Ledger CTO points out that the post-quantum era has arrived, with a critical phase: eliminating algorithms vulnerable to quantum attacks before 2030, fully banning them before 2035, and completing migration by 2029. ML-KEM (CRYSTALS-Kyber) will be used to counter the "collect first, decrypt later" risk; the core of blockchain relies on digital signatures, with post-quantum solutions divided into ML-DSA and SLH-DSA. Blockchain favors hash signatures to achieve security and determinism, but compatibility with multi-party computation and threshold signatures has not yet been resolved, affecting custody and collaborative signing.

BlockBeatNews

2026-04-23 12:06:20

Abstract generation in progress

BlockBeats message, April 23 — Ledger’s Chief Technology Officer Charles Guillemet wrote, “Post-quantum cryptography is entering a critical phase. Although it remains uncertain when quantum computers with practical cryptographic impact will appear, the industry generally believes that migration to post-quantum systems is inevitable. The traditional sector has already formed a clear timeline: led forward by the National Institute of Standards and Technology of the United States, it plans to phase out existing vulnerable algorithms before 2030 and fully ban them before 2035. Large enterprises and government agencies are currently accelerating preparations, aiming to complete migration capability building by 2029.

In terms of technical pathways, encryption and key exchange will shift to ML-KEM (formerly CRYSTALS-Kyber) to address the risk of quantum attacks of the “collect first, decrypt later” type. However, in blockchain systems, the core issue is more concentrated on digital signatures. Current mainstream post-quantum signature schemes are divided into two categories: lattice-based ML-DSA (formerly CRYSTALS-Dilithium) and hash-based SLH-DSA (formerly SPHINCS+). The traditional industry is more inclined to adopt ML-DSA and its hybrid schemes with ECC, while the blockchain field is more inclined toward hash signature schemes that are more conservative in security and simpler in structure.

Both schemes have their trade-offs: ML-DSA has better performance, but its security assumptions have not yet undergone long-term validation; SLH-DSA is less efficient, but it relies on a mature hash-function system, making its security more deterministic. For blockchains that emphasize long-term security and validation pathways, the latter is more appealing. However, regardless of which scheme is chosen, the compatibility of multi-party computation (MPC) and threshold signatures remains an unresolved problem; this risk is especially critical in an industry built on custodial and collaborative signatures.”

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.

Reward
like
Comment
Repost
Share

Comment

Add a comment

No comments

Trending Topics
View More
#
Gate13thAnniversaryLive
1.25M Popularity
#
WCTCTradingChallengeShare8MUSDT
806.88K Popularity
#
BitcoinBouncesBack
184.34K Popularity
#
EthereumMemeSeasonReturns
2.01M Popularity
#
USIranTalksProgress
912.44K Popularity

Sitemap

Ledger CTO: The post-quantum cryptography migration has entered a critical period, and blockchain is more inclined to choose hash-based signature schemes

Trending Topics

Gate13thAnniversaryLive

WCTCTradingChallengeShare8MUSDT

BitcoinBouncesBack

EthereumMemeSeasonReturns

USIranTalksProgress

Pin