Soundness Labs has developed PQ-Chain: a backward-compatible upgrade path that adds quantum resistance to EdDSA-based blockchains (Solana, Sui, Stellar and more) without requiring hard forks or address changes. The approach exploits a hidden quantum-resistant anchor already present in every EdDSA keypair, the original seed, and uses PQ-NIZK proofs to prove ownership at the transaction level and account level. This provides immediate protection while chains migrate to native post-quantum signatures. Let's break down how it works.
Imagine a city that uses a well-designed lock. It has protected homes for decades. Ordinary thieves cannot break it, and the city has grown comfortable relying on it.
Now imagine the city finds something unsettling: in the future, a new kind of gang will exist. They will not pick locks. They will simply open them.
This is the quantum threat.
For blockchains, this is not science fiction. Large-scale quantum computers would be able to get classical signing keys from public keys. Once that happens, signatures that once meant “only the owner could have signed this” quietly lose that meaning.
The obvious response is to replace every lock. Stronger locks, post-quantum locks, brand-new cryptography everywhere. In blockchain terms, that means new signature schemes, new public-keys, new addresses, migrations, hard forks, trusted upgrade paths, and users being asked to move their funds before some invisible deadline. Indeed, almost impossible to change locks door-by-door!
This is expensive, fragile, and socially dangerous. It assumes perfect coordination. It assumes the migration tools (lock changers) are honest. It assumes users do not make mistakes, while history suggests otherwise.
But there is another approach.
Instead of replacing every lock, the city can build a strong fence around itself and protect it with a gate. The fence does not care how good or bad the old locks are. It only checks something deeper: whether the person trying to enter can prove they are a real citizen, using a secret that only they possess.
The crucial detail is that the fence still works with the same keys people already have. No door replacement. No locksmith monopoly and citizens protect themselves (all operation happen client-side). This is the intuition behind PQ-Chain.
The reason this works is hidden in a detail of EdDSA that is easy to overlook. In this case, a quantum adversary may be able to recover the signing key from the public key. But they still cannot reverse a cryptographic hash function to recover the original seed. Hash functions are believed to remain secure even against quantum attackers, aside from modest quadratic speedups.
That means every EdDSA user already has a hidden, quantum-resistant anchor. They just have no way to use it today, while PQChain enables this for them.
PQ-Chain is about activating this anchor.
Instead of asking users to abandon their addresses or move funds, PQ-Chain allows them to prove, using post-quantum non-interactive zero-knowledge proofs, that they know the original EdDSA seed corresponding to an existing on-chain public key. The seed itself is never revealed. The address does not change. Ownership is demonstrated, not transferred.
Crucially, this opt-in happens at the transactional level. There is no mass migration event. No trusted upgrader. No forced deadline. Each user can protect themselves, in self-custody, using cryptography alone.
The analogy holds: the locks are still on the doors, but the city gate now checks something stronger.
Post-quantum NIZKs play a key role here. They allow the chain to verify knowledge of the seed without learning anything about it. This is not a new signature scheme replacing EdDSA. It is a cryptographic shield layered around it, using battle-tested tools in a new configuration.
From the outside, nothing breaks. Addresses remain valid. Transaction formats remain familiar. Applications do not need to rewrite their entire logic. The upgrade is structural, not cosmetic.
This matters because quantum risk is not a switch that flips overnight. It is a long, uncertain slope. Systems that require everyone to jump at once tend to fail socially before they fail cryptographically. Systems that allow gradual, voluntary hardening tend to survive.
How It Works In Practice?
When a user wants to send a quantum-protected transaction:
Proof Generation (off-chain): Using their EdDSA seed
s, they generate a zkSNARK proof π demonstrating knowledge ofscorresponding to their on-chain public keypk.Dual Verification (on-chain): The chain verifies both:
The traditional EdDSA signature (for backward compatibility)
The zkSNARK proof π (for quantum resistance)
Only if both pass does the transaction execute.
Gradual Adoption: Transactions without zkSNARK proofs still work normally. Users opt into quantum protection transaction-by-transaction, with no forced migration.
But transaction-level protection is just the first step. The goal is account-level migration: once a chain adopts an approved post-quantum signature scheme (like Falcon or Sphincs+), users can use their proven seed ownership to migrate their entire account to the new scheme, without trusting intermediaries or risking fund loss. Beyond single-chain protection, the seed-based proof establishes a quantum-resistant root of trust across multiple chains. A user proving ownership of their EdDSA seed on Solana can use that same cryptographic anchor to control accounts on Sui, Stellar, or any other EdDSA-based chain, creating an interoperable identity layer that survives the quantum transition. This transforms isolated blockchain accounts into a unified, quantum-secure cross-chain identity.
Back to the city.
The quantum gang can open doors. They can impersonate locks. They can cause havoc inside individual houses. But they still cannot pass the fence, because the fence does not trust the lock. It trusts something deeper that never left the owner’s hands.
PQ-Chain is not claiming to magically solve post-quantum cryptography overnight. It does not replace the need for fully post-quantum signature schemes in the long run. What it does is buy time safely, without breaking the world we already rely on. Backward compatibility is often framed as a constraint. Here, it is the advantage.
EdDSA-based chains already contain a quantum-resistant root of trust. PQ-Chain is about recognizing it, formalizing it, and using it, before the locks stop being locks. PQ-Chain is currently deployed on [Sui/Solana/Stellar]. The PQ Hub dashboard (pqhub.xyz) provides real-time verification that transactions include quantum-resistant proofs. Users can verify their own transactions or audit any address for quantum protection status. The technique also extends to mnemonic-based ECDSA schemes (BIP32/39), though with different performance metrics. This provides immediate protection while chains migrate to native post-quantum signatures.
