited objective estimate for cryptographically relevant QC |
🔬 Google Quantum AI — falling resource estimates
The headline trend isn't new hardware — it's that the estimated cost of breaking public-key cryptography keeps dropping as the algorithms improve. The most-cited recent result is from Google Quantum AI researcher Craig Gidney:
- A 2025 preprint argues a fault-tolerant machine could factor a 2048-bit RSA key with under one million noisy qubits, given several days of continuous operation.
- That is roughly a 20× reduction in the estimated qubit count versus Gidney's own widely-cited 2019 figure (~20 million qubits) for the same task — driven by algorithmic and error-correction improvements, not a hardware leap.
- Important caveat: this is a resource estimate, not a demonstrated attack. No machine today comes close to the requirements (millions of high-quality qubits running error-free for days).
RSA-2048 and the secp256k1 ECDSA used by XDC (and Bitcoin and Ethereum) both rest on problems Shor's algorithm solves, so estimates that fall for one class are a leading indicator for the other. The direction of travel — estimates shrinking year over year — is exactly why a hybrid migration should begin well before any working attack exists.
How Quantum Computers Attack XDC
Two quantum algorithms pose distinct threats to different layers of XDC's cryptographic stack.
Shor's Algorithm — The Existential Threat
Shor's algorithm solves the Elliptic Curve Discrete Logarithm Problem (ECDLP) in polynomial time. For XDC's secp256k1 curve, this means:
| XDC Surface | Attack Type | Severity | Time Window |
|---|---|---|---|
| ECDSA transaction signatures | Private key recovery from public key | Critical | Real-time once CRQC exists |
| Validator masternode keys | Forge block signatures, control consensus | Critical | Real-time |
| Trade document signatures | Trust-Now-Forge-Later (TNFL) | Critical | 20–30 year exposure |
| Bridge multisig keys | Forge bridge transfers | Critical | Real-time |
| ECDH key exchange (TLS) | Harvest-Now-Decrypt-Later | High | Active today |
Mathematical complexity: Classical ECDLP requires O(√n) = O(2128) operations for 256-bit curves. Shor's algorithm reduces this to O((log n)3) — exponentially faster. Published resource estimates for the number of error-corrected qubits required have fallen substantially in recent years, though all remain far beyond today's hardware.
Grover's Algorithm — Reduced but Not Broken
Grover's algorithm provides a quadratic speedup for unstructured search problems, which affects hash functions:
| Hash Function | Classical Security | Post-Quantum Security | Status |
|---|---|---|---|
| Keccak-256 (XDC addresses) | 2256 | 2128 | Safe — 128-bit security sufficient |
| SHA-256 (used in some contexts) | 2256 | 2128 | Safe — 128-bit security sufficient |
| RIPEMD-160 (not used by XDC) | 2160 | 280 | Marginal — XDC unaffected |
Conclusion: XDC's hash-based components (addresses, Merkle trees, state roots) are quantum-safe. No migration needed for Keccak-256.
Ritesh Kakkad's Quantum-Proof Blockchain Research
The XDC community's quantum readiness journey began with Ritesh Kakkad's seminal article on xdc.dev, which identified the key threat vectors and proposed a comprehensive defense framework. His research highlighted seven critical areas:
- Quantum-resistant cryptography — adopting post-quantum algorithms for signatures and encryption
- Network security protocol hardening — quantum-safe key exchange for all communications
- Consensus mechanism resilience — protecting XDPoS against quantum-capable adversaries
- Quantum Key Distribution (QKD) — physics-based key distribution for highest-value links
- Continuous threat assessment — ongoing monitoring and risk management
- Industry collaboration — engaging with academic and standardization bodies
- Regular security audits — staying ahead with proactive cryptographic reviews
This framework directly informed the XDC PQ Initiative's architecture. Kakkad's emphasis on QKD integration and collaboration with standardization bodies anticipated the XDSS-PQ open standard approach now being co-authored with ITFA and ICC.
Deloitte's research, cited in the article, reveals that hundreds of billions in cryptocurrency are held in addresses with exposed public keys — vulnerable to quantum storage attacks.
Why XDC's Quantum Risk Exceeds Other Chains
The Trade Finance Longevity Problem
Most blockchain transactions have immediate finality — the signature is verified once and then it's done. XDC's trade finance use case is fundamentally different:
- A bill of lading signed on XDC in 2026 remains legally referenced until 2056
- A letter of credit may be contested in court decades after issuance — the ECDSA signature is the proof
- RWA tokens representing real estate, commodities, or bonds have lifespans measured in decades
This creates the Trust-Now-Forge-Later (TNFL) attack: an adversary doesn't need a quantum computer today — they just need the signed document. When CRQCs arrive in the 2030s, every ECDSA-signed trade document on XDC becomes forgeable.
Institutional Compliance Liability
XDC's partners face active regulatory mandates that create compliance liability if XDC's cryptography isn't quantum-safe:
| Regulation | Jurisdiction | Deadline | Impact on XDC |
|---|---|---|---|
| DORA | EU | Jan 2025 (active) | Banks must demonstrate robust cryptographic controls |
| CNSA 2.0 | US (NSA) | Jan 2027 | NSS acquisitions must be PQC compliant |
| EU PQC Roadmap | EU | Dec 2030 | Full PQC migration for all critical infrastructure |
| NIST IR 8547 | US (NIST) | 2035 | All quantum-vulnerable algorithms deprecated |
The NIST PQC Standards — XDC's Foundation
NIST finalized three PQC standards in August 2024 (FIPS 203, 204, 205) with a fourth (FIPS 206, Falcon) expected in 2025. These form the foundation of XDC's migration.
FIPS 203 — ML-KEM (Kyber): Key Encapsulation
XDC use: P2P and RPC TLS encryption for all 108 masternodes
- Type: Lattice-based (Module Learning With Errors)
- Security level: ML-KEM-768 ≈ AES-192 equivalent
- Key size: 1,184 bytes (public), 2,400 bytes (private)
- Ciphertext: 1,088 bytes
- Already deployed: Google Chrome v131, Cloudflare, AWS, Apple iMessage PQ3
- Overhead: <5% on high-bandwidth links; drop-in replacement for ECDH
FIPS 204 — ML-DSA (Dilithium): Digital Signatures
XDC use: EOA wallet signing, XDSS-PQ trade documents (dual hybrid)
- Type: Lattice-based (Module Learning With Errors)
- Signature size: 2,420 bytes (ML-DSA-65)
- Public key: 1,952 bytes
- Co-developed by: IBM Research (Vadim Lyubashevsky et al.)
- Already deployed: Signal PQXDH (2023), Apple iMessage PQ3 (2024)
- Primary NIST standard — most audited PQ signature scheme
FIPS 205 — SLH-DSA (SPHINCS+): Hash-Based Signatures
XDC use: DAO and bridge governance operations
- Type: Hash-based (stateless)
- Signature size: 7,856 – 49,856 bytes (depending on parameter set)
- Security basis: SHA-256 only — most conservative foundation
- Advantage: No lattice assumptions; security relies only on hash function collision resistance
- Use case: Rare, high-value operations where size is acceptable
- Recommended by: UK NCSC for software signing
FIPS 206 — FN-DSA (Falcon): Compact Signatures
XDC use: XDPoS 2.0 validator block signing (the critical choice)
- Type: Lattice-based (NTRU)
- Signature size: 666 bytes — most compact NIST PQ signature
- Public key: 897 bytes
- Why for validators: XDPoS 2.0 has 108 nodes signing every block; signatures are gossiped network-wide. ML-DSA's 2.4 KB would increase gossip overhead by ~3.6×; Falcon's 666B keeps it manageable
- Also being evaluated by: Polkadot for validator keys (similar bandwidth constraints)
- Status: Expected NIST finalization 2025
What Other Blockchains Are Doing
A comparison of quantum readiness across major blockchain networks.
Lean Consensus: Complete redesign of consensus layer with hash-based signatures (leanSig, leanMultisig). XMSS + STARK aggregation. Formal verification with Lean 4. Vitalik's quantum emergency hard-fork plan. EIP-7702 account abstraction.
Purpose-built PQ blockchain using XMSS (eXtended Merkle Signature Scheme) from launch. Hash-based signatures only. Stateful — requires careful key management.
Falcon chosen for validator keys (June 2025 roadmap). Same bandwidth reasoning as XDC — many validators, frequent signing. Substrate framework allows modular crypto swaps.
Explored Falcon signatures during NIST Round 3. State proofs already use Falcon-like compact signatures. Research into lattice-based schemes for consensus.
No formal PQ migration plan. ~25% of BTC in addresses with exposed public keys (per Deloitte). Satoshi's coins (~1.1M BTC) use pay-to-public-key (P2PK) — maximally exposed. Any migration requires hard fork and community consensus.
Most comprehensive enterprise PQ plan: Falcon validators, ML-DSA wallets, XDSS-PQ hybrid for trade docs, SLH-DSA governance, ML-KEM TLS, STARK aggregation. 4-phase roadmap targeting EU 2030. ~0.1% pubkey exposure (vs BTC 25%).
When Will Quantum Computers Break ECDSA?
Estimated Timeline for Cryptographically Relevant Quantum Computers
| Source | Estimate | Confidence | Notes |
|---|---|---|---|
| Google Quantum AI (Gidney, 2025) | resource estimate | High-profile | RSA-2048 in <1M noisy qubits over several days; ~20× fewer qubits than the 2019 baseline |
| IBM Quantum Roadmap | ~2030–2035 | Medium-High | Targets ~10K error-corrected logical qubits by ~2030 (a CRQC needs many thousands) |
| DARPA Benchmark | ~2033 | Most cited | Independent US defense assessment |
| NIST IR 8547 | 2035 (deprecation) | Standard | All quantum-vulnerable algorithms deprecated by this date |
| Mosca's Theorem | Start NOW | Critical | If migration time (T) + data lifetime (L) > time to CRQC (Q), you're already late |
Migration time (T) = 4–7 years · Trade doc lifetime (L) = 20–30 years · Time to CRQC (Q) = ~8–12 years
T + L = 24–37 years >> Q = 8–12 years — XDC is already in the danger zone. Migration should have started yesterday.
Harvest-Now-Decrypt-Later: A Present Danger
HNDL Attacks Are Happening Now
Nation-state actors are already recording encrypted communications for future decryption. This affects XDC in two ways:
- P2P traffic: Masternode gossip, block propagation, and transaction relay are encrypted with classical ECDH. This traffic is being recorded by sophisticated adversaries today.
- Trade document metadata: Even if the document itself is on-chain, the negotiation traffic around it (counterparty communications, draft versions) may contain commercially sensitive information.
This is why Phase 1 (PQ-TLS) of XDC's roadmap is prioritized — it addresses the only quantum threat that is active today, not just a future risk.
Ethereum's Lean Consensus: XDC's Force Multiplier
Porting Ethereum's PQ Research to XDC
Ethereum's Lean Consensus R&D program (tracked at leanroadmap.org) is XDC's greatest engineering leverage:
- leanSig: Hash-based signature scheme optimized for both SNARKs and quantum resistance
- leanMultisig: Aggregate signature scheme compressing multiple XMSS signatures into compact proofs
- Post-Quantum Signature Aggregation with zkVMs: Exploring minimal zkVMs (Binus M3, SP1, Jolt, OpenVM) optimized for signature aggregation — directly applicable to XDC's Falcon signatures
- Formal Verification: Using Lean 4 framework to mathematically prove security of cryptographic proof systems (FRI, STU, WHIR)
- Poseidon Cryptanalysis Initiative: Comprehensive security testing of hash functions used in ZK systems
XDC's EVM compatibility means all of this research ports directly. We build on Ethereum's $20M+ research investment without duplicating it.
The XDC PQ Migration Architecture
Hybrid-First: Zero-Disruption Migration
Every phase of XDC's migration uses a hybrid parallel approach:
- Classical ECDSA and PQ signatures coexist throughout the transition
- A transaction/block is valid if either signature validates
- Security holds unless both classical and PQ algorithms break simultaneously
- Classical path removed only after a publicly announced 18-month sunset notice
This approach mirrors Google's recommendation: "PQC represents a well-understood path to post-quantum blockchain security" — but it must be done in parallel, not as a flag-day cutover.
XDSS-PQ: The Strategic Moat
XDSS-PQ (XDC Document Signing Standard — Post-Quantum) is more than a technical standard — it's a strategic positioning play:
- Dual ML-DSA + Falcon hybrid signatures on every trade document
- Co-authored as open standard with ITFA, ICC, and IMDA TradeTrust
- 30-year validity windows — a document signed in 2028 remains verifiable in 2058
- EU 2030 + NIST FIPS compliance declarations built into the schema
- XDC becomes the reference implementation — creating a network effect moat no fee advantage can overcome
References & Further Reading
- IBM Quantum Development Roadmap (2024). ibm.com/quantum/roadmap
- Gidney, C. "How to factor 2048-bit RSA integers with less than a million noisy qubits." Google Quantum AI, 2025 (preprint). arxiv.org/abs/2505.15917
- Gidney, C. & Ekerå, M. "How to factor 2048-bit RSA integers in 8 hours using 20 million noisy qubits." Quantum, 2021. arxiv.org/abs/1905.09749
- Kakkad, R. "XDC Network's Unbreakable Future: Exploring area of Quantum-Proof Blockchain Research." xdc.dev, 2024. xdc.dev/riteshkakkad
- Deloitte. "Quantum computers and the Bitcoin blockchain." deloitte.com
- Google Security Blog. "Post-Quantum Cryptography Standards." Aug 2024. security.googleblog.com
- Lean Ethereum. "Lean Consensus R&D Progress." 2025–2026. leanroadmap.org
- NIST. FIPS 203, 204, 205 (Aug 2024); FIPS 206 (expected 2025). csrc.nist.gov
- Buterin, V. "How to hard-fork to save most users' funds in a quantum emergency." Ethereum Research, March 2024. ethresear.ch
- Mosca, M. "Cybersecurity in an era with quantum computers: will we be ready?" IEEE Security & Privacy, 2018.
- World Economic Forum. "Quantum Computing Governance Principles." 2024.