Is Waves Quantum Safe?
Whether Waves is quantum safe is a question every long-term WAVES holder should be asking right now. Quantum computing is progressing faster than most crypto communities acknowledge, and the cryptographic primitives underneath nearly every major blockchain, including Waves, are built on mathematics that a sufficiently powerful quantum computer could break. This article dissects exactly which cryptographic schemes Waves uses, what "Q-day" would mean for WAVES wallets and on-chain assets, whether the Waves team has a credible migration roadmap, and how post-quantum alternatives like lattice-based cryptography compare.
What Cryptography Does Waves Actually Use?
To answer whether Waves is quantum safe, you first need to understand its cryptographic stack. Waves is not a monolithic chain — it has evolved through several protocol upgrades — but its core signing scheme has remained consistent.
Curve25519 and EdDSA
Waves uses Curve25519 with the Ed25519 variant of the Edwards-curve Digital Signature Algorithm (EdDSA) for signing transactions. Ed25519 was chosen over the secp256k1 curve used by Bitcoin and Ethereum for good reasons: it is faster, produces compact signatures, and is more resistant to certain implementation-level side-channel attacks.
However, Ed25519 is still an elliptic-curve cryptography (ECC) scheme. Its security depends on the computational hardness of the Elliptic Curve Discrete Logarithm Problem (ECDLP). A classical computer cannot solve ECDLP for a 256-bit curve in any practical timeframe. A cryptographically relevant quantum computer running Shor's algorithm can.
Hashing
Waves also employs:
- Blake2b-256 for fast transaction hashing
- Keccak-256 for address derivation (same family as Ethereum's SHA-3 variant)
- SHA-256 in certain legacy contexts
Hash functions fare better against quantum attacks than public-key schemes. Grover's algorithm provides a quadratic speedup against hash functions, effectively halving the security level. A 256-bit hash like Blake2b-256 drops to approximately 128 bits of quantum security, which remains acceptable by current NIST standards. The existential threat to Waves is therefore concentrated in its signature scheme, not its hashing layer.
---
Understanding Q-Day and Why EdDSA Is Exposed
"Q-day" refers to the first moment a quantum computer achieves the qubit count, error-correction fidelity, and gate depth needed to execute Shor's algorithm against real-world cryptographic key sizes. Estimates from credible institutions, including NIST, CISA, and the BSI (Germany's federal cybersecurity agency), place a plausible Q-day window somewhere between 2030 and 2040, though some analysts argue that classified progress could compress that timeline.
How Shor's Algorithm Breaks Ed25519
Ed25519 security rests on the assumption that deriving a private key from a public key is computationally infeasible. On a quantum computer with sufficient resources, Shor's algorithm solves the underlying discrete logarithm problem in polynomial time, collapsing that assumption entirely.
The attack vector for WAVES wallets is direct:
- A quantum attacker observes a wallet's public key (visible on-chain the moment a transaction is broadcast).
- Shor's algorithm is applied to derive the private key.
- The attacker constructs a valid signature, draining the wallet before the legitimate owner can react.
Wallets that have never sent a transaction are marginally safer in the short term because their public keys are not yet exposed on-chain, only their hashed addresses. But address-to-public-key preimage attacks become feasible once Grover's algorithm is combined with a quantum-accelerated hash inversion, narrowing even that protection window significantly for addresses reused over time.
The Reused-Address Problem
Waves, like most ECC-based blockchains, derives wallet addresses from the public key. Once a user spends from an address, the full public key is broadcast to the network and recorded immutably. Any WAVES held at an address that has ever sent funds is therefore in the direct line of fire on Q-day.
---
Does Waves Have a Post-Quantum Migration Plan?
As of the most recent public documentation and Waves Labs communications, there is no published, production-ready post-quantum migration roadmap for the Waves protocol. This is not unique to Waves — the vast majority of layer-1 blockchains are in the same position.
What Migration Would Require
Transitioning Waves to a post-quantum signature scheme is a non-trivial engineering and governance challenge. The following components would need to change:
- Signature algorithm: Replace Ed25519 with a NIST-standardised post-quantum scheme such as CRYSTALS-Dilithium (lattice-based) or SPHINCS+ (hash-based).
- Address format: Post-quantum public keys are significantly larger (1–2 KB for Dilithium vs. 32 bytes for Ed25519), requiring a new address encoding standard.
- Transaction structure: Block size and fee models would need recalibration to accommodate larger signature payloads.
- Wallet software: Every wallet, exchange integration, and dApp relying on Ed25519 signing would require updates.
- Hard fork: The change would require a coordinated network upgrade with majority validator consensus.
The governance complexity alone is significant. Waves has experienced contentious periods in its validator and community governance historically, which makes coordinating a breaking protocol change harder than it would be for chains with more centralised decision-making.
The "Harvest Later, Decrypt Later" Threat
Even if Waves initiates a migration programme today, there is a category of threat that migration cannot fully address retroactively: "harvest now, decrypt later" (HNDL) attacks. Nation-state adversaries and well-resourced actors are widely believed to be archiving encrypted and signed blockchain data today, with the intention of decrypting it once quantum hardware matures. Historical transactions cannot be re-signed with quantum-safe keys. The immutable ledger is a permanent record.
---
How Lattice-Based Post-Quantum Cryptography Differs
The leading post-quantum cryptographic candidates standardised by NIST in 2024 rely primarily on lattice-based hardness assumptions, specifically the Learning With Errors (LWE) and Module-LWE problems. These are believed to be resistant to both classical and quantum attacks.
CRYSTALS-Dilithium (ML-DSA)
CRYSTALS-Dilithium, now formally designated ML-DSA under NIST FIPS 204, is the primary post-quantum signature standard. Key properties:
| Property | Ed25519 (Waves) | ML-DSA (Dilithium) Level 3 |
|---|---|---|
| Security assumption | ECDLP (quantum-broken by Shor's) | Module-LWE (no known quantum attack) |
| Private key size | 32 bytes | 4,000 bytes |
| Public key size | 32 bytes | 1,952 bytes |
| Signature size | 64 bytes | 3,293 bytes |
| Quantum resistant | No | Yes (NIST-standardised) |
| Performance (sign) | Very fast | Moderately fast |
| NIST status | Not PQC-endorsed | FIPS 204 (2024) |
The size increase is the central engineering challenge for any blockchain integrating Dilithium. A chain that currently stores thousands of transactions per block must recalibrate block limits, storage costs, and fee structures to absorb signatures that are roughly 50 times larger.
SPHINCS+ (SLH-DSA)
SPHINCS+, now designated SLH-DSA under NIST FIPS 205, is a stateless hash-based signature scheme. It relies only on the security of the underlying hash function, making it the most conservatively secure option. The trade-off is even larger signature sizes (8–50 KB depending on parameter set) and slower signing.
Falcon (FN-DSA)
Falcon (NIST FIPS 206) is a lattice-based scheme offering smaller signatures than Dilithium, closer to 700 bytes at security level equivalent to AES-128. It is computationally more complex to implement correctly and securely, but represents a viable middle ground for blockchains where compactness matters.
---
Comparing Waves' Quantum Posture to Other Chains
Waves is not uniquely exposed — but context matters for relative risk assessment.
| Blockchain | Signature Scheme | Quantum Safe? | PQC Roadmap Published? |
|---|---|---|---|
| Waves (WAVES) | Ed25519 (Curve25519) | No | No public roadmap |
| Bitcoin (BTC) | ECDSA (secp256k1) | No | Theoretical proposals only |
| Ethereum (ETH) | ECDSA (secp256k1) | No | EIP-7503 / Account Abstraction (partial) |
| Solana (SOL) | Ed25519 | No | No public roadmap |
| Algorand (ALGO) | Ed25519 | No | Research-stage proposals |
| QRL | XMSS (hash-based) | Yes | Live on mainnet |
| BMIC | Lattice-based (NIST PQC-aligned) | Yes | Live presale, post-quantum by design |
The takeaway: virtually every major layer-1 blockchain, including Waves, is running on cryptography that will be broken by a cryptographically relevant quantum computer. The difference between chains is primarily awareness and roadmap progress, not current vulnerability.
Projects built from the ground up with post-quantum cryptography, such as BMIC, which uses lattice-based cryptography aligned with NIST's 2024 PQC standards, sidestep the migration problem entirely because they never carried the legacy exposure.
---
What Can WAVES Holders Do Right Now?
Waiting for a protocol-level fix that may not arrive before Q-day is not a complete risk management strategy. Holders can take several practical steps:
- Minimise address reuse: Every time you send from an address, the public key is exposed. Use fresh addresses for each deposit where your wallet software allows.
- Audit your exposure: Identify which of your WAVES addresses have previously broadcast transactions. Those addresses have exposed public keys on-chain today.
- Monitor Waves Labs announcements: If a post-quantum working group or EIP-equivalent is published, early participants in migration will have the longest runway.
- Diversify into quantum-resistant assets: Holding some portion of a crypto portfolio in assets built with post-quantum cryptography is a hedging strategy, not a guarantee, but it reduces concentration risk.
- Stay current with NIST guidance: NIST published final PQC standards in August 2024. Any credible blockchain migration will reference these standards. Understanding them helps you evaluate team announcements critically.
- Avoid storing large balances on exchange wallets: Exchange custody introduces additional key management risks entirely separate from quantum threats. Self-custody, even with current cryptography, gives you more control over migration decisions.
---
The Governance and Timeline Problem
Even if Waves developers began a post-quantum migration programme tomorrow, the realistic timeline from research to production deployment for a major protocol change spans three to seven years for a mature network. That estimate accounts for:
- Academic and internal security audits of the chosen PQC scheme
- Testnet deployment and bug bounty periods
- Community governance votes and validator coordination
- Ecosystem-wide wallet and exchange integration
- Phased mainnet activation with backward compatibility windows
If Q-day arrives at the earlier end of analyst estimates, in the early-to-mid 2030s, chains that have not yet started migration work are unlikely to complete it in time. This is why the "start planning now" message from CISA, the NSA, and NIST is directed at organisations managing long-lived cryptographic infrastructure, which is exactly what a public blockchain is.
The Waves protocol, while technically capable and with an active development community, has not yet publicly committed to a post-quantum migration timeline. That gap is the core answer to whether Waves is quantum safe: it is not, and the path to becoming quantum safe remains undefined.
Frequently Asked Questions
Is Waves (WAVES) quantum safe right now?
No. Waves uses Ed25519 (Curve25519-based EdDSA), an elliptic-curve signature scheme whose security relies on the Elliptic Curve Discrete Logarithm Problem. A sufficiently powerful quantum computer running Shor's algorithm could derive private keys from public keys, compromising any wallet whose public key has been broadcast on-chain. There is no published post-quantum migration roadmap for Waves as of 2024.
What is Q-day and when might it affect Waves holders?
Q-day is the point at which a quantum computer achieves the qubit count and error-correction fidelity needed to run Shor's algorithm against real cryptographic key sizes. Credible institutional estimates from NIST, CISA, and the BSI place Q-day somewhere between 2030 and 2040, though the exact date is uncertain. When it arrives, any blockchain using ECC-based signatures, including Waves, would be directly exposed.
Does Waves have a post-quantum upgrade plan?
No public, production-ready post-quantum migration roadmap exists for the Waves protocol as of the latest available documentation. A migration would require replacing Ed25519 with a NIST-standardised post-quantum scheme such as CRYSTALS-Dilithium or Falcon, redesigning the address format to accommodate larger public keys, updating transaction structures, and executing a hard fork with validator consensus.
Are WAVES wallets that have never sent a transaction safer from quantum attacks?
Marginally, in the short term. Wallets that have never broadcast a transaction only expose their hashed address on-chain, not the raw public key. Without the public key, Shor's algorithm cannot directly derive the private key. However, if quantum computers reach sufficient power to invert hash functions (via Grover's algorithm), even unharvested addresses could eventually be at risk. The protection is a delay, not a guarantee.
What post-quantum signature schemes would a Waves migration likely use?
The most credible candidates are CRYSTALS-Dilithium (now ML-DSA, NIST FIPS 204) and Falcon (now FN-DSA, NIST FIPS 206), both lattice-based schemes standardised by NIST in 2024. SPHINCS+ (SLH-DSA, NIST FIPS 205), a hash-based scheme, is also an option but produces much larger signatures. Each involves significant trade-offs in key size, signature size, and performance that would require substantial changes to Waves' block and fee structures.
How can I reduce quantum risk on my WAVES holdings today?
Practical steps include minimising address reuse (sending from an address exposes its public key), auditing which of your addresses have previously broadcast transactions, monitoring Waves Labs for any post-quantum upgrade announcements, and considering diversification into assets built with post-quantum cryptography by design. No step eliminates the risk entirely, but reducing exposure to addresses with public keys already on-chain lowers your attack surface.