An Ethereum researcher has published a proposal that could let wallets and smart accounts verify post-quantum signatures directly on the EVM — no protocol-level overhaul required. The design, posted this week on the Ethereum Research Forum by the researcher known as nicocsgy, replaces the usual SHAKE256 hash with KECCAK256 to keep costs down inside Ethereum's native execution environment. It's still a research draft, not a shipping standard, but it gives the ecosystem a concrete path to think about before quantum computing becomes an urgent problem.
What the proposal does differently
The scheme uses SPHINCS+, a stateless post-quantum signature scheme that the U.S. National Institute of Standards and Technology (NIST) standardized a few years ago. For the EVM, the proposal swaps out SHAKE256 for KECCAK256 — a hash that's already native to the network. That swap makes verification cheaper because the EVM doesn't have to pay extra opcode costs for a non-native hash.
The estimated gas cost for verifying one signature lands between 127,000 and 150,000 gas. That's more than a normal ECDSA signature, but the researcher argues it's practical for high-value wallets and smart accounts where the security upgrade justifies the expense. The proposal is deliberately narrow: it focuses on typical wallet behavior, not every theoretical edge case. A production version would need serious review before anyone trusts it with real funds.
Why now, and why not yet
Quantum computing isn't an immediate threat to Ethereum wallets. No one is breaking elliptic-curve cryptography in production today. But the ecosystem needs credible upgrade paths before the risk becomes urgent — and that means starting the engineering work years in advance. This proposal is one such path: it gives wallet developers a migration route that doesn't require waiting for a hard fork or a change to Ethereum's consensus layer.
The timing also matters because Ethereum's account abstraction efforts are gaining traction. Smart accounts that manage their own signature verification logic could adopt a scheme like this without touching the core protocol. That's the whole point: the proposal aims to provide a migration path for wallets and smart accounts without a full protocol-level upgrade.
What comes next
This is still research. Any production version would need a thorough audit, real-world testing, and probably multiple rounds of community feedback. The Ethereum Research Forum post is an invitation for other researchers and developers to poke holes in the design, stress-test the gas estimates, and suggest improvements. No one should expect to deploy this to mainnet tomorrow — but it's the kind of foundational work that might prevent a panic later.
