🚨 BREAKING: Sui Research just dropped a major breakthrough in quantum transition of "some" blockchains. Unfortunately it works for Sui, Solana, Near, Cosmos and other EdDSA-based chains, but not for Bitcoin and Ethereum 😢 Here is the paper: *Afaik this is the first backward compatible quantum-safe upgrade path for blockchain wallets to avoid future forks or freezing accounts. ...and why that’s huge 🧵👇 💀 There’s a non-zero chance that today’s wallets could become vulnerable to quantum adversaries in the coming decades. While I personally doubt we’re anywhere near quantum supremacy that can break cryptography soon, the growing concerns, and new guidance from security agencies recommending algorithm upgrades by 2035, should serve as a wake-up call. Even if much of this is perception-driven, our community must be prepared to eventually transition. Once quantum computers arrive, millions of wallets, including Satoshi’s, could be drained instantly. If your public key is visible, it will eventually be cracked. Lost keys, deceased owners, cold storage... all at risk (these will be the first victims). Billions in crypto sit in “sleeping” wallets that may never be updated or transfer their assets out. 💡 Our solution: We found a way for wallets using EdDSA (e.g., Sui, Solana, Near and co) to prove ownership securely after quantum, without revealing secrets or touching the wallet to quickly transfer their coins. Surprisingly a small detail on how EdDSA private keys are derived compared to ECDSA makes a huge difference on quantum readiness. TL;DR a simple hash invocation over a seed and not directly picking elliptic curve scalars as private keys saved the game! 🔐 No re-signing. No address change. Zero downtime. Just a zero knowledge proof that says: “I still control this wallet, but now signing protected against quantum hackers" 🚀 Built on Ed25519 key derivation (SLIP-0010) and zk-STARKs / Ligero 🛡️ Works for sleeping and lost accounts, multisigs, treasuries, and cold storage 📈 Protects real users & institutions, not just future chains, but your today’s mnemonic based wallets too 👨‍🔬 Developed by @SuiNetwork, @Mysten_Labs and @GeorgeMasonU applied and theoretical cryptographers, congrats to Foteini and Arnab whose help was paramount! *We’re already in contact with the teams behind @ligero_inc and @SoundnessLabs, but we’ll also approach governments and major organizations like Google (which has already begun exploring Ligero ZK proofs) to pursue an implementation, and if possible, make it a global standard. Maybe those who chose Ed25519 over ECDSA were lucky or just smart. Personally, I want to thank one of my first crypto instructors, Daniel Bernstein (@hashbreaker) the inventor of EdDSA, who taught at the EU ECRYPT summer school in Samos back in 2007. He planted a spark that made me obsess over every detail of the algorithm and maybe without that, I wouldn't be here today as a scientist.

The biggest advantage of this work which was discussed since my time at Libra back in 2019, is it works for mnemonic or NOT (like custodians or exchanges who follow EdDSA paper or RFC on key derivation), and we had a public tweet iirc a few years ago of this coming out. Already working on implementing it as a standard so other chains can use as well.

Due to many requests, we’ll also implement for BIP32 as well along with @SoundnessLabs. I’m convinced we have to protect the whole ecosystem, whatever possible on BTC and EVM as well. Good call.