- BNB Chain tested a full migration to post-quantum cryptography, replacing ECDSA and BLS12-381 with quantum-resistant algorithms.
- The upgrade used ML-DSA-44 for transaction signatures and pqSTARK for validator vote aggregation, in line with emerging NIST standards.
- Network throughput fell by around 40%, mainly due to much larger signatures and heavier blocks that strained bandwidth and propagation.
- Bitcoin, Ethereum and TRON are also exploring different paths toward post-quantum security, each with its own timeline and trade-offs.
The blockchain ecosystem is starting to confront a scenario that, for years, felt like something out of a far-off future: the possibility that powerful quantum computers could eventually undermine today’s cryptographic foundations. Against this backdrop, BNB Chain has run a large-scale experiment to see what a transition to post-quantum security might look like in practice, a topic related to XRP and quantum computing risk.
In a newly published technical report, the network founded by Binance – formerly known as Binance Smart Chain (BSC) – details the outcome of its internal trials to swap out core cryptographic components for quantum-resistant alternatives. The results show that post-quantum protection is technically feasible on a live-style blockchain, but it comes with a very visible price: a pronounced hit to performance and resource efficiency.
BNB Chain’s post-quantum experiment: what actually changed
According to the report, BNB Chain’s team carried out a comprehensive test migration in which they replaced two fundamental cryptographic primitives: ECDSA signatures for user transactions and BLS12-381 signatures for validator consensus. Both schemes are based on elliptic-curve cryptography, which is widely considered vulnerable to future quantum attacks, particularly via Shor’s algorithm.
For transaction-level security, the developers adopted the algorithm known as ML-DSA-44, a variant of the Dilithium-based scheme that the US National Institute of Standards and Technology (NIST) has selected as part of its post-quantum standardization process. This choice aligns BNB Chain’s tests with the emerging FIPS 204 standard, which formalizes ML-DSA as a recommended quantum-safe signature system.
On the consensus side, where validators need to agree on blocks and finalize them, the network turned to pqSTARK-based aggregation. Instead of every validator broadcasting separate signatures, pqSTARK techniques allow many votes to be folded into compact proofs, which significantly reduces the raw overhead that would otherwise come from switching to bulkier post-quantum signatures.
These changes were implemented in a controlled environment designed to emulate mainnet conditions, so that the team could measure the impact on throughput, latency and network resources without endangering real user funds. The experiment thus serves as a kind of dress rehearsal for what a full production migration might entail.
Throughput drop: around 40% fewer transactions per second
The most eye-catching metric in the report is the hit to capacity. Once the post-quantum mechanisms were enabled, BNB Chain’s cross-region throughput slid from roughly 4,973 transactions per second (TPS) to about 2,997 TPS. In percentage terms, that’s close to a 40% reduction, a figure also highlighted by independent observers following the project.
Interestingly, the main culprit was not the raw cost of cryptographic verification, but the sheer amount of data that had to be shipped and processed across the network. Post-quantum signatures are considerably larger than their classical counterparts, and that bloat has cascading effects on how quickly blocks can be propagated and validated.
From a user’s perspective, this means that a network hardened against quantum attacks might feel slower and more congested unless compensating improvements are made elsewhere. The test results underscore a core tension the industry will have to grapple with: how to boost long-term security without eroding the performance benchmarks that many blockchain applications rely on.
For now, the experiment remains an internal trial, but it signals that any serious move toward post-quantum protection is likely to involve non-trivial trade-offs in scalability and user experience. That reality could shape how and when different ecosystems decide to roll out such upgrades.
How much bigger did transactions and blocks get?
Beneath the high-level TPS numbers, the report provides concrete figures on how data structures changed. A typical transaction on BNB Chain, which previously weighed in at about 110 bytes, ballooned to roughly 2.5 kilobytes once post-quantum signatures were added. That’s more than a twentyfold increase for each basic transfer users send through the network.
The effect on block size was similarly stark. Average blocks grew from an estimated 130 kilobytes to around 2 megabytes under the post-quantum configuration. While 2 MB is far from unprecedented in the broader blockchain world, this sudden jump implied a much heavier load on bandwidth and storage, especially for validators spread across different regions and infrastructure conditions.
Observers pointed out that the digital signatures themselves experienced dramatic inflation. Where ECDSA signatures could be as compact as around 65 bytes, the new ML-DSA-44 signatures clocked in closer to 2,420 bytes. That change alone explains a sizeable portion of the bandwidth pressure noted in the experiments.
Network propagation became the primary bottleneck: getting these larger blocks swiftly distributed to all participants proved more challenging than verifying their cryptographic correctness. As block contents expanded, latency in relaying them increased, contributing to the observed decline in effective TPS.
The team emphasizes that this is not an insurmountable issue, but one that will demand further optimization. Compression strategies, improved gossip protocols and more efficient encoding of post-quantum data are all areas where additional engineering work could reclaim some of the lost performance.
The role of pqSTARK aggregation for validators
While ordinary transactions became significantly heavier, the designers managed to limit the fallout on validator communication by leaning on pqSTARK-based aggregation. Rather than broadcasting many individual post-quantum signatures, validators can consolidate their votes into compact proofs that are much cheaper to circulate.
The report illustrates this with a specific example: six separate signatures, which would normally total around 14.5 kilobytes, were combined into a single proof of about 340 bytes. That corresponds to a compression ratio on the order of 43:1, dramatically shrinking the data overhead in consensus-related traffic.
This approach helped ensure that internal protocols for block finalization and validator coordination remained relatively efficient despite the switch to quantum-resistant primitives. The main pain point thus stayed concentrated at the user-facing layer, where individual transfers cannot be aggregated as aggressively.
Even so, the authors caution that consensus mechanisms and related cryptographic tools will need continued refinement if they are to operate comfortably in a fully post-quantum world. Aggregation works well in some contexts, but not every message or signature can be batched without introducing new complexity or latency.
As more networks experiment with post-quantum upgrades, it is likely that different designs will explore diverse trade-offs between aggregation, proof size and verification cost. BNB Chain’s pqSTARK deployment is one of the first concrete case studies available at scale.
Maintaining compatibility with the existing ecosystem
One of the more reassuring aspects of the BNB Chain trial is that it was structured to preserve compatibility with the current infrastructure and tooling. Despite the deep cryptographic changes under the hood, everyday interfaces seen by users and developers were largely kept intact.
In particular, address formats remained unchanged: the network continued to rely on 20-byte addresses derived through keccak-256, the same scheme that many Ethereum-compatible systems use today. This means that wallets, SDKs, RPC endpoints and most applications would not need a radical redesign solely to accommodate the new signature scheme.
This backward-friendly approach suggests that a gradual, opt-in transition to post-quantum security might be feasible, rather than requiring a one-shot, disruptive hard fork that breaks large parts of the ecosystem. For example, some accounts or contracts could adopt quantum-safe keys first, while others migrate later.
However, the report is clear that not everything has been addressed yet. Other vulnerable components, such as P2P handshake protocols and KZG commitments linked to EIP-4844-style designs, were left for future work. Updating those systems will likely involve coordination not just within BNB Chain, but across the broader Ethereum-compatible landscape.
For now, the experiment serves as a proof that core transaction and consensus logic can be upgraded without tearing down the entire developer and wallet ecosystem. Turning that technical feasibility into a smooth, real-world rollout is the next challenge.
Why quantum computing is seen as a threat to blockchains
Modern blockchains rely heavily on elliptic-curve-based cryptography for authentication and security. Algorithms like ECDSA allow users to sign transactions with private keys in a way that can be publicly verified with the corresponding address, ensuring only legitimate owners can move funds.
The concern is that sufficiently advanced quantum computers could, in theory, use Shor’s algorithm to break the mathematical assumptions that keep these schemes safe. Problems that are prohibitively hard for classical machines could become tractable, potentially exposing public keys to brute-force attacks; for contemporary analysis of how real this threat is, see quantum threats to Bitcoin.
At present, no known quantum computer can realistically threaten large public networks like Bitcoin, Ethereum or BNB Chain. Still, governments, standards bodies and industry players are preparing early, on the premise that migration to new cryptographic standards takes many years and should begin before a crisis emerges.
NIST has been working for over a decade on a formal post-quantum cryptography standardization program, evaluating algorithms that can resist both classical and quantum adversaries. The selection of ML-DSA (based on Dilithium) and other schemes marks a key milestone in that effort.
BNB Chain’s decision to test ML-DSA-44 in a realistic blockchain context reflects a broader shift from theoretical discussions toward concrete, system-level trials. The question is no longer just which algorithms are secure in isolation, but how they behave at scale and under real network constraints.
How other major blockchains are approaching post-quantum security
The debate over quantum resilience is spreading across the wider crypto space, with different networks experimenting with their own approaches and timelines. There is still no universal roadmap, but some early patterns are emerging.
In the Bitcoin community, developers have floated proposals like BIP-360, which explores embedding quantum-resistant protections directly into the base protocol. Some emergency migration ideas have also been discussed, making use of the current rule set but at the cost of higher transaction sizes and fees in the short term.
Ethereum is moving more cautiously. The Ethereum Foundation has launched an initiative focused on gradually upgrading wallets, validator infrastructure and internal components over several years, rather than flipping a single switch. This approach seeks to balance security improvements with the need to maintain stability across a large, complex ecosystem.
TRON, meanwhile, is signaling a more aggressive schedule. Its founder, Justin Sun, has publicly indicated that the network plans to launch a quantum-resistant testnet in the second quarter of the year, followed by a mainnet deployment in the third quarter, if everything goes according to plan.
BNB Chain’s recent tests feed directly into this broader conversation. By putting real numbers on the performance costs and engineering hurdles of a post-quantum migration, the project gives other ecosystems a clearer sense of what they might face if they pursue similar upgrades.
The common thread across these efforts is a growing recognition that the industry cannot wait until quantum computers are visibly breaking systems to start adapting. Long lead times for protocol changes, wallet updates and user education mean that early experimentation is not merely optional, but increasingly necessary.
Open challenges before a full production rollout
Despite the successful test migration, BNB Chain’s own assessment is that the network is not yet ready to adopt post-quantum cryptography in production at full scale. Several technical and practical challenges remain on the critical path.
First, the network and data-layer scalability limitations that came to light during the experiment need to be addressed. Without further optimization, the bandwidth demands of post-quantum signatures could make it harder for smaller validators or nodes with weaker connectivity to participate fully, potentially affecting decentralization.
Second, components beyond transaction signatures and consensus votes must be brought into the post-quantum fold. P2P handshake mechanisms, KZG commitments and other cryptographic building blocks used in rollup and data-availability schemes will also need quantum-safe replacements or upgrades.
Third, there is the matter of governance and coordination. A complete migration will require aligning validators, infrastructure providers, wallet developers and application teams, all of whom have different risk tolerances and operational constraints. Designing a path that minimizes disruption while still achieving meaningful security gains is no trivial task.
Finally, user experience cannot be overlooked. If post-quantum upgrades lead to noticeably higher fees, slower confirmations or more frequent congestion without clear communication, users may resist or misunderstand the changes. Education around the quantum threat model and the reasons for these trade-offs will play a vital role.
BNB Chain’s report frames the current work as a stepping stone: a proof that migration is technically achievable, coupled with a candid acknowledgement of the costs. Turning that prototype into a mature, production-ready design will likely demand several more development and testing cycles.
For the broader blockchain industry, these findings underline that defending against future quantum-capable adversaries is not simply a cryptographic swap, but an end-to-end system redesign that touches performance, economics and governance all at once.
As things stand, BNB Chain’s internal post-quantum trial shows that a quantum-resilient blockchain is within reach, yet comes with a tangible hit to efficiency that cannot be ignored. The key question going forward is how much throughput and convenience networks are prepared to give up today in order to secure themselves against threats that may only fully materialize years down the line.
