A team led by Thomas Coratger and Justin Drake published the design for a dedicated XMSS public-key registry, the first protocol fork on the EF Strawmap before validators swap off BLS signatures.
A team of Ethereum researchers published a design plan on Monday to start protecting the network’s validators from future quantum computers. Led by Thomas Coratger, it is the first concrete proposal to move Ethereum’s roughly 1 million validators off the cryptography they rely on today — the same math that secures most of crypto — which a powerful enough quantum computer could eventually break.
The design post went up on the Ethereum Research forum on June 1. It was written by Coratger along with Tom Wambsgans, Ladislaus, Thomas Thiery and Ethereum Foundation researcher Justin Drake. The plan proposes a separate upgrade called the Public Key Registry. It would let validators sign up new, quantum-safe keys — a type known as XMSS — well before the network swaps out its main signature system. The registry appears as I* on the Ethereum Foundation protocol team’s Strawmap roadmap.
The full switch to the new signatures would come “several forks later,” the authors wrote. Until then, the registry acts as a “critical warmup phase.” It gives validators time to update their cold-storage setups without risking the network’s ability to finalize transactions.
The registry covers Ethereum’s consensus layer, the part of the network that validators secure. It pairs with a separate quantum-proofing effort on the execution layer, where accounts and transactions live, that the Ethereum Foundation has been mapping since January. That was when it created a dedicated Post-Quantum Security team, also led by Coratger.
The second track centers on proposal EIP-8141 from Vitalik Buterin. It would let individual Ethereum accounts opt into quantum-safe checks on their own timeline, rather than waiting for a single network-wide switch. EIP-8141 is being considered for the Hegota fork, expected in the second half of 2026.
How the Registry Works
The scheme replaces today’s BLS12-381 validator keys with leanXMSS, a hash-based signature using the eXtended Merkle Signature Scheme. Each validator’s public key would be a 52-byte Merkle root plus 20-byte public parameter, only four bytes larger than the current 48-byte BLS key — so registering all roughly 1 million validators would expand consensus state by about 52 MiB.
Signatures themselves balloon from 96 bytes under BLS, to 3,112 bytes under XMSS, which is why the spec also commits to aggregating signatures inside leanVM, a Cairo-inspired zkVM that produces a single SNARK proof per slot. Benchmarks on an M4 Max put leanVM at roughly 1,000 XMSS verifications per second, with recursive proofs under one second.
Each XMSS key has a hard lifetime of 2^32 slots, about 1,632 years at Ethereum’s 12-second slot time, derived from a single 32-byte master seed. Validators would submit the public key together with an XMSS Proof of Possession through a new `PostQuantumRegistration` consensus-layer message, authorized either by the validator’s withdrawal address or its existing BLS key.
The post proposes capping registrations at 16 per block to smooth state growth, plus an inactivity-leak stick for laggards as the BLS deprecation deadline approaches. The discussions, the authors said, will “mature into a formal Ethereum Improvement Proposal.”
The Cross-Chain Quantum Week
The Ethereum spec landed in the middle of a busy post-quantum stretch across crypto. The same week, EigenLayer founder Sreeram Kannan said two undergraduates using OpenAI’s Codex and Anthropic’s Claude reproduced about 80% of an unpublished Google paper that shrinks the resources needed to break ECDSA to fewer than 1,200 logical qubits — an AI-accelerated cryptanalysis result that Eigen Labs is now turning into an open quantum challenge.
On the Bitcoin side, Paradigm researcher Dan Robinson last month proposed Provable Address-Control Timestamps, or PACTs, a BIP-322 scheme that would let BTC holders prove pre-quantum ownership of dormant wallets — including the roughly 1.1 million Satoshi-era coins — without moving them today.
Where the Spec Could Still Move
Several design choices remain unsettled. The post explicitly flags the hash function as an “open design space” — Poseidon2, the leading SNARK-friendly candidate, is under cryptanalytic pressure from recent attacks on algebraic hashes, and the team is weighing whether to register validators under multiple hash functions (Poseidon1, BLAKE3, SHA-3) up front to preserve agility.
The finite-field choice — KoalaBear versus Goldilocks — is also live, with the latter offering more proof-size headroom at roughly 2x slower proving. The EF’s stated target is to land core L1 post-quantum infrastructure by 2029.
