Developers behind the Tezos ecosystem have launched a testnet prototype for private blockchain payments specifically engineered to withstand future quantum computing attacks. The initiative, named TzEL, comes as the broader crypto industry accelerates efforts to prepare for the potential of quantum technology to break existing cryptographic systems. The prototype integrates post-quantum cryptography and zero-knowledge Scalable Transparent Arguments of Knowledge (zk-STARK) proofs to protect transaction data and encrypted payment metadata from what experts call 'harvest now, decrypt later' attacks—where encrypted data collected today is stored and later decrypted once quantum computers become sufficiently powerful.

Understanding the threat: quantum computing and blockchain

Quantum computing poses a fundamental risk to current blockchain security because many of the cryptographic algorithms used today, such as elliptic curve digital signature algorithm (ECDSA) and RSA, can theoretically be broken by large-scale quantum computers using Shor's algorithm. While practical quantum computers capable of breaking these algorithms remain years away—estimates range from 5 to 20 years according to different experts—the threat is considered severe enough that many blockchain projects are proactively developing quantum-resistant solutions. The rise of quantum computing has led to the concept of 'harvest now, decrypt later,' where adversaries store encrypted blockchain data with the expectation of decrypting it in the future. This is particularly concerning for privacy-focused blockchains that rely on encryption to hide transaction details.

The TzEL prototype: how it works

TzEL employs post-quantum cryptography, which includes cryptographic algorithms that are resistant to attacks from both classical and quantum computers. Specifically, the prototype uses zk-STARK proofs, a type of zero-knowledge proof that does not require a trusted setup and is believed to be quantum-resistant. However, these proofs come with a significant size overhead; the quantum-resistant zk-STARK proofs used by TzEL are roughly 300KB each, substantially larger than the privacy proofs commonly used in existing blockchain systems. To manage this increased data load, the prototype leverages Tezos’ Data Availability Layer (DAL), a feature designed to handle large data sets efficiently onchain. By offloading proof storage and verification to the DAL, Tezos can maintain scalability while incorporating post-quantum security features.

The TzEL system ensures that transaction amounts, sender addresses, and recipient addresses are all encrypted and only visible to parties with the correct decryption keys. The zk-STARK proofs guarantee that the encrypted transactions are valid without revealing any sensitive information. This level of privacy is particularly valuable for enterprise applications, decentralized finance (DeFi), and any use case where financial confidentiality is paramount. As of now, TzEL is live on the Tezos testnet and remains under active development, with the broader Tezos (XTZ) ecosystem still in the early stages of transitioning toward full post-quantum cryptography.

Industry-wide quantum preparedness efforts

The launch of TzEL is part of a larger trend within the crypto industry to prepare for quantum computing risks. In April 2025, two major validator clients on the Solana network introduced a test version of a post-quantum signature system called Falcon. Falcon is designed to protect the blockchain against future quantum threats while minimizing performance tradeoffs. Solana’s integration of Falcon represents a significant step, as validator signatures are a critical component of proof-of-stake security. Meanwhile, MARA Holdings, a prominent Bitcoin mining company, launched the MARA Foundation to support Bitcoin network development, including research into quantum-resistant security measures. The foundation aims to fund initiatives that strengthen Bitcoin’s resilience against quantum threats, acknowledging that even Bitcoin, with its proof-of-work consensus, relies on ECDSA signatures that could be vulnerable.

Coinbase researchers have also weighed in, noting that blockchains such as Algorand and Aptos appear further along in preparing for quantum threats, citing efforts to integrate quantum-resistant cryptography into their networks. However, the researchers warned that proof-of-stake blockchains may face greater exposure to quantum computing risks compared to proof-of-work blockchains, primarily because of the signature systems used by network validators. In proof-of-stake, validators sign blocks frequently, and if an adversary could forge a validator’s signature, they could create malicious blocks or rewrite history. Proof-of-work chains like Bitcoin rely on energy-intensive mining, which adds an additional layer of security beyond just cryptography.

Timeline debates: how urgent is the threat?

Estimates for when quantum computing will become a practical threat to blockchain security vary widely. According to Bernstein researchers, the crypto industry has around three to five years to transition toward quantum-resistant cryptographic standards before quantum computing becomes a real danger to Bitcoin security. This relatively short timeline has spurred many projects to begin testing and implementing post-quantum solutions now. However, not everyone agrees with that projection. Adam Back, an early cypherpunk and Bitcoin contributor, stated in May 2025 that computers capable of breaking Bitcoin signatures are likely still at least 20 years away. Back's view is based on the substantial engineering challenges required to build and scale fault-tolerant quantum computers. The debate underscores the uncertainty surrounding quantum development and the need for a balanced approach: proactive preparation without overreacting to hypothetical threats.

Technical challenges of post-quantum cryptography

One of the main barriers to widespread adoption of post-quantum cryptography in blockchain systems is the size and computational cost of quantum-resistant algorithms. The zk-STARK proofs in TzEL, for example, are about 300KB each, whereas traditional zk-SNARK proofs are often less than 1KB. This 300x increase in proof size could lead to higher storage requirements and slower transaction throughput if not properly managed. Tezos’ Data Availability Layer is designed to mitigate this by storing proofs off-chain or in a separate layer, allowing the main chain to remain efficient. Other projects are exploring alternative post-quantum schemes such as lattice-based cryptography (e.g., CRYSTALS-Kyber for key exchange and CRYSTALS-Dilithium for signatures), hash-based signatures (e.g., SPHINCS+), and code-based cryptography (e.g., Classic McEliece). Each approach has its own trade-offs in terms of speed, size, and security assumptions.

The National Institute of Standards and Technology (NIST) has been leading efforts to standardize post-quantum algorithms. In 2024, NIST selected CRYSTALS-Kyber, CRYSTALS-Dilithium, SPHINCS+, and FALCON for standardization. Falcon, which Solana is testing, is a signature scheme based on lattice cryptography that offers relatively small signatures (around 0.66KB) and fast verification. However, Falcon’s key generation and signing processes are computationally expensive, which can be a bottleneck for high-throughput blockchains. Tezos’ choice of zk-STARKs over lattice-based schemes is interesting because STARKs do not rely on any cryptographic assumptions that are known to be vulnerable to quantum computers, and they offer transparency (no trusted setup). The downside remains the large proof sizes.

Broader implications and future outlook

The development of quantum-resistant privacy solutions like TzEL is critical for maintaining the long-term viability of blockchain-based financial systems. If current privacy protocols are broken by quantum computers, transaction histories could become transparent, exposing user identities and financial behavior. This would undermine the core value proposition of privacy coins and confidential transactions. Moreover, the 'harvest now, decrypt later' threat means that even transactions made today could be exposed in the future, making quantum-resistant encryption a necessity for any blockchain claiming to provide long-term privacy.

The crypto industry’s response to quantum threats is still in its infancy. While Tezos, Solana, Algorand, and Aptos have made notable progress, many other blockchains have yet to announce concrete plans for post-quantum upgrades. The transition will likely require coordination between developers, validators, and community members to adopt new cryptographic standards without disrupting existing operations. As quantum hardware continues to advance, the pressure to migrate will only increase. The three-to-five year window suggested by Bernstein, or the 20-year timeline proposed by Adam Back, both highlight the importance of starting now. Even if a full-scale quantum computer is two decades away, the time needed to design, test, implement, and upgrade blockchain networks is substantial. Thus, prototypes like TzEL serve as crucial stepping stones toward a future-proof blockchain infrastructure.

Source: Cointelegraph News