Is Gods Unchained Quantum Safe?
Is Gods Unchained quantum safe? That question matters to every serious GODS token holder and NFT card collector who thinks beyond the next market cycle. Gods Unchained runs on Ethereum and the Immutable X layer-2 network, both of which rely on elliptic-curve cryptography that quantum computers are projected to break within the next decade or two. This article breaks down exactly which cryptographic primitives underpin GODS and its NFT contracts, what Q-day exposure looks like in practice, whether any migration plan exists, and what holders can do to protect themselves today.
What Cryptography Does Gods Unchained Actually Use?
Gods Unchained is a blockchain-based trading-card game developed by Immutable. Cards are ERC-721 NFTs settled on Immutable X, a StarkEx-powered validity-rollup layer-2 built on Ethereum. The GODS token itself is an ERC-20 on Ethereum mainnet. Understanding quantum risk means tracing the cryptographic stack from wallet to settlement layer.
Ethereum's ECDSA Foundation
Every Ethereum account, including the wallets that hold GODS tokens and NFT cards, is secured by ECDSA over the secp256k1 elliptic curve. The private key is a 256-bit integer; the corresponding public key and wallet address are derived through elliptic-curve point multiplication. Signing a transaction proves ownership without revealing the private key, and verifying the signature requires only the public key.
This design has two attack surfaces for a sufficiently powerful quantum computer:
- The discrete-logarithm problem on elliptic curves. Shor's algorithm, run on a large-scale fault-tolerant quantum computer, can recover a private key from its public key in polynomial time. The classical hardness that makes secp256k1 secure collapses entirely.
- Public-key exposure on-chain. On Ethereum, a wallet's public key is revealed the first time it broadcasts a signed transaction. From that point forward, any adversary who can run Shor's algorithm at scale can derive the private key from the on-chain data alone.
Immutable X and StarkEx: A Partial Mitigant, Not a Fix
Immutable X uses StarkEx, which generates STARK proofs (Scalable Transparent ARguments of Knowledge) to batch validate thousands of NFT trades off-chain before posting a single validity proof to Ethereum mainnet. STARKs rely on collision-resistant hash functions (specifically FRI over a prime field), not on elliptic-curve discrete logarithms. Hash-based constructions are considered significantly more quantum-resistant than ECDSA because Grover's algorithm only provides a quadratic speedup against them, which is defeated by doubling the hash output size.
However, this matters far less than it first appears for GODS holders:
- The custody layer is still Ethereum ECDSA. STARK proofs validate state transitions, but final withdrawal of assets to mainnet requires a valid ECDSA signature from the user's wallet.
- Immutable X deposits and withdrawals are authorised by the same secp256k1 key pair used for all Ethereum transactions.
- Even if Immutable X's proof system were quantum-hardened, an attacker who can break ECDSA can drain the underlying Ethereum wallet before any StarkEx state transition is needed.
The STARK layer reduces gas costs and settlement times. It does not protect users from Q-day key extraction.
---
What Is Q-Day and Why Does It Matter for GODS Holders?
Q-day is the threshold at which quantum computers become capable of running Shor's algorithm against real-world elliptic-curve key sizes (256-bit for secp256k1) in a timeframe relevant to an active attack. Estimates from academic and government sources vary, but the NIST Post-Quantum Cryptography project framed its urgency around a 10-to-20-year horizon, which is why it finalised its first post-quantum standards in 2024.
For a GODS token holder or NFT card collector, the Q-day threat breaks into two scenarios:
| Scenario | Classical Threat | Quantum Threat |
|---|---|---|
| Private key stored securely | Very low (key never exposed) | Moderate: public key on-chain after first tx; Shor's breaks it |
| Wallet reuses addresses | Moderate (phishing, malware) | High: every signed tx re-exposes public key |
| Assets on exchange/custody | Counterparty risk | Counterparty's ECDSA keys also vulnerable |
| Hardware wallet (cold storage) | Low if seed phrase is secure | Same ECDSA vulnerability; hardware doesn't change the algorithm |
The critical insight: hardware wallets and cold storage do not solve the quantum problem. They protect against classical attacks by keeping the private key offline, but the underlying elliptic-curve algorithm is what a quantum computer attacks. If the public key is already on-chain (true for any wallet that has ever sent a transaction), the private key can be derived without ever touching the physical device.
The "Harvest Now, Decrypt Later" Risk
State-level adversaries and well-funded attackers are already harvesting encrypted data and signed transaction data with the intention of decrypting it once quantum capability matures. For blockchain wallets, this means current on-chain public keys are already archived. By the time quantum computers can run Shor's algorithm at scale, the attack preparation is done. Migration to quantum-safe addresses must happen before Q-day, not after.
---
Does Gods Unchained or Immutable Have a Post-Quantum Migration Plan?
As of mid-2025, neither Immutable nor the Gods Unchained development team has published a formal post-quantum cryptography migration roadmap. This is not unique to them: the vast majority of Ethereum-based projects are in the same position. The responsibility for quantum-safe migration sits primarily at two levels:
- Ethereum protocol level. Ethereum's roadmap includes account abstraction (EIP-4337 and beyond), which could theoretically allow wallet contracts to use quantum-resistant signature schemes. The Ethereum Foundation has acknowledged post-quantum cryptography as a long-term concern. A full transition would require consensus across the entire ecosystem and is unlikely before the early 2030s at the absolute earliest.
- Application and wallet level. Individual users and wallet providers can act faster than the base protocol by migrating to wallets that implement post-quantum signature schemes independently of Ethereum's native ECDSA. This is the layer where near-term protection is actually achievable.
For Gods Unchained specifically, the game's assets and GODS tokens will follow whatever path the Ethereum and Immutable X ecosystems take. There is no game-specific quantum-resistance layer.
---
Which Post-Quantum Cryptographic Approaches Are Viable?
NIST finalised three post-quantum cryptography standards in August 2024 after an eight-year evaluation process. Each uses mathematical problems believed to be hard for both classical and quantum computers.
Lattice-Based Cryptography (ML-KEM, ML-DSA)
Module-Lattice-based Key Encapsulation Mechanism (ML-KEM, formerly CRYSTALS-Kyber) and Module-Lattice-based Digital Signature Algorithm (ML-DSA, formerly CRYSTALS-Dilithium) are NIST's primary standards. They rely on the hardness of the Learning With Errors (LWE) and related problems over lattices, which no known quantum algorithm solves efficiently. Key and signature sizes are larger than ECDSA but remain practical for most applications.
Lattice-based schemes are considered the most mature post-quantum option for digital signatures and key exchange, which is why they are already being deployed in TLS, secure messaging, and now cryptocurrency wallets.
Hash-Based Signatures (SLH-DSA / SPHINCS+)
Stateless Hash-Based Digital Signature Algorithm (SLH-DSA, formerly SPHINCS+) uses only hash functions, making its security assumptions extremely conservative. The downside is large signature sizes (8-50 KB depending on parameter set), which increases transaction costs. For high-value, low-frequency transfers, this is acceptable. For frequent in-game trading of GODS cards, it would be prohibitively expensive at current blockchain gas economics.
Code-Based and Isogeny-Based Alternatives
Code-based schemes (e.g., Classic McEliece) are well-understood but produce very large public keys. Isogeny-based schemes (SIDH/SIKE) suffered a complete classical break in 2022, eliminating them as viable options. NIST did not standardise any isogeny-based algorithm.
---
How Lattice-Based Wallets Differ From Standard Ethereum Wallets
The practical difference between an ECDSA Ethereum wallet and a lattice-based post-quantum wallet comes down to three dimensions:
| Property | ECDSA (secp256k1) | Lattice-Based (ML-DSA) |
|---|---|---|
| Underlying hard problem | Elliptic-curve discrete log | Learning With Errors (LWE) |
| Quantum vulnerability | Broken by Shor's algorithm | No known quantum attack |
| Private key size | 32 bytes | ~2.5 KB (Dilithium3) |
| Signature size | ~71 bytes (DER) | ~3.3 KB (Dilithium3) |
| Verification speed | Very fast | Fast, minor overhead |
| Ethereum compatibility | Native | Requires account abstraction or L2 |
The size difference is the main practical challenge. Larger signatures cost more gas on Ethereum mainnet. Layer-2 solutions like Immutable X, which batch transactions off-chain, reduce this cost significantly, making post-quantum schemes more viable at the application layer even before Ethereum's base layer migrates.
BMIC.ai is one project already implementing lattice-based, NIST PQC-aligned cryptography at the wallet level, providing holders with addresses that cannot be cracked by Shor's algorithm. Projects like this represent the early infrastructure layer that GODS holders and other NFT investors should monitor as the quantum timeline shortens.
---
Practical Steps for Gods Unchained Players to Reduce Quantum Risk Today
While the broader ecosystem catches up, individual holders are not without options. The following steps are ordered from immediately actionable to medium-term:
- Audit your address exposure. Check whether your primary GODS wallet has ever broadcast a transaction. If it has, the public key is already on-chain. Plan to migrate assets to a fresh address before Q-day, ideally a post-quantum-capable one.
- Use address rotation hygiene. Generate a new Ethereum address for each significant asset holding. This limits the window of public-key exposure even under classical-attack models.
- Monitor Ethereum's EIP-7702 and account abstraction rollout. These upgrades enable smart-contract wallets that can use custom signature schemes, including post-quantum ones. Migrating to an account-abstraction wallet now positions you to adopt quantum-safe signatures as plugins become available.
- Watch Immutable's protocol announcements. Immutable has engineering resources to implement protocol-level post-quantum features on Immutable X before Ethereum mainnet is ready, given their control over the rollup's prover and verifier infrastructure.
- Consider custody diversification. Holding a portion of high-value NFT assets in wallets that already implement post-quantum cryptography reduces concentration risk as the quantum timeline becomes clearer.
- Follow NIST and NSA guidance timelines. The NSA's Commercial National Security Algorithm Suite 2.0 (CNSA 2.0) mandates post-quantum cryptography for national-security systems by 2030. This timeline is a credible proxy for when quantum capability is expected to be operationally relevant.
---
The Broader NFT and GameFi Quantum Risk Picture
Gods Unchained is not uniquely exposed compared to other NFT games. Every ERC-721 and ERC-20 token on Ethereum shares the same ECDSA dependency. What makes Gods Unchained worth examining specifically is the scale of its user base and the real-world economic value of its card market. High-value, illiquid NFTs (Legendary and Mythic cards) represent exactly the kind of asset a sophisticated adversary would target with a "harvest now, decrypt later" strategy.
The GameFi sector as a whole has been slow to engage with post-quantum planning, understandably so given the immediate pressures of user acquisition, liquidity, and regulatory uncertainty. But the projects and users who begin positioning for quantum-resistance now, while migration costs are low and urgency is not yet critical, will be substantially better placed than those who wait for a public Q-day announcement.
The window for orderly migration is open. It will not stay open indefinitely.
Frequently Asked Questions
Is Gods Unchained quantum safe right now?
No. Gods Unchained's GODS token and NFT cards are held in Ethereum wallets secured by ECDSA over secp256k1, which is vulnerable to Shor's algorithm on a sufficiently powerful quantum computer. Immutable X's STARK proof system uses hash-based cryptography that is more quantum-resistant, but the underlying custody layer still depends on ECDSA. There is no current quantum-safe migration plan published by Immutable or the Gods Unchained team.
Does using Immutable X protect my GODS tokens from quantum attacks?
Partially, but not sufficiently. Immutable X uses STARK proofs, which rely on hash functions rather than elliptic-curve math, making the proof system itself more quantum-resistant. However, all deposits, withdrawals, and final asset custody still require ECDSA signatures from your Ethereum wallet. An adversary capable of breaking ECDSA can drain your wallet at the Ethereum layer regardless of Immutable X's proof architecture.
When is Q-day expected to happen?
Estimates vary widely. NIST's post-quantum standardisation project and the NSA's CNSA 2.0 mandate both treat the 2030s as a critical window. Some academic models put a cryptographically relevant quantum computer (capable of breaking 256-bit elliptic curves) as early as the late 2030s, while more conservative estimates extend to the 2040s or 2050s. The uncertainty itself is part of the risk: migration should happen well before the capability arrives, not in response to it.
Will a hardware wallet protect my Gods Unchained NFTs from quantum attacks?
No. Hardware wallets protect against classical threats (malware, phishing) by keeping the private key offline. They do not change the underlying cryptographic algorithm. If a quantum computer runs Shor's algorithm against your on-chain public key, it recovers the private key without ever interacting with your hardware device. Quantum safety requires a different signature algorithm, such as lattice-based ML-DSA, not just better key storage.
What is the 'harvest now, decrypt later' attack and does it affect GODS holders?
Harvest now, decrypt later refers to adversaries collecting encrypted data or signed blockchain transactions today, with the intention of breaking them once quantum computing matures. Because Ethereum public keys are permanently recorded on-chain the first time a wallet broadcasts a transaction, GODS holders who have ever sent a transaction already have their public keys archived. This means the preparation for a future quantum attack on their wallets is already done. Migration to a quantum-resistant address before Q-day is the only effective defence.
What post-quantum standards should crypto holders watch for wallet migration?
NIST finalised three post-quantum cryptography standards in August 2024: ML-KEM (key encapsulation), ML-DSA (digital signatures, formerly CRYSTALS-Dilithium), and SLH-DSA (hash-based signatures, formerly SPHINCS+). For wallet signing specifically, ML-DSA is the primary candidate due to its balance of key/signature size and performance. Wallets implementing these NIST-standardised algorithms are the infrastructure to watch as the ecosystem moves toward quantum resistance.