Quantum-ready multisig and wallet infrastructure

The first step toward quantum readiness for Solana |.

Quorum lets classical and quantum-resistant signers coexist in the same Solana multisig. Require post-quantum approval from day one, or migrate gradually from today’s signing schemes without changing your multisig address.

Ed25519Falcon512Ed25519WinterlitzEd25519
It is critical to begin planning for replacement of hardware, software, and services that use public-key algorithms now.
NIST
On ECC for encryption and digital signatures
A one-in-seven chance that some fundamental public-key cryptography tools will be broken by 2026. 50% chance by 2031.
Michele Mosca
Professor, University of Waterloo & CEO, evolutionQ
There's a 50/50 chance quantum computers will be powerful enough within five years to break the cryptographic protections. We should migrate to a quantum-resistant signature scheme.
Anatoly Yakovenko
2025, on the need for upgrades by ~2030
Elliptic curves are going to die sooner than many assume — possibly before 2028.
Vitalik Buterin
On elliptic-curve risk timelines
Working independently, both Anza and Firedancer arrived at the same conclusion: the need for a post-quantum digital signature scheme with compact signatures.
Solana Foundation
On compact post-quantum signatures for Solana
Cryptographically relevant quantum computers are likely still several years away, but Solana should not wait for Q-day to begin preparing.
Anza
On beginning Solana quantum-readiness work before Q-day
The key is to be on this journey today and not wait until the last minute.
Rob Joyce
Director of NSA Cybersecurity
The quantum threat

Quantum computing will break today's blockchain signatures. The question is when.

Solana accounts, multisigs, and signed transactions rely on elliptic-curve cryptography. A sufficiently capable quantum computer can derive a private key from an exposed public key, breaking that security model entirely.

Read more
Your path to quantum readiness

Go post-quantum today, or migrate in stages.

Quorum supports both paths. Teams ready to adopt post-quantum signing can create multisigs that require Falcon or Winternitz approval from day one. Teams that need continuity can begin with existing Ed25519 or Secp256k1 signers, add post-quantum members when ready, and increase post-quantum approval requirements over time without changing the multisig address.

01 · Stable vault address

Create a quantum-enabled multisig

Create a Quorum multisig with today’s signers, post-quantum signers, or both. The multisig address is stable from the beginning, so future signer changes do not require moving assets or updating authority references.

Continuity
02 · Mixed member set

Add Falcon or Winternitz members

Add post-quantum members immediately, or when operationally ready. Falcon-512 gives a compact NIST-selected lattice path aligned with Solana’s direction of travel. Winternitz gives a conservative hash-based path for teams that want a different security assumption.

Smooth Transition
THRESHOLD2 / 3Ed25519Ed25519Ed25519
03 · Threshold plus PQ requirement

Require post-quantum approval

In addition to the core approval threshold, Quorum can require a minimum number of post-quantum approvals. For example, a 3-of-5 multisig can require 3 approvals total, including at least 1 Falcon or Winternitz approval.

Gradual Resilience
THRESHOLD3 / 5Ed25519Ed25519Ed25519WinterlitzFalcon512
04 · Authority rotation

Rotate authority over time

As the quantum threat heightens, rotate classical approvers into lower-trust roles, or out of the approval path entirely. Existing assets, vault addresses, proposal history, and governance references remain continuous.

Full Quantum Readiness
THRESHOLD2 / 50 / 5PQ THRESHOLD1 / 33 / 50 / 5
Signing scheme comparison

Choose the signing schemes that fit your model and risk assumptions.

Post-quantum and classic signers coexist in the same multisig.

Quorum supports classical and post-quantum signing schemes in the same multisig. Each scheme has different compatibility, security assumptions, compute costs, signature sizes, and operational trade-offs.

Classical

Ed25519

Class
Classical
Cryptographic basis
Elliptic-curve cryptography
Primary use case
Continuity with existing Solana wallets, current Solana signer workflows, fee payer and operational roles.
Quantum resistant
No
Lattice-breakthrough resistant
N/A
Hash-breakthrough resistant
N/A
Signature size
64 bytes
Compute
~130k CUs per instruction
Assessment
Solana default signature scheme; broadly supported today; vulnerable to Shor-capable quantum computers.
Classical

Secp256k1

Class
Classical
Cryptographic basis
Elliptic-curve cryptography
Primary use case
EVM-compatible signing, Ethereum-native team members, cross-chain governance, or intent authorization.
Quantum resistant
No
Lattice-breakthrough resistant
N/A
Hash-breakthrough resistant
N/A
Signature size
64-65 bytes
Compute
~130k CUs per instruction
Assessment
Standard across Bitcoin and Ethereum ecosystems; useful for compatibility, but not a post-quantum control.
Post-quantum

Falcon-512

Class
Post-quantum
Cryptographic basis
Lattice-based signatures over NTRU lattices
Primary use case
Compact post-quantum approval inside Solana constraints; preferred PQ signer for recurring multisig governance.
Quantum resistant
Yes
Lattice-breakthrough resistant
No
Hash-breakthrough resistant
Yes
Signature size
~666 bytes average, max ~809 bytes
Compute
~350k CUs per instruction
Assessment
NIST-selected as FN-DSA. Anza and Firedancer independently converged on Falcon as Solana’s leading PQ candidate. Signature size fits Solana legacy transaction constraints.
Post-quantum

Winternitz OTS

Class
Post-quantum
Cryptographic basis
Hash-based one-time signatures
Primary use case
Conservative PQ anchor where security should depend only on SHA-256 preimage resistance; high-assurance vaults and fallback policy paths.
Quantum resistant
Yes
Lattice-breakthrough resistant
Yes
Hash-breakthrough resistant
No
Signature size
Larger than Falcon; implementation dependent and stateful
Compute
~1,400k CUs per instruction
Assessment
Hash-based signatures align with conservative PQ assumptions. Related families appear in NIST hash-based standards, but Quorum’s Winternitz path is not itself a FIPS 205 SLH-DSA claim.
Complete multisig platform

Enterprise-grade multisig, built for post-quantum operations.

Flows and features to serve a range of use-cases

Quorum includes the workflows teams already expect from a serious multisig platform: proposals, voting, execution, member rotation, permissions, asset management, time-locks, and on-chain auditability. The difference is that these workflows work across classical and post-quantum signers.

Quorum platform screenshot
01
proposal

Propose, vote, execute

Create treasury transfers, program actions, and settings changes as governed proposals. Members approve with Ed25519, Secp256k1, Falcon-512, or Winternitz signatures.

02
members

Classical and post-quantum members

Add all supported member types to the same multisig. Rotate identities without changing the multisig address.

03
pq approval

Require PQ approval

Set a standard threshold and require one or more post-quantum approvals for sensitive actions.

04
rotation

Rotate signers without moving assets

Upgrade members from classical to post-quantum identities over time while keeping the same vault address and proposal history.

05
timelock

Time-lock high-value actions

Add a delay between approval and execution for treasury movements, upgrades, and admin actions.

06
audit

Every action leaves a trail

Votes, settings changes, and executions are recorded on-chain for review, reporting, and incident response.

07
assets

Manage SOL and SPL assets

View balances, propose transfers, and govern treasury operations from the same multisig surface.

08
roles

Separate approval from operation

Assign members roles such as proposer, voter, executor, or settings authority.

quorum

quantum ready wallet

Unlock
Multi-scheme wallet

Sign with separate classical and post-quantum wallets from one browser plugin.

One mnemonic. Multiple signer identities.

The Quorum wallet supports the signer types needed for mixed classical and post-quantum multisigs. It lets users switch between Solana, EVM, Falcon, and Winternitz wallets, create post-quantum wallets on-chain, and approve Quorum proposals without leaving the browser.

Today

Quorum multisig signing

Approve proposal and settings actions from the browser plugin.

Separate wallet types

Solana, EVM, Falcon, and Winternitz wallets from one seed.

PQ wallet creation flows

Generate and create Falcon and Winternitz wallets on-chain for devnet testing.

Separated derivation branches

One seed can derive supported wallet types through domain-separated branches.

Roadmap

Any Solana dApp to Quorum

Propose arbitrary dApp transactions to a Quorum multisig.

Solo Falcon and Winternitz flows

Use post-quantum accounts outside multisig approval flows.

Hardware wallet support

Support hardware-backed approval paths as firmware support matures.

Embedded wallet SDK

App-native signing experiences using the same wallet core.

FAQ

Frequently asked questions.

Keep the short answers honest: Quorum is quantum-ready infrastructure, not a promise that every key or chain is already quantum-proof.

Get started

Start buildingquantum readinesstoday.

Try Quorum on devnet, read the docs, and test post-quantum signing flows before mainnet readiness.