Will Quantum Computers Break NEAR Protocol?
Will quantum computers break NEAR Protocol? It is a serious technical question, not a panic headline. NEAR uses elliptic-curve cryptography to secure accounts and authorise transactions, and that is exactly the class of cryptography that a sufficiently powerful quantum computer could compromise using Shor's algorithm. This article explains how NEAR's signature scheme works, what conditions would have to be met for a real attack to succeed, what the honest timeline looks like, and what options NEAR holders have right now to reduce their exposure before Q-day arrives.
How NEAR Protocol Secures Accounts Today
NEAR Protocol uses Ed25519 as its default signature scheme. Ed25519 is an Edwards-curve variant of elliptic-curve digital signatures, built on Curve25519. It is fast, compact, and considered very strong against all known classical attacks.
Every NEAR account is controlled by one or more key pairs. When you sign a transaction, you prove ownership of the private key without revealing it. The network verifies the signature against your public key, which is stored on-chain.
NEAR also supports secp256k1 keys, the same curve used by Bitcoin and Ethereum. This is offered primarily for interoperability, though Ed25519 is the recommended default.
Why Elliptic-Curve Cryptography Works Classically
The security of Ed25519 rests on the elliptic-curve discrete logarithm problem (ECDLP). Given a public key, deriving the corresponding private key requires solving this problem. On a classical computer, the best known algorithms would take longer than the age of the universe to brute-force a 256-bit key. That is why Ed25519 is considered safe today.
The Quantum Problem
Shor's algorithm, published in 1994, can solve the ECDLP and the related integer factorisation problem in polynomial time on a sufficiently large quantum computer. That means a quantum machine with enough stable, error-corrected qubits could, in principle, derive a private key from a public key. Both Ed25519 and secp256k1 are vulnerable to this attack. This is not a hypothetical flaw in NEAR specifically. It is a structural vulnerability shared by virtually every major blockchain in production today.
---
What Would Actually Have to Be True for an Attack to Succeed
Understanding the threat requires separating theoretical vulnerability from practical risk. Several conditions must be met simultaneously before a quantum attack on NEAR accounts becomes feasible.
A Cryptographically Relevant Quantum Computer (CRQC)
Current quantum hardware is nowhere near the threshold required to run Shor's algorithm against a 256-bit elliptic curve. Conservative estimates suggest this would require millions of physical qubits with very low error rates, fault-tolerant and error-corrected. As of 2024, the most advanced publicly known quantum processors operate with a few thousand noisy physical qubits. The gap between current capability and a cryptographically relevant quantum computer (CRQC) is still large.
The Public Key Must Be Exposed
This is a critical nuance specific to NEAR's account model. In NEAR, public keys are stored explicitly on-chain as part of the account's access-key list. This means that for any account that has ever been used, the public key is already visible on a block explorer.
Compare this to Bitcoin's UTXO model, where a public key is only revealed when a transaction is signed. NEAR's model means there is no "key hiding" window. Once your account exists and has been used, its public key is permanently on the ledger, giving a future quantum attacker a target to work from. This increases NEAR's quantum exposure relative to models where public keys remain hidden until spend.
Time Window to Sign a Transaction
Even with a CRQC, an attacker would need to derive the private key and broadcast a malicious transaction before the legitimate owner's transaction is confirmed. Network finality on NEAR is rapid (typically under two seconds), but if private-key derivation takes minutes or hours, the practical attack window shrinks significantly. Early-generation CRQCs may be too slow for real-time attacks but still capable of harvesting keys offline for accounts that remain static.
---
Realistic Timeline: When Does Q-Day Arrive?
"Q-day" refers to the point when a CRQC capable of breaking 256-bit elliptic-curve cryptography becomes operational. Honest timelines vary widely depending on the source.
| Estimate Source | Projected CRQC Timeline |
|---|---|
| NIST (implicit in PQC standardisation urgency) | Prepare now; risk window 2030–2040 |
| IBM / Google researcher consensus | Fault-tolerant CRQC: 10–20 years |
| NCSC (UK) / NSA | Critical infrastructure should migrate by 2030s |
| Pessimistic scenario | Nation-state actor achieves CRQC capability by late 2020s, undisclosed |
| Optimistic scenario | Engineering hurdles push CRQC beyond 2040 |
The honest answer is: nobody knows precisely. What experts broadly agree on is that the threat is credible within the planning horizon of long-lived assets, and that cryptographic migrations take years to execute safely. The time to prepare is before Q-day, not after.
One underappreciated risk is the "harvest now, decrypt later" (HNDL) strategy. Adversaries with sufficient resources can archive encrypted traffic and signed data today, then decrypt it once a CRQC exists. For blockchain ledgers, every public key and transaction signature is already permanently archived by the protocol itself. HNDL is not a future concern for on-chain data. It is already happening by default.
---
NEAR Protocol's Current Quantum Preparedness
NEAR's core team and ecosystem are aware of the long-term quantum risk. As of writing, NEAR does not natively support post-quantum signature schemes. Migration would require a protocol-level upgrade, which in a decentralised network means governance consensus, validator upgrades, and wallet-layer changes across the ecosystem.
What a NEAR Quantum Migration Would Look Like
A realistic migration path for NEAR would involve several phases:
- Research and proposal phase — Selecting a NIST-approved post-quantum algorithm (e.g. CRYSTALS-Dilithium for signatures, based on lattice-based cryptography).
- BIP/NEP proposal — Drafting a NEAR Enhancement Proposal to add a new key type to the access-key system.
- Testnet deployment — Running the new scheme on testnet with validator and wallet participation.
- Mainnet activation — Coordinated hard fork or protocol upgrade.
- User migration — Wallets prompting users to rotate keys to new post-quantum key pairs.
This kind of migration is technically achievable but requires years of coordination. Ethereum researchers have discussed similar paths; Bitcoin's community has debated it for longer. No major L1 has completed a full post-quantum key migration in production.
NEAR's Account Abstraction as a Relative Advantage
One genuine advantage NEAR has is its named account and access-key model. Unlike Bitcoin addresses (which are fixed to a key pair), NEAR accounts can have multiple keys with different permissions, and keys can be rotated without changing the account identity. When post-quantum key types are eventually supported, users could add a PQ key and remove the old EC key without losing their account history or assets. This is a cleaner migration path than UTXO-based chains.
---
What NEAR Holders Can Do Right Now
Waiting for protocol-level fixes is not the only option. Holders can take practical steps to manage their quantum exposure today.
Minimise Exposed Public Keys
Since NEAR stores public keys on-chain, this cannot be fully avoided. However, you can:
- Avoid reusing accounts for high-value, long-term storage if future PQ key types are not yet supported.
- Monitor NEAR's roadmap for official PQ key support, and plan to rotate keys promptly when it arrives.
Diversify Across Quantum-Resistant Designs
Not every cryptocurrency leaves quantum migration as a future problem. Projects built from the ground up with post-quantum cryptography, using lattice-based algorithms aligned with NIST's PQC standards, eliminate the ECDLP attack surface by design rather than by retrofit. For holders who want exposure to crypto assets without betting their entire portfolio on a migration that hasn't happened yet, allocating a portion to natively quantum-resistant assets is a rational hedge.
BMIC.ai, for example, is a wallet and token built specifically around post-quantum cryptography (lattice-based, NIST PQC-aligned), designed to be secure against the class of attacks that threaten NEAR and most other chains currently in production. Its presale is live at bmic.ai/presale for those researching this space.
Stay Informed on NIST PQC Standards
NIST finalised its first set of post-quantum cryptographic standards in 2024, including CRYSTALS-Kyber (now ML-KEM) for key encapsulation and CRYSTALS-Dilithium (ML-DSA) for signatures. Understanding which algorithms are being standardised helps you evaluate which blockchain projects are taking credible steps toward quantum resistance.
Use Hardware Wallets with Firmware Update Capability
Hardware wallets do not solve the cryptographic vulnerability (the key scheme is still EC-based), but they do protect private keys from software-based attacks, reducing your overall attack surface while quantum-safe alternatives mature.
---
Comparing NEAR's Quantum Exposure to Other Major Chains
| Chain | Signature Scheme | Public Key Exposed On-Chain | Native PQ Support | Migration Path Clarity |
|---|---|---|---|---|
| NEAR Protocol | Ed25519 / secp256k1 | Yes (access-key list) | No | Account model aids future rotation |
| Bitcoin | secp256k1 | Only on spend (UTXO) | No | Complex; BIP process ongoing |
| Ethereum | secp256k1 | Yes (after first tx) | No | EIP proposals exist; no timeline |
| Solana | Ed25519 | Yes | No | Not publicly prioritised |
| Algorand | Ed25519 | Yes | Researching | Falconized signatures proposed |
| BMIC | Lattice-based (NIST PQC) | N/A (PQ by design) | Yes | Built-in from genesis |
The table illustrates that NEAR is neither uniquely vulnerable nor uniquely prepared. It shares the core EC vulnerability with nearly every production blockchain, while its account abstraction model gives it a structural advantage when the time comes to execute a migration.
---
The Bottom Line on NEAR and Quantum Computers
NEAR Protocol is vulnerable to quantum attack in the same fundamental way as Bitcoin, Ethereum, and Solana. The underlying elliptic-curve cryptography that secures its accounts can be broken by Shor's algorithm on a sufficiently powerful quantum computer. The public exposure of keys on-chain means there is no hiding period for NEAR accounts, which modestly increases exposure compared to UTXO chains.
The good news is that Q-day is not tomorrow. The engineering challenges of building a fault-tolerant CRQC capable of attacking 256-bit EC keys remain enormous. NEAR's account and key-rotation model gives it a cleaner migration path than many competitors when post-quantum key types are eventually adopted at the protocol level.
The prudent approach for NEAR holders is not panic, but preparation: watch the protocol's PQ roadmap, understand when key rotation becomes possible, and consider whether a diversified position that includes natively quantum-resistant assets is consistent with your risk tolerance.
Frequently Asked Questions
Will quantum computers break NEAR Protocol?
In theory, yes. NEAR uses Ed25519 and secp256k1, both of which are vulnerable to Shor's algorithm on a sufficiently powerful quantum computer. In practice, no cryptographically relevant quantum computer (CRQC) capable of breaking 256-bit elliptic-curve keys exists today. The risk is real but falls within a planning horizon of roughly 10–20 years based on mainstream expert estimates.
Is NEAR Protocol more exposed to quantum attacks than Bitcoin or Ethereum?
Modestly, yes. NEAR stores public keys explicitly on-chain in its access-key list, so they are permanently visible to any future attacker. Bitcoin's UTXO model hides a public key until the coin is spent, offering a narrow window of obscurity. Ethereum is closer to NEAR in exposure. However, the core cryptographic vulnerability is the same across all three.
What is the timeline for a quantum computer that can break NEAR's cryptography?
Honest estimates range from the late 2020s (pessimistic, nation-state scenario) to beyond 2040 (optimistic). NIST, the NSA, and NCSC all recommend that organisations begin cryptographic migration now, implying a serious risk window in the 2030s. No one can pinpoint Q-day with precision.
Does NEAR Protocol have a plan to become quantum-resistant?
NEAR does not currently support post-quantum signature schemes natively. A migration would require a NEAR Enhancement Proposal (NEP), testnet validation, and a coordinated protocol upgrade. NEAR's account-abstraction and key-rotation model makes this technically cleaner than on UTXO chains, but no firm public timeline has been announced.
What can NEAR holders do to protect themselves from quantum risk?
Practical steps include: monitoring NEAR's roadmap for official post-quantum key support and rotating keys promptly when available; using hardware wallets to reduce non-quantum attack surface; and considering diversification into assets built natively on post-quantum cryptographic standards for long-term holdings.
What is the 'harvest now, decrypt later' risk for NEAR?
Harvest now, decrypt later (HNDL) refers to adversaries archiving cryptographic data today to decrypt once a CRQC exists. For blockchains, every public key and signature is already permanently on a public ledger by design, so HNDL is not a future concern. It is already structurally baked in. This is why early migration planning matters even if Q-day is years away.