惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Help Net Security
Help Net Security
S
Schneier on Security
Security Latest
Security Latest
C
Cyber Attacks, Cyber Crime and Cyber Security
博客园_首页
K
Kaspersky official blog
B
Blog
雷峰网
雷峰网
MyScale Blog
MyScale Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
人人都是产品经理
人人都是产品经理
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
T
Threatpost
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Latest news
Latest news
J
Java Code Geeks
W
WeLiveSecurity
GbyAI
GbyAI
V
Vulnerabilities – Threatpost
S
Secure Thoughts
IT之家
IT之家
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
博客园 - 叶小钗
Engineering at Meta
Engineering at Meta
S
Security @ Cisco Blogs
罗磊的独立博客
M
MIT News - Artificial intelligence
Blog — PlanetScale
Blog — PlanetScale
Stack Overflow Blog
Stack Overflow Blog
月光博客
月光博客
P
Proofpoint News Feed
博客园 - 聂微东
云风的 BLOG
云风的 BLOG
N
Netflix TechBlog - Medium
D
DataBreaches.Net
S
SegmentFault 最新的问题
V
Visual Studio Blog
V
V2EX
The Register - Security
The Register - Security
N
News | PayPal Newsroom
aimingoo的专栏
aimingoo的专栏
C
Cybersecurity and Infrastructure Security Agency CISA
N
News and Events Feed by Topic
Hacker News: Ask HN
Hacker News: Ask HN
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Google DeepMind News
Google DeepMind News
Webroot Blog
Webroot Blog
NISL@THU
NISL@THU
D
Darknet – Hacking Tools, Hacker News & Cyber Security

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
Why ECDSA Keys Are a Liability in 2026
Xae · 2026-05-03 · via DEV Community

By QuantaLabs | April 2026 | quantalabs.cc | quantachain.org


Five days ago, an independent researcher named Giancarlo Lelli broke a 15-bit elliptic curve key on a publicly accessible IBM quantum computer and collected a 1 BTC bounty from Project Eleven. The result was debated — some Bitcoin developers showed the winning result could be replicated with random noise, suggesting limited true quantum advantage at this scale. But the debate misses the point entirely.

The real story is what happened three weeks before that, in the research papers.


The Three Papers That Changed the Timeline

In the last week of March 2026, two papers dropped on the same day that fundamentally rewrote the resource estimates for breaking ECDSA:

Google Quantum AI (March 31, 2026)

Google’s research team published a 57-page whitepaper outlining a significantly more efficient implementation of Shor’s algorithm against secp256k1 — the elliptic curve that secures Bitcoin, Ethereum, and virtually every EVM-compatible blockchain. Their circuits require fewer than 500,000 physical qubits on a superconducting architecture to break ECDSA-P256. Critically, the estimated execution time is under 9 minutes.

Bitcoin’s average block time is 10 minutes. The implication: a sufficiently powerful quantum computer could theoretically crack an exposed public key faster than a transaction confirms on-chain.

The previous estimate from Litinski (2023) required ~9 million qubits. Google’s paper represents an approximately 20-fold reduction in the qubit threshold. The paper closed with a line that should be framed on the wall of every blockchain security team:

“It is conceivable that the existence of early CRQCs may first be detected on the blockchain rather than announced.”

Oratomic / Caltech / UC Berkeley (March 31, 2026)

On the exact same day, a team spanning Oratomic (a new quantum startup founded by researchers from Harvard’s landmark neutral-atom fault-tolerance experiments), Caltech, and UC Berkeley published a paper showing Shor’s algorithm can be executed at cryptographically relevant scales with as few as 10,000 reconfigurable neutral-atom qubits.

That is 50x lower than Google’s already-shocking estimate. The key insight: high-rate quantum Low-Density Parity-Check (qLDPC) codes achieve approximately 30% encoding rate, compared to ~4% for surface codes in Google’s architecture. Their largest code encodes 1,480 logical qubits in just 5,278 physical qubits.

Under plausible assumptions, a 26,000-qubit neutral-atom system could crack P-256 in a matter of a few days.

Chevignard-Fouque-Schrottenloher (EUROCRYPT 2026, March 2026)

French researchers published a new quantum circuit architecture for the 256-bit Elliptic Curve Discrete Logarithm Problem at EUROCRYPT 2026, further optimizing the circuit depth needed to attack full production keys.


Three Papers. Three Weeks. The Timeline Just Moved.

This is not distant future speculation. The shift from “we need 20 million qubits” to “we might need 10,000” happened in three months. The trajectory matters more than today’s hardware state.

Cloudflare, which handles a significant share of global internet traffic, put it bluntly in their post-quantum roadmap published this month:

“Q-Day has been pulled forward significantly from typical 2035+ timelines, with neutral atoms in the lead, and other approaches not far behind.”

Google followed with their own public commitment in March 2026: a formal 2029 deadline to transition their entire infrastructure to post-quantum cryptography. Android 17 is shipping with ML-DSA (post-quantum digital signatures) by default.

As of October 2025, Cloudflare reported that over 50% of human-initiated connections to their network were already protected with hybrid post-quantum key exchange (ML-KEM + X25519). By their latest reporting, 65% of human traffic to Cloudflare is now post-quantum encrypted.

The web is already migrating. Blockchain hasn’t started.


Why Blockchain Is More Exposed Than TLS

There’s a subtle but critical difference between what Cloudflare is protecting and what your blockchain is exposing.

TLS key exchange is ephemeral. The keys are fresh for every session. Even if a quantum adversary harvests ciphertext today, breaking the key later only reveals that session’s traffic — not the ability to forge future transactions.

Blockchain public keys are permanent and on-chain.

When you receive funds to an Ethereum address and spend from it, your public key is visible in the transaction history. Anyone who archives that public key today can attempt to derive the private key later. Every wallet that has ever signed a transaction exposes its public key to “harvest now, decrypt later” attacks.

Moreover: Bitcoin and Ethereum addresses that have never been spent from expose only the hash of the public key — which buys some time. But ~6.9 million Bitcoin currently sit in wallets where the public key is already fully exposed on-chain. All of those funds can be targeted the moment a sufficiently powerful quantum computer exists.

The Coinbase advisory board has explicitly flagged this: the transition to post-quantum cryptography in blockchains is not a simple key-swap. It is a complex, breaking migration that requires a hard fork, wallet migration tooling, and a coordinated cutover. The longer you wait to build on quantum-resistant foundations, the more painful the migration becomes.


What a Production Falcon-512 Blockchain Actually Looks Like

We didn’t write this post from theory. QuantaLabs builds Quantachain — the first publicly live Layer 1 blockchain using NIST-standardized Falcon-512 lattice signatures from genesis, with external node operators, a live block explorer, and a published benchmark suite.

Here is what our engineering team measured in the April 2026 benchmark run (Node v0.7.1, Ubuntu 22.04, 4-core environment):

Cryptographic Core — Falcon-512

Operation Quantachain ECDSA-P256 Overhead
Sign 0.227 ms ~0.05 ms ~4.5×
Verify (serial) 0.006 µs ~0.12 ms < 1× (faster)
Verify (parallel, 4 cores) 0.001 µs (batch 100)
Key generation 6.8 ms ~0.05 ms Higher
Signature size 689 bytes avg 64 bytes ~10.8×
Public key size 897 bytes 64 bytes ~14×

The signing overhead is real — Falcon-512 costs approximately 4.5× more to sign than ECDSA-P256. This is the honest tradeoff of post-quantum security.

But look at verification: Falcon-512 serial verification in our implementation runs at 168,000+ verifications per second. With Rayon-based parallel batch verification across 4 physical cores, a block of 200 transactions verifies in 0.169 ms total — a 7× speedup over serial, beating the theoretical 4× core maximum due to cache locality effects.

The performance gap between classical and PQC signature verification — the primary throughput bottleneck in a block validator — closes to under 1.3× per-block in parallel batch mode.

Mempool and Throughput

Metric Result
Mempool insert throughput 230,041 tx/sec
Duplicate rejection latency (Bloom filter) 3.3 µs (O(1))
Fee-ordered top-1200 selection 590 µs
Eviction under flood 251,312 ops/sec

The mempool runs on a priority-fee BTreeMap (O(log n) insert, O(1) remove) with a Bloom filter providing O(1) duplicate detection at 50K capacity and 0.01% false positive rate.

Block Compression

Falcon-512 signatures are ~10× larger than ECDSA. Unmitigated, this would cause severe blockchain state bloat. We integrated zstd Level-3 block compression:

Block size Raw Compressed Ratio Compression time
100 txs 171 KB 86 KB 1.97× 0.37 ms
500 txs 856 KB 359 KB 2.38× 1.57 ms
1,200 txs (full block) 2,054 KB 838 KB 2.45× 5.48 ms

A full 1,200-transaction Falcon-512 block compresses from 2 MB to 838 KB in under 5.5 milliseconds. This cuts annualized ledger growth by over 60% relative to uncompressed Falcon-512, keeping storage costs competitive with classical blockchains.

Live Node — End-to-End HTTP Pipeline

Beyond in-memory benchmarks, we ran a live HTTP stress test against a running testnet node (sequential submissions with Falcon-512 signed transactions via the /api/transactions/submit endpoint):

  • Median round-trip latency (p50): 0.70 ms — full pipeline (HTTP + JSON deserialize + Falcon-512 verify + nonce check + balance check + mempool insert)
  • Concurrent flood throughput: 792 tx/sec (end-to-end, real network path)
  • Sequential acceptance rate: 100% — zero false rejections, zero signature errors

A 0.70 ms median acceptance latency for a fully Falcon-512 signed transaction is competitive with production ECDSA blockchains. We are not trading performance for security. The numbers prove it.


The Practical Comparison: Falcon-512 vs. Every Alternative

A common question: why not Dilithium (now ML-DSA), which NIST standardized first?

Scheme Quantum-Safe Sig Size PK Size Verify speed
Falcon-512 Yes ~689 B 897 B ~168K ops/s
CRYSTALS-Dilithium3 Yes 3,309 B 1,952 B High
ECDSA-P256 No 64 B 64 B ~8K ops/s (classical)
Ed25519 No 64 B 32 B Very high (classical)

Falcon-512 produces the smallest signature of any NIST-standardized PQC scheme. At ~689 bytes average (with compression), it is 4.8× smaller than Dilithium3. For a blockchain where every transaction signature is stored permanently on-chain and propagated across every node, signature size is not a footnote — it determines long-term sustainability.


What “Harvest Now, Decrypt Later” Means for Your Infrastructure Today

This is not a future threat. Nation-state-level adversaries have been operating HNDL (Harvest Now, Decrypt Later) campaigns since at least the Snowden-era disclosures. Every encrypted packet sent over a classical TLS or ECDSA-signed connection is a candidate for archival and future decryption.

The NSA’s CNSA 2.0 framework mandates that all new national security systems must be quantum-safe by January 2027. The White House Executive Order 14144 (January 2025) requires federal agencies to prioritize PQC in procurement. NIST’s deprecation timeline calls for RSA and ECDSA to be disallowed after 2035.

For blockchain specifically: every ECDSA-signed transaction in your history is already being harvested. You cannot retroactively re-sign historical transactions. You can only control what you build from now forward.


What We Built, and Why It’s Different

Quantachain is not a proof of concept. It is a live mainnet-adjacent network with:

  • Falcon-512 signatures from genesis — every transaction on every block, since block #1
  • A Chrome extension wallet with Falcon-512 key generation, mnemonic recovery, and AES-256-GCM encrypted local storage
  • External node operators running independent validating nodes
  • A live block explorer at scan.quantachain.org
  • A Zenodo-published research paper documenting the architecture with peer-reviewed methodology

This benchmark suite runs against the same node binary. These numbers are not simulations.


What You Should Do If You’re Building on ECC Today

Immediate:

  • Audit your signing scheme. Know every place ECDSA or Ed25519 is used in your infrastructure — transaction signing, TLS certificates, internal service auth, HSM configuration.
  • Migrate TLS key exchange to ML-KEM (this is already handled by Cloudflare for your edge, but your origin servers and internal microservices need manual configuration).

Medium term (before 2027):

  • If you are building a new chain or significant protocol upgrade, do not build on ECDSA. The engineering cost of migrating later — coordinating a hard fork, building parallel signing schemes, migrating wallet key material — will be an order of magnitude larger than building on Falcon-512 from genesis.
  • Implement crypto agility in your signing layer. Even if you stay on ECDSA today, your codebase should be structured so the signing scheme is swappable without a full protocol rewrite.

If you want help: QuantaLabs offers cryptographic readiness audits and Falcon-512 / Kyber-1024 migration engineering. We have done this on a production network. Reach us at enterprise@quantalabs.cc.


The Line That Should Stay With You

Google’s paper on breaking secp256k1 closed with a sentence that no blockchain developer should dismiss:

“It is conceivable that the existence of early CRQCs may first be detected on the blockchain rather than announced.”

Meaning: the first sign that Q-Day has arrived might not be a press release. It might be $2.5 trillion in ECC-secured digital assets draining to an unknown address.

The migration window is open. Build accordingly.


QuantaLabs is the engineering lab behind Quantachain — the first live post-quantum blockchain running Falcon-512 signatures in production. We publish our benchmarks, architecture, and research openly.



References and Further Reading

Google Quantum AI

Oratomic / Caltech / UC Berkeley

Project Eleven

Cloudflare

Industry Coverage

Standards and Policy

Quantachain and QuantaLabs