Ethereum is beginning to formalize its post-quantum security push in public. ETH Foundation researcher Will Corcoran used a presentation at the Institutional Ethereum Forum in New York to lay out both the threat model and the protocol work already underway. The effort matters well beyond ETH, he argued, because the core bottleneck is not unique to one chain: every proof-of-stake network built on today’s cryptographic assumptions will eventually face the same scaling problem.
Alongside the talk, the Ethereum Foundation launched pq.ethereum.org, a new portal that packages the project’s roadmap, technical resources, FAQs for institutions, and a registration form for a post-quantum retreat in Cambridge in October 2026. Corcoran framed the site as a way to consolidate years of research and answer what he described as growing inbound interest from institutions asking how Ethereum plans to prepare for a future in which quantum computers can break elliptic-curve cryptography.
Ethereum Eyes Post-Quantum Industry Standard
That future is still projected to be years away, but Corcoran said Ethereum is already working against a tight window. He pointed to current estimates for “Q-Day”: the arrival of a cryptographically relevant quantum computer, clustering around 2032, while the current roadmap targets key post-quantum components for the protocol’s “L” or “M” fork, roughly around 2029.
The presentation’s core argument was that post-quantum security cannot be reduced to a simple signature swap. Ethereum today relies on elliptic-curve cryptography across the stack: validator attestations at the consensus layer, blob proof data at the data layer, and transaction and wallet signatures at the execution layer. If that cryptography is broken, large parts of the network’s security model break with it.
But replacing it introduces a second-order problem. Ethereum’s current BLS signatures are compact and aggregate extremely efficiently: 10,000 signatures still compress to 96 bytes. The proposed post-quantum replacement, a hash-based scheme Corcoran called Lean Sig, is around 3,000 bytes per signature, and naively aggregating them would produce roughly 30 megabytes of data per slot.
That tradeoff is not merely an engineering inconvenience. Corcoran repeatedly tied it back to Ethereum’s decentralization constraint, arguing that bigger signatures would raise bandwidth requirements, reduce the number of viable home validators, and weaken the chain’s security properties. In his telling, the entire design challenge is downstream from that point.
“So making Ethereum post quantum secure isn’t just as simple as swapping out the signature schemes because that one change cascades through everything else,” he said. “Bigger signatures would result in more bandwidth that would result in fewer home validators, less decentralization, and weaker security guarantees. So that one change cascades through everything.”
Ethereum’s proposed answer is a pairing of LeanSig with a proving system called Lean Multisig, which Corcoran described as a STARK-based aggregation engine. Instead of forwarding all of the signatures directly, the system aims to prove that they were verified correctly and compress the output to around 125 kilobytes. He called that roughly 250x compression “the moon math” that makes post-quantum consensus viable on Ethereum.
Corcoran also used the talk to stress that this is no longer a purely theoretical research thread. He said Ethereum is already running devnets with 10 client teams, has shipped four devnets so far, and is building around three-slot finality and four-second slots as a design basis. The broader effort, he added, spans more than eight years of research, about $25 million in funding, and roughly 1,500 contributors across more than 250 organizations and teams.
For Ethereum, the immediate message is that post-quantum readiness is becoming a visible part of its long-range protocol agenda. For the rest of crypto, Corcoran’s claim was broader.
“Really, every proof of stake blockchain faces the same challenge, and that challenge is the ability to aggregate at scale hash based signatures. It’s nonnegotiable,” he said. “When we succeed in shipping LeanSig and LeanMultisig and Lean consensus, we think that this could really become the de facto industry standard.”
At press time, ETH traded at $2,154.
