What Quantum Computers Will Break
A technical guide to which cryptographic primitives fail against quantum attacks—and which survive. Understanding the threat is the first step toward protection.
Two Algorithms, Two Threats
Quantum computers don’t break all cryptography equally. Shor’s algorithm destroys public-key cryptography (signatures, key exchange) in polynomial time. Grover’s algorithm only weakens symmetric cryptography and hash functions, cutting security levels in half. The cryptocurrency threat is primarily Shor’s.
Shor’s Algorithm: The Signature Killer
Published by mathematician Peter Shor in 1994, Shor’s algorithm efficiently solves the mathematical problems underlying today’s public-key cryptography:
- Integer Factorization: Breaking RSA by factoring large numbers into primes
- Discrete Logarithm: Breaking DSA, Diffie-Hellman by finding logarithms in finite fields
- Elliptic Curve Discrete Logarithm: Breaking ECDSA, EdDSA, Schnorr signatures
On a classical computer, these problems are computationally infeasible—the security of virtually all cryptocurrency signatures depends on them. A sufficiently powerful quantum computer runs Shor’s algorithm in polynomial time, reducing “billions of years” to “hours or days.”
What This Means for Crypto
Given a public key (revealed when you sign a transaction), Shor’s algorithm derives the private key. The attacker can then sign transactions as you—draining your entire balance with no recourse.
Signature Schemes: Vulnerable vs. Resistant
The following table shows common cryptocurrency signature schemes and their quantum status. Schemes vulnerable to Shor’s receive low resistance scores in our V5.1 methodology:
| Signature Scheme | Type | Used By | Quantum Status |
|---|---|---|---|
| ECDSA (secp256k1) | Elliptic Curve | Bitcoin, Ethereum, most cryptocurrencies | Broken by Shor’s |
| EdDSA (Ed25519) | Elliptic Curve | Solana, Cardano, Polkadot, Monero | Broken by Shor’s |
| Schnorr Signatures | Elliptic Curve | Bitcoin (Taproot), advanced protocols | Broken by Shor’s |
| BLS Signatures | Pairing-Based | Ethereum 2.0 (validators), Chia | Broken by Shor’s |
| RSA | Integer Factoring | Legacy systems (rare in crypto) | Broken by Shor’s |
| XMSS | Hash-Based | QRL (native) | Quantum-Resistant |
| SPHINCS+ | Hash-Based | NIST PQC standard (SLH-DSA) | Quantum-Resistant |
| Dilithium | Lattice-Based | NIST PQC standard (ML-DSA) | Quantum-Resistant |
| Falcon | Lattice-Based | NIST PQC standard | Quantum-Resistant |
Key insight: All elliptic curve and pairing-based schemes are vulnerable. Only hash-based and lattice-based schemes designed for post-quantum security survive Shor’s algorithm.
Grover’s Algorithm: The Hash Weakener
Lov Grover’s 1996 algorithm provides a quadratic speedup for searching unstructured databases. Applied to cryptography, it effectively halves the security bits of symmetric algorithms and hash functions:
| Hash Function | Classical Security | Post-Grover Security | Status |
|---|---|---|---|
| SHA-256 | 256 bits | 128 bits | Adequate |
| SHA-512 | 512 bits | 256 bits | Strong |
| Keccak-256 (SHA-3) | 256 bits | 128 bits | Adequate |
| BLAKE2 | 256 bits | 128 bits | Adequate |
| RIPEMD-160 | 160 bits | 80 bits | Marginal |
Good News for Hash Functions
Hash functions like SHA-256 remain secure after Grover’s attack—128 bits of post-quantum security is still beyond brute-force attacks. This is why Proof-of-Work consensus (which relies on hashing, not signatures) scores highly in our Consensus Security dimension.
Pairing-Based Cryptography: A Special Vulnerability
Pairing-based cryptography enables advanced features like signature aggregation and zero-knowledge proofs, but comes with significant quantum risk:
BLS Signatures
Used by Ethereum 2.0 for validator signatures. Enables efficient aggregation of thousands of signatures into one. Completely broken by Shor’s algorithm on elliptic curve pairings.
KZG Commitments
Used for polynomial commitments in rollups and data availability. Ethereum’s danksharding relies on KZG. Vulnerable to Shor’s attack on discrete logarithms in pairing groups.
Our V5.1 scoring methodology includes a Pairing-Free Status dimension (8% weight). Chains using BLS or KZG receive a 0 on this dimension; chains avoiding pairing-based primitives score 100.
What Survives Quantum Attacks
Post-quantum cryptography (PQC) uses mathematical problems that remain hard even for quantum computers. NIST standardized three signature algorithms in 2024:
Hash-Based Signatures
XMSS, LMS, SPHINCS+ (SLH-DSA)
Security relies only on hash function properties. Conservative, well-understood, minimal attack surface. XMSS is already deployed in production by QRL. Downside: stateful schemes require careful key management.
Lattice-Based Signatures
Dilithium (ML-DSA), Falcon
Security relies on the hardness of lattice problems like Module-LWE. Compact signatures, fast verification. NIST’s primary recommendation for general-purpose signatures. More complex mathematics than hash-based.
QRL: Production Quantum Resistance
The Quantum Resistant Ledger (QRL) launched in 2018 with XMSS signatures. It remains the only major cryptocurrency with native, production-deployed quantum-resistant signatures. This is reflected in its V5.1 resistance score—substantially higher than ECDSA-based chains.
Consensus Mechanism Matters
Beyond signature schemes, the consensus mechanism affects quantum resistance at the protocol level:
| Consensus Type | Signature Dependency | Quantum Status |
|---|---|---|
| Proof of Work | None (hash-based) | Network survives |
| Proof of Stake | Validator signatures | Validators compromised |
| Proof of Stake + BLS | Aggregated BLS signatures | Fully compromised |
| Delegated PoS | Delegate signatures | Delegates compromised |
Important distinction: Proof-of-Work chains like Bitcoin can continue operating (miners solve hash puzzles, no signatures needed for consensus). User funds with exposed keys are still vulnerable, but the network itself isn’t compromised. Proof-of-Stake chains face systemic failure—an attacker with validator private keys can take over consensus.
Summary: Know Your Exposure
| Category | Broken by Quantum | Survives Quantum |
|---|---|---|
| Signatures | ECDSA, EdDSA, Schnorr, BLS, RSA | XMSS, SPHINCS+, Dilithium, Falcon |
| Key Exchange | ECDH, DH, RSA-OAEP | Kyber (ML-KEM), NTRU |
| Hashing | — | SHA-256, SHA-3, BLAKE2 (weakened but secure) |
| Pairings | BLS, KZG commitments | — |
| Consensus | PoS (without PQC), DPoS, BFT | PoW, PQC-signed PoS |
Our V5.1 Methodology
The QRC V5.1 scoring engine evaluates 49 cryptocurrencies across 7 dimensions, weighting signature resistance at 35% and consensus security at 15%. Higher scores indicate stronger quantum resistance. Currently, 36 coins are in the RED band (critical vulnerability) while 1 are in the GREEN band (quantum-ready). View the full rankings →
See How Your Holdings Rank
Our rankings show which cryptocurrencies use quantum-vulnerable cryptography and which are prepared for the post-quantum era.
Last updated: December 4, 2025 | Methodology Version V5.1