Post-Quantum Readiness in EdDSA Chains

• Quantum computers threaten blockchains that rely on ECDSA, since exposed public keys may allow adversaries to recover private keys using quantum algorithms.
• Existing post-quantum migration proposals often require address changes, hybrid signature schemes, or mechanisms that fail to protect inactive accounts.
• We observe that blockchains using EdDSA signatures (e.g., Sui, Solana, Near) have a structural advantage: their keys are deterministically derived from a seed according to RFC 8032.
• This property allows users to prove ownership of an account by proving knowledge of the EdDSA seed in zero knowledge, without revealing elliptic-curve secrets.
• We introduce a post-quantum migration protocol where the EdDSA seed acts as the witness in a zero-knowledge proof that authorizes new quantum-safe signatures.
• The protocol enables seamless migration to post-quantum security while preserving existing addresses and maintaining backward compatibility.
• Our approach works even when public keys have already been exposed, which is common for active blockchain accounts.
• We formalize a security model for post-quantum ready signatures, capturing both dual-mode security (classical and post-quantum) and compatibility with existing blockchain systems.
• We prove the security of the construction using a game-based argument showing that knowledge of the EdDSA seed is necessary to authorize the migration.
• We implement a proof-of-concept using the Ligetron zkVM, demonstrating practical performance with 6.2s proving time, 2.3s verification time, and 5.4MB proof size.

Link to the paper

Tiny side note from the cryptography nerd corner: the trick of using the EdDSA seed instead of the scalar is what makes the whole thing elegant. RFC 8032 quietly gave EdDSA chains a time capsule for post-quantum migration years before anyone was worrying about it seriously. Sometimes standards hide little gifts for the future.