Ethereum Foundation Kohaku lead floats $0.07 post-quantum account protection via “SPHINCS-”
The proposal adapts NIST’s SPHINCS+ to cut onchain verification costs without a hard fork or precompile.
Ethereum Foundation Kohaku project lead Nicolas Consigny said Ethereum accounts could add post-quantum protections for as little as $0.07 without waiting for a hard fork. The approach, dubbed “SPHINCS-,” is positioned as an Ethereum-optimized adaptation of NIST-standardized SPHINCS+ and a bridge to a future aggregated design called “leanSPHINCS.”
Key Takeaways
- A Kohaku project lead at the Ethereum Foundation said post-quantum protections could be added to Ethereum accounts for as little as $0.07 without waiting for a hard fork.
- “SPHINCS-” is framed as an adaptation of NIST-standardized SPHINCS+ designed to reduce onchain verification costs without a protocol change or a precompile.
- The work is positioned as a near-term bridge toward “leanSPHINCS,” a future design that targets further cost reductions through signature aggregation.
- Glassnode estimated 1.92 million BTC (about 10% of supply) are “structurally unsafe” and 4.12 million BTC (20.6%) are “operationally unsafe” in a quantum-attack scenario, with 69.8% (13.99 million BTC) unexposed.
The $0.07 Claim: Post-Quantum Account Protection Without a Hard Fork
Ethereum Foundation Kohaku project lead Nicolas Consigny said on June 14 that Ethereum could begin adding post-quantum protections to accounts “for as little as $0.07” without waiting for a hard fork. Consigny tied the claim to a paper he shared on X describing a way to make post-quantum signature verification cheaper on Ethereum.
For traders, the headline implication is less about an imminent cryptography migration and more about timeline framing. If an opt-in mitigation can be deployed at the account level without a protocol change, post-quantum readiness stops being purely a hard-fork-dependent roadmap item and becomes something wallets and smart accounts could potentially adopt incrementally.
The packet does not include the paper link or the benchmarking assumptions behind the $0.07 figure. Without gas price inputs, calldata assumptions, and clarity on whether the estimate is meant for L1 or an L2 environment, the number reads as a sentiment catalyst first and an adoption forecast second.
Inside “SPHINCS-”: An Ethereum-Optimized SPHINCS+ Adaptation
SPHINCS- is described as an adaptation of SPHINCS+, a post-quantum digital signature standard developed by the US National Institute of Standards and Technology (NIST). The stated goal is to reduce onchain verification costs on Ethereum.
Two constraints matter in the way the proposal is framed. First, it aims to avoid a protocol change. Second, it aims to avoid a precompile, meaning it is not asking the base layer to add a special-purpose, cheaper execution path for verification. That combination, if it holds up in implementation, is the key market-structure point: it shifts the burden from core protocol governance to ecosystem coordination across wallets, account standards, and contract tooling.
The motivation is explicitly long-dated. The proposal is framed as a cost-efficient mitigation for the risk that quantum computing could eventually threaten ECDSA-style cryptography used for account signatures, with Shor’s algorithm cited as the theoretical attack path.
From SPHINCS- to “leanSPHINCS”: The Aggregation Roadmap
Consigny described SPHINCS- as a bridge toward “leanSPHINCS,” a future post-quantum signature system that aims to reduce verification costs further through aggregation. That roadmap choice is an admission embedded in the design story: cost and scalability remain the binding constraints for post-quantum signatures on Ethereum.
Aggregation is the lever that matters because it targets the two things traders actually feel onchain: verification compute and data footprint. The packet does not provide comparative numbers between SPHINCS- and leanSPHINCS, but the direction is clear. The near-term pitch is “deployable without protocol change,” while the longer-term pitch is “make it cheaper at scale.”
Confirmations Traders Should Track Before This Becomes a Real Narrative
The first confirmation is the release of the referenced SPHINCS- paper with reproducible benchmarks that show how the ~$0.07 estimate is derived, including gas price assumptions, calldata sizing, and whether the target environment is Ethereum L1 or an L2.
Second, watch for concrete wallet or account-standard support that makes opt-in post-quantum protections real without a hard fork or precompile. Without integrations, the proposal stays research-grade even if the cryptography is sound.
Third, the real test for the roadmap is whether leanSPHINCS aggregation prototypes demonstrate a material verification-cost reduction versus SPHINCS-, not just a conceptual path.
Finally, any Ethereum research or roadmap updates that move the conversation from “mitigation without protocol change” toward a dedicated hard-fork path would signal that ecosystem-level opt-in is not sufficient for the threat model being prioritized.
Marcus Hale’s Take: A Cheap Opt-In Path Could Shift the Quantum Timeline Debate
I treat the $0.07 headline as a narrative accelerant, not a deployment guarantee. The packet gives no independent benchmarking assumptions, and cost claims in Ethereum land are meaningless until they specify gas, calldata, and execution venue.
The threshold that matters is whether SPHINCS- truly works without a protocol change or precompile and still lands in a cost band wallets can stomach. If that holds, the setup starts to look structural rather than narrative-driven because it turns post-quantum protection into an opt-in account feature that can spread through standards and integrations, not a single hard-fork moment that markets can perpetually push into the future.
