Will Quantum Computers Break Sui?
Will quantum computers break Sui? It is one of the sharper security questions in the Layer-1 space right now, and it deserves a precise answer rather than vague reassurance or unnecessary alarm. Sui uses elliptic-curve cryptography, the same mathematical foundation that secures Bitcoin and Ethereum, which means it shares a common theoretical vulnerability to sufficiently powerful quantum hardware. This article walks through exactly how Sui's signature scheme works, what a credible Q-day scenario looks like, how realistic the timeline is, and what practical options exist for Sui holders who want to think ahead.
How Sui's Signature Scheme Works
Sui is built on the Move virtual machine and was developed by Mysten Labs, drawing heavily on engineering talent from the Diem project. At the cryptographic layer, Sui supports multiple signature schemes simultaneously, which is relatively uncommon among Layer-1 networks. At launch, the supported options include:
- Ed25519 — the default and most widely used scheme; based on elliptic-curve discrete logarithm problems (ECDLP) over Curve25519.
- Secp256k1 — the same curve used by Bitcoin; included for ecosystem compatibility.
- Secp256r1 (P-256) — included specifically to enable hardware key storage on devices such as Apple Secure Enclave and Android StrongBox.
- Multisig — a flexible threshold scheme that can combine any of the above.
- zkLogin — a newer primitive that allows users to derive wallet addresses from OAuth credentials (Google, Twitch, etc.) using zero-knowledge proofs; the underlying key commitments still rely on elliptic-curve operations.
All of the above share a critical property: their security rests on the computational hardness of the elliptic-curve discrete logarithm problem. A classical computer cannot solve ECDLP in feasible time for the key lengths Sui uses. A sufficiently large, fault-tolerant quantum computer, however, could use Shor's algorithm to solve ECDLP in polynomial time, meaning it could derive a private key from a public key.
What Shor's Algorithm Actually Does
Shor's algorithm, published in 1994, is a quantum procedure that can factor large integers and compute discrete logarithms exponentially faster than any known classical method. For elliptic-curve keys, the relevant figure is the number of logical qubits required to attack a given curve. Current academic estimates suggest that breaking a 256-bit elliptic-curve key (the size used by Ed25519, Secp256k1, and P-256) would require roughly 2,000 to 4,000 error-corrected logical qubits running Shor's algorithm, depending on circuit depth optimisations.
The word "logical" is important. Today's quantum processors operate with physical qubits that have high error rates. Converting physical qubits to logical (error-corrected) qubits requires hundreds to thousands of physical qubits per logical qubit with current error correction codes. The best publicly known quantum processors as of 2024 operate in the range of dozens to low hundreds of logical-equivalent qubits, not thousands.
---
The Q-Day Timeline: What Would Have to Be True
Q-day refers to the moment a quantum computer can break the elliptic-curve keys that protect real blockchain addresses in a practically relevant timeframe, typically modelled as extracting a private key within one hour of observing a public key on-chain.
The Hardware Gap
To break Ed25519 in one hour, analysts at organisations including NIST and the Global Risk Institute estimate a requirement of approximately 4 million physical qubits with error rates below a threshold that today's hardware exceeds by several orders of magnitude. Google's Willow chip, announced in late 2024 and widely reported as a milestone, demonstrated around 105 physical qubits with improved error correction. That is a genuine engineering advance, but the gap between 105 and 4,000,000 is not incremental. It spans multiple generations of engineering breakthroughs that have not yet been demonstrated.
Consensus among cryptography researchers, including those advising NIST's Post-Quantum Cryptography standardisation programme, places a cryptographically relevant quantum computer (CRQC) at roughly 10 to 20 years away under most scenarios, with a low-probability tail risk around the 5 to 7 year mark. A CRQC capable of breaking blockchain keys in minutes rather than hours could be further still.
The "Harvest Now, Decrypt Later" Nuance
One scenario that matters even before Q-day arrives is harvest now, decrypt later (HNDL). A sophisticated adversary records encrypted or signed blockchain transactions today, then decrypts them once a CRQC is available. For blockchains, the relevant attack surface is narrower than in traditional communications: what is exposed on-chain is already public data. The real HNDL risk for Sui holders is that public keys exposed in submitted transactions remain recorded permanently on the ledger, and if the same address is reused, a future CRQC could derive the private key from the historical public key and drain any remaining funds.
This is not a distant hypothetical. It is a structural property of UTXO-adjacent and account-based blockchains alike. Sui uses an account model, which means public keys are exposed the first time an address signs a transaction. Every address that has ever sent a transaction has its public key permanently on the Sui ledger.
---
Sui's Specific Exposure at Q-Day
Given the above, how exposed is Sui specifically?
| Factor | Sui Status |
|---|---|
| Default signature scheme | Ed25519 (quantum-vulnerable) |
| Alternative schemes supported | Secp256k1, Secp256r1 (both quantum-vulnerable) |
| Post-quantum scheme natively supported | No (as of 2024) |
| Public key exposure model | Account-based; public key exposed on first transaction |
| Addresses with no transaction history | Temporarily safe (public key not yet revealed) |
| Protocol-level PQC roadmap | Not formally announced |
| NIST PQC algorithm compatibility | Not yet integrated |
The critical distinction is between addresses that have never signed a transaction and addresses that have. A Sui address derived from an Ed25519 key but never used to send a transaction has not exposed its public key on-chain. At Q-day, such an address would be safe for as long as it takes to move funds to a new quantum-resistant address, assuming the user acts before submitting any transaction that reveals the key.
By contrast, every active Sui address, meaning any address that has sent at least one transaction, has its Ed25519 public key permanently inscribed in Sui's transaction history. A CRQC could, in principle, derive the corresponding private key and control those funds.
---
What Sui Holders Can Do Now
Concern about quantum risk does not require panic. It requires a proportionate, staged response calibrated to realistic timelines.
1. Understand Your Address Status
Check whether your primary Sui addresses have ever sent a transaction. Receiving SUI does not expose your public key. Sending does. Use the Sui Explorer to verify transaction history for any address holding significant value.
2. Prepare a Migration Plan
If and when Sui introduces a post-quantum signature scheme, migrating will likely involve:
- Generating a new key pair under a quantum-resistant algorithm (e.g., CRYSTALS-Dilithium or FALCON, both NIST-standardised).
- Submitting a migration transaction from the old address to the new one, ideally in a single atomic step to minimise the window of exposure.
- Archiving the old key pair and never reusing the old address.
Sui's flexible multi-scheme architecture makes this migration path more feasible than on single-scheme networks. The same infrastructure that supports Ed25519 alongside Secp256k1 can, in principle, be extended to include NIST PQC algorithms with a protocol upgrade.
3. Practice Good Key Hygiene Now
Even before Q-day, good practices reduce your attack surface:
- Use hardware wallets that support Secp256r1 (P-256), keeping keys in secure enclaves.
- Avoid address reuse where possible, though on an account model this is inherent.
- Do not leave large balances in hot wallets whose public keys are already exposed.
- Monitor NIST PQC developments and Sui's official cryptography roadmap announcements.
4. Diversify Into Natively Post-Quantum Designs
For holders who want exposure to assets designed from the ground up with quantum resistance, natively post-quantum cryptocurrency projects are worth researching. Projects like BMIC.ai, which use lattice-based cryptography aligned with NIST's PQC standards, are architected to be resistant to Shor's algorithm by design, rather than retrofitting classical schemes. This is a fundamentally different security posture from a network that would require a coordinated hard fork to achieve the same result.
---
How Natively Post-Quantum Designs Differ
The distinction between "could add PQC later" and "built on PQC from day one" is not merely marketing. It has concrete technical implications.
Retrofit vs. Native Architecture
A network like Sui would need to:
- Agree on a new signature scheme through governance.
- Ship a protocol upgrade (hard or soft fork).
- Coordinate wallet software upgrades across hundreds of providers.
- Give users a migration window, during which old and new schemes coexist.
- Handle unclaimed or abandoned wallets that never migrate.
Each step introduces coordination risk, governance delay, and a period of dual-scheme operation with mixed security properties. Networks that never migrate their oldest, largest, or most dormant wallets leave a permanent vulnerable surface.
A natively post-quantum design avoids this by selecting quantum-resistant primitives at the key generation and signing layers before launch. There is no migration window, no dual-scheme period, and no dependency on future governance decisions.
NIST PQC Standards: A Brief Reference
NIST finalised its first three post-quantum cryptographic standards in 2024:
| Standard | Algorithm | Type | Security Basis |
|---|---|---|---|
| FIPS 203 | ML-KEM (Kyber) | Key encapsulation | Module lattice |
| FIPS 204 | ML-DSA (Dilithium) | Digital signature | Module lattice |
| FIPS 205 | SLH-DSA (SPHINCS+) | Digital signature | Hash-based |
These are the algorithms that quantum-resistant infrastructure projects should be evaluated against. Any project claiming post-quantum security that does not reference alignment with NIST FIPS 203/204/205 or equivalent peer-reviewed primitives warrants scrutiny.
---
Realistic Scenario Analysis
Rather than offering price predictions or fear-based narratives, it is more useful to frame three scenarios:
Scenario A: Q-day arrives in 15+ years. Sui has ample time to standardise and ship a PQC upgrade through normal governance. Holders who monitor the situation and migrate when the tooling is available face no meaningful loss. This is the highest-probability scenario under current engineering trajectories.
Scenario B: Q-day arrives in 5 to 10 years. Sui's developer ecosystem would need to accelerate PQC integration significantly. Wallets with exposed public keys and significant balances would become priority targets. Users who proactively migrated to PQC-capable custodians or diversified into natively quantum-resistant assets would be best positioned.
Scenario C: Unexpected rapid breakthrough. A classified or surprise advance dramatically compresses the timeline. This is the lowest-probability but highest-impact scenario. The only fully effective hedge is already holding assets in systems built on post-quantum primitives, since there would be insufficient time for a coordinated network migration.
The rational approach is to hold a probability-weighted view: do not ignore quantum risk, but calibrate the urgency of your response to the realistic timeline rather than the worst-case one.
---
Summary
Sui's cryptographic design is robust against all classical threats and against near-term quantum hardware. Its support for multiple signature schemes gives it more migration flexibility than many peers. However, like every major blockchain using elliptic-curve cryptography, Sui is theoretically vulnerable to a future cryptographically relevant quantum computer via Shor's algorithm. Addresses that have submitted transactions have permanently exposed their public keys on-chain.
The timeline for that threat materialising is most likely measured in decades under mainstream estimates, with a smaller but non-trivial probability of it arriving within a decade. Sui holders should understand which of their addresses are exposed, prepare a migration plan for when Sui's PQC tooling matures, and consider whether natively quantum-resistant designs belong in their broader portfolio strategy.
Frequently Asked Questions
Will quantum computers break Sui in the near future?
No, not in the near future. Breaking Sui's Ed25519 signatures would require a fault-tolerant quantum computer with millions of error-corrected physical qubits. Current publicly known hardware is many generations away from that capability. The consensus timeline among cryptography researchers is roughly 10 to 20 years, though a low-probability tail risk exists at 5 to 7 years.
Which Sui addresses are most at risk from a quantum attack?
Any Sui address that has ever submitted a transaction has its Ed25519 public key permanently recorded on-chain. A sufficiently powerful quantum computer could use Shor's algorithm to derive the private key from that public key. Addresses that have only received funds and never signed a transaction have not yet exposed their public key, making them temporarily safer.
Does Sui support any post-quantum signature schemes?
As of 2024, Sui does not natively support any post-quantum signature schemes. It supports Ed25519, Secp256k1, and Secp256r1, all of which are vulnerable to Shor's algorithm. Sui's multi-scheme architecture does make it technically feasible to add a NIST-standardised algorithm like ML-DSA (Dilithium) via a protocol upgrade in the future.
What is the 'harvest now, decrypt later' risk for Sui holders?
Harvest now, decrypt later (HNDL) refers to an adversary recording on-chain data today and decrypting it once a quantum computer is available. For Sui, the key concern is that public keys in historical transactions are permanently stored on the ledger. If a CRQC is eventually built, those exposed public keys could be used to derive private keys and access any funds remaining at those addresses.
What can Sui holders do right now to reduce quantum risk?
Practical steps include: identifying which of your Sui addresses have sent transactions (and thus exposed their public keys), avoiding leaving large balances in those addresses long-term, monitoring Sui's official cryptography roadmap for PQC upgrade announcements, and researching natively post-quantum cryptocurrency designs as a complementary hedge. Good key hygiene and hardware wallet usage also reduce your broader attack surface.
How are natively post-quantum blockchains different from Sui's approach?
Natively post-quantum blockchains use lattice-based or hash-based cryptographic primitives (aligned with NIST FIPS 203/204/205) at the core signature and key generation layers from launch. This eliminates the need for a future migration. Sui, like most existing Layer-1 networks, would need a coordinated governance decision, protocol upgrade, and wallet migration period to achieve the same result, each of which introduces coordination risk and a transitional period of mixed security.