Aptos is thinking several steps ahead. The blockchain has introduced AIP-137, a proposal to add quantum-resistant signatures designed to protect the network long before quantum computers become a real threat.
The upgrade would introduce SLH-DSA-SHA2-128s, a post-quantum signature scheme backed by NIST standards, making Aptos one of the more proactive layer-1s on future cryptographic risk.
Why Aptos Is Doing This Now
Quantum computing is no longer science fiction. IBM, Google, and Microsoft are all pushing aggressive timelines, while NIST has finalized post-quantum cryptography standards. Experts disagree on when quantum attacks arrive. Some say decades. Others say the mid-2030s.
Plans for a post-quantum future on Aptos, drafted by @AptosLabs' Head of Cryptography, @alinush.
— Aptos (@Aptos) December 18, 2025
→ AIP-137 aims to empower Aptos to better respond to future developments in quantum computing with a focus on ease of integration & limited new security assumptions.
Learn more 👇 https://t.co/dgPRueL4Jk
Aptos isn’t waiting to find out.
The proposal, authored by Aptos Labs Head of Cryptography Alin Tomescu, takes a conservative path. The goal isn’t speed or elegance. It’s survivability.
Security First, Performance Second
Aptos chose SLH-DSA, a stateless, hash-based signature scheme standardized as FIPS 205. It relies only on SHA-256, which Aptos already uses across its system. No exotic math. No new assumptions.
That choice is intentional. Past post-quantum schemes have failed badly. In 2022, Rainbow, once a NIST finalist, was broken on a standard laptop.
The trade-off is clear:
- Signatures are much larger (about 7.8 KB)
- Verification is slower than today’s Ed25519
Aptos is fine with that. The priority is eliminating the risk of a “quantum-safe” system breaking under classical attacks.
Faster options like ML-DSA and Falcon exist, but they introduce new mathematical risks or tricky implementations. Aptos is saving those for later.
No Forced Migration
Importantly, this isn’t a mandatory switch. Ed25519 remains the default. The quantum-resistant option is additive, not disruptive.
That means developers and users who want post-quantum protection can adopt it early, while the rest of the network continues as normal. Feature flags allow a gradual rollout across validators, wallets, and tooling.
A Broader Industry Shift
Aptos isn’t alone. Concern around quantum risk is rising fast.
Solana co-founder Anatoly Yakovenko recently warned that Bitcoin could face meaningful quantum threats within five years. Others estimate 30% of BTC’s supply still sits in addresses vulnerable to quantum attacks.
Even Bitcoin bulls see adaptation as inevitable. Michael Saylor has argued quantum computing won’t kill crypto—it will force networks to upgrade and emerge stronger.
Bottom Line
Aptos isn’t chasing headlines. It’s laying groundwork.
By adding a conservative, standards-based quantum-resistant signature now, the network buys itself time. And in cryptography, time is everything.
Quantum computers may still be years away. But when they arrive, Aptos doesn’t want to be scrambling.
