Sonic’s Road to Quantum Resistance

Consensus in proof-of-stake (PoS)  blockchains is the process by which distributed networks agree on a ledger without a central authority.  PoS chains have a set of validators whose stakes (tokens in the cryptocurrency) are locked. Validators propose and attest to new blocks, and misbehavior is punished by slashing their stake, making attacks economically costly while using a fraction of proof-of-work's energy.

The security of this system rests on more than economics. It depends on the cryptographic primitives that authenticate validators and link blocks together. Most current blockchains rely on elliptic-curve digital signatures (such as ECDSA or Ed25519) to prove ownership of funds and validator identities, and on cryptographic hash functions to chain blocks.

A sufficiently powerful quantum computer running Shor's algorithm could solve the discrete logarithm problem underlying elliptic-curve cryptography, allowing an attacker to derive a user's or validator's private key from their public key and forge signatures at will. Cryptographic hash functions, by contrast, remain usable under post-quantum assumptions, while elliptic-curve schemes require full replacement.

“Whether Sufficiently Powerful Quantum computers for cracking elliptic curves will arrive tomorrow or in 50 years - this is everyone's best guess. Though I am critical about the availability of such powerful Quantum computers in the near future, the industry must be prepared.”
- Bernhard Scholz, Chief Research Officer

Mitigations for elliptic curve cryptography are under active research, including post-quantum signature schemes such as hash-based signatures (XMSS, SPHINCS+) and lattice-based schemes (Dilithium, Falcon), which rely on mathematical problems believed to resist both classical and quantum attacks. 

The blockchain industry must prepare for these new cryptographic primitives and invest heavily to ensure its chains are ready for a Post-Quantum world.

The Aggregation Trap

Within the PoS consensus space, broad families of consensus families have emerged. Leader-based protocols like PBFT, HotStuff, Tendermint, and their derivatives designate a single leader per view who drives consensus by broadcasting proposals and collecting votes. Certified DAG protocols such as Narwhal, Bullshark, DAG-Rider, and others embed the commit decision in a shared causal graph built from all validators' events, thereby replacing explicit proposals and votes with local inspection of the DAG's structure.

What makes these protocols difficult to migrate is not the consensus logic itself but the cryptographic primitives that were used in their implementation. No NIST-standardized post-quantum analog of BLS aggregation exists today. Protocols typically rely on threshold signatures or BLS aggregation to compress quorum certificates into a single verifiable object, and these schemes rest on pairing-based assumptions that Shor's algorithm can dismantle just as readily as plain elliptic-curve signatures. Migrating them to post-quantum primitives is not a drop-in replacement.

Lattice-based schemes like Dilithium and Falcon do not aggregate cheaply, hash-based schemes like SPHINCS+ produce signatures tens of kilobytes in size, and no NIST-standardized post-quantum analog of BLS aggregation exists today. The result is that a quantum-safe version of HotStuff or Narwhal would face an order-of-magnitude blow-up in certificate size, verification cost, and bandwidth — or would require abandoning aggregation entirely and redesigning the protocol around a different trust model.

SonicCS by Design

The SonicCS protocol disseminates events periodically via a gossip protocol. No acknowledgment round is required, no global coin (a shared randomness beacon built from threshold signatures, used by asynchronous BFT protocols to break ties when validators would otherwise stall) is formed, and no aggregate certificate is produced; instead, partial synchrony is relied on to achieve liveness. 

Each event in the unstructured DAG carries only a standard digital signature from its creator; the only additional cryptographic primitive required is a hash function to reference parent events in the DAG.

Migrating to post-quantum security, therefore, requires only replacing the per-event and transaction signatures with a NIST-standardized scheme such as Dilithium or Falcon; nothing else in the SonicCS protocol changes.

What This Means for Sonic

Most PoS chains will face a painful migration when post-quantum cryptography becomes mandatory. Protocols built around BLS aggregation and threshold signatures will need to rework certificate structures, bandwidth models, and, in some cases, even their core trust assumptions.

Sonic does not have that problem. SonicCS uses only two cryptographic primitives: a standard digital signature per event and a hash function to reference parents in the DAG. When the industry moves to post-quantum standards, Sonic swaps the signature scheme, updates the hash output size, and ships. The consensus logic, the DAG structure, and the liveness guarantees all stay the same.

This is the payoff of vertical integration. Because Sonic owns its consensus protocol end-to-end, it can make forward-looking architectural decisions at the cryptographic layer today rather than scrambling to retrofit when the threat becomes operational.

(The Sonic tech team will keep up to date with Ethereum Foundation's approach to Post-Quantum updates, roadmap and research.)

Frequently Asked Questions