Solana's Cryptographic Foundation: ed25519
Solana uses ed25519 as its default signature scheme — the same scheme used by TON and several other major chains. Ed25519 is the Edwards-curve Digital Signature Algorithm operating on Curve25519, a twisted Edwards curve. It is fast, compact, and well-regarded for classical security. But it is an elliptic curve scheme, which places it in exactly the same vulnerability class as Bitcoin's secp256k1.
Shor's algorithm, running on a sufficiently powerful quantum computer, can solve the elliptic curve discrete logarithm problem. That breaks ed25519 the same way it breaks secp256k1. A quantum attacker who obtains a public key can derive the corresponding private key and forge signatures. Every wallet on Solana that has ever broadcast a transaction has exposed its public key on-chain.
This is not a theoretical edge case. It is the core vulnerability that Shor's algorithm targets in all elliptic curve cryptography. Solana's choice of ed25519 over secp256k1 does not change the outcome under a quantum attack.
What Is the Scale of Exposure on Solana?
Solana's account model stores public keys directly as account identifiers. Every account that has signed a transaction has its public key permanently recorded on-chain. That exposure is irreversible.
As of 2026, Solana hosts tens of millions of active wallet addresses. The Solana network processed over 2 trillion transactions since launch, with peak daily active addresses reaching into the millions. A meaningful fraction of those accounts hold SOL or SPL tokens. Each one is identifiable by its public key, which an attacker with a cryptographically relevant quantum computer could use to derive the private key.
The scale problem compounds with Solana's design philosophy. Solana optimizes for speed and low fees, which means high transaction volume and a large active user base. That is exactly the population most exposed in a quantum threat scenario. Compare this to Bitcoin's quantum exposure, where a significant portion of coins sit in unspent pay-to-public-key outputs. On Solana, the exposure is broader and more uniformly distributed across active users.
How Does Sealevel Complicate a Post-Quantum Migration?
Solana's runtime architecture is called Sealevel. It enables parallel execution of non-overlapping transactions, which is the primary reason Solana can claim higher throughput than sequential execution chains. Sealevel processes transactions in parallel by analyzing which accounts each transaction reads and writes, then executing non-conflicting transactions simultaneously.
A post-quantum signature migration touches every account on the network. The migration would require every account to re-sign a migration transaction using both its existing ed25519 key and a new post-quantum key. This type of operation creates massive account overlap and write contention. Sealevel's parallelism benefit would largely disappear during a network-wide migration event.
Beyond the migration event itself, post-quantum signatures are structurally larger than ed25519. CRYSTALS-Dilithium signatures at the 128-bit quantum security level produce signatures of roughly 2,420 bytes. FALCON-512 produces signatures of around 666 bytes. Ed25519 signatures are 64 bytes. Even FALCON, the most compact NIST-approved post-quantum signature scheme, is more than 10 times larger than ed25519.
Solana's transaction size limits and fee structure are calibrated around small, fast signatures. Integrating post-quantum signatures at the runtime level would require changes to transaction serialization, fee calculations, account storage costs, and the Sealevel scheduler itself. This is a multi-layer protocol change, not a drop-in cryptographic swap.
What Does Solana's Throughput Look Like Under Post-Quantum Signatures?
Solana's official throughput figure is approximately 65,000 transactions per second. The practical sustained throughput during real network load is closer to 2,000 to 4,000 TPS, based on observed mainnet performance. The gap between theoretical and practical throughput exists because validator hardware, network bandwidth, and transaction complexity all impose real-world limits.
Post-quantum signatures would affect throughput through several mechanisms. Larger signatures increase transaction sizes, which reduces how many transactions fit in a given network message. Signature verification for post-quantum schemes is computationally heavier than ed25519 verification. CRYSTALS-Dilithium verification takes roughly 5 to 10 times longer than ed25519 verification on equivalent hardware, depending on implementation.
Validator hardware requirements would increase. Nodes that currently meet minimum specifications for Solana validation might not sustain the same throughput after a post-quantum upgrade. The network would likely need a period of validator hardware upgrades alongside any protocol changes. Estimating the exact throughput reduction is difficult without a testnet implementation, but the directional impact is clear: post-quantum signatures reduce throughput, at least until hardware and implementation optimizations catch up.
This matters for Solana's value proposition. High throughput is central to Solana's positioning. Any post-quantum migration path that materially reduces TPS would require significant communication and community buy-in. Other chains face the same trade-off, as explored in the post-quantum blockchain comparison.
Does Solana Have a Post-Quantum Roadmap?
As of June 2026, the Solana Foundation has not published a post-quantum cryptography roadmap. There is no public proposal, SIMD (Solana Improvement Document), or official research paper addressing the transition to post-quantum signatures for wallet accounts.
This absence is not unique to Solana. Most major blockchains lack concrete post-quantum migration plans — Polkadot, for instance, faces similar exposure through its SR25519 signature scheme. But Solana's specific combination of factors makes the gap notable: high transaction volume creating massive on-chain public key exposure, an architecture tightly optimized for small signatures, and a user base that skews toward retail and DeFi participants who are unlikely to self-migrate proactively.
Community discussions on the Solana forums have touched on quantum topics, but none have advanced to formal proposal status. The timeline for cryptographically relevant quantum computers remains uncertain. Current estimates range from 10 to 20 years for machines capable of breaking 256-bit elliptic curve keys, though these estimates carry wide error bars. The quantum computing timeline is an active research question.
The absence of a roadmap is not a condemnation of Solana's engineering team. It reflects the industry-wide challenge of planning migrations that are technically complex, operationally disruptive, and addressing a threat with uncertain timing. But investors and developers evaluating Solana's long-term security posture should treat the absence of a post-quantum plan as an open risk factor.
How Does Solana Compare to Other Chains on Quantum Risk?
Solana's quantum risk profile is broadly similar to Ethereum's: both use elliptic curve signatures, both have large active user bases with exposed public keys, and neither has a deployed post-quantum solution. The differences are in scale and architecture.
Ethereum has a larger developer ecosystem and more active governance processes, which may make coordinating a post-quantum upgrade more feasible. Solana's tighter architectural coupling between signature sizes and runtime performance creates a more complex migration path. The Ethereum quantum vulnerability analysis covers the Ethereum-specific factors in detail.
Chains built with post-quantum cryptography from the protocol layer present a different risk profile entirely. A blockchain that uses NIST-standardized post-quantum signatures as its native signing algorithm does not require a disruptive migration. It is secure against quantum attacks at launch, without the operational complexity of transitioning hundreds of millions of existing accounts. The quantum-resistant blockchain explainer covers what that design actually requires at the protocol level.
For developers building on Solana today, the quantum risk is a long-term consideration, not an immediate operational concern. For investors with multi-decade time horizons, it is a factor worth understanding alongside Solana's genuine strengths in throughput and ecosystem development.
