Migration Playbooks

Step-by-step guides for migrating blockchain infrastructure to post-quantum cryptography. Tailored to specific stakeholder roles with actionable checklists, timelines, and technical specifications.

Why Migration Planning Matters Now

Cryptographically relevant quantum computers (CRQCs) could emerge within the next decade. NIST finalized post-quantum cryptography standards in August 2024 (FIPS 203, 204, 205). The blockchain industry must begin transitioning now—migrations of this complexity require 12-36 months depending on infrastructure type. These playbooks provide the roadmap.

How to Use These Playbooks

Each playbook is designed for a specific stakeholder role within the cryptocurrency ecosystem. Select the playbook that matches your infrastructure:

  1. Assess your current state: Each playbook begins with an inventory of quantum-vulnerable components specific to that infrastructure type
  2. Follow the migration strategy: Detailed phases covering dual-signature transitions, key rotation, and testing procedures
  3. Use the checklists: Actionable items organized by category to track migration progress
  4. Reference the timeline: Realistic schedules based on infrastructure complexity

Playbooks by Infrastructure Type

Exchange & Custody

HSM upgrades, MPC infrastructure migration, dual-signature workflows, and regulatory compliance for institutional custody providers.

  • PQC-capable HSM deployment
  • Dual-signature transaction flows
  • NYDFS & SEC compliance
  • 12-24 month timeline
View Playbook →

Wallets & SDKs

Key bundle formats, dual-signature UX patterns, backup/recovery semantics, and SDK library upgrades for wallet developers.

  • PQC key bundle storage
  • User education & UX flows
  • Hardware wallet integration
  • Address format migration
View Playbook →

Oracles & Bridges

Oracle attestation signatures, bridge validator key rotation, cross-chain message verification, and HNDL threat mitigation.

  • Chainlink, Pyth, LayerZero analysis
  • Dual-signature attestations
  • Cross-chain coordination
  • 12-18 month timeline
View Playbook →

DA Layers & Rollups

KZG commitment replacement, SNARK-to-STARK migration, sequencer key rotation, and data availability layer selection.

  • ZK proof system migration
  • Celestia vs EigenDA analysis
  • Sequencer PQC keys
  • 24-36 month timeline
View Playbook →

Layer-1 Blockchains

Validator key rotation, consensus-level PQC integration, governance upgrade processes, and network-wide migration coordination.

  • Validator/operator key migration
  • PQC signature verification
  • On-chain governance upgrades
  • Consensus safety during transition
View Playbook →

Layer-2 Blockchains

Rollup-specific migration strategies, L1 dependency management, bridge security, and coordinated upgrades with base layers.

  • L1 security inheritance
  • Optimistic vs ZK rollup paths
  • Escape hatch mechanisms
  • Base layer coordination
View Playbook →

Smart Contract Platforms

PQC precompiles and opcodes, gas cost modeling for larger signatures, library upgrades, and DeFi protocol dependencies.

  • PQC signature verification precompiles
  • Gas/fee impact analysis
  • Contract library audits
  • DeFi protocol coordination
View Playbook →

Cross-Cutting Migration Concerns

Regardless of infrastructure type, all PQC migrations share common challenges:

Dual-Signature Transitions

Running classical and PQC signatures in parallel during transition ensures backward compatibility while building confidence in new cryptography.

Key Rotation Coordination

Multi-party systems require synchronized key rotation. Threshold signatures and MPC setups need careful coordination to maintain security during transitions.

Size & Performance Impact

PQC signatures are larger than classical (ML-DSA-65: ~3.3 KB vs ECDSA: ~72 bytes). Plan for increased storage, bandwidth, and gas costs.

Testing & Rollback

Extensive testnet validation, gradual mainnet rollout, and documented rollback procedures are essential for safe migration.

Migration Timeline by Infrastructure Type

Infrastructure Type Estimated Timeline Complexity Key Challenge
Exchange & Custody 12-24 months Medium-High HSM vendor support, regulatory compliance
Wallets & SDKs 12-18 months Medium User education, hardware wallet support
Oracles & Bridges 12-18 months High Cross-chain coordination, multi-party signatures
DA Layers & Rollups 24-36 months Very High Proof system migration, KZG replacement
Layer-1 Blockchains 18-30 months Very High Consensus changes, validator coordination
Layer-2 Solutions 18-24 months High L1 dependency, escape hatch mechanisms
Smart Contract Platforms 12-24 months High Precompile deployment, gas economics

NIST PQC Standards Reference

All playbooks reference the NIST post-quantum cryptography standards finalized in August 2024:

Standard Algorithm Purpose Use In Playbooks
FIPS 203 ML-KEM (Kyber) Key encapsulation Key exchange, encrypted communications
FIPS 204 ML-DSA (Dilithium) Digital signatures Transaction signing, attestations
FIPS 205 SLH-DSA (SPHINCS+) Stateless signatures Long-term keys, cold storage

Recommendation: ML-DSA-65 (Dilithium) is recommended for most blockchain signature applications due to its balance of security, signature size (~3.3 KB), and verification performance.

Assess Your Quantum Risk

See how 49 cryptocurrencies score for quantum resistance using our 7-dimension methodology.

View Rankings
Read Methodology

Last updated: December 4, 2025 | Scoring Engine V5.1