Leading on post-quantum technology

Algorand has been the leader in blockchain quantum resilience since 2022.

 

Algorand-QT roadmap-Technical blog-Banner

Algorand has been leading in blockchain quantum resilience since 2022. By implementing National Institute of Standards and Technology (NIST)-selected Falcon signatures, a globally recognized post-quantum cryptography standard, Algorand already safeguards the entire history of its chain against the future threat of quantum computers.

In 2025, Algorand further extended its post-quantum (PQ) readiness by executing one of the first quantum‑resistant transactions on mainnet using  Falcon signatures. This expands Algorand’s post‑quantum protections to real digital assets on a live public blockchain, not just historical transactions. Our Technical Brief, Quantum‑resistant transactions on Algorand with Falcon signatures, details how Falcon signatures are verified on-chain via the Algorand Virtual Machine.

In June 2026, we announced our roadmap to target broad quantum resilience by the end of 2027 – including native PQ accounts with related SDK and developer tooling support; PQ multisig for institutions, treasuries, and high-value operations; and research into PQ-resilient VRF and signatures for consensus messaging. The roadmap is detailed at a high level below, and in full here. Once achieved, these milestones are designed to deliver PQ resilience for the network’s past (history of the chain), present (the live ledger), and future (ongoing consensus).

The information below covers more background about the threat of quantum computing and Algorand’s technical journey toward a quantum-resilient blockchain.

The threat of quantum computing

A quantum computer is a new type of computer that is able to tackle certain classes of problems (such as integer factorization and the discrete log problem) in novel, more efficient ways than classical computers. A regular computer uses bits, like tiny switches with binary states that are either on (1) or off (0), to process information. Quantum computers use qubits, which can be in a superposition of the two basis states: on, off, or some probability of both (such as 30%/70% or 51%/49%).

The threat is that quantum computers, once they have enough error-correcting qubits and sufficient processing power, will be able to crack the commonly used encryption and digital signature schemes that protect sensitive information (passwords, credit card details, private communication, etc.) and allow us to prove our identities online. Google has been experimenting with post-quantum cryptography since 2016, and in March 2026, the Google Quantum AI team released new research showing “that future quantum computers may break the elliptic curve cryptography that protects cryptocurrency and other systems with fewer qubits and gates than previously realized.” (Algorand’s post-quantum work is referenced within the whitepaper.)

In November 2024, NIST also put forward a draft report on transitioning to post-quantum cryptography standards, stating that current cryptographic algorithms are vulnerable to quantum computers, while post-quantum cryptography (PQC) can resist attacks from future quantum computers.

Quantum computing and blockchain cryptography

More specifically to blockchain, quantum computing poses a threat to asymmetric cryptography, particularly in the areas of key agreement and signature schemes. The security of these schemes relies on certain mathematical problems that are simply too hard for a classical computer to solve in a reasonable amount of time. For example, elliptic-curve cryptography (ECC), which underpins most blockchains, relies on the difficulty of solving the discrete log problem. Unfortunately, quickly solving these types of problems is what quantum computers do best. 

Using Shor’s algorithm, a quantum computer could break elliptic curve cryptography, potentially compromising the integrity of the blockchain and leading to the derivation of private keys from their public-key counterparts, thus enabling transaction forgery and theft of digital assets. For this reason, the development and implementation of PQC is crucial for safeguarding blockchains.

How Algorand is preparing for quantum 

Algorand-QT roadmap-Timeline

Protecting the network’s history 

Algorand’s first step to post-quantum readiness was to secure its history. In 2022, Algorand introduced State Proofs, a post-quantum compact certificate that attests to and compresses the ledger's state every 256 rounds. Algorand State Proofs are signed using Falcon, a post-quantum secure digital signature scheme. State Proofs go well beyond their post-quantum properties alone: because they are SNARK-friendly, they can provide the necessary inputs to anchor trustless, quantum-safe bridging across networks.

State Proofs: A State Proof contains a Merkle tree root attesting to the last 256 block headers. It is signed by Algorand node runners composing a supermajority of the stake. Rather than using normal ECC-based signatures, however, they use Falcon signatures. The node runners’ signatures are themselves committed to a Merkle tree using the SumHash512 hash function, a member of the subset-sum compression function family which offers ZK-SNARK friendliness over the SHA-2 family. For more information on State Proofs, please refer to the 2020 paper Compact Certificates of Collective Knowledge by Silvio Micali et al, and the related Algorand developer documentation

 

Protecting the live ledger

In November 2025, Algorand achieved a significant leap forward by pioneering the use of Falcon-based accounts on the mainnet of a mainstream blockchain network. Digital assets on a public blockchain, and not just the blockchain’s state history, could now be  protected by quantum-resistant cryptography.

Building on these initial Falcon accounts backed by LogicSignatures, we are now taking the next logical step with native Falcon-1024 accounts, creating all of the advantages of a regular account and none of the constrained mechanics or program-size limits. Native Falcon-1024 accounts will be supported by SDKs, AlgoKit, and Pera Wallet. Falcon accounts can be generated with Algorand’s traditional 25-word mnemonic. We are also proposing a new derivation scheme for post-quantum signature schemes that are based on the established HD-wallet standards (e.g 24-word) and are open to working with hardware wallets and other industry players to create an industry-wide standard. Read more about why we decided upon this approach in our blog, “Algorand targets broad quantum resilience by 2027.”

Protecting the network’s future (ongoing consensus)

The VRF (Verifiable Random Function) that drives Algorand’s elegant and efficient consensus mechanism derives its randomness and uniqueness guarantees from elliptic-curve cryptography that is not quantum-resistant. Thanks to the efforts of our Chief Scientific Officer, Professor Chris Peikert, we aim to present a research paper on a PQ VRF in early 2027.

Verifiable Random Function: Algorand’s consensus mechanism relies on the Verifiable Random Function (VRF), introduced by Silvio Micali et al. in 1999. As with other ECC-based primitives, some of its security properties are vulnerable to quantum computers and will eventually need to be replaced with a post-quantum secure version. To learn more about Algorand’s VRF, visit the related developer documentation.

The final piece to broad quantum-resilience for Algorand is consensus itself, which relies on participating accounts selected via VRF to propose, vote on, and certify blocks. Participation relies on several layered key generation and signature operations that are also all based on the classical elliptic-curve signature scheme Ed25519. However, with the native introduction of Falcon, we have several options to research. These include using Falcon-1024 or even Falcon-512 (its smaller parameterization) for short-term voting keys, or a hybrid mix of classical signatures and Falcon.

Extending quantum resistance: Wallets, hardware, and institutional custody 

 
Quantum-resistant multi-signatures

As the tooling evolves through the remainder of 2026, so will the applications we can deploy and use on Algorand. A key enhancement will be multi-signature accounts, which will no longer be bound to a single scheme. Instead, an access-control policy called an m-of-n quorum can mix classical, pure-Falcon, and hybrid keys across its participants. Because the upcoming native account release does not yet cover native multi-sig, we are leveraging expanded LogicSig budgets to enable treasury-grade configurations now, allowing institutions and the Algorand Foundation to demonstrate post-quantum multi-sig custody before a native multi-scheme multi-sig is available.

Falcon-512

Throughout most of our materials, references to Falcon are to the default Falcon-1024 (deterministic version). There is another variant we intend to support by year's end: Falcon-512, which produces signatures roughly half the size. This more compact form makes it a candidate for shorter-lived keys where efficiency matters alongside quantum resistance.

Hardware wallets and custody

Hardware and custody solutions must evolve to support post-quantum signatures if they are to remain viable. We are actively engaging with leading device manufacturers, standards bodies, and custody providers to define the secure signing architectures and key-handling standards that lattice-based cryptography demands.

Disclaimer: The content provided in this web page is for informational purposes only. The information is provided by the Algorand Foundation and while we strive to keep the information up-to-date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability, or availability with respect to the web page or the information, products, services, or related graphics contained in the web page for any purpose.  This web page contains forward-looking statements regarding Algorand’s planned post-quantum protocol upgrades, product releases, and timelines. These statements reflect Algorand Foundation’s current expectations and are subject to change as development progresses, as research in post-quantum cryptography evolves, and as external standards (including those of NIST and other standards bodies) develop. Actual results, timing, and scope may differ. Algorand Foundation undertakes no obligation to update these statements except as required. The content of this web page is not intended to be legal, financial, or investment advice nor is it an endorsement, guarantee, or investment recommendation. You should not take any action before conducting your own research or consulting with a qualified professional. Any reliance you place on such information is therefore strictly at your own risk.  All companies are independent entities solely responsible for their operations, marketing, and compliance with applicable laws and regulations. In no event will Algorand Foundation nor any affiliates be liable for any loss or damage including without limitation, indirect, or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of, or in connection with, the use of this web page. Through this web page, you may be able to link to other websites which are not under the control of the Algorand Foundation. We have no control over the nature, content, and availability of those sites. The inclusion of any links does not imply a recommendation nor endorse the views expressed therein.