The advent of quantum computing is exciting, but talk of the amazing benefits it will provide is often accompanied by a justifiably alarmist narrative with regards to cybersecurity. In the blockchain industry, there’s a lot of concern that quantum systems might lead to the collapse of Bitcoin and the obsolescence of digital assets.
While apprehensiveness is warranted, most security engineers do not see quantum computing as the imminent apocalypse, but rather, a complex, long-term infrastructure challenge to be solved. Securing systems from quantum attacks is a complex quandary that will require a transition from the methods used in cryptography today to a new breed of algorithms that can withstand brute-force attacks from a cryptographically supercharged quantum computer over the long term.
Known for its bleeding-edge security strategy, leading cold wallet provider Ledger’s post-quantum security efforts mirror a broader realization among security professionals: The resilience of crypto demands not only stronger cryptography, but a carefully planned migration. It’s not just a matter of swapping out today’s algorithms for more advanced cryptographic primitives, as there’s also a need to implement this architecture in collaboration with the broader blockchain industry while also accounting for hardware constraints.
That’s why Ledger sees post-quantum crypto wallet security primarily as an infrastructure problem, one with major implications when it comes to practical readiness, hardware-level performance and the fragmented nature of today’s digital assets.
Why Ledger Treats Quantum Computing as a Long-Term Security Challenge
Ledger’s security team views quantum computing as a long-term cryptographic transition challenge rather than an immediate existential threat to blockchain systems. Today’s quantum computers are not advanced enough to break modern Elliptic Curve Cryptography. However, there are still valid concerns about the transparency of blockchain.
One of the main concerns of Ledger Donjon, the company’s security research lab, is the rising occurrence of cybercriminals playing the long game. Malicious entities have been capturing encrypted traffic for years as part of a “harvest now, decrypt later” strategy that assumes today’s encryption schemes will eventually be broken once powerful enough quantum machines come online.
In the blockchain ecosystem, this is a particular concern as attackers have already enjoyed a plentiful harvest. Researchers estimate that public keys for 25% of Bitcoin’s total value have already been exposed publicly, including many “Satoshi-era” public key addresses and those that have been reused.
Ledger CTO Charles Guillemet believes that cybercriminals are waiting patiently for the day that more powerful quantum computers become available. “Blockchain security relies heavily on Elliptic Curve Cryptography – public/private keys,” he said in a recent thread on X. “Not an immediate threat, but once quantum computers are powerful enough, ECC could be broken, meaning private keys could be computed from exposed public keys.”
A quantum adversary could theoretically use Shor’s algorithm to ascertain the private keys associated with exposed public keys. Due to the public nature and immutability of blockchain signatures, it’s impossible to replace all of the public keys that have been revealed. That’s why Ledger Donjon is focused on researching these risks now, so it can establish a way for blockchain to transition to quantum-resistent signatures such as ML-DSA before attackers can reap the rewards of their harvest.
Ledger’s Approach to Post-Quantum Migration
To achieve post-quantum security, choosing a suitable new algorithm is the least of our worries. The biggest challenge will be to overcome the logistical hurdles of migrating to new infrastructure. That’s why Ledger’s post-quantum work focuses as much on migration coordination and infrastructure resilience as on cryptographic theory itself.
Historically, transitioning global infrastructure to a new cryptographic standard can take over a decade to implement. Precedents include the shift from SHA-1 to SHA-2, or the industry’s current migration to TLS 1.3.
The decentralized nature of crypto creates additional challenges. For instance, every major blockchain will need to implement a protocol-level upgrade to standardize on post-quantum security. Crypto exchanges, wallet providers and custodians will also be required to cooperate and agree on new standards for wallet address formats and descriptors to avoid problems like liquidity fragmentation.
Throughout the migration, operational continuity must be maintained to enable users to migrate digital assets from “legacy” wallets without exposing them to other threats.
Ledger’s experts characterize this as a cryptographic agility challenge. The company is already implementing plans to support hybrid signatures in its infrastructure stack, where transactions will be secured using both classical and post-quantum signatures as part of a secure deployment pathway. This approach is similar to how public key infrastructure modernization in the enterprise world is handled, designed to ensure that even if one vector is compromised, the second signature can still protect the user’s assets.
Why Hardware Security Still Matters in a Post-Quantum World
There’s a misconception that the shift to post-quantum cryptography means that today’s security hardware will become irrelevant. That couldn’t be further from the truth. Ledger’s research suggests that post-quantum cryptography will increase the importance of secure hardware implementation rather than reduce it.
Post-quantum cryptography (PQC) is built on a foundation of lattice-based schemes that introduce greater complexity compared to today’s elliptic curve-based algorithms. While this complexity increases the robustness of algorithmic security, it can also introduce newer vulnerabilities during implementation.
Notably, PQC signatures and keys have a much larger footprint, as their complexity increases by an order of magnitude. To manage these footprints within the compact memory environment of Secure Elements will require advances in memory management.
There’s also a risk of new attack surfaces that can only be protected against with hardware isolation. For instance, when a device performs a PQC calculation, its electromagnetic emissions could potentially reveal the private key.
Hardware is also necessary to protect against the standard threats faced by crypto users, such as malware, phishing, endpoint compromises and transaction manipulation, which do not require a quantum computer. It doesn’t take a math whizz to trick someone into signing a fraudulent transaction on an insecure device. Therefore, hardware wallets will likely remain a cornerstone of crypto security, irrespective of the underlying cryptography.
Ledger’s Pursuit of PQC for Secure Devices
Ledger’s approach emphasizes cryptographic agility and practical implementation feasibility rather than premature claims about “quantum-proof” security. Its research is focused on algorithm evaluation and NIST standardization in order to inform the design of next-generation Secure Elements where every byte of RAM and clock cycle is highly optimized.
Guillemet said this research is vital, because the crypto industry can’t afford to take a wait-and-see approach. “We’re working on PQC experiments, running software only (no Hardware acceleration) implementations directly inside Secure Elements,” he said. “Even with countermeasures still turned off, the constraints show up immediately: RAM pressure and compute cost are already major bottlenecks.”
Two specific algorithms have caught Ledger’s attention, including ML-DSA, which was formerly known as Dilithium. It’s based on a module-lattice scheme that supports rapid signature creation, but the tradeoff is its high memory usage. To get around this, Ledger is working with partners like ZKNOX to optimize ML-DSA algorithms to run in constrained RAM environments.
“Memory is the first wall,” Guillemet explained. “Secure Elements run with tiny RAM budgets, while PQC needs large buffers (keys, polynomials, NTT state, temp arrays). If it doesn’t fit, it doesn’t ship.”
A second candidate for post-quantum security crypto is FN-DSA, or Falcon, which is based on an NTRU lattice scheme. The primary advantage is smaller signatures and less memory, but this is enabled through heavy complex floating-point operations, or more processing power. Secure Elements lack a dedicated FPU, however, presenting challenges for constant-time execution, leaving FN-DSA at risk of timing attacks.
“Compute is the second wall,” Guillemet added. “Even ‘reasonable’ PQC parameters can turn signing into seconds on constrained silicon and drastically increase the time for signing flows in everyday transactions.”
Ledger’s research is focused on continually optimizing these algorithms on real-world ST33K Secure Elements and benchmarking their performance to try and establish the optimal trade-off between transaction speed, security margin and battery life.
Quantum Readiness in the Context of Crypto Security’s Evolution
The focus on quantum attack resistance is part of a broader trend amid crypto’s evolution towards a more layered approach to security. Crypto itself is no longer a niche hobby – it’s well on the way to becoming institutional-grade infrastructure. That’s why Ledger increasingly approaches crypto security as an evolving infrastructure discipline rather than a static hardware problem.
In crypto’s early days, security was a relatively simple affair – store your private keys offline, in “cold storage,” and they were secure. But in the modern crypto ecosystem, resilience has become multi-faceted. Cold storage isn’t enough, with most institutions relying on more robust hardware wallets. This hardware should ideally be upgradeable to protect it from new threats.
Migration readiness is another aspect, so that the infrastructure can be upgraded as new standards emerge. That necessitates operational continuity as well, so funds are still accessible even as those upgrades and migrations are undertaken.
The definition of “secure” is in flux, and the most secure systems are those that can adapt to stay ahead of the evolving threat landscape. Ledger is at the forefront of long-term resilience engineering, pioneering a more dynamic security layer that can pivot as new risks emerge.
The Quantum Transition Depends on Coordination
Ledger’s post-quantum strategy reflects a broader reality facing the crypto industry: the future of blockchain security will depend on how effectively the ecosystem evolves its infrastructure over time.
The advances in quantum computing cannot be ignored, and the crypto industry recognizes that it will require a coordinated and concerted effort to ensure its future security. But the sensationalist headlines about quantum computers bringing down Bitcoin ignore the reality that key stakeholders are already pushing to standardize on and implement PQC.
On the other hand, the risks of fragmented adoption persist. If different protocols and wallet providers adopt alternative cryptographic standards, the complexity that follows could create so many security holes that quantum attacks would be the least of our worries.
“It’s still unclear what each ecosystem will converge on,” Guillemet explained. “Each choice comes with trade-offs: signature size, verification cost, implementation complexity, and confidence in the assumptions. The hard part is getting a solution that is workable for both secure signers and global networks.”
That’s why Ledger’s research-backed efforts to standardize on the most effective cryptographic method are so important. By spearheading these efforts and developing the tools to securely manage future migrations, it can ensure the evolution of crypto security is based on sound engineering logic.
If quantum is ignored, it could become an existential threat, but with careful preparation and a continued focus on hardware, the danger it poses can be negated. If all goes well, crypto will enter the quantum era with an even more robust security architecture than it has now.