Circle, the issuer of the USDC stablecoin, has announced a post-quantum cryptography roadmap for its upcoming Layer-1 blockchain, Arc Network. The plan aims to future-proof the network against threats from quantum computers, which could eventually break widely used public-key cryptography like ECDSA and RSA via algorithms such as Shor’s.
Arc’s blog post outlines a phased, opt-in approach to quantum resistance across the full tech stack; wallets, private smart contract states, validators, and infrastructure. This is designed to avoid disruptive network-wide migrations that could plague existing blockchains like Bitcoin or Ethereum later.
Phase 1 (Mainnet Launch, expected 2026): Introduction of a post-quantum signature scheme likely based on NIST-standardized algorithms. Users will be able to create opt-in quantum-resistant wallets from day one. Traditional signatures will presumably remain supported for compatibility.
Near-term: Quantum-resistant protection for private smart contract states. Mid-term: Post-quantum-safe infrastructure upgrades e.g., TLS, encrypted data flows. Long-term: Hardening of validator signatures and broader ecosystem components. The roadmap emphasizes proactive design rather than retrofitting.
Register for Tekedia Mini-MBA edition 20 (June 8 – Sept 5, 2026).
Register for Tekedia AI in Business Masterclass.
Join Tekedia Capital Syndicate and co-invest in great global startups.
Register for Tekedia AI Lab.
Arc positions itself as built for institutional and stablecoin use cases, with EVM compatibility. Its public testnet launched in late 2025, and mainnet is targeted for sometime in 2026. No exact mainnet date was specified in the update. Quantum computers powerful enough to threaten current cryptography “Q-Day” are not here yet, but experts warn they could arrive by 2030 or sooner.
A harvest now, decrypt later risk exists: adversaries could collect encrypted blockchain data today and crack it once quantum hardware matures. Most legacy chains lack concrete transition plans, making retrofits complex and potentially costly. Arc’s strategy—baking in options from launch—gives institutions a practical path to protect assets without waiting for regulatory mandates or market pressure.
This announcement highlights growing industry awareness of quantum risks. Other projects are exploring similar upgrades e.g., proposals for Bitcoin, but Arc claims an edge by treating post-quantum security as a core design principle rather than a bolt-on fix. Circle has previously discussed quantum preparedness in its research.
Bitcoin, unlike newer chains such as Circle’s Arc Network, faces unique challenges in achieving quantum resistance due to its decentralized governance, conservative upgrade process, and massive existing attack surface from legacy addresses. While the core protocol remains secure today, concerns are accelerating. Recent research, including from Google, has compressed timelines, with potential threats materializing as early as 2029 in some scenarios.
The primary vulnerability stems from exposed public keys in spent or reused addresses including many pre-Taproot and some Taproot outputs via key-path spends, which could allow a sufficiently powerful quantum computer to derive private keys. Estimates suggest millions of BTC—potentially including a large portion of Satoshi-era coins—are in quantum-exposed states, though exact figures and immediate risks remain debated.
Bitcoin’s approach emphasizes incremental, soft-fork-friendly changes rather than a single comprehensive roadmap. No mandatory network-wide migration has been activated, and upgrades require broad consensus. BIP 360: Pay-to-Merkle-Root (P2MR): This is the most advanced and actively discussed proposal as of early 2026.
It introduces a new output type that builds on Taproot’s structure but eliminates the quantum-vulnerable key-path spend by committing only to a Merkle root. It maintains compatibility with Tapscript and provides a flexible foundation for future post-quantum signature schemes. Merged into the official BIP repository in February 2026; testnet implementations including by BTQ Technologies are live, with real transaction testing underway.
Lattice-based options like ML-DSA (Dilithium) — Demonstrated in experimental forks. These would likely require additional BIPs and could be layered onto frameworks like BIP 360 or new output types e.g., earlier ideas like P2QRH. Size increases may necessitate adjustments to witness discounts or block parameters, which face resistance.
Draft BIPs from Jameson Lopp and others in 2025 outline phased transitions: Encourage users to move funds to new quantum-resistant addresses. Potential legacy signature sunset with deadlines targeting ~2030 in some proposals, after which vulnerable signatures could be restricted or invalidated. Some controversial ideas include forcing migration or limiting spends on exposed UTXOs to reduce harvest now, decrypt later risks.
Unlike Arc Network’s clean-slate, opt-in design from launch, Bitcoin must handle backward compatibility and a live $1.3+ trillion ecosystem. Key hurdles include governance: Soft forks are preferred, but consensus is slow. Debates rage over whether to burn or lock unclaimed vulnerable coins e.g., Satoshi’s ~1M BTC versus preserving immutability and censorship resistance.
Users must proactively move funds; many dormant addresses won’t. Larger signatures could increase fees or require protocol tweaks. Early upgrades risk unnecessary complexity; late ones risk a crisis. No fixed roadmap exists. Experts note it could take 5–7+ years for full activation. Google and others urge migration planning by 2029.
Bitcoin.org acknowledges that upgrades to post-quantum algorithms are feasible if the threat becomes imminent, but the community prioritizes caution to avoid introducing new risks. Arc’s phased, opt-in approach; quantum-resistant wallets at mainnet launch, private states next is proactive and designed for a new chain with institutional focus. Bitcoin’s path is reactive and consensus-driven, prioritizing stability over speed.
This makes Bitcoin more resilient to rushed changes but potentially slower to adapt—highlighting why some view new L1s as having an edge in quantum-proofing from day one. BIP 360 marks a tangible first step, testnets are active, and research continues on efficient post-quantum primitives. The biggest risk may not be technical but social—achieving consensus without fracturing the network.