Aptos announced AIP-137introduced SLH-DSA-SHA2-128s as the first post-quantum signature scheme to protect against future quantum computing threats.
The proposal, drafted by Alyn Tomescu, head of cryptography at the Aptos Institute, aims to prepare the network before quantum computers associated with cryptography become an urgent concern.
The effort comes as quantum computing moves from theoretical speculation to concrete reality, with IBM discussing scaling paths and NIST publishing final post-quantum standards.
While experts debate whether quantum threats will materialize in five or 50 years, Aptos is choosing conservative preparation over reactive scrambling.
Plans for a post-quantum future on Aptos, drafted by @AptosLabs‘Head of Cryptography, @Alinush.
β AIP-137 aims to enable Aptos to better support future developments in quantum computing, with a focus on ease of integration and limited new security assumptions.
learn morehttps://t.co/dgPRueL4Jk
β Aptos (@Aptos) December 18, 2025
Conservative security over performance
AIP-137 prioritizes the assumption of security over efficiency by choosing SLH-DSA-SHA2-128s, a stateless hash-based signature scheme standardized by NIST as FIPS 205.
This scheme relies solely on SHA-256, a hash function already built into the entire Aptos infrastructure, and requires no new cryptographic assumptions.
This conservative approach addresses past failures in post-quantum cryptography, with schemes like Rainbow, a NIST finalist based on multivariate cryptography, completely broken on commercial laptops in 2022.
By building on proven hash functions rather than strange mathematical assumptions, Aptos minimizes the risk of classical attacks that break supposedly quantum-secure schemes.
The tradeoff is between size and speed. The signature size is 7,856 bytes, which is 82 times faster than Ed25519, but verification takes about 294 microseconds, which is about 4.8 times slower.
These performance costs are intentional, accepting efficiency losses in exchange for ironclad security guarantees that do not introduce untested cryptographic assumptions into the system.
Alternative schemes like ML-DSA provide smaller signatures and faster verification, but depend on the difficulty of the structured lattice problem and introduce new mathematical assumptions.
Falcon achieves even better performance using compressed signatures of approximately 1.5 KB, but requires floating point operations, making the implementation error-prone.
Aptos reserves these aggressive optimizations for future proposals after SLH-DSA establishes a conservative baseline.
Preparation without forcing migration
This proposal explicitly avoids a forced transition and maintains Ed25519 as the default signature scheme, while introducing SLH-DSA as an optional layer that governance can enable if a quantum threat requires activation.
Users requiring post-quantum guarantees can selectively adopt this scheme without disrupting the broader network.
This cautious approach is consistent with broader industry perspectives on quantum preparedness.
Michael Saylor, founder of MicroStrategy, recently argued:Quantum computing will not destroy Bitcoin, it will strengthen itβ suggests that a network that actively upgrades will have better security, while supply will be tighter as lost coins remain frozen.
His views reflect a growing consensus that while quantum threats are serious, they also represent an opportunity for networks prepared to evolve their cryptographic infrastructure.
For Aptos, the implementation includes feature flags to enable controlled deployment across validators, indexers, wallets, and development tools.
A gradual rollout gives the ecosystem time to adapt its infrastructure before quantum computers can break current codes.
Industry-wide quantum concerns emerge
The proposal reflects widespread anxiety in the cryptocurrency industry about the timeline for quantum computing.
Solana co-founder Anatoly Yakovenko recently warned that there is a 50% chance that Bitcoin will face a quantum breakthrough within five years, urging the company to accelerate adoption of quantum-resistant schemes as AI acceleration shortens development timelines.
Experts estimate that 30% of Bitcoin’s supply, or about 6-7 million BTC worth hundreds of billions of dollars, is still vulnerable to old address formats that directly expose public keys.
Tech giants are racing towards quantum supremacy on aggressive timelines. IBM plans to build a 100,000 qubit chipset by the end of this decade, while PsiQuantum is targeting 1 million photonic qubits in the same time frame.
Microsoft says that quantum computing is currently βYears, not decadesWith recent advances in chips, Google’s Willow chip solved a problem in five minutes that would take a classical computer billions of years.
Ms. Solana @aeyakovenko Bitcoin has a five-year grace period to prepare for quantum computing threats, warning that millions of BTC could be vulnerable to future attacks.#bitcoin #quantumhttps://t.co/z9VpFCZwNM
β Cryptonews.com (@cryptonews) September 19, 2025
Gavin Brennen from Macquarie University told CryptoNews that the number of qubits needed to break a 256-bit elliptic curve signature has been reduced from 10 to 20 million qubits to around 1 million qubits.
“A reasonable timeline for breaking 256-bit digital signatures is by the mid-2030s.” Brennen said.
Grayscale’s 2026 Digital Asset Outlook also acknowledged that quantum computing is a long-term crypto challenge, but ruled out short-term price implications and noted that the likelihood of crypto-related quantum computers arriving before 2030 remains low.
However, the asset manager emphasized that most blockchains will eventually require a post-quantum upgrade as the technology progresses towards practical use.
The post Aptos proposes quantum-proof signatures for future-proof blockchain security appeared first on Cryptonews.
