from the migration desk
Why multisigs are not automatically quantum-safe
Why a classical quorum can still fail under future public-key recovery, and how signer policy needs to evolve.
A multisig improves custody by requiring multiple approvals. It does not automatically change the cryptographic assumption behind each approval.
If every member signs with Ed25519 or secp256k1, the policy can still depend entirely on elliptic-curve signatures. A sufficiently capable quantum computer could derive private keys from exposed public keys and then produce valid signatures for those identities.
The quorum is not the primitive
A 3-of-5 multisig answers one question: did at least three registered members approve? It does not answer whether those approvals came from a quantum-vulnerable signer class.
In today's threat model, that is often fine. Multisigs protect against lost keys, compromised operators, unilateral execution, and many ordinary custody failures. In a post-quantum threat model, the primitive matters. Five classical keys do not become post-quantum just because they sit behind a threshold.
What changes under Quorum
Quorum separates total threshold from post-quantum threshold. A proposal can require:
- 3 approvals total, and
- at least 1 approval from a Falcon or Winternitz member.
This does not claim perfect security. It creates a more explicit policy: an attacker must satisfy the human quorum and the cryptographic signer-class requirement.
Why this matters for exposed public keys
Blockchains are unusually exposed systems. Public keys and signatures can remain visible forever. A future attacker may not need to compromise a wallet today if the relevant public key has already been recorded on-chain.
Google's 2026 cryptocurrency work argues that future quantum computers may break the elliptic-curve cryptography protecting cryptocurrency with fewer resources than previously estimated. Solana's 2026 quantum-readiness note says compact post-quantum signatures are part of the path forward.
Bottom line
Multisig is a policy tool. Quantum readiness requires that the policy name the signer class. "3 of 5" is not enough when all five are classical. "3 of 5, including 1 post-quantum approval" is the beginning of a different security model.
References
- Google Quantum AI cryptocurrency disclosure
- Solana's Quantum Readiness
- Quorum post-quantum approval requirements
- Quorum signature schemes