Will Quantum Computers Break Kinesis Silver?
Will quantum computers break Kinesis Silver is a question gaining traction as cryptographically relevant quantum machines move from theoretical possibility to engineering roadmap. Kinesis Silver (KAG) is a blockchain-based yield-bearing token backed 1:1 by physical silver, and like most assets living on a standard blockchain, its security relies on elliptic-curve cryptography. This article breaks down exactly which part of that stack is vulnerable, what would actually have to be true for an attack to succeed, what realistic timelines look like, and what KAG holders can do to manage exposure well before Q-day arrives.
How Kinesis Silver Works at the Protocol Level
Kinesis Silver (KAG) is issued on the Kinesis Monetary System, which is built on a fork of the Stellar network. Stellar uses the Ed25519 elliptic-curve signature scheme to authorise transactions. Every KAG wallet is secured by a key pair: a public key that anyone can see and a private key that only the owner holds. When you send KAG, your wallet software signs the transaction with your private key, and the network verifies that signature using your public key.
This is standard, battle-tested cryptography. Ed25519 is widely regarded as one of the more secure elliptic-curve variants in use today. It resists many classical attacks and is faster and less error-prone than older curves like secp256k1 (used by Bitcoin and Ethereum). But its security, like all elliptic-curve cryptography, rests on a mathematical problem that a sufficiently powerful quantum computer could solve.
What Ed25519 Protects Against Today
Ed25519 derives its security from the elliptic-curve discrete logarithm problem (ECDLP). Given a public key, recovering the private key requires solving ECDLP, which is computationally intractable for any classical computer. A modern supercomputer would take longer than the age of the universe to brute-force a 256-bit elliptic-curve key.
That comfort disappears when you introduce a large-scale, fault-tolerant quantum computer running Shor's algorithm, which solves ECDLP in polynomial time. The same attack applies to RSA, Diffie-Hellman, and every elliptic-curve variant including Ed25519 and secp256k1.
What a Quantum Attack on KAG Would Actually Look Like
A quantum attacker would need your public key to derive your private key. On most blockchains, the public key is exposed the moment you broadcast a transaction. On Stellar-based systems, the account address is derived directly from the Ed25519 public key, meaning the public key is essentially public from account creation.
In practice, an attacker with a cryptographically relevant quantum computer (CRQC) could:
- Observe your public key on-chain.
- Run Shor's algorithm to derive your private key.
- Sign a fraudulent transaction draining your KAG balance before you can react.
The window between a transaction being broadcast and confirmed is narrow, but a CRQC attack does not need that window. If public keys are visible at rest (which they are, on Stellar), the attack can be prepared offline and executed at any moment.
---
What Would Have to Be True for This Attack to Succeed
Sounding the alarm is easy. Quantifying what actually needs to happen is more useful.
A practical quantum attack on Ed25519 requires a cryptographically relevant quantum computer: one with enough stable, error-corrected logical qubits to run Shor's algorithm at scale. Current estimates from NIST, IBM, and academic cryptographers suggest this requires roughly 4,000 logical qubits for a 256-bit elliptic curve, which in turn requires millions of physical qubits after error correction.
As of mid-2025:
- The best publicly disclosed machines (IBM Heron, Google Willow) operate in the range of hundreds to low thousands of physical qubits.
- Error rates remain too high for fault-tolerant computation at the required depth.
- No peer-reviewed paper has demonstrated Shor's algorithm breaking a cryptographically significant key size.
The gap between today's hardware and a CRQC is substantial. It is not infinite, but it is real.
The "Harvest Now, Decrypt Later" Risk
One threat that does not wait for a CRQC is harvest now, decrypt later (HNDL). Nation-state adversaries may already be archiving encrypted data, planning to decrypt it once quantum hardware matures. For blockchain assets, this is less of a concern for transaction confidentiality (most blockchain data is already public), but it does mean that attackers could be cataloguing public keys and wallet balances now, ready to exploit them the moment a CRQC becomes available.
This shifts the urgency. You do not need to panic today, but you should not assume you have decades to migrate.
---
Realistic Timeline to Q-Day
Forecasts vary significantly depending on source and methodology. The table below summarises mainstream positions:
| Source | Estimated CRQC Arrival | Confidence |
|---|---|---|
| NIST PQC project (2024 context) | 2030s, possibly later | Moderate |
| IBM quantum roadmap | Mid-2030s for fault-tolerant scale | Moderate |
| ODNI / US intelligence community | Before 2035, possible but not certain | Low-moderate |
| Global Risk Institute survey (2023) | 50% chance by 2033, 14-qubit scale | Scenario-based |
| Skeptical academic consensus | Post-2040, potentially never at CRQC scale | Higher confidence |
The honest answer is that nobody knows. What is clear is that NIST finalised its first post-quantum cryptography standards in 2024 (CRYSTALS-Kyber for key encapsulation, CRYSTALS-Dilithium and FALCON for signatures), signalling that migration planning should begin now, not after a CRQC appears.
---
Is Kinesis Silver More or Less Exposed Than Bitcoin or Ethereum?
This is a fair comparative question. The answer is: roughly similar exposure, with some nuances.
| Blockchain / Asset | Signature Scheme | Public Key Exposure | PQC Migration Status |
|---|---|---|---|
| Kinesis Silver (KAG) | Ed25519 (Stellar fork) | Address derived from public key | No announced roadmap |
| Bitcoin (BTC) | secp256k1 (ECDSA) | Exposed on spend; P2PK addresses always exposed | No consensus on migration |
| Ethereum (ETH) | secp256k1 (ECDSA) | Exposed on first transaction | EIP discussions ongoing |
| Solana (SOL) | Ed25519 | Exposed on first transaction | No announced roadmap |
Key takeaway: Kinesis Silver is not uniquely vulnerable. It sits in the same risk category as the vast majority of blockchain assets. Ed25519 is marginally more quantum-resistant than secp256k1 at equivalent key sizes in classical threat models, but both fall to Shor's algorithm given sufficient quantum hardware.
Kinesis has not published a post-quantum cryptography migration roadmap as of the time of writing. This is not unusual. Most blockchain projects have not yet done so.
---
What Kinesis Silver Holders Can Do Right Now
Waiting for Kinesis to migrate is a valid long-term strategy, but it is passive. There are several steps holders can take independently:
1. Minimise Unnecessary Public Key Exposure
On Stellar-derived networks, your public key is visible from account creation. There is no practical way to obscure it. This means the priority is not hiding your key but monitoring for migration options as they become available.
2. Follow Kinesis Network Announcements Closely
If Kinesis or the underlying Stellar protocol announces a PQC migration path, early adopters will have an advantage. Stellar's development community has discussed cryptographic upgrades, and watching the Stellar Core GitHub and Kinesis official channels is the most direct way to stay informed.
3. Diversify Custody Methods
Cold storage hardware wallets reduce the attack surface for classical threats (malware, phishing, exchange hacks). They do not, by themselves, solve the quantum threat, because the vulnerability is at the cryptographic algorithm level, not the storage medium. Still, reducing classical attack exposure is sound practice regardless of quantum timelines.
4. Understand the Silver Backing Is Not Cryptographically at Risk
It is worth being precise: a quantum attack on KAG's cryptography would expose your wallet's token holdings, not the physical silver itself. The silver is held in insured vaults by Kinesis. A cryptographic compromise would allow an attacker to steal your KAG tokens on-chain, but the underlying silver would still exist. Whether you could recover a claim to it after a key compromise depends on Kinesis's custodial policies and legal frameworks at that time.
5. Watch for Natively Post-Quantum Alternatives
For investors who consider quantum-resistance a primary selection criterion rather than a future upgrade, some newer projects are built from the ground up with NIST PQC-aligned cryptography. BMIC.ai, for instance, uses lattice-based post-quantum cryptography at the wallet layer, designed specifically to be resistant to Shor's algorithm from day one rather than relying on a future migration. This is a meaningfully different design philosophy from retrofitting existing elliptic-curve infrastructure.
---
What a Genuine Post-Quantum Migration for Kinesis Would Require
If Kinesis and Stellar were to pursue a post-quantum upgrade, the path would involve several non-trivial steps:
- Protocol consensus: Stellar's validator network would need to agree on a new signature scheme, requiring a coordinated protocol upgrade.
- Algorithm selection: CRYSTALS-Dilithium (now FIPS 204, ML-DSA) or FALCON (FIPS 206) are the NIST-standardised signature options. Both have larger key and signature sizes than Ed25519, which has performance and storage implications for a high-throughput payments network.
- Key migration: Existing accounts would need to re-associate with new post-quantum key pairs. This requires user action and carries its own security risks during the transition window.
- Wallet software updates: Every Kinesis-compatible wallet would need to support the new scheme.
None of this is insurmountable, but it is a multi-year project once initiated. The Ethereum and Bitcoin communities have been debating analogous migrations for years without consensus. The blockchain ecosystem's track record on coordinated cryptographic upgrades is mixed.
---
The Proportionate Conclusion
Quantum computers will not break Kinesis Silver tomorrow, next year, or with high probability within the next five years. The engineering gap between today's quantum hardware and a cryptographically relevant quantum computer remains large. However, the threat is real in principle, the public keys of every KAG wallet are already on-chain and permanently harvestable, and no migration plan has been announced.
The proportionate response is not to panic-sell silver-backed tokens. It is to:
- Stay informed on Stellar's PQC development track.
- Understand that your KAG holdings share quantum exposure with virtually every other major blockchain asset.
- Allocate custody and portfolio decisions accordingly, factoring quantum timelines into longer-horizon planning.
- Consider whether any portion of a crypto portfolio should sit in architectures designed with post-quantum cryptography from the ground up, rather than waiting for a migration that may take years to coordinate.
The silver is safe in the vault. The question is whether the cryptographic keys guarding your on-chain claim to it will still be safe in 2035.
Frequently Asked Questions
Will quantum computers break Kinesis Silver (KAG)?
Not with today's hardware. Kinesis Silver runs on a Stellar-based protocol using Ed25519 signatures. Breaking Ed25519 requires a cryptographically relevant quantum computer (CRQC) with millions of error-corrected physical qubits. No such machine exists yet, and mainstream estimates place realistic CRQC capability in the 2030s at the earliest, with significant uncertainty beyond that.
What signature scheme does Kinesis Silver use, and is it quantum-safe?
Kinesis Silver uses Ed25519, the same elliptic-curve signature scheme as Solana and other Stellar-based networks. It is not quantum-safe. Ed25519 is vulnerable to Shor's algorithm running on a sufficiently large fault-tolerant quantum computer, just like secp256k1 (used by Bitcoin and Ethereum). It is not uniquely vulnerable compared to other major blockchains.
Does a quantum attack on KAG put the physical silver at risk?
No. A cryptographic attack targets your on-chain token holdings, not the physical silver in Kinesis vaults. The silver itself is held in insured custodial vaults. However, if an attacker derived your private key, they could steal your KAG tokens on-chain, which represent your claim to that silver. The legal and custodial implications of recovering such a claim would depend on Kinesis's policies at the time.
Has Kinesis announced any post-quantum cryptography migration plan?
As of mid-2025, Kinesis has not published a public post-quantum cryptography migration roadmap. This is not unusual — most major blockchain networks are still in early discussion stages. Any migration would require consensus across Stellar's validator network, wallet software updates, and coordinated user key migration, all of which take years once initiated.
What is 'harvest now, decrypt later' and does it apply to KAG?
Harvest now, decrypt later (HNDL) refers to adversaries archiving cryptographically protected data today with the intention of decrypting it once quantum hardware matures. For KAG specifically, transaction data is already public on the blockchain, so confidentiality is not the primary concern. However, public keys and wallet balances are permanently on-chain and could be targeted the moment a CRQC becomes available, making future migration speed important.
What can KAG holders do to reduce quantum risk?
Practical steps include: monitoring Kinesis and Stellar Foundation announcements for any PQC upgrade roadmap; practising good classical security hygiene (cold storage, hardware wallets, phishing awareness); understanding the silver backing is not itself at cryptographic risk; and, for investors who treat quantum-resistance as a core requirement, researching blockchain architectures that implement NIST PQC-aligned cryptography natively rather than relying on a future retrofit.