Solana has begun a structured upgrade to add quantum-resistant cryptography to its stack, executing testnet deployments and technical prototypes that aim to preserve its throughput while hardening against future quantum attacks.
Solana introduced an optional Winternitz Vault that uses Winternitz One-Time Signatures (WOTS) together with Keccak256 hashing to generate a unique key per transaction and reduce long-term key compromise risk. Post-quantum cryptography (PQC) is a class of algorithms designed to remain secure against attacks by quantum computers.
In 2025, a demonstration by BTQ Technologies with Bonsol Labs showcased NIST-standardized PQC signature verification running on Solana, validating that verification of PQC signatures can be executed on the network without nullifying performance advantages. On 2025-12-16 Solana began a deep security collaboration with Project Eleven that delivered a functioning testnet using post-quantum digital signatures and a comprehensive threat assessment of wallets, validators and cryptographic assumptions.
Solana’s architecture, built around EdDSA-style primitives, allows modular cryptographic upgrades that can be adopted without requiring users to migrate addresses or transfer assets. Implementers noted performance trade-offs: post-quantum schemes typically produce larger signatures and impose heavier computational demands, creating an optimization burden to sustain Solana’s low-latency characteristics.
Regulation and compliance implications
The project’s early testnet work contrasts with other major networks that remain largely in research or planning phases; that difference frames Solana’s case to institutional users seeking long-term resilience and regulatory alignment. “Solana didn’t wait for quantum computers to become a headline problem,” said Alex Pruden, CEO of Project Eleven. Matt Sorg, VP of Technology at the Solana Foundation, added that the effort aims to secure the network “not just today, but for decades to come.”
The upgrade is positioned to respond to evolving institutional and regulatory expectations by demonstrating concrete PQC integrations and third‑party validation on testnets. For regulated entities, quantum readiness reduces a class of systemic cryptographic risk that could affect custody, key management and settlement assurances. Continued standards alignment—particularly around NIST-approved schemes and interoperability on verification—will be a crucial factor for compliance-minded participants evaluating production readiness.
