Is Small Thing Quantum Safe?
Is Small Thing quantum safe? It is a question that every serious ST holder should be asking right now. Small Thing, like the vast majority of altcoins launched in the last decade, relies on the same elliptic-curve cryptography stack that underpins Bitcoin and Ethereum. That stack is mathematically secure today, but a sufficiently powerful quantum computer could render it obsolete in a single afternoon. This article dissects exactly what cryptographic primitives ST uses, quantifies the threat timeline, examines any migration signals from the project, and explains how lattice-based post-quantum wallets approach the problem differently.
What Cryptography Does Small Thing Actually Use?
Small Thing (ST) is an EVM-compatible token, meaning its wallet key pairs, transaction signatures, and address derivation all inherit the Ethereum cryptographic stack. Understanding what that stack contains is the starting point for any honest quantum-threat analysis.
ECDSA and the secp256k1 Curve
Ethereum wallets, and by extension every ERC-20/ERC-721 token including ST, rely on the Elliptic Curve Digital Signature Algorithm (ECDSA) over the secp256k1 curve. The security model works as follows:
- A private key is a 256-bit random integer.
- A public key is derived by multiplying the private key by the curve's generator point, a one-way operation on classical hardware.
- A wallet address is the last 20 bytes of the Keccak-256 hash of the public key.
- Every transaction is signed with ECDSA, proving ownership without revealing the private key.
The one-way property of elliptic-curve point multiplication collapses under Shor's algorithm running on a large-scale, fault-tolerant quantum computer. An attacker with such a machine could derive the private key from any exposed public key in a matter of hours, or potentially minutes depending on qubit count and error-correction overhead.
When Is a Public Key Exposed?
This is a critical nuance. An Ethereum address is a *hash* of the public key, not the public key itself. The public key is only broadcast to the network at the moment a wallet signs and sends a transaction.
Practically, this means:
- Unspent, never-transacted addresses enjoy one extra layer of protection via Keccak-256 hashing. A quantum attacker would first need to invert the hash to reach the public key, and hash functions are considered quantum-resistant (Grover's algorithm only halves the effective bit-strength, leaving Keccak-256 with ~128-bit quantum security).
- Addresses that have ever sent a transaction have exposed their public key on-chain permanently. Every ST holder who has moved tokens, staked, approved a contract, or interacted with a DEX has a public key sitting in the immutable transaction history. Those addresses become directly vulnerable the moment a capable quantum adversary exists.
In practice, the overwhelming majority of active Small Thing holders fall into the second category.
---
Shor's Algorithm: The Mechanism Behind Q-Day
Q-day refers to the first moment a quantum computer can break production cryptography at a practically relevant scale. To understand the risk depth, it helps to walk through the mechanism.
How Shor's Algorithm Breaks ECDSA
Peter Shor's 1994 algorithm solves the discrete logarithm problem in polynomial time on a quantum computer. The discrete log problem is precisely what ECDSA's security depends on.
Steps an attacker would follow:
- Locate the target's public key on-chain (freely available for any address that has ever signed a transaction).
- Encode the elliptic-curve discrete logarithm as a quantum circuit on a fault-tolerant quantum processor.
- Run quantum phase estimation to extract the private key with high probability.
- Sign fraudulent transactions with the recovered private key, draining every token in the wallet.
Current estimates from academic groups, including work published by the University of Sussex and teams at Google, suggest that breaking a 256-bit elliptic curve key would require roughly 2,000 to 4,000 logical (error-corrected) qubits, each backed by hundreds of physical qubits for error correction. Today's publicly known systems are not there yet, but the trajectory of qubit scaling and error-correction fidelity improvements makes the 2030s a credible, if uncertain, window for threat materialisation.
The "Harvest Now, Decrypt Later" Threat
Even before Q-day arrives, a sophisticated state-level adversary could execute a harvest-now, decrypt-later (HNDL) strategy:
- Record all on-chain public keys and signed transactions today.
- Wait until quantum hardware matures.
- Retroactively decrypt private keys and drain wallets.
For long-horizon ST holders, this threat is not hypothetical. It is a documented concern raised by NIST in its rationale for accelerating the post-quantum cryptography standardisation process.
---
Does Small Thing Have a Quantum Migration Roadmap?
As of the time of writing, Small Thing has not published a formal quantum-resistance roadmap. This is not unusual. The vast majority of altcoin projects have not addressed post-quantum migration in their public documentation. There are several reasons for this:
- Ethereum itself has not migrated. Because ST is EVM-based, it is fundamentally constrained by Ethereum's underlying cryptographic layer. Any quantum-safe upgrade would require either Ethereum core protocol changes, or an application-layer migration strategy specific to the ST contract.
- Timeline uncertainty. Teams routinely deprioritise threats that lack a hard deadline.
- Technical complexity. Replacing ECDSA with a post-quantum signature scheme at the Ethereum layer is a multi-year, hard-fork-level undertaking.
What Ethereum's Own Roadmap Says
Ethereum researchers, including Vitalik Buterin, have publicly discussed quantum migration. Key signals include:
- EIP discussions around Winternitz one-time signatures and STARKs as quantum-resistant primitives.
- Proposals to allow users to migrate accounts to new key schemes via a two-step process before Q-day.
- The Ethereum Foundation's acknowledgement that post-quantum account abstraction (EIP-7702 and its successors) is a long-term research priority.
However, none of this is scheduled for imminent deployment. ST holders cannot rely on Ethereum solving this problem on a timeline that matches the quantum hardware trajectory.
---
Post-Quantum Cryptography: The Alternatives to ECDSA
NIST completed its first round of Post-Quantum Cryptography (PQC) standardisation in 2024, finalising four algorithms. Understanding these gives a benchmark against which any future migration plan for ST could be measured.
NIST PQC Standards (2024)
| Algorithm | Type | Primary Use | Quantum Security Level |
|---|---|---|---|
| **ML-KEM** (CRYSTALS-Kyber) | Lattice-based | Key encapsulation | ~128-bit (Level 1) to ~256-bit (Level 5) |
| **ML-DSA** (CRYSTALS-Dilithium) | Lattice-based | Digital signatures | ~128-bit to ~256-bit |
| **SLH-DSA** (SPHINCS+) | Hash-based | Digital signatures | ~128-bit to ~256-bit |
| **FN-DSA** (FALCON) | Lattice-based | Digital signatures | ~128-bit to ~256-bit |
For wallet signature schemes, ML-DSA and FN-DSA are the most directly relevant ECDSA replacements. Both are lattice-based, meaning their security rests on the hardness of Learning With Errors (LWE) or related lattice problems, which are not known to be vulnerable to either Shor's or Grover's algorithms.
Lattice-Based Cryptography Explained
A lattice is a regular grid of points in high-dimensional space. The core hard problem is this: given a "messy" (error-perturbed) point near a lattice, find the nearest true lattice point. This is computationally intractable for both classical and quantum computers at the parameter sizes NIST has standardised.
Key practical properties relevant to crypto wallets:
- Signature size. ML-DSA signatures are roughly 2-3 KB versus ECDSA's 64-72 bytes. This is a real engineering trade-off for on-chain use.
- Key generation speed. Lattice key generation is fast, comparable to or faster than ECDSA in most benchmarks.
- Statelessness. Unlike some hash-based schemes, lattice signatures are stateless, an important property for wallets that may sign transactions across multiple devices.
---
How Lattice-Based Wallets Differ From Standard EVM Wallets
A post-quantum wallet built on lattice cryptography differs from a standard Ethereum-compatible wallet in several structural ways.
Key Generation
- Standard: secp256k1 ECDSA private key, 256 bits.
- Lattice-based: ML-DSA or FALCON private key, typically 1,312 to 2,528 bytes depending on security level.
Transaction Signing
- Standard: 64-byte ECDSA signature, verified by EVM opcode `ecrecover`.
- Lattice-based: 2-3 KB signature, requires a custom verification contract or protocol-level change.
Address Derivation
- Standard: Keccak-256 of the uncompressed public key, last 20 bytes.
- Lattice-based: Requires a different hashing convention; not directly compatible with existing EVM address space without a migration layer.
On-Chain Footprint and Gas
Larger signatures and public keys mean higher calldata costs under current Ethereum gas accounting. Proto-danksharding (EIP-4844) reduces this for blob data, but does not eliminate the cost differential entirely. This is a genuine usability hurdle that lattice-based wallet teams are actively engineering around.
Projects building purpose-built post-quantum wallets, such as BMIC.ai, approach this by designing the key management and signing architecture from the ground up with NIST PQC-aligned primitives, rather than attempting to retrofit lattice signatures onto an ECDSA-native chain. That architectural difference matters: retrofitting is hard, fragile, and often delayed; native design produces cleaner security guarantees.
---
What Should Small Thing Holders Do Right Now?
The threat is not immediate, but waiting for full maturity before acting is a pattern that historically costs investors dearly. Practical steps to take today:
- Audit your exposure. Identify which of your ST-holding addresses have ever signed a transaction. Those addresses have exposed public keys.
- Minimise on-chain activity on high-value addresses. Every additional signature broadcast from a large-balance address extends the exposure window unnecessarily.
- Prepare for migration. Monitor Ethereum's post-quantum account-abstraction proposals. When migration tooling becomes available, act early rather than during a rushed, high-gas-cost period triggered by a quantum security scare.
- Diversify custody. Consider whether any portion of your digital asset holdings should reside in purpose-built quantum-resistant infrastructure rather than exclusively in EVM-native wallets.
- Stay informed on hardware milestones. NIST, IBM, and Google publish regular quantum roadmap updates. Significant qubit scaling announcements are a trigger to accelerate your migration timeline.
- Engage the ST project team. Ask directly whether the project has a post-quantum migration plan. Community pressure has historically moved protocol teams to prioritise long-horizon security work.
---
Comparison: Standard EVM Wallet vs Lattice-Based Post-Quantum Wallet
| Feature | Standard EVM (secp256k1 ECDSA) | Lattice-Based PQC Wallet |
|---|---|---|
| Signature algorithm | ECDSA | ML-DSA / FALCON |
| Private key size | 32 bytes | 1,312–2,528 bytes |
| Signature size | 64–72 bytes | 2,420–3,293 bytes |
| Quantum resistance | No (vulnerable to Shor's) | Yes (LWE hardness) |
| EVM compatibility | Native | Requires adaptation layer |
| NIST standardised | No (legacy) | Yes (2024 standards) |
| Harvest-now risk | High (public keys on-chain) | Low |
| Maturity | Production | Emerging |
---
The Bottom Line on Small Thing's Quantum Safety
Small Thing is not quantum safe. It is not a project-specific failure; it is a category-wide reality for every EVM-based token that has not implemented native post-quantum signature schemes. The risk is probabilistic and time-gated, but it is real, technically well-understood, and accelerating on a hardware trajectory that most analysts place inside a single investment decade.
The pertinent questions for ST holders are not whether the threat exists, but when it arrives and whether migration infrastructure will be available and accessible before it does. Monitoring Ethereum's PQC roadmap, auditing your own on-chain exposure, and understanding the architecture of quantum-resistant alternatives are the three most valuable steps any serious holder can take today.
Frequently Asked Questions
Is Small Thing (ST) quantum safe?
No. Small Thing is an EVM-compatible token that uses ECDSA over the secp256k1 curve, the same cryptographic stack as Ethereum and Bitcoin. ECDSA is not quantum resistant. A sufficiently powerful quantum computer running Shor's algorithm could derive private keys from exposed public keys, putting any ST wallet that has ever signed a transaction at risk.
When does the quantum threat to ECDSA-based wallets become real?
There is no fixed date, but academic estimates from groups at Google, IBM, and the University of Sussex suggest a fault-tolerant quantum computer capable of breaking 256-bit elliptic curve keys could require 2,000 to 4,000 logical qubits. Most roadmaps place a credible, though uncertain, threat window in the 2030s. The 'harvest now, decrypt later' strategy means some risk exists even before that point.
Does Small Thing have a quantum-resistance upgrade plan?
As of the time of writing, Small Thing has not published a formal post-quantum cryptography roadmap. Because ST is EVM-based, any meaningful migration is also dependent on Ethereum's own protocol-level post-quantum work, which is in early research and discussion phases but has no firm deployment schedule.
What is the difference between ECDSA and lattice-based cryptography?
ECDSA security relies on the hardness of the elliptic-curve discrete logarithm problem, which Shor's algorithm can solve on a quantum computer. Lattice-based cryptography relies on the hardness of the Learning With Errors (LWE) problem, which is not known to be vulnerable to any quantum algorithm. NIST standardised lattice-based signature schemes (ML-DSA, FN-DSA) in 2024 as the recommended replacements for ECDSA in post-quantum contexts.
Are ST wallets that have never sent a transaction safer?
Somewhat, yes. An Ethereum address is a Keccak-256 hash of the public key, not the public key itself. If a wallet has never signed a transaction, the raw public key has never been broadcast to the network. A quantum attacker would need to invert the hash function to reach the public key, and hash functions retain roughly 128-bit quantum security under Grover's algorithm. However, any address that has ever sent a transaction has its public key permanently recorded on-chain.
What practical steps can Small Thing holders take to reduce quantum risk?
Key steps include: auditing which of your ST addresses have exposed public keys by checking transaction history; minimising unnecessary on-chain activity on high-value wallets; monitoring Ethereum's post-quantum account-abstraction proposals; preparing to migrate to new key schemes when tooling becomes available; and considering whether some holdings should be held in purpose-built quantum-resistant infrastructure rather than exclusively in standard EVM wallets.