Table of Contents
ToggleWhen post-quantum cryptography meets Solana, will the cost be a 90% reduction in network speed and a 40-fold increase in the signature size of each transaction? This is not a theoretical deduction, but a real figure obtained after Solana collaborated with the post-quantum security startup Project Eleven in late December 2025, based on testnet measurements.
Project Eleven CEO Alex Pruden directly cited test data: the current Ed25519 signature is about 64 bytes, but after switching to ML-DSA, it expands to about 1,300 to 2,500 bytes, which is 20 to 40 times the original; the overall throughput of the test network decreased by about 90%.
What is ML-DSA, and why is the signature so large?
ML-DSA (Modular Lattice Signature Algorithm) is the official name of CRYSTALS-Dilithium after standardization. In August 2024, it was included in FIPS 204 by the National Institute of Standards and Technology (NIST) and became one of the official standards for post-quantum digital signatures.
Its security is based on the "lattice problem," a class of mathematical problems considered extremely difficult to solve even for quantum computers. In contrast, current elliptic curve cryptography (ECC, such as Ed25519) relies on the discrete logarithm problem, which quantum computers can efficiently break using Shor's algorithm.
The security cost of lattice cryptography lies in the larger key and signature sizes. Ed25519's signature is reduced to 64 bytes, a product of the efficiency of elliptic curve mathematics; ML-DSA signatures often exceed 1,000 bytes, an inevitable consequence of the lattice problem security assumption.
Solana's structural weakness: public keys are directly exposed.
While the performance gap revealed by the test results is significant, Solana also has a more fundamental structural problem.
Bitcoin and Ethereum wallet addresses are the result of hashing public keys. This hashing layer provides a "quantum buffer": even if a quantum computer can crack elliptic curves, it must first obtain the public key to launch an attack. For addresses that have never been transacted, the public key has never been broadcast to the network, making it impossible for a quantum computer to access it.
Solana's design is radically different: account addresses are directly equivalent to raw public keys. This means that once quantum computers reach the ability to crack elliptic curves, the private keys of all accounts on Solana can be directly deduced from their addresses, without waiting for any transactions to be made. This structural difference makes Solana's quantum threat more direct and urgent than that of Bitcoin and Ethereum networks.
Ethereum and Solana Roadmap
In terms of response strategies, the two chains are currently at completely different stages.
In February 2026, Vitalik Buterin released the "Strawmap," outlining a post-quantum migration roadmap spanning approximately four years and involving seven hard forks. EIP-8141 proposes a native account abstraction, allowing accounts to switch to post-quantum signature types such as ML-DSA. Ethereum addresses are already hashed public keys, and addresses that haven't yet transmitted transactions are protected by a quantum buffer.
Matt Sorg, VP of Technology at the Solana Foundation, stated, "Our responsibility is to ensure that Solana remains secure today and for decades to come." However, this testnet deployment is currently positioned as an "early concrete step," and Solana has not released any official mainnet upgrade roadmap.
During the transition, the Solana community has a temporary solution called Winternitz Vaults: a hash-based quantum security mechanism that does not require a full network upgrade and allows individual users to voluntarily migrate their assets to the quantum security mode as a bridging solution while awaiting a full system upgrade.
