Morning Edition · Monday, June 15, 2026
Ethereum Researcher Outlines Post-Quantum Account Protection for $0.07 Without a Hard Fork
An Ethereum Foundation proposal adapts a hash-based signature standard to existing opcodes, letting individual users opt into quantum resistance.
Nicolas Consigny, a researcher with the Ethereum Foundation working on the Kohaku privacy project, has published a method that lets Ethereum accounts add quantum-resistant protection for roughly $0.07 each without waiting for a hard fork. The approach treats post-quantum security as something a user can adopt voluntarily at the account level rather than a network-wide upgrade requiring consensus.
The technical core is an adaptation of SPHINCS+, a hash-based signature standard already selected for post-quantum use, into a variant Consigny calls SPHINCS-. Because the scheme is built entirely from hash functions, replacing the standard SHAKE256 hash with Ethereum's native KECCAK256 opcode makes on-chain verification possible without new precompiles or protocol changes. Verification runs at about 150,000 gas using existing infrastructure.
Delivery relies on account abstraction. Using the ERC-4337 standard, an account can swap in the post-quantum signature scheme on its own, which is why no fork is needed. Consigny frames SPHINCS- as a transitional measure until Ethereum ships longer-term upgrades such as leanSPHINCS, which would aggregate signatures to cut costs further.
The proposal matters because it separates the timeline of the quantum threat from the slow cadence of protocol governance. If a credible quantum attack on elliptic-curve signatures ever arrives, users who upgraded early would already hold accounts that do not depend on the vulnerable scheme.
What this means
This is decentralization working as designed, because security migration becomes a personal choice rather than a coordination problem across the whole network. It also reframes the quantum debate from a distant abstraction into a concrete, priced engineering option, which raises the question of why custodians and wallets have not already made it a default.
What to watch
- Whether major wallets and smart-account providers integrate SPHINCS- as an opt-in feature.
- Progress on leanSPHINCS signature aggregation and its inclusion in Ethereum's roadmap.
- Independent audits of the KECCAK256-based verification path for new attack surface.
Observations to monitor, not financial advice.
Synthesized from: Polylog editors · crypto.news
More from this edition
- US-Iran Accord Reopens Strait of Hormuz, Pulling Risk Premium Out of Oil and Lifting Bitcoin
- Europe's MiCA Grace Period Ends July 1 With Only 14 Fully Licensed Trading Platforms
- Deprecated Aztec Connect Contract Drained of About $2.1 Million
- Security Roundup: Bridge and Mint Exploits Drive a Heavy Run of June Losses
- Hoskinson Says Cardano's 1,096 Bitcoin Paid for a 2016 Audit as Critic Demands Records
- Miden Pitches "Practical Privacy" as the Condition for Blockchain's Next Phase
- Aztec Launches Alpha Network and Sharpens the Debate Over Who Controls Privacy
- SEC Clears T. Rowe Price Multi-Asset Crypto ETF for NYSE Arca
- Former SEC Lawyers Question Strength of a Tokenization Exemption Over a Full Rule
- US-Listed HYPE Funds Draw $161 Million in a Month as Wall Street Bets on an On-Chain Exchange
- Aerodrome Rebuilds Liquidity Incentives Around Predicting Where Capital Is Needed
- Banks Move Into Bitcoin Custody as a Quantum Question Sits Inside the Vault