Developers behind the Tezos ecosystem have launched a testnet prototype for private blockchain payments designed to withstand future quantum computing attacks, as concerns mount that advances in quantum technology could eventually unravel existing cryptographic safeguards. The prototype, called TzEL, combines post-quantum cryptography with zk-STARK proofs to protect encrypted transaction data and payment metadata from the so-called 'harvest now, decrypt later' attack vector, where adversaries collect encrypted blockchain data today with the intention of decrypting it years later when quantum computers become powerful enough.

The quantum threat to blockchain systems is not new, but it has garnered increased attention in recent months. Most public blockchains rely on cryptographic primitives such as elliptic curve digital signatures (e.g., ECDSA, EdDSA) and hash functions. While these algorithms are considered secure against classical computers, Shor's algorithm running on a sufficiently large quantum computer could theoretically break them, enabling attackers to derive private keys from public keys or forge signatures. The transition to post-quantum cryptography (PQC) is seen as a necessary evolution, and Tezos is among the first major platforms to test a privacy-focused solution on a live testnet.

TzEL uses a combination of the CRYSTALS-Kyber and CRYSTALS-Dilithium algorithms for key encapsulation and digital signatures, respectively, both of which have been selected by the U.S. National Institute of Standards and Technology (NIST) as post-quantum standards. Additionally, the prototype employs zk-STARK (Zero-Knowledge Scalable Transparent Argument of Knowledge) proofs, which offer quantum resistance because they rely solely on collision-resistant hash functions rather than number-theoretic assumptions that are vulnerable to quantum attacks. According to Tezos, the quantum-resistant zk-STARK proofs used in TzEL are approximately 300 kilobytes in size, considerably larger than the privacy proofs commonly found in existing blockchain systems. This larger size has historically been a barrier to scalability, but Tezos’ Data Availability Layer (DAL) is designed to handle such overhead, ensuring that the privacy guarantees do not compromise network throughput.

How TzEL works and its significance

The testnet system encrypts transaction data and associated metadata, such as amounts and recipient addresses, before submitting them to the Tezos blockchain. Only the sender and designated receiver can decrypt this information using their respective keys. The zk-STARK proof attests that the encrypted data corresponds to a valid transaction without revealing any underlying details. This design ensures that even if a malicious actor captures all on-chain data, it remains computationally infeasible to extract meaningful information, both now and in a post-quantum future.

Tezos developers emphasize that the prototype is still in an early stage and is currently live on the Tezos testnet. The broader Tezos ecosystem, including its native XTZ token, is only beginning to transition toward post-quantum cryptography. However, the launch of TzEL marks a concrete step toward hardening the network against long-term threats while preserving user privacy—a combination that has proven difficult to achieve in blockchain design.

The timing of this announcement aligns with a broader industry push. In April, two major validator clients on the Solana network introduced a test version of a post-quantum signature system called Falcon, designed to protect against future quantum threats while minimizing performance trade-offs. Falcon is based on the Fast Fourier lattice-based compact signatures scheme and is also a NIST finalist. Meanwhile, MARA Holdings launched the MARA Foundation to support Bitcoin network development, including research into quantum-resistant security measures.

Industry-wide post-quantum preparations

Coinbase researchers recently published an analysis noting that Algorand and Aptos appeared further along in preparing for quantum threats compared to many other proof-of-stake blockchains. Both networks have integrated or are integrating stateful signature schemes that can be updated to post-quantum standards. However, the researchers warned that proof-of-stake blockchains may face greater exposure because validators must sign frequent messages to propose and attest to blocks, increasing the surface area for potential quantum attacks. In contrast, proof-of-work networks like Bitcoin have a low frequency of signature operations, but the value at stake is immense.

According to Bernstein researchers, the crypto industry has roughly three to five years to transition toward quantum-resistant cryptographic standards before quantum computing becomes a tangible threat to Bitcoin security. This accelerated timeline is driven by the rapid pace of quantum hardware development: companies like IBM, Google, and IonQ continue to increase qubit counts and improve error correction. Some experts predict that a quantum computer capable of breaking 2,048-bit RSA could emerge within a decade.

However, not everyone subscribes to this urgent timeline. In May, Adam Back—an early cypherpunk and Bitcoin contributor known for inventing Hashcash, the proof-of-work system that underpins Bitcoin mining—stated that computers capable of breaking Bitcoin signatures are likely still at least 20 years away. Back argues that the engineering challenges of scaling quantum computers to millions of logical qubits remain formidable. Even if such machines are built, deploying them at scale to attack blockchain networks would require immense economic resources. Nevertheless, many in the industry advocate for proactive measures, pointing to the 'harvest now, decrypt later' risk as a compelling reason to act early. If quantum computers become viable in 20 years, data encrypted today with classical cryptography could be decrypted retroactively, compromising the privacy of transactions that occurred decades earlier.

Technical challenges and the path forward

The primary challenge for quantum-resistant privacy systems like TzEL is performance. Post-quantum cryptographic algorithms typically require larger keys, signatures, and proofs than their classical counterparts. The 300-kilobyte zk-STARK proofs used in TzEL are an order of magnitude larger than, for example, the zk-SNARK proofs used in privacy-focused platforms like Zcash (which are around 200 bytes). This size increase leads to higher storage costs and longer verification times. However, Tezos’ Data Availability Layer mitigates these issues by separating proof verification from full data storage, allowing nodes to validate transactions without storing all proof data permanently.

Another challenge is the need for widespread adoption across wallets, exchanges, and infrastructure providers. For quantum-resistant features to be effective, all participants in the network must upgrade their software and hardware to support the new cryptographic primitives. This coordination problem is familiar from past hard forks and protocol upgrades, but the stakes are higher because of the irreversible nature of quantum attacks. If a quantum computer is deployed to steal funds from an old address, the losses cannot be undone by a chain reorganization.

The Tezos community is known for its on-chain governance mechanism, which could facilitate a smooth transition to post-quantum cryptography. Proposals for protocol upgrades, including the integration of PQC, can be voted on by XTZ holders and implemented without contentious forks. This governance model may give Tezos an advantage in adopting such changes compared to networks where upgrades are more contentious.

Beyond Tezos, other projects are also exploring quantum-resistant privacy solutions. The Zcash Foundation has experimented with post-quantum variants of its shielded transactions, but these are not yet deployed. Ethereum’s Vitalik Buterin has discussed the concept of 'quantum-safe' EVMs, and some layer-2 scaling solutions are integrating PQC for rollups. The broader trend suggests that quantum resistance is becoming a mainstream requirement for new blockchain projects, rather than a niche concern.

In conclusion, the launch of TzEL on the Tezos testnet represents a significant milestone in the ongoing effort to future-proof blockchain privacy. While the prototype is experimental and the road to production deployment is long, it demonstrates that quantum-resistant private payments are technologically feasible today. Combined with parallel efforts from Solana, MARA, and research from Coinbase and others, the industry is gradually building the cryptographic infrastructure needed to survive the eventual arrival of quantum computing. Whether that arrival comes in three years or thirty, the work being done now will determine whether blockchain networks can continue to offer the security and privacy that users have come to expect.

Source: Cointelegraph News