Is Axelar Quantum Safe?
Is Axelar quantum safe? That question matters more than most AXL holders realise. Axelar is a cross-chain communication protocol securing billions in bridged assets, and like virtually every Layer-1 and Layer-2 network built before 2024, its security rests on elliptic-curve cryptography that a sufficiently powerful quantum computer could break. This article maps exactly which cryptographic primitives Axelar relies on, quantifies the Q-day exposure, examines whether the protocol has a credible post-quantum migration plan, and explains what lattice-based alternatives look like in practice.
How Axelar's Cryptography Actually Works
Axelar is a proof-of-stake network built on the Cosmos SDK. Its core job is to route cross-chain messages and asset transfers between heterogeneous blockchains, from Ethereum and its L2s to Cosmos appchains, Polkadot, and beyond. To do that securely, it relies on several distinct cryptographic layers.
Validator Key Signing: ECDSA and EdDSA
Axelar validators hold signing keys that authorise cross-chain transactions. The network uses two curve families:
- secp256k1 (ECDSA) for compatibility with EVM chains. Every message destined for or originating from an Ethereum-compatible network is signed or verified using this curve, the same one Bitcoin and Ethereum use for wallet signatures.
- ed25519 (EdDSA) for Cosmos SDK consensus. Tendermint, the consensus engine underneath Axelar, relies on ed25519 for validator votes and block finality.
Both are classical elliptic-curve schemes. Their security assumption is that computing the discrete logarithm of a point on the curve is computationally infeasible. That assumption holds against classical computers. It does not hold against a large-scale quantum computer running Shor's algorithm.
Threshold Signature Scheme (TSS)
Axelar's most distinctive component is its threshold signature scheme. Rather than holding one monolithic private key, a quorum of validators each hold a key share. A valid signature requires a threshold, often two-thirds of active validators, to cooperate. This design eliminates single-points of failure and makes covert key theft far harder under classical threat models.
However, the underlying algorithm for those key shares is still ECDSA on secp256k1. The threshold architecture distributes trust but does not change the algebraic hardness assumption. A cryptographically relevant quantum computer (CRQC) running Shor's algorithm attacks the curve directly. It does not need to steal a single key; it reconstructs private keys from public keys, which are visible on-chain.
Hashing and Symmetric Primitives
Axelar's message hashing uses SHA-256 and Keccak-256, inherited from the chains it serves. Symmetric and hash-based primitives are largely quantum-resistant already: Grover's algorithm weakens them, but doubling key length (e.g. moving from AES-128 to AES-256) largely restores the security margin. These components are not the acute vulnerability.
---
What Q-Day Means for Axelar Specifically
Q-day is the hypothetical point at which a CRQC can break 256-bit elliptic-curve keys in economically meaningful time, often estimated at hours to days on a fault-tolerant machine with thousands of logical qubits. Current leading estimates from NIST, NCSC, and the BSI place the risk window somewhere between 2030 and 2040, though the timeline is genuinely uncertain.
For Axelar, Q-day creates two distinct attack surfaces:
Attack Surface 1: Validator Key Compromise
If an adversary runs Shor's algorithm against a validator's public key, they derive the private key. Holding that key, they can generate fraudulent threshold signature shares. With enough compromised shares, they cross the signing threshold and authorise arbitrary cross-chain transfers. Given that Axelar secures hundreds of gateway contracts holding bridged assets, this is a catastrophic scenario, not a theoretical inconvenience.
Attack Surface 2: Gateway Contract Addresses
Axelar deploys gateway smart contracts on EVM chains. Those contracts are controlled by the validator multisig. Any Ethereum address whose public key has been exposed on-chain, including every address that has ever sent a transaction, is theoretically harvestable. A quantum attacker could derive the private key, drain the contract, and invalidate cross-chain proofs before the network detects the anomaly.
The time-to-exploitation gap is also worth noting. Encrypted blockchain data is already being harvested today in "store now, decrypt later" (SNDL) attacks. Adversaries with sufficient resources are archiving blockchain state under the assumption they will eventually have the quantum capability to exploit it. Long-lived assets secured by today's ECDSA keys are therefore already at latent risk.
---
Does Axelar Have a Post-Quantum Migration Plan?
As of mid-2025, Axelar has not published a formal post-quantum cryptography (PQC) roadmap in the same way that some infrastructure protocols have. The Cosmos SDK itself, which underpins Axelar, does not yet have a production-ready post-quantum key scheme integrated into its core validator or consensus modules.
The broader Cosmos ecosystem has seen discussion of PQC migration, particularly in academic and governance forums, but the challenge for a cross-chain protocol like Axelar is compounded:
- Multi-chain dependency. Axelar's security is only as quantum-resistant as the weakest chain in the network it bridges. Even if Axelar migrated its own validator keys to lattice-based schemes, the EVM gateway contracts it connects to still operate under ECDSA.
- TSS algorithm replacement. Replacing ECDSA-based TSS with a quantum-safe equivalent (such as a lattice-based threshold scheme derived from CRYSTALS-Dilithium or FALCON) is a significant research and engineering undertaking. No major threshold network has completed this in production.
- Governance coordination. A cryptographic migration touching validator key infrastructure requires network-wide governance votes and coordinated validator upgrades, a process that historically takes months to years.
None of this means migration is impossible. NIST finalised its first set of post-quantum standards in 2024: CRYSTALS-Kyber (ML-KEM) for key encapsulation and CRYSTALS-Dilithium (ML-DSA) alongside FALCON for digital signatures. These are the most likely candidates for any future Axelar PQC upgrade. But the protocol has not committed to a timeline.
---
Comparing Classical vs. Post-Quantum Cryptographic Approaches
The table below summarises the key differences between the cryptographic primitives Axelar currently uses and their NIST-standardised post-quantum alternatives.
| Property | secp256k1 / ECDSA | ed25519 / EdDSA | CRYSTALS-Dilithium (ML-DSA) | FALCON |
|---|---|---|---|---|
| **Security basis** | Elliptic-curve discrete log | Elliptic-curve discrete log | Module lattice (MLWE) | NTRU lattice |
| **Quantum resistance** | None (Shor's breaks it) | None (Shor's breaks it) | Yes (NIST PQC standard) | Yes (NIST PQC standard) |
| **Signature size** | ~64 bytes | ~64 bytes | ~2,420 bytes | ~666 bytes |
| **Verification speed** | Very fast | Very fast | Fast | Very fast |
| **Key size** | ~33 bytes (compressed) | ~32 bytes | ~1,312 bytes | ~897 bytes |
| **EVM compatibility** | Native | Partial (precompile) | None (yet) | None (yet) |
| **TSS support (production)** | Yes | Partial | Research stage | Research stage |
The tradeoffs are real. Post-quantum signatures are substantially larger, which drives up on-chain data costs and complicates the gateway architecture Axelar depends on. This is why migration is a multi-year project, not a software patch.
---
What Post-Quantum Wallet Architecture Looks Like
Understanding the wallet side of quantum resistance helps clarify what genuine protection means in practice. A post-quantum wallet replaces ECDSA key generation and signing with a lattice-based algorithm. When you generate an address, your public key is derived from a hard lattice problem, specifically the Learning With Errors (LWE) or its structured variants (MLWE, RLWE), rather than from elliptic-curve point multiplication.
The security guarantee changes fundamentally. Shor's algorithm, which unravels elliptic curves in polynomial time on a quantum computer, has no known analogue that breaks well-parameterised lattice problems. The best known quantum attacks against CRYSTALS-Dilithium still require exponential time, meaning the security margin survives Q-day.
Projects building infrastructure around NIST PQC standards, such as BMIC.ai, which uses lattice-based cryptography aligned with NIST PQC to protect wallet keys, represent the design direction that long-term asset custody will likely need to move toward, whether the underlying chain is Axelar, Ethereum, or Bitcoin.
For Axelar users specifically, the implication is this: even if Axelar migrates its validator infrastructure to post-quantum schemes in the future, users whose personal wallets still use ECDSA remain exposed at the individual custody level.
---
Practical Risk Assessment for AXL Holders
How should an AXL holder or developer think about this risk today?
Near-Term (2025-2028)
The threat is latent, not immediate. No CRQC exists today that can break 256-bit elliptic curves. The near-term risk is primarily SNDL: adversaries archiving your on-chain activity now to decrypt later. For most retail users, this is not an acute concern in the current window.
Medium-Term (2028-2033)
NIST's own guidance suggests organisations begin migrating cryptographic infrastructure by the late 2020s to be protected before the 2030s threat window. For Axelar, this means the governance and engineering process for PQC migration should ideally begin well before Q-day arrives. Whether Axelar's community will prioritise this over near-term feature development is an open question.
Long-Term (2033+)
If Axelar has not migrated by the time CRQCs become accessible, the protocol faces the scenarios described above: validator key compromise, gateway contract exploitation, and potential systemic bridge failures. The cross-chain nature of the protocol amplifies this risk relative to single-chain networks.
Risk factors to monitor:
- Cosmos SDK roadmap items referencing PQC key schemes
- Axelar governance proposals touching validator cryptography
- Progress on ECDSA-to-Dilithium threshold signature research (academic literature, e.g., work from CWI, NTT, and university cryptography groups)
- NIST's ongoing PQC process for additional signature schemes (SPHINCS+, HAWK)
---
Key Takeaways
- Axelar uses secp256k1/ECDSA and ed25519/EdDSA, both broken by Shor's algorithm on a sufficiently powerful quantum computer.
- The threshold signature scheme distributes trust but does not change the underlying quantum vulnerability.
- No formal post-quantum migration roadmap exists for Axelar as of mid-2025.
- NIST-standardised alternatives (CRYSTALS-Dilithium, FALCON) are available but carry engineering and compatibility costs that make migration a multi-year effort.
- Individual users remain exposed at the wallet level even if the protocol eventually migrates.
- The risk is latent today but follows a trajectory where preparation before the threat window is significantly cheaper than reactive migration during it.
Frequently Asked Questions
Is Axelar quantum safe right now?
No. Axelar relies on secp256k1/ECDSA for EVM-facing operations and ed25519/EdDSA for Cosmos consensus. Both are vulnerable to Shor's algorithm on a cryptographically relevant quantum computer. As of mid-2025, Axelar has not published a post-quantum migration roadmap.
Does Axelar's threshold signature scheme (TSS) protect against quantum attacks?
Partially, but not against quantum threats. TSS distributes key shares among validators, which prevents classical single-point compromise. However, the shares are still derived from ECDSA on secp256k1. A quantum computer running Shor's algorithm reconstructs private keys from public keys directly, bypassing the threshold architecture entirely.
Which NIST post-quantum algorithms would be most relevant for Axelar to adopt?
CRYSTALS-Dilithium (now standardised as ML-DSA) and FALCON are the most relevant for signature replacement. ML-KEM (formerly Kyber) would apply to key encapsulation in secure channels. SPHINCS+ is a hash-based fallback. The practical challenge is that none of these have production-grade threshold signature implementations compatible with Axelar's multi-chain gateway architecture yet.
When is Q-day expected to arrive?
Estimates vary, but NIST, the BSI, and the NCSC broadly suggest the 2030–2040 window as when cryptographically relevant quantum computers could plausibly threaten 256-bit elliptic-curve keys. The timeline is uncertain. Importantly, 'store now, decrypt later' attacks mean some risk is already present, since adversaries can archive on-chain data today and decrypt it once quantum capability matures.
If Axelar migrates to post-quantum cryptography, will my wallet automatically be protected?
No. Protocol-level migration protects validator infrastructure and gateway contracts, but your personal wallet keys are generated independently. If your wallet uses ECDSA (as all standard Ethereum and Cosmos wallets do), you remain exposed at the individual custody level regardless of what the underlying protocol does.
What should AXL holders do to reduce quantum risk today?
Practical steps include: avoiding address reuse (which limits public key exposure), monitoring Axelar governance for PQC proposals, and considering whether long-term holdings should be moved to wallets built on post-quantum cryptographic schemes as those become available. Following NIST PQC standardisation updates is also useful for staying ahead of the threat timeline.