Inside Algorand's Plan To Survive Q-Day

15 July 2026 - 22:38 CEST
By Isabelle Castro
Quantum Computers

Q-Day is the name of a moment that researchers say quantum computing will change the face of the internet, one the Algorand Foundation has been preparing against for some time. 

Currently underpinned by cryptography that would take a conventional computer longer than the existence of the universe to crack, internet services and blockchains are protected from many bad actors. However, one quantum computer could unravel it in a few minutes. 

When that day may be is disputed. "Depending on who you ask, you're going to get different answers," Bruno Martins, chief technology officer at the Algorand Foundation told Sandmark

In the Global Risk Institute's 2024 poll of quantum specialists, 27% of respondents expected a cryptographically relevant quantum computer within 10 years and half expected one within 15. 

"Over the last year there have been significant developments, to the point where it seems more likely than not that quantum computers will be stable enough and preformant enough that we should be worried," continued Martins. 

Much of the non-crypto internet has already begun building its quantum-resistant encryption supported by government bodies. The US National Institute of Standards and Technology (NIST) finalized its first three post-quantum encryption standards in August 2024 and plans to phase out most of those that aren't quantum resistant by 2030, banning them outright from federal systems from 2035. 

Blockchains face a harder migration as their cryptography must be reproduced identically across thousands of nodes and come with a trade off that could slow down transactions.  According to a Reuters report published on 8 Jul, none of the 20 largest blockchains had implemented quantum resilient frameworks across their protocols.

At the Algorand Foundation, which oversees the Algorand blockchain, an upgrade planned for "early to mid-August" will pave the way for native quantum-resistant accounts, Martins said. It's the first milestone in a roadmap that targets broad post-quantum resilience across the network by the end of 2027. 

A shrinking timeline

When Algorand began its post-quantum work in 2022, whether a cryptographically relevant quantum computer could ever be built was still an open question. "The theory that was around put the timeline very far out," Martins said. "But as Google showed, that seems closer than we previously thought."

Google Quantum AI, published a whitepaper in March which estimated that a quantum computer twenty times less powerful than previously thought could run a programme to crack the cryptography securing most blockchains in minutes. 

The paper warned that the fastest quantum machines could be used to steal funds mid-payment, cracking the sender's key before a transfer is confirmed, while slower ones could be used to access wallets holding an estimated 1.7mn BTC that have sat dormant onchain for years. 

Researchers from the company have separately said machines capable of breaking encryption could arrive by 2029, a threat it had previously placed at least a decade away. On 2 Jun, global technology company IBM committed more than $10bn to its quantum programme over the next five years, targeting the first large-scale fault-tolerant quantum computer in 2029. The company says it expects to have machines that are able to beat normal computers in conducting useful tasks by the end of this year.

"I do think the responsible thing to do is to have a plan, because this is our Y2K moment," Martins said. He referred to the "millennium bug" of the late 1990s, when older software stored years as two digits and was expected to misread the year 2000 as 1900. Fear of the bug prompted governments and businesses to spend an estimated $300bn patching systems before the deadline, upgrading computer systems ahead of the failure, expected to strike on 1 January 2000.

"The difference is, before, we knew exactly the date. Now we don't. So we kind of have to be prepared without a date ahead," said Martins.

The Algorand playbook

Since 2022, Algorand has deployed Falcon, a "lattice-based" quantum resistant signature technology. Chris Peikert, Algorand's chief security officer, is one of the researchers developing this kind of cryptography, meaning that the network has been at the forefront of developments towards quantum resistance using this new type of encryption.

The early deployment of the technology was used to create quantum-ready "state proofs," periodic attestations of the ledger's history. If a quantum computer were to come online, Martins explained, the state proofs would provide a record of the Algorand network which couldn't be manipulated. 

The Foundation then let some users secure funds with Falcon through program-controlled accounts, which tested the new framework on live mainnet accounts without touching the protocol itself. However, these accounts were inaccessible for the average user: "You have to be a bit technical and really want to do it," Martins said. The upcoming August upgrade makes Falcon accounts native to the network so that standard wallets and developer tools support them as they would any other account.

The difference for users should, in theory, have very little friction. A property called "rekeying" lets an account swap the key that authorizes spending without changing its address or moving any assets. "You keep the same account and just say, now I want to sign with this other key that ends up to be Falcon," Martins said. "You're already quantum resistant from that day forward without any big migration hurdles." The network is being restructured to accept new quantum resistance standards as they emerge.

The consensus problem

However, even as the team gears up for the protocol update, he conceded that full-scale deployment won't be easy. "The number one challenge is consensus," Martins said. 

Consensus is the process by which the thousands of computers behind a blockchain agree on what goes into the next block. On Algorand, it works like a lottery, with each computer using its private key to prove it has won the right to propose or approve a block. Those proofs run on the same quantum-vulnerable cryptography as accounts, so a quantum computer could forge winning tickets and take control of what gets written to the ledger. While account signatures had quantum-safe replacements, the equivalent for consensus didn't exist, leaving networks to invent their own.

The Algorand team believes it cracked the problem a few weeks ago, explained Martins, with a paper to be published early next year explaining how other protocols can address it in the same way. He was reluctant to relay specifics before the publication but said: "With that out of the way, the road is open. We know how to make Algorand fully quantum resistant, not just accounts." 

The tradeoff

Martins makes the migration to quantum resistance sound simple, begging the question why others have not followed? Some have told Martins that Algorand is an early player in the quantum play. "I disagree," he said. "I think this is exactly the time, and time is of the essence."

Still, Algorand's goal for network compliance by the end of 2027 puts it ahead of the two biggest networks in crypto. The Ethereum Foundation has said it is targeting 2029 for full quantum protection, per Reuters, while Bitcoin's path remains the subject of competing proposals. In February, a proposed upgrade to add quantum-safe addresses became an official candidate for adoption.

One downside to migration and perhaps why some blockchains haven't acted quickly to the threat posed by quantum computing is that resistance comes with a tradeoff. "They're larger, they're slower, they take more space [...] Some networks might see a slowdown in block cadence, because more data needs more time to propagate across the network." All this, he explained, could make processes more expensive. 

"It's a big decision, and they'll have to make it and live with the consequences, or plan to be flexible," Martins said.

While "Q-Day" is still on the horizon, Algorand will offer hybrid accounts protected by a classical key and a quantum-resistant key at once. "You sort of hedge your bets for the in-between time," Martins said. 

Time is of the essence

Martins argued that the window for quantum resistance being a differentiator will close on its own. "In a post-quantum world, being quantum resistant is not a feature. It's just the world we live in," he said. "It's like saying the software we use today is Y2K-ready. After Q-Day comes, either you did the responsible thing, either you showed your technical competence and responsibility to take care of the network and your users, or you didn't."

Migrating to a fully quantum resistant network by the end of 2027 should almost be an anticlimax, explained Martins, "praised by the technical folks and unnoticed by the end user." Users should still be able to trade and use decentralized finance applications with no downtime and as little slowdown as possible, he said.