Is Core Quantum Safe?
Is Core quantum safe? It is a question that matters more than most holders realise. Core (CORE) runs on elliptic-curve cryptography, the same family of algorithms that secures Bitcoin and the majority of EVM-compatible chains. When sufficiently powerful quantum computers arrive, those algorithms become vulnerable. This article dissects the specific cryptographic primitives Core relies on, models what Q-day exposure looks like in practice, surveys what migration paths exist, and explains how lattice-based post-quantum wallet designs differ from the status quo.
What Cryptography Does Core Actually Use?
Core is a Bitcoin-aligned EVM blockchain that blends Satoshi Plus consensus, combining delegated proof-of-work (DPoW), delegated proof-of-stake (DPoS), and non-custodial Bitcoin staking. Its security architecture inherits cryptographic assumptions from both the Bitcoin and Ethereum design families.
Elliptic Curve Digital Signature Algorithm (ECDSA)
Like Bitcoin and Ethereum, Core uses ECDSA on the secp256k1 curve to sign transactions. Every wallet on Core is, at its root, a private key from which a public key is derived via elliptic-curve scalar multiplication. The one-way property of this operation is the bedrock of ownership: knowing a public key, it is computationally infeasible for a classical computer to derive the private key.
ECDSA with secp256k1 provides roughly 128 bits of classical security. Against a classical adversary, that is more than sufficient. Against a quantum adversary running Shor's algorithm, it is not.
Hashing Primitives
Core also inherits Bitcoin-style address derivation: public keys are hashed with SHA-256 and RIPEMD-160 before being displayed as addresses. Hashing functions are considerably more quantum-resilient than signature schemes. Grover's algorithm can theoretically halve the effective bit-security of a hash function, reducing SHA-256 from 256-bit to roughly 128-bit security. That remains practically safe for the foreseeable future.
The critical vulnerability is therefore signature-based, not hash-based.
Consensus-Layer Signatures
Core's DPoW relay miners and DPoS validators also sign consensus messages. These use the same ECDSA/secp256k1 stack. A quantum attacker capable of breaking ECDSA could, in principle, forge validator signatures, potentially enabling double-sign attacks or governance manipulation at the consensus layer, not just at the user wallet level.
---
Understanding Q-Day: The Specific Threat Model
"Q-day" refers to the point at which a cryptographically relevant quantum computer (CRQC) can run Shor's algorithm at scale to break asymmetric cryptography. The threat is not theoretical in the abstract sense: it is a matter of engineering progress.
How Shor's Algorithm Breaks ECDSA
Shor's algorithm can solve the elliptic curve discrete logarithm problem (ECDLP) in polynomial time on a quantum computer. For secp256k1, a quantum computer with roughly 2,000 to 4,000 logical qubits (after error correction) is estimated to be sufficient. Current quantum hardware sits in the hundreds of noisy physical qubits, with logical qubit counts far lower. However, progress is accelerating.
The attack window matters enormously:
- Real-time attack: A quantum computer breaks a public key exposed during a live transaction within the transaction confirmation window (seconds to minutes). This is the harder attack and requires a faster machine.
- Harvest-now, decrypt-later (HNDL): An adversary records all public keys broadcast on-chain today and decrypts them once a CRQC becomes available. This is the more immediate threat because any address that has ever sent a transaction has its public key permanently on the public ledger.
On Core, as with Bitcoin and Ethereum, once a wallet address has been used to send funds, the public key is exposed. That exposure is permanent and immutable.
Which CORE Addresses Are Already Exposed?
| Address Type | Public Key Exposed? | Quantum Risk Level |
|---|---|---|
| Never-used address (only received) | No | Low (hash provides partial protection) |
| Address used to send at least once | Yes (on-chain) | High at Q-day |
| Smart contract deployer address | Yes | High at Q-day |
| Validator signing key (used repeatedly) | Yes | High at Q-day |
| Multi-sig participant key | Yes (revealed on execution) | High at Q-day |
The table illustrates a crucial nuance: addresses that have only received funds, never sent them, have their public key hidden behind the hash. This is sometimes called "one-time address" hygiene. Wallets that reuse addresses (the majority of retail wallets today) offer no such protection.
---
Has Core Published Any Quantum Migration Roadmap?
As of the time of writing, Core has not published a formal post-quantum cryptography (PQC) migration roadmap. This is not unusual. The majority of layer-1 blockchains, including Bitcoin and Ethereum, are in similarly early stages.
Ethereum's research community has discussed quantum migration more openly. Ethereum co-founder Vitalik Buterin has outlined a potential hard-fork path involving Winternitz one-time signatures or STARKs to enable quantum-resistant transaction verification. Bitcoin Core developers have discussed but not committed to P2QRH (Pay-to-Quantum-Resistant-Hash) proposals. Core, as a Bitcoin-aligned chain, would likely follow Bitcoin's lead on any protocol-level changes, but no timeline exists.
What Would a Migration Look Like?
A credible PQC migration for any ECDSA-based chain requires:
- Algorithm selection: Choosing a NIST-standardised post-quantum signature scheme (CRYSTALS-Dilithium, FALCON, SPHINCS+, or ML-DSA under the new naming).
- Address format upgrade: Introducing a new address type that encodes a PQC public key, analogous to how Bitcoin introduced SegWit (bech32) addresses.
- Transition period: Setting a block height at which old ECDSA-signed transactions are still valid, while new PQC-signed addresses become the standard.
- Key migration window: Giving users a defined period to move funds from ECDSA addresses to PQC addresses before the old format is deprecated.
- Hard fork: Executing the protocol change. This requires consensus among validators, miners, and the broader community.
Each step carries coordination risk. The longer any chain waits to begin this process, the greater the proportion of funds sitting in permanently exposed ECDSA addresses.
---
NIST Post-Quantum Standards: What the Options Are
NIST finalised its first three post-quantum cryptography standards in August 2024:
| Standard | Type | Basis | Signature Size | Key Size |
|---|---|---|---|---|
| ML-DSA (CRYSTALS-Dilithium) | Signature | Lattice (Module-LWE) | ~2.4 KB | ~1.3 KB |
| SLH-DSA (SPHINCS+) | Signature | Hash-based | ~8–50 KB | 32–64 bytes |
| FALCON (FN-DSA) | Signature | Lattice (NTRU) | ~0.7 KB | ~0.9 KB |
For blockchain applications, FALCON and ML-DSA are the most practical. FALCON produces smaller signatures, which matters for on-chain storage costs. SPHINCS+ is conservative (relies only on hash security) but produces large signatures, making it expensive for high-throughput chains.
A hybrid scheme, combining an ECDSA signature with a lattice-based signature for the same transaction, is often proposed as a transitional measure. This provides backward compatibility while adding quantum resistance.
---
How Lattice-Based Post-Quantum Wallets Differ
Understanding the difference between a classical ECDSA wallet and a lattice-based PQC wallet requires examining what changes under the hood.
Key Generation
In an ECDSA wallet, a private key is a 256-bit random integer, and the public key is a point on secp256k1. In a lattice-based wallet (ML-DSA or FALCON), key generation involves sampling vectors from a structured lattice. The keys are larger, but the hardness assumption is the Learning With Errors (LWE) problem or the NTRU problem, both of which have no known quantum algorithm that solves them efficiently.
Signing and Verification
ECDSA signing involves modular arithmetic over the elliptic curve field. Lattice signing involves matrix-vector operations and rejection sampling. Verification is computationally comparable in cost, though the proof artefacts are larger.
What This Means for Users
From a user experience perspective, a PQC wallet looks identical: you still have an address, you still sign transactions with a key you control. The differences are:
- Larger transaction payloads (higher potential gas costs on EVM chains)
- Larger key material to back up
- Different address format (breaking backward compatibility with existing ECDSA addresses)
Projects building PQC wallet infrastructure today are positioning for a world where Q-day is an engineering reality rather than a distant abstraction. One example worth noting: BMIC.ai is building a quantum-resistant wallet and token using lattice-based, NIST PQC-aligned cryptography, specifically designed to protect holdings against Q-day exposure that classical wallets like most CORE wallets currently carry.
---
What Should CORE Holders Do Now?
The absence of a protocol-level PQC migration does not mean holders are without options. Several practical risk-management steps apply:
Short-Term: Address Hygiene
- Never reuse addresses. Generate a new receiving address for every transaction. This limits public key exposure to the single transaction in which funds are moved.
- Keep significant holdings in "virgin" addresses (addresses that have only received, never sent). The hash layer provides partial protection until a full PQC migration occurs.
- Move funds proactively if you use an address repeatedly. Any address with an exposed public key is a Q-day liability.
Medium-Term: Watch the Roadmap
- Monitor Core's governance forums and developer communications for any PQC working group or BIP-equivalent proposals.
- Watch Ethereum's roadmap as a leading indicator. Core's EVM compatibility means Ethereum's PQC research is directly applicable.
- Follow NIST's ongoing PQC standardisation process. Additional algorithms (particularly for key encapsulation) are still being evaluated.
Longer-Term: Consider PQC-Native Infrastructure
Chains and wallets purpose-built on post-quantum cryptographic foundations eliminate the migration risk entirely. They do not carry legacy ECDSA debt and do not require a coordinated hard fork to become quantum safe. For holders with a multi-year horizon, allocating some custody to PQC-native infrastructure is a coherent risk-management decision.
---
Analyst Scenario Analysis: When Does Q-Day Risk Become Actionable?
Analyst estimates for a CRQC capable of breaking secp256k1 vary widely:
- Conservative scenario: 2040 or later, requiring sustained breakthroughs in quantum error correction.
- Base case: 2030–2038, given current trajectories in logical qubit scaling from IBM, Google, and others.
- Aggressive scenario: Before 2030, if algorithmic improvements (e.g., reduced qubit requirements per Shor step) combine with faster hardware scaling.
The harvest-now, decrypt-later dynamic means the risk is not bounded by these dates. Data being recorded on-chain today, including exposed public keys, will still be there when a CRQC arrives. For long-duration holders, that is the relevant frame. The question is not "will Q-day happen before I sell?" but "will Q-day happen before the chain migrates?"
---
Summary
Core is not quantum safe in its current form. It relies on ECDSA over secp256k1, which is directly vulnerable to Shor's algorithm on a sufficiently powerful quantum computer. No formal PQC migration roadmap has been published. Addresses that have sent transactions have permanently exposed public keys on the ledger. The practical risk timeline depends on quantum hardware progress, but the harvest-now attack vector means the clock starts at the moment any public key is broadcast, not at the moment a CRQC becomes operational. Protocol-level migration is possible but requires significant coordination and has not yet been initiated.
Frequently Asked Questions
Is Core (CORE) quantum safe right now?
No. Core uses ECDSA on the secp256k1 elliptic curve for transaction signing, the same algorithm used by Bitcoin and Ethereum. Shor's algorithm, run on a sufficiently powerful quantum computer, can break ECDSA and derive private keys from exposed public keys. Core has not published a post-quantum cryptography migration roadmap.
Which Core addresses are most at risk from a quantum attack?
Any address that has been used to send a transaction has its public key permanently recorded on-chain. That exposed public key is directly vulnerable to Shor's algorithm at Q-day. Addresses that have only ever received funds (never sent) have their public key hidden behind a SHA-256/RIPEMD-160 hash, which provides partial protection but is not a long-term solution.
What is the harvest-now, decrypt-later attack and why does it matter for CORE holders?
Harvest-now, decrypt-later means an adversary records exposed public keys from the blockchain today and stores them, then decrypts them once a cryptographically relevant quantum computer becomes available. For Core holders, this means any address with an exposed public key is already a future liability, even though no quantum computer capable of the attack exists yet.
What post-quantum cryptography standards exist that Core could adopt?
NIST finalised three post-quantum signature standards in 2024: ML-DSA (CRYSTALS-Dilithium), SLH-DSA (SPHINCS+), and FN-DSA (FALCON). For a blockchain like Core, FALCON and ML-DSA are the most practical due to their smaller signature sizes. A migration would require a hard fork introducing new address formats and a transition period for users to move funds.
When do analysts expect Q-day to arrive?
Estimates range widely. Conservative projections place a cryptographically relevant quantum computer at 2040 or later. Base-case analyst scenarios typically point to 2030–2038, based on current logical qubit scaling trajectories from major quantum computing labs. Some aggressive scenarios suggest the 2020s are not out of the question if algorithmic improvements reduce qubit requirements significantly.
What can CORE holders do to reduce quantum risk before a protocol migration happens?
Three practical steps: first, avoid reusing addresses and generate a fresh address for every transaction to minimise public key exposure. Second, keep significant holdings in addresses that have only received funds (never sent), as the hash layer provides partial cover. Third, monitor Core's governance forums and Ethereum's PQC research for migration proposals, and consider diversifying long-duration custody into infrastructure built on post-quantum cryptographic foundations.