For years, quantum computing has felt like a distant concern; something for researchers, not real-world users. That is changing.
Governments, standards bodies, and security experts around the world are already preparing for a future where quantum computers may break many of the cryptographic systems that protect today's digital infrastructure. The question is no longer whether the transition to post-quantum security will happen. It's whether organizations will be ready when it does.
If you’re in the blockchain industry, post-quantum preparations need to start now if they haven’t already. Algorand began preparing in 2022 by introducing State Proofs signed with the Falcon signature scheme, a lattice-based signature scheme, which, compared to its quantum-resistant alternatives, offers a compact signature size, making it better suited for bandwidth-constrained applications. In addition, Algorand has deployed Falcon accounts on Mainnet by leveraging our capability to employ stateless programs (LogicSignatures) to perform custom signatures without requiring a consensus upgrade. Today, the Algorand Foundation is announcing a roadmap to target broad quantum resilience by the end of 2027, with the first milestones beginning in Q3 2026.
Why quantum computing matters
Quantum computing is a double-edged sword, and a very sharp one at that. It creates possibilities, and simultaneously, new threats to the entire internet infrastructure. Google’s recent paper estimates that a powerful enough quantum computer would eventually be able to run Shor’s algorithm “with either ≤ 1200 logical qubits and ≤ 90 million Toffoli gates or ≤ 1450 logical qubits and ≤ 70 million Toffoli gates.” Additionally, the Google paper explained that “on a standard superconducting architecture, using surface code error correction, we estimate these computations could be realized with fewer than half a million physical qubits.” The ability to run Shor’s algorithm would expose traditional elliptic curve-reliant systems.
As a custodian of a global blockchain network, the Algorand Foundation takes that threat seriously and has been researching and preparing for several years. The Foundation does not surrender to alarmism, however, because there is still uncertainty on the horizon, and committing blindly comes with serious compromises.
The countermeasures to this threat, although maturing, lack the decades of serious battle testing of current cryptographic systems like RSA and Elliptic Curve Cryptography (ECC). Even if these new countermeasures are theoretically sound, new implementations of these schemes pose their own risks and place a much greater burden on software, storage requirements, networking, and hardware support.
This is the tension we at the Foundation have been dealing with for the past few years, so we are not blindly sprinting, but instead marching towards a cryptographically agile Algorand that offers multi-layered protection across accounts, consensus, network, and the broader ecosystem.
Making Algorand quantum-resistant
In 2022, Algorand introduced State Proofs, which give us a quantum-resistant “snapshot” of the ledger state every 256 rounds in a compact, verifiable form. State Proofs go well beyond their post-quantum properties alone: because they are SNARK-friendly, they can provide the necessary inputs to anchor trustless, quantum-safe bridging across networks.
Building on our initial Falcon accounts backed by LogicSignatures, we are now taking the next logical step with native Falcon-1024 accounts, creating all of the advantages of a regular account and none of the constrained mechanics or program-size limits. Native Falcon-1024 accounts will be supported by SDKs, AlgoKit, and Pera Wallet. Falcon accounts can be generated with Algorand’s traditional 25-word mnemonic. We are also proposing a new derivation scheme for post-quantum signature schemes that are based on the established HD-wallet standards (e.g., 24-word), and the Foundation is open to working with hardware wallets and other industry players to create an industry-wide standard.
Critically, as part of the work to enable Falcon keys as first-class citizens on the Algorand ledger, we determined that we could expand our accounting model to other signature schemes, such as ML-DSA.
More importantly, having multiple schemes available enables us to support hybrid accounts. We chose a hybrid approach because these quantum-resistant schemes are extremely new; we cannot assume they are free of classical implementation or mathematical vulnerabilities. As part of Algorand’s upcoming release, the LogicSig budget will be increased, enabling us to demonstrate use cases for them in the same way we initially introduced Falcon. The natural combination is Elliptic-Curve classical signatures with the new lattice-based Falcon signatures. This hybrid approach gives us a deliberate defense against both classical and post-quantum security risks.
With accounts secured, two other components remain to be addressed.
The VRF (Verifiable Random Function) that drives Algorand’s elegant and efficient consensus mechanism derives its randomness and uniqueness guarantees from elliptic-curve-based operations, hashing, and point arithmetic that are not quantum-resistant. Thanks to the efforts of our Chief Scientific Officer, Professor Chris Peikert, we aim to present a research paper on a PQ VRF in early 2027.
The final piece is consensus itself, which relies on participating accounts selected via VRF to propose, vote on, and certify blocks. Participation relies on several layered key generation and signature operations that are also all based on the classical elliptic-curve signature scheme Ed25519. However, with the native introduction of Falcon, we have several options to research by 2027. Options include using Falcon-1024 or even Falcon-512 (its smaller parameterization) for short-term voting keys and/or a hybrid mix of classical signatures and Falcon.
Extending quantum resistance: Wallets, hardware, and institutional custody
Quantum-resistant multi-signatures
As the tooling evolves through the remainder of 2026, so will the applications we can deploy and use on Algorand. A key enhancement will be multi-signature accounts, which will no longer be bound to a single scheme. Instead, an access-control policy called an m-of-n quorum can mix classical, pure-Falcon, and hybrid keys across its participants. Because the upcoming native account release does not yet cover native multi-sig, we are leveraging expanded LogicSig budgets to enable treasury-grade configurations now, allowing institutions and the Foundation to demonstrate post-quantum multi-sig custody before a native multi-scheme multi-sig is available.
Falcon 512
Throughout most of this blog, references to Falcon are to the default Falcon-1024 (deterministic version). There is another variant we intend to support by year's end: Falcon-512, which produces signatures roughly half the size. This more compact form makes it a candidate for shorter-lived keys where efficiency matters alongside quantum resistance.
Hardware wallets and custody
Hardware and custody solutions must evolve to support post-quantum signatures if they are to remain viable. We are actively engaging with leading device manufacturers, standards bodies, and custody providers to define the secure signing architectures and key-handling standards that post-quantum cryptography demands.
Our early deployment of Falcon serves as one of the industry's first production-grade proving grounds for these integrations. End users will not have Falcon-capable hardware devices at this initial release, but because we are pushing the frontier now, we are helping define the benchmark for the post-quantum custody experience across the industry.
Building for the next decades
Blockchain networks are long-term infrastructure. The systems being built today are expected to support financial applications, digital assets, and global commerce for years to come. Ensuring those systems remain secure in a post-quantum world is one of the most important challenges facing the industry.
Algorand's roadmap reflects a belief that security should be designed for the future. With the first milestones launching in 2026 and broad deployment targeted for the end of 2027, Algorand is taking concrete steps toward a future where users, developers, and institutions can build with confidence, today and in the decades ahead.
Read the full roadmap here. I will be walking through the PQ roadmap with Algorand Foundation Chief Scientific Officer, Chris Peikert, and Chief Strategy and Marketing Officer, Marc Vanlerberghe, on June 22. Tune in on X, LinkedIn, and YouTube.
Disclaimer: The content provided in this blog is for informational purposes only. The information is provided by the Algorand Foundation and while we strive to keep the information up-to-date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability, or availability with respect to the blog or the information, products, services, or related graphics contained in the blog for any purpose. Any forward-looking statements in this blog reflect Algorand Foundation’s current expectations and are subject to change as development progresses, as research in post-quantum cryptography evolves, and as external standards (including those of NIST and other standards bodies) develop. Actual results, timing, and scope may differ. The Algorand Foundation undertakes no obligation to update these statements except as required. The content of this blog is not intended to be legal, financial, or investment advice nor is it an endorsement, guarantee, or investment recommendation. You should not take any action before conducting your own research or consulting with a qualified professional. Any reliance you place on such information is therefore strictly at your own risk. All companies are independent entities solely responsible for their operations, marketing, and compliance with applicable laws and regulations. In no event will Algorand Foundation nor any affiliates be liable for any loss or damage including without limitation, indirect, or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of, or in connection with, the use of this blog. Through this blog, you may be able to link to other websites which are not under the control of the Algorand Foundation. We have no control over the nature, content, and availability of those sites. The inclusion of any links does not imply a recommendation nor endorse the views expressed therein.