Wallets & SDKs Migration Playbook
Hardware upgrades, SDK integration, and self-custody strategies for the post-quantum era. Timeline: 6–18 months.
Why Self-Custody Users Must Prepare
Personal wallet compromises now represent 23.35% of all stolen cryptocurrency in 2025, with 70% of thefts stemming from private key or seed phrase compromise. When quantum computers arrive, every wallet that has ever broadcast a transaction will have its public key permanently exposed on-chain—creating a target list for quantum-enabled theft. Self-custody means self-responsibility: your migration timeline is your own.
Current Threat Landscape
Self-custody wallet security is already under siege from classical attacks. By mid-2025, Chainalysis reported $2.17 billion stolen from cryptocurrency services—a 66% increase over the same period in 2024. The quantum threat compounds existing vulnerabilities:
| Metric | Value | Source |
|---|---|---|
| Global Active Wallets | 820 million | CoinLaw 2025 |
| Self-Custody Preference | 59% of users | CoinLaw 2025 |
| Private Key Compromise Share | 43.8% of 2024 theft | Chainalysis |
| Personal Wallet Theft (2025 YTD) | 23.35% of stolen funds | Chainalysis |
| Bitcoin with Exposed Public Keys | ~25% (~4 million BTC) | BIP P2QRH Proposal |
| At-Risk Bitcoin Value | ~$500 billion | Project Eleven |
| Hardware Wallet Market (2025) | $560 million | Industry projections |
The Permanent Exposure Problem
Unlike passwords, blockchain transactions are immutable. Every transaction you’ve ever signed has permanently recorded your public key on-chain. A quantum attacker in 2030 can target transactions you made in 2020. There is no “changing your password”—you must migrate to entirely new quantum-resistant addresses.
Hardware Wallet PQC Readiness
Hardware wallets remain the gold standard for self-custody security. The October 2025 releases from major manufacturers signal the industry’s recognition that quantum preparedness must begin now—even before blockchain protocols themselves upgrade.
| Device | PQC Status | Key Features | Price |
|---|---|---|---|
| Trezor Safe 7 | Quantum-Ready | SLH-DSA-128 firmware verification, TROPIC01 + EAL6+ dual secure elements, upgradeable bootloader | €249 |
| Ledger Nano Gen5 | Monitoring | Rebranded as “Ledger signer,” larger screen, Bluetooth, Recovery Key support | TBD |
| QRL Desktop Wallet | PQC Native | XMSS signatures (NIST-approved), Ledger Nano X/S+ integration | Free |
Trezor Safe 7: What “Quantum-Ready” Actually Means
The Trezor Safe 7 uses SLH-DSA-128 (NIST FIPS 205) to verify firmware and bootloader integrity—ensuring the device itself can be securely updated when blockchains adopt PQC. However, on-chain signatures remain classical (ECDSA/EdDSA) until Bitcoin, Ethereum, and other networks implement their own PQC upgrades. “Quantum-ready” means the hardware won’t become obsolete when protocols upgrade—not that your transactions are quantum-safe today.
Key Hardware Considerations:
- Dual Secure Elements: Trezor Safe 7 combines the open-source TROPIC01 chip (auditable architecture) with an NDA-free EAL6+ certified element for layered protection
- Firmware Upgrade Path: Devices must support PQC algorithm updates without hardware replacement—verify your wallet manufacturer’s upgrade commitment
- Signature Size Impact: PQC signatures are 50× larger than ECDSA; future firmware must handle increased memory and processing requirements
- Supply Chain Security: Only purchase hardware wallets from official manufacturer sources to avoid compromised devices
Software Wallet Challenges
Hot wallets like MetaMask, Trust Wallet, and Rabby face unique PQC integration challenges. Unlike hardware wallets that can upgrade firmware independently, software wallets must wait for underlying blockchain protocols to support new signature schemes.
| Challenge | Impact | Mitigation |
|---|---|---|
| Protocol Dependency | Cannot implement PQC until chains support it | Monitor chain upgrade roadmaps; prepare SDK integrations |
| Signature Size | ML-DSA-65: ~3,300 bytes vs ECDSA: 64 bytes | Optimize storage, update transaction display logic |
| Key Storage | Larger keys require more secure storage | Leverage device secure enclaves where available |
| Mobile Constraints | Memory and processing limitations | Prioritize Falcon (smaller signatures) for mobile |
| User Experience | New address formats, migration complexity | Clear migration wizards, educational content |
QAN XLINK: Bridging Today’s Wallets to PQC
QANplatform’s XLINK protocol (Hacken-audited November 2025) enables MetaMask and Trust Wallet users to generate quantum-safe signatures using ML-DSA (FIPS 204) through a cross-signer architecture. This approach allows users to protect assets on the QAN blockchain while maintaining familiar wallet interfaces—demonstrating that PQC integration need not require abandoning existing tools.
The Signature Size Reality
Post-quantum signatures are dramatically larger than their classical counterparts. This fundamental constraint shapes every aspect of PQC migration—from transaction fees to block sizes to mobile wallet design.
| Algorithm | Type | Public Key | Signature | Status |
|---|---|---|---|---|
| ECDSA (secp256k1) | Classical | 33 bytes | 64–72 bytes | Current standard |
| Ed25519 | Classical | 32 bytes | 64 bytes | Current standard |
| ML-DSA-44 | Lattice (PQC) | ~1,312 bytes | ~2,420 bytes | NIST FIPS 204 |
| ML-DSA-65 | Lattice (PQC) | ~1,952 bytes | ~3,309 bytes | NIST FIPS 204 |
| Falcon-512 | Lattice (PQC) | ~897 bytes | ~666 bytes | NIST selected |
| Falcon-1024 | Lattice (PQC) | ~1,793 bytes | ~1,280 bytes | NIST selected |
| SLH-DSA-128 | Hash-based (PQC) | 32 bytes | ~7,856 bytes | NIST FIPS 205 |
| XMSS | Hash-based (PQC) | ~64 bytes | ~2,500 bytes | NIST SP 800-208 |
Practical Implications:
- Transaction Fees: Larger signatures mean higher fees on fee-per-byte networks like Bitcoin
- Block Capacity: BTQ’s quantum-safe Bitcoin implementation increased block size to 64 MiB to accommodate PQC signatures
- Mobile Bandwidth: Falcon’s smaller signatures (666–1,280 bytes) make it preferable for mobile applications
- Storage Requirements: Wallets must allocate significantly more space for key material and transaction history
SDK & Developer Tools
The post-quantum cryptography ecosystem has matured significantly. Developers building wallet applications, signing services, or blockchain integrations now have production-ready libraries to work with.
| Library | Language | Algorithms | Status |
|---|---|---|---|
| liboqs (Open Quantum Safe) | C | ML-KEM, ML-DSA, Falcon, SLH-DSA, XMSS | v0.15.0 (Nov 2025) |
| oqs-provider | OpenSSL 3 | Full liboqs integration | Production |
| NVIDIA cuPQC | CUDA | ML-KEM, ML-DSA (GPU-accelerated) | Integrated Jan 2025 |
| PQ Code Package (mlkem-native) | C, AArch64, AVX2 | ML-KEM with formal proofs | v1.0.0 |
| wolfSSL | C | ML-KEM, ML-DSA, Falcon, LMS/XMSS | Production |
Open Quantum Safe: The Reference Implementation
The Open Quantum Safe (OQS) project, part of the Linux Foundation’s Post-Quantum Cryptography Alliance, provides the most comprehensive open-source PQC toolkit. The liboqs library supports Linux, macOS, and Windows across x86_64 and ARM architectures. In January 2025, NVIDIA’s cuPQC integration enabled GPU-accelerated PQC operations capable of over 1 million operations per second—critical for high-throughput applications like TLS offloading and batch signature verification.
Developer Guidance:
- Start with Hybrid: Implement hybrid signatures (classical + PQC) to maintain backward compatibility while adding quantum protection
- Test on Testnets: Algorand executed the first mainnet Falcon transaction in 2025; test your implementations on available testnets
- Plan for Algorithm Agility: Design systems to swap algorithms without major refactoring—liboqs’s common API facilitates this
- Monitor NIST Updates: SLH-DSA replaces SPHINCS+ in liboqs 0.16.0; Dilithium has been removed in favor of ML-DSA
Bitcoin P2QRH Migration Path
In July 2025, Jameson Lopp (Casa CTO) and collaborators published a Bitcoin Improvement Proposal for “Post-Quantum Migration and Legacy Signature Sunset.” This represents the most concrete Bitcoin quantum migration roadmap to date.
| Phase | Timeline | Action | Impact |
|---|---|---|---|
| Phase A | +3 years after BIP-360 | Prohibit sending to legacy ECDSA/Schnorr addresses | Forces migration to P2QRH addresses |
| Phase B | +2 years after Phase A | Invalidate all ECDSA/Schnorr signatures at consensus | Legacy UTXOs become unspendable |
| Phase C | Optional (research ongoing) | ZK proof recovery using BIP-39 seed phrases | Recovery path for missed migrations |
The Satoshi Dilemma
The proposal would freeze ~4 million BTC with exposed public keys—including the estimated 1 million BTC attributed to Satoshi Nakamoto. The authors argue this is necessary: “Fail to upgrade and you will certainly lose access to your funds.” Critics call it confiscation. The debate highlights the tension between security and immutability that all blockchain communities must navigate.
BTQ Technologies Demonstration: In October 2025, BTQ released Bitcoin Quantum Core 0.2—a working implementation replacing ECDSA with ML-DSA (FIPS 204). The demonstration required increasing block size to 64 MiB to accommodate larger post-quantum signatures, illustrating the infrastructure changes Bitcoin will require.
Ethereum PQC Roadmap
Ethereum faces unique challenges due to its account model (permanent public key exposure) and reliance on BLS signatures for consensus. However, account abstraction (EIP-4337) provides a migration pathway unavailable to Bitcoin.
ZKnox Research Group: In March 2025, the Ethereum Foundation funded ZKnox to develop post-quantum cryptography for Ethereum. Their initial breakthrough achieved a 12× reduction in gas costs for PQC signature verification by optimizing the Number Theoretic Transform (NTT) operations used in lattice-based schemes like Falcon.
Migration Path via Account Abstraction:
- Smart Contract Wallets: EIP-4337 allows wallets to use custom signature verification logic—including PQC algorithms
- Incremental Adoption: Users can migrate individual accounts to PQC-enabled smart contract wallets without network-wide consensus
- Gas Optimization: ZKnox and similar efforts are reducing the computational cost of on-chain PQC verification
- Layer 2 Testing: PQC implementations may deploy on L2 networks before Ethereum mainnet
BLS Consensus Vulnerability
Ethereum’s ~1 million validators all use BLS signatures for consensus. Unlike user wallets that can individually migrate, consensus-layer cryptography requires coordinated network upgrades. A quantum attacker could impersonate validators and halt the network before individual users have time to migrate their assets.
User Migration Timeline: 6–18 Months
While protocol-level PQC upgrades may take years, individual users can begin preparation immediately. The following timeline assumes proactive users who want to minimize quantum exposure before network mandates.
| Phase | Timeline | Actions |
|---|---|---|
| 1. Assessment | Months 1–2 | Inventory all wallets and addresses; identify public key exposure; calculate at-risk value |
| 2. Hardware Upgrade | Months 2–4 | Acquire quantum-ready hardware wallet (Trezor Safe 7 or equivalent); verify firmware update capability |
| 3. Key Hygiene | Months 3–6 | Consolidate funds to addresses with unexposed public keys; implement address non-reuse policy |
| 4. Protocol Monitoring | Months 6–12 | Track BIP-360/P2QRH progress; monitor Ethereum EIPs; test PQC wallets on testnets |
| 5. Early Migration | Months 12–18 | Migrate to PQC-enabled addresses when available; participate in early adoption programs |
Self-Custody Migration Checklist
Use this checklist to track your quantum migration readiness:
Phase 1: Assessment & Inventory
Phase 2: Hardware & Key Hygiene
Phase 3: Protocol Monitoring & Testing
Phase 4: Migration Execution
QRC Scoring Integration
Self-custody practices directly impact several QRC scoring dimensions. Understanding these connections helps users prioritize actions that improve their holdings’ quantum resistance:
| QRC Dimension | Weight | Self-Custody Impact |
|---|---|---|
| Signature Resistance | 35% | Determined by blockchain protocol—monitor upgrade roadmaps and migrate early when PQC addresses become available |
| Key Protection | 15% | Directly controllable: use fresh addresses, avoid public key exposure, consolidate to unexposed UTXOs |
| Crypto-Agility | 12% | Choose wallets and chains with clear PQC upgrade paths; prefer protocols supporting account abstraction |
| Operational Mitigations | 7% | Hardware wallet usage, address non-reuse, multi-sig setups all improve operational security |
Additional Resources
Explore other migration playbooks for specific blockchain categories:
- Layer-1 Protocol Playbook → Bitcoin, Ethereum, Solana core protocol upgrades
- Layer-2 & Rollups Playbook → Optimistic and ZK rollup considerations
- Exchange & Custody Playbook → Institutional custody migration
- Smart Contract Platforms Playbook → DeFi and dApp security
- Migration Playbooks Overview → Complete playbook index
Check Your Holdings
See how 49 cryptocurrencies score on quantum resistance and plan your migration accordingly.
Last updated: December 4, 2025 | View Sources