Hi Algorand Community,
I already communicated with the Algorand foundation, so I also show their helpful answer below my questions:
How do you plan to address the post-quantum world? Our Algorand hardware wallet has a public key which I am assuming is based on Bernstein’s 25519 elliptic curve (Montgomery elliptic curves). As you know, there is a variant of Shor’s algorithm that can break these public keys with sufficient quantum computing resources. That means that a quantum computer could at some time in the future start with my public key and compute my private key and then send our ALGOs somewhere else.
Do you plan to use McEliece or lattice-based post-quantum crypto?
How will that transition work?
It is true that the cryptographic primitives currently used on Algorand are not
secure against a large enough quantum computer. There are two main places
where non-post-quantum signature schemes are used:
a. In the consensus protocol: for participation nodes to sign votes and
b. When transacting: to sign transactions for your accounts.
Regarding (a), the soon-to-be-available state proofs (previously
called compact certificates) will be based on post-quantum primitives
such as Falcon ([WIP]New participation keys by algoidan · Pull Request #57 · algorandfoundation/specs · GitHub
). This will allow post-quantum checkpoints / proofs of the
Regarding (b), post-quantum signature schemes are not yet supported
but will be supported way before quantum computers will be able to
break ED25519 signatures. Algorand already has a mechanism to upgrade
keys: rekeying, which will make the transition quite smooth.
Do not hesitate to post such questions on forum.algorand.org as
answers can help the whole community.
The Algorand Foundation Team