News
Research

from the migration desk

Ed25519 in a post-quantum migration

Why Solana's default signature scheme remains operationally important, and why it cannot be the final security boundary for long-lived authority.

Ed25519 in a post-quantum migration research title card

Ed25519 is the ordinary Solana signing scheme. It is fast, compact, widely implemented, and deeply embedded in wallet UX. For teams already operating Solana treasuries, program upgrade authorities, validator controls, and DAO permissions, it is the path of least resistance.

That is exactly why Quorum supports it. A migration system that cannot accept today's keys is not a migration system; it is a forced rebuild.

What it is

Ed25519 is an Edwards-curve digital signature scheme. A Solana transaction is authorized by an Ed25519 signature over the transaction message, and Solana accounts are identified by Ed25519 public keys. In Quorum, an Ed25519 member can approve proposals through the normal packet-signing path, and direct Ed25519 variants can use the Solana transaction signature when the registered member is also the transaction signer.

The strengths are practical:

  • 64-byte signatures.
  • Native Solana wallet support.
  • Mature implementations and hardware-wallet support.
  • Low verification cost relative to post-quantum signatures.
  • Familiar custody, recovery, and fee-payer workflows.

The weakness is structural: Ed25519 is elliptic-curve cryptography. A cryptographically relevant quantum computer running Shor's algorithm would break the discrete-log problem behind it. Once a public key is exposed, the private key is no longer a secret against that future adversary.

What agencies and standards bodies say

RFC 8032 specifies EdDSA including Ed25519. NIST FIPS 186-5 includes EdDSA in the current Digital Signature Standard. That makes Ed25519 a serious classical signature scheme, not a deprecated oddity.

But current approval is not the same as post-quantum approval. NIST's post-quantum standards announcement says the new standards are designed to resist quantum attacks that threaten current standards. NSA's CNSA 2.0 guidance says a CRQC could break today's public-key systems and that now is the time to plan and budget for transition.

Now is the time to plan, prepare and budget for a transition.

NSA, CNSA 2.0 release

How to use Ed25519 in Quorum

Ed25519 should remain useful for continuity: fee payment, ordinary proposer roles, emergency operator roles, and low-risk approvals during early migration. It should not remain the sole cryptographic basis for long-lived high-value authority.

In a Quorum policy, a team can begin with familiar Ed25519 members and then add Falcon or Winternitz members. The important change is adding a nonzero pq_threshold. A 3-of-5 multisig with five Ed25519 members is still entirely classical. A 3-of-5 multisig with two Ed25519 members, two Falcon members, one Winternitz member, and pq_threshold = 1 has a different security shape.

Signature
64 bytes
Quantum resistant
No
Quorum role
Continuity and operations

Bottom line

Ed25519 is the bridge from existing Solana operations to post-quantum governance. Keep it where compatibility matters. Do not let it be the only approval path for assets or authorities that need to survive the quantum transition.

References