Anza Outlines Quantum-Resistance Roadmap for Solana
Anza engineers Max Resnick and Sam Kim present a migration strategy for post-quantum signatures. Ed25519 and BLS must be replaced long-term by FALCON or comparable schemes.
Overview
On April 27, 2026, the Anza team published a blog post on the post-quantum strategy for Solana. Authors are Max Resnick and Sam Kim. The trigger is two research papers from April 2026 that significantly revise downward the estimated hardware threshold for cryptographically relevant quantum computers.
Source: Securing Solana Against a Powerful Quantum Adversary.
What the New Research Shows
Anza references two publications from April 2026:
- Google Quantum (Babbush et al. 2026): new quantum circuits for Shor’s algorithm with fewer than 1,200 logical qubits and approximately 70-90 million Toffoli gates. Execution on superconducting hardware in minutes with fewer than 500,000 physical qubits — roughly a 20-fold reduction in resources over previous estimates.
- Oratomic (Cain et al. 2026): ultra-efficient quantum error correction on neutral-atom architectures. 26,000 physical qubits could solve the discrete logarithm on the P-256 curve in a few days. Most aggressive configuration: fully fault-tolerant quantum computer with 10,000 to 20,000 qubits.
Anza estimates the probability of an ECDLP-256-breaking quantum computer within 5 years at 3 to 5 percent — previously considered negligible.
Where Solana Currently Uses Elliptic Curve Cryptography
Anza identifies four places in the protocol that are quantum-vulnerable:
- Account model — Ed25519 signatures for transaction authorization
- Block propagation — Turbine and Rotor rely on signatures for shred authentication
- Consensus — Alpenglow uses BLS signatures over pairing-friendly curves
- User programs — programs on Solana can invoke signature verification via syscalls, affecting multisig schemes and custody logic
Which Post-Quantum Schemes Anza Is Evaluating
Three NIST-standardized schemes are on the table:
- ML-DSA (CRYSTALS-Dilithium) — lattice-based, general-purpose signing
- SLH-DSA (SPHINCS+) — hash-based, conservative backup
- FN-DSA (FALCON) — lattice-based, compact signatures, still in draft status
The main challenge: post-quantum signatures are significantly larger. FALCON signatures are roughly 10× larger than Ed25519. Anza additionally cites Ethereum’s post-quantum team and their solution using hash-based signatures plus post-quantum SNARKs for aggregation.
Migration Strategy
Anza engineers have published a prototype (anza-xyz/cryptography/pull/10) that enables migration without address change. The central idea, based on research by Mysten Labs (Baldimtsi, Chalkias, Roy 2025):
- The user proves knowledge of their Ed25519 account’s seed material via a post-quantum zero-knowledge proof
- With this proof, they bind a new post-quantum public key to the existing address
- Migration can still be performed safely even after “Q-Day” — provided Ed25519 signing has been disabled at that point
Anza notes that Bitcoin cannot use this approach analogously because some “Satoshi coins” originate from accounts created before BIP32/39 upgrades.
Concrete SIMD Proposals
The roadmap mentions three pending Solana Improvement Documents:
- SIMD-0296 and SIMD-0385 — increasing the Solana transaction size to 4096 bytes to accommodate FALCON signatures
- SIMD-0461 — precompile for FALCON signature verification, giving programs the ability to validate post-quantum signatures on-chain without prohibitive compute costs
Timing Assessment
Anza itself emphasizes: cryptographically relevant quantum computers are not yet imminent. The largest number factored by Shor’s algorithm on actual quantum hardware is 21 (Martín-López et al. 2012). But: the new whitepapers shift the risk distribution to the left. Anza’s current estimate — 3 to 5 percent in 5 years — means: preparation now, not at the emergency.
What to Watch
- How quickly the NIST-finalized post-quantum schemes (especially FALCON) reach implementation maturity for production blockchains
- Whether Solana, Ethereum, and other large chains coordinate their post-quantum migrations or pursue separate paths
- When the SIMD proposals SIMD-0296 / SIMD-0385 / SIMD-0461 are approved for implementation
- How the validator community reacts to larger signature sizes (bandwidth, storage)
Source
- Anza Blog — Securing Solana Against a Powerful Quantum Adversary, April 27, 2026
- Solana Improvement Documents — github.com/solana-foundation/solana-improvement-documents
- NIST Post-Quantum Cryptography — csrc.nist.gov/projects/post-quantum-cryptography