Quantum computers threaten to break the cryptographic algorithms that secure blockchains today, which is why researchers and developers are working to transition to post-quantum cryptography. But the transition could be bumpy, and not all systems will be able to migrate without changes. 

“The clean separation that BIP32 provides today, with a public key on a hot server and private key in cold storage, goes away,” he said.

The team published its findings on the cryptography-focused IACR research archive earlier this month and released a prototype wallet designed to restore this functionality using quantum-resistant techniques.

The proposed design recreates a core feature of BIP32 known as non-hardened key derivation, allowing new public keys to be generated without exposing private keys even under post-quantum cryptography.

The construction operates entirely at the wallet layer, meaning blockchains themselves would only need to support the underlying signature scheme used by the wallet. Bitcoin does not currently support ML-DSA or the alternative scheme used in the researchers’ prototype, meaning a protocol upgrade would be required before such designs could be deployed on the network.

Deegan added that similar wallet constructions could already be implemented on Ethereum using account abstraction, which allows more flexible signature logic without requiring protocol-level changes.

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.

A widely used method for generating crypto deposit addresses could break if blockchains adopt post-quantum cryptography, according to new research. Exchanges like Coinbase and Binance rely on the BIP32 standard to create addresses from a public key while keeping the private key offline. Researchers argue this separation would fail under some quantum-resistant signature schemes, potentially forcing major operational changes for custodial services.

A foundational method for crypto exchanges to generate deposit addresses may become incompatible with future quantum-resistant blockchains. New research suggests the hierarchical deterministic wallet standard known as BIP32 could fail under post-quantum signature schemes like ML-DSA.

Exchanges such as Coinbase and Binance use this system to create fresh addresses from a server-held public key. The corresponding private signing key remains securely offline in cold storage, which is crucial for custodial security.

Researchers at Project Eleven, a post-quantum cryptography startup, identified this potential vulnerability. The firm is backed by Castle Island Ventures with participation from Coinbase Ventures.

Conor Deegan, CTO and co-founder of Project Eleven, explained the consequence. “If Bitcoin adopted ML-DSA without a construction like ours, you lose non-hardened derivation,” he stated.

This loss would mean systems needing fresh addresses could no longer generate them from a public key alone. The private key would then be required for every new address derivation, increasing operational risk.

“The clean separation that BIP32 provides today, with a public key on a hot server and private key in cold storage, goes away,” Deegan said. The team has released a prototype wallet designed to restore this functionality using quantum-resistant techniques.

Their proposed construction recreates the vital feature of non-hardened key derivation. This allows new public keys to be generated without exposing private keys even under post-quantum cryptography.

The design operates at the wallet layer, meaning blockchains would only need to support the underlying signature scheme. Bitcoin does not currently support ML-DSA or the alternative scheme used in the researchers’ prototype.

Deegan noted that similar constructions could be implemented on Ethereum using account abstraction. This flexibility allows for more complex signature logic without requiring changes to the core protocol.