Post-Quantum Cryptography
Google Quantum AI estimates five attack paths could put $100 billion in Ethereum assets at risk — including the admin keys that control minting authority for USDT, USDC, and major DeFi protocols. The public keys are already on-chain. The question is when the computers arrive.
$200B+ in stablecoins and tokenized assets governed by quantum-vulnerable admin keys
Tool
Ethereum permanently exposes a user's ECDSA public key the first time they send a transaction. Unlike Bitcoin, there is no way to rotate the key without abandoning the account entirely. Paste any Ethereum address to check whether its public key is already on-chain.
This tool checks whether an Ethereum address has broadcast a transaction, which permanently reveals its ECDSA public key on-chain. It does not assess when a quantum computer capable of exploiting this will exist — only whether the prerequisite exposure has already occurred. Queried via Cloudflare Ethereum Gateway.
Stablecoin Admin Keys
The Google Quantum AI paper identifies at least 70 admin-controlled smart contracts whose keys are permanently exposed on Ethereum. A quantum attacker who cracks one of these keys could print unlimited tokens, freeze user funds, or drain liquidity pools. Below are the highest-value targets — the stablecoin and tokenized asset contracts where minting authority depends on a single quantum-vulnerable ECDSA keypair.
| Protocol | Contract Role | Governed Assets | Key Status | Attack Impact |
|---|---|---|---|---|
| Tether (USDT) | Owner / Minting Authority | ~$145B | EXPOSED | Unlimited minting, global freeze, fund seizure |
| Circle (USDC) | Master Minter / Admin | ~$42B | EXPOSED | Unlimited minting, blacklist manipulation |
| DAI (MakerDAO) | Governance Multisig Signers | ~$5.4B | EXPOSED | Vault parameter manipulation, emergency shutdown |
| Lido (stETH) | Node Operator Registry Admin | ~$14B | EXPOSED | Validator withdrawal, staking manipulation |
| Aave V3 | Pool Admin / Emergency Admin | ~$12B TVL | EXPOSED | Liquidation parameter manipulation, reserve drain |
| Uniswap V3 | Governance / Fee Switch | ~$5B TVL | EXPOSED | Fee extraction, governance capture |
| WBTC | Custodian / Minting Authority | ~$9B | EXPOSED | Unlimited minting of unbacked WBTC |
| Ethena (USDe) | Admin / Minting Authority | ~$3B | EXPOSED | Mint manipulation, collateral drain |
| BlackRock BUIDL | Token Admin / Transfer Agent | ~$1.9B AUM | EXPOSED | Tokenized treasury manipulation |
| Compound V3 | Timelock / Guardian | ~$2B TVL | EXPOSED | Parameter manipulation, liquidation cascade |
Source: Babbush et al., "Securing Elliptic Curve Cryptocurrencies against Quantum Vulnerabilities," Google Quantum AI + Ethereum Foundation + Stanford, March 30, 2026. Google Research Blog
The distinction
Post-quantum cryptography is not a single problem. It operates at two distinct layers, and confusing them creates a false sense of security. Cloudflare has solved the transport layer. The application layer — where stablecoin admin keys live — remains vulnerable.
Solved — Deployed Today
Transport Layer PQC
TLS 1.3 handshakes, IPsec tunnels, VPN traffic. Cloudflare's ML-KEM hybrid key exchange protects over half of human-initiated traffic against harvest-now-decrypt-later attacks. Every site on Cloudflare Pages — including this one — inherits PQC transport automatically. NIST standardized ML-KEM (FIPS 203) in August 2024.
Vulnerable — No Fix at Scale
Application Layer (Blockchain ECDSA)
Ethereum wallet signing (ECDSA secp256k1), BLS validator attestations, smart contract admin keys. Public keys become permanently visible the moment an address transacts. No Cloudflare tunnel protects this — the cryptographic exposure lives on-chain, permanently, regardless of how the API call that submitted the transaction was encrypted in transit. Upgrading Ethereum's base layer will not automatically fix the thousands of contracts already deployed — each must be upgraded and rekeyed independently.
A CISO who reads that their organization uses Cloudflare will reasonably conclude they have meaningful PQC coverage. The Google paper says that conclusion is incomplete: Cloudflare defends the pipe. The admin keys that control minting authority for $200 billion in stablecoins are exposed at the application layer, where no transport encryption helps.
Migration Readiness
NIST published three post-quantum cryptography standards in August 2024. The Ethereum Foundation targets 2029 for full quantum-resistant deployment. The gap between standardization and deployment is where institutional risk lives.
FIPS 203 — ML-KEM
Key Encapsulation
Module-Lattice-Based Key Encapsulation Mechanism. Replaces classical Diffie-Hellman key exchange. Already deployed at the transport layer by Cloudflare, Google, Apple. This is the solved part.
FIPS 204 — ML-DSA
Digital Signatures
Module-Lattice-Based Digital Signature Algorithm. The replacement for ECDSA. This is what Ethereum needs to adopt for transaction signing and contract admin keys. Signature sizes are larger (2.4 KB vs 64 bytes) — a non-trivial engineering constraint.
FIPS 205 — SLH-DSA
Hash-Based Signatures
Stateless Hash-Based Digital Signature Algorithm. A conservative fallback if lattice assumptions break. Slower and larger than ML-DSA, but based on hash function security with no novel mathematical assumptions.
Ethereum Foundation
2029 Quantum-Resistant Roadmap
Seven protocol forks planned through 2029. pq.ethereum.org tracks progress. $2M in research prizes committed. Critical constraint: upgrading the base layer does not upgrade the thousands of contracts already deployed — each must be rekeyed.
The Paper
Resource Estimate
20x reduction from prior estimates
Fewer than 500,000 physical qubits could crack an ECDSA key in minutes — one key every 9 minutes. Two compiled circuits: 1,200 logical qubits with 90M Toffoli gates, and 1,450 logical qubits with 70M Toffoli gates. This is a 20-fold improvement over previous estimates.
Disclosure Model
Zero-knowledge proof of resource estimates
Google used a zero-knowledge proof — developed in coordination with the US government — so outsiders can verify the resource estimates without receiving the underlying attack circuits. Proposed as a model for responsible quantum vulnerability disclosure.
Five Attack Paths
ECDSA wallets, BLS validators, admin keys, smart contracts, bridges
The paper identifies five distinct quantum attack vectors on Ethereum: wallet key extraction (ECDSA), validator attestation forgery (BLS), admin key compromise, smart contract manipulation, and cross-chain bridge key extraction.
Babbush, Zalcman, Gidney, Broughton, Khattar, Neven (Google Quantum AI);
Bergamaschi (UC Berkeley); Drake (Ethereum Foundation); Boneh (Stanford).
March 30, 2026.
CoinDesk Coverage ·
Google Research Blog ·
Data on Zenodo
This Site
StablePQC.com runs on Cloudflare Pages. The TLS handshake between your browser and this server uses ML-KEM hybrid key exchange — the NIST-standardized post-quantum algorithm. Your connection to this page is protected against harvest-now-decrypt-later attacks today.
The Ethereum address checker above queries Cloudflare's Ethereum RPC Gateway — the entire tool runs within the Cloudflare stack with no third-party API dependency.
The network
StablePQC maps quantum exposure across stablecoin infrastructure. The Atlas maps everything else — compliance checkpoints, agent identity, developer protocols.
StablecoinAtlas
The cartography of compliance. Geographic jurisdiction maps and compliance checkpoint architecture.
Stable402
Agentic commerce protocols. x402, ACP, ACK — live implementations on Cloudflare Workers.
StableKYA
Know Your Agent. Credential architecture and delegation chains for AI agents on payment rails.
StablePQC
This site. Post-quantum cryptography for stablecoin financial rails. Building now.