Is Request Quantum Safe?
Is Request quantum safe? It's a question that matters more than most REQ holders realise. Request Network is a decentralised payment protocol built on Ethereum, which means its entire security model inherits Ethereum's elliptic-curve cryptography. When quantum computers reach cryptographically relevant scale, that foundation faces a genuine structural threat. This article analyses exactly what cryptography Request relies on, where the ECDSA and EdDSA exposure sits, what migration pathways exist at the protocol and wallet layer, and how the emerging class of post-quantum wallets approaches the same problem differently.
What Cryptography Does Request Network Actually Use?
Request Network is not a layer-1 blockchain. It is a protocol layer built on top of Ethereum (and compatible EVM chains), with on-chain smart contracts handling payment logic and an off-chain IPFS-based data layer storing request metadata. This architecture means its cryptographic exposure is almost entirely inherited from Ethereum's account model rather than custom-designed at the protocol level.
The Ethereum ECDSA Dependency
Every REQ holder, every invoice creator, and every payment channel participant signs transactions using ECDSA over the secp256k1 elliptic curve. This is the same curve used by Bitcoin. The security assumption rests on the hardness of the elliptic-curve discrete logarithm problem (ECDLP): given a public key, it is computationally infeasible for a classical computer to derive the corresponding private key.
A sufficiently powerful quantum computer running Shor's algorithm breaks ECDLP in polynomial time. The private key is recoverable from the public key alone. Because Ethereum addresses expose their public keys the moment they sign a transaction (and in many cases even before, via address reuse patterns), this is not a theoretical edge case. It is a direct attack surface.
Smart Contract Signature Verification
Request's smart contracts use Ethereum's native `ecrecover` precompile to verify signatures. This precompile is hard-coded to ECDSA/secp256k1. There is no pluggable signature scheme at the EVM level today. A quantum attacker who compromises a signer's private key does not need to touch the smart contract. They impersonate the signer at the key layer, and every downstream contract call appears legitimate.
Off-Chain Layer: IPFS and Request Data
Request stores invoice content off-chain using IPFS content-addressed hashes (SHA-256 and Keccak-256). These hash functions have partial quantum exposure: Grover's algorithm reduces the effective security of a 256-bit hash to roughly 128-bit security. That is meaningful but not catastrophic in the near term. The more acute risk remains at the signature layer.
---
What Is Q-Day and Why Should REQ Holders Care?
Q-Day refers to the point at which a cryptographically relevant quantum computer (CRQC) becomes operational. Current estimates from bodies including IBM, Google, and NIST's post-quantum program place this risk on a 10-to-20-year horizon for a fault-tolerant machine capable of running Shor's algorithm against 256-bit elliptic-curve keys, though some analysts argue nation-state actors could accelerate that timeline.
The "Harvest Now, Decrypt Later" Attack Vector
The more immediate concern is harvest now, decrypt later (HNDL). Adversaries can record encrypted traffic and signed transaction metadata today, storing it until quantum capability matures. For a payment protocol like Request, this means:
- Transaction patterns, invoice amounts, and counterparty relationships recorded on-chain are permanently visible anyway (public blockchain). The HNDL concern is more acute for off-chain encrypted channels or metadata.
- Private keys derived from public keys become recoverable retroactively. Any address whose public key is already on-chain is exposed the moment a CRQC exists, regardless of when the key was created.
Address Reuse and Public-Key Exposure
Ethereum's account model means that once an address has signed a transaction, its public key is permanently on-chain. Unlike Bitcoin's UTXO model where a fresh address per transaction provides some obfuscation, Ethereum EOAs (externally owned accounts) are persistent. Every REQ wallet that has ever sent a transaction has its public key permanently recorded. That is the full attack surface on day one of Q-day.
---
Has Request Network Made Any Post-Quantum Migration Plans?
As of the most recent public documentation and governance activity, Request Network has not published a formal post-quantum migration roadmap. This is not unusual. The vast majority of EVM-layer projects are in the same position, because the migration problem is largely upstream: it depends on Ethereum core developers implementing quantum-resistant signature schemes at the protocol level.
Ethereum's Own Post-Quantum Timeline
Ethereum's long-term roadmap (the "Splurge" phase) includes account abstraction improvements and EIP proposals that could eventually enable pluggable signature schemes. EIP-7212 (secp256r1 precompile) and broader ERC-4337 account abstraction work lay groundwork for alternative verification logic. However, none of the current live proposals mandate or schedule a migration away from ECDSA to a NIST-approved post-quantum algorithm such as CRYSTALS-Dilithium or FALCON.
Vitalik Buterin has acknowledged quantum resistance as a long-term requirement and sketched a scenario where a hard fork could replace ECDSA with a Winternitz or STARKs-based signature scheme, but no concrete EIP with an activation date exists as of this writing.
What This Means for REQ Specifically
Request's team cannot unilaterally quantum-harden the protocol without corresponding changes at the EVM layer. Their practical options are limited to:
- Off-chain migration guidance: Recommending users rotate to quantum-resistant wallet infrastructure when it becomes available.
- Account abstraction wallets: Deploying smart-contract wallets (via ERC-4337) that use post-quantum signature verification modules, independent of `ecrecover`.
- Layer-2 or appchain migration: Moving protocol logic to a network that implements post-quantum cryptography natively at consensus level.
None of these are on a published timeline for Request.
---
Comparing Request's Quantum Exposure to Other Crypto Assets
The table below positions Request's quantum risk profile against several reference points. "Signature scheme" refers to what protects user funds and transaction validity. "PQC roadmap" refers to whether a formal post-quantum migration plan exists.
| Asset / Protocol | Signature Scheme | Hash Function | Known PQC Roadmap | Key Exposure Model |
|---|---|---|---|---|
| Request (REQ) | ECDSA / secp256k1 (via Ethereum) | Keccak-256 | None (depends on Ethereum) | Persistent EOA — public key on-chain after first tx |
| Ethereum (ETH) | ECDSA / secp256k1 | Keccak-256 | Conceptual (Splurge phase) | Same as above |
| Bitcoin (BTC) | ECDSA / secp256k1 + Schnorr | SHA-256 | No formal roadmap | Partial exposure (P2PKH hides pubkey pre-spend) |
| Algorand (ALGO) | EdDSA / Ed25519 | SHA-512 | Research-phase proposals | Public key exposed at account creation |
| QRL | XMSS (hash-based PQC) | SHA-256 | Live — quantum-resistant by design | No ECDSA dependency |
| BMIC | Lattice-based (NIST PQC-aligned) | Quantum-resistant primitives | Live — core design principle | Built without ECDSA from ground up |
Key takeaway from the table: Request sits in the same risk tier as the broader Ethereum ecosystem. The exposure is real but shared with hundreds of EVM projects. The differentiator is whether a wallet or protocol layer has proactively replaced ECDSA with a quantum-resistant alternative. Most have not.
---
How Lattice-Based Post-Quantum Wallets Differ
The NIST Post-Quantum Cryptography standardisation process (finalised in 2024 with FIPS 203, 204, and 205) selected two primary families for digital signatures:
- CRYSTALS-Dilithium (ML-DSA, FIPS 204): A lattice-based scheme whose security rests on the hardness of the Module Learning With Errors (MLWE) problem. No known quantum algorithm solves MLWE efficiently.
- FALCON (FN-DSA, FIPS 206): A more compact lattice scheme based on NTRU lattices, offering smaller signature sizes at the cost of more complex implementation.
- SPHINCS+ (SLH-DSA, FIPS 205): A hash-based stateless signature scheme, conservative and well-understood but with larger signature sizes.
Why Lattice-Based Schemes Resist Shor's Algorithm
Shor's algorithm is specifically effective against problems with algebraic structure that quantum Fourier transforms can exploit: integer factorisation (RSA) and discrete logarithms (ECDSA/EdDSA). MLWE and related lattice problems lack this exploitable structure. The best known quantum attacks against MLWE (including variants of Grover's search) do not achieve polynomial-time solutions. This is why NIST selected lattice-based schemes as the primary post-quantum standard.
Practical Implications for Wallet Infrastructure
A wallet built on lattice-based cryptography generates key pairs that cannot be reverse-engineered even by a CRQC. For assets held in or transacted through such a wallet, the Q-day risk is structurally neutralised at the key layer. BMIC.ai is an example of this approach: its quantum-resistant wallet is built on NIST PQC-aligned lattice cryptography, specifically designed so that the private key exposure scenario enabled by Shor's algorithm does not apply. For REQ holders or any Ethereum-based asset holder concerned about long-horizon quantum risk, the wallet layer is the one place they can act independently of Ethereum's own upgrade timeline.
---
What Can Request Users Do Right Now?
Waiting for Ethereum or Request to implement PQC natively is a valid long-term position, but it is passive. There are concrete steps users can take today to reduce their quantum exposure profile.
Practical Steps for REQ Holders
- Minimise public-key exposure where possible. For assets not on EVM chains, use address schemes that defer public-key revelation (e.g. Bitcoin P2TR/Taproot, or fresh addresses). For Ethereum/REQ, the damage is largely done once a transaction is signed.
- Avoid long-term storage in high-value Ethereum EOAs. If you are holding significant REQ for years, the Q-day timeline matters. Consider smart-contract wallet options with upgradeable verification logic.
- Monitor Ethereum's account abstraction progress. ERC-4337 wallets can swap signature verification modules. When a production-grade CRYSTALS-Dilithium ERC-4337 wallet module ships, migration becomes feasible without waiting for an Ethereum hard fork.
- Assess wallet infrastructure critically. Not all hardware wallets or software wallets will upgrade simultaneously. Prioritise wallets with explicit post-quantum roadmaps.
- Stay current on NIST standards adoption. FIPS 204 (Dilithium) and FIPS 206 (FALCON) are live standards. Demand that wallet providers and exchanges adopt them.
- Diversify into quantum-native assets for long-horizon holdings where the signature layer is protected from inception, rather than relying on a future migration.
---
Conclusion: Request Is Not Quantum Safe — Yet
Request Network, in its current form, is not quantum safe. Its cryptographic security is fully inherited from Ethereum's ECDSA/secp256k1 stack, which Shor's algorithm directly threatens at Q-day. There is no published migration roadmap at the protocol level, and the upstream dependency on Ethereum's own upgrade cycle means REQ cannot act unilaterally. The risk is not unique to Request — it is systemic across EVM-compatible assets — but that shared exposure does not reduce the exposure itself. The appropriate analyst position is: monitor Ethereum's PQC upgrade path, act at the wallet layer where possible today, and weight long-horizon holdings with full awareness of the HNDL attack vector and eventual Q-day scenario.
Frequently Asked Questions
Is Request Network (REQ) protected against quantum computer attacks?
No. Request Network relies on Ethereum's ECDSA/secp256k1 signature scheme, which is vulnerable to Shor's algorithm running on a sufficiently powerful quantum computer. There is no post-quantum migration roadmap published by the Request team as of this writing.
What is Q-day and when could it affect REQ holders?
Q-day is the point at which a cryptographically relevant quantum computer can break elliptic-curve cryptography using Shor's algorithm, exposing private keys from public keys. Most estimates place this 10 to 20 years out, but 'harvest now, decrypt later' attacks mean data and keys exposed today could be compromised retroactively when that capability arrives.
Could Ethereum fix the quantum problem for Request automatically?
A successful Ethereum-level migration to a NIST-approved post-quantum signature scheme would protect Request's transaction layer, but no concrete EIP with an activation date exists. The Ethereum roadmap ('Splurge' phase) mentions quantum resistance conceptually, and ERC-4337 account abstraction could enable pluggable PQC signature modules, but nothing is scheduled.
What is the difference between ECDSA and lattice-based cryptography in terms of quantum resistance?
ECDSA security relies on the elliptic-curve discrete logarithm problem, which Shor's algorithm solves efficiently on a quantum computer. Lattice-based schemes like CRYSTALS-Dilithium (FIPS 204) rely on the Module Learning With Errors problem, for which no efficient quantum algorithm is known. This is why NIST selected lattice-based algorithms as its primary post-quantum standard.
Can a REQ holder reduce their quantum risk today?
Partially. Because REQ transactions happen on Ethereum, every signed transaction permanently exposes the public key on-chain. Practical steps include using ERC-4337 smart-contract wallets with upgradeable signature modules, avoiding long-term storage of high-value assets in standard Ethereum EOAs, and monitoring when production-grade post-quantum wallet modules become available.
Does the 'harvest now, decrypt later' attack apply to Request transactions?
The HNDL concern for on-chain transaction data is limited because Ethereum is already a public ledger. The more acute HNDL risk is that public keys already recorded on-chain become usable to derive private keys the moment a CRQC exists, regardless of when the key was originally created. Any Ethereum address that has ever signed a transaction is in this category.