StarkWare has published a post-quantum roadmap for Starknet, arguing that the Ethereum layer-2 network is positioned for the most straightforward migration of any major blockchain—because, it says, its architecture never relied on the cryptography that quantum computers put at risk.
The architecture argument
The case StarkWare makes rests on two structural features. The first is the proof system itself. Starknet is built on STARK proofs, which — as the title of the 2018 paper co-authored by StarkWare CEO Eli Ben-Sasson put it — rely on collision-resistant hash functions rather than elliptic-curve arithmetic.
That distinction is central to the entire quantum problem: Shor’s algorithm threatens the elliptic-curve cryptography underpinning most blockchains’ signatures, while hash functions are far more resistant. Starknet’s proving layer, in other words, was never exposed to the vulnerability that defines the migration challenge for others.
The second is native account abstraction, which lets a contract change how it authenticates without a protocol-level breaking change. In practice, that means a Starknet user can deploy a quantum-resistant wallet today—a capability StarkWare says has already been demonstrated by S2morrow, which built a Falcon-512 account in Cairo, with OpenZeppelin developing a post-quantum account contract of its own.
StarkWare contrasts this with Bitcoin, whose authentication stack carries elliptic-curve exposure when funds move from used addresses; Ethereum, which has mapped a multi-year, multi-fork migration across several cryptographic layers; and Solana, whose runtime, addressing, and signature pipeline are all built on elliptic-curve cryptography—none of which, it notes, offer the account abstraction that allows a no-breaking-change switch.
What the roadmap commits to
The plan is organized into three phases, the first two of which StarkWare says are within its control and carry time estimates, the third dependent on Ethereum.
Phase 1 secures all new activity by replacing Pedersen hashing, which inherits elliptic-curve assumptions, with BLAKE2, which does not, across the state, address-derivation, and chain-environment layers. StarkWare says the change to the chain’s environment anchor is already live on testnet and reaches mainnet in early July, with the remaining items roughly two months out; once complete, every new deployment, transaction, and state update independent of legacy contracts is secured by post-quantum primitives, with no action required of users or developers. Future features, including consensus signatures, are slated to use post-quantum schemes such as Falcon-512.
Phase 2 extends that protection to existing on-chain contracts at the storage level. StarkWare says it is building a migration toolkit to bring legacy deployments into post-quantum alignment without manual data migration or breaking changes, estimated at roughly a month after Phase 1 on its side, with the timeline for individual apps left open.
Phase 3 is where Starknet’s control ends. Two surfaces, the messaging layer behind its Ethereum bridge, which uses quantum-vulnerable secp256k1/r1 operations, and the data-availability layer, where the state data Starknet posts to Ethereum is anchored by a quantum-vulnerable KZG commitment, can only be resolved once Ethereum migrates. StarkWare notes that a KZG compromise would affect data-availability transparency but not the soundness of state transitions, which the STARK proof still protects.
The catch, and the caveats
That third phase is the asterisk on the headline claim. For all the strength of its proving layer and wallet flexibility, Starknet cannot reach a fully post-quantum state on its own: its bridge and data availability remain tied to Ethereum’s timeline, which has no firm completion date. A network that depends on another network to finish its migration is in a genuinely strong position relative to peers but not an independent one—a nuance worth keeping alongside the “strongest positioning in production” framing StarkWare uses.
The broader skepticism is worth airing too. Solana co-founder Anatoly Yakovenko warned earlier this year that “Ethereum L2s are not quantum safe,” a critique rooted in the fact that most rollups still lean on standard elliptic-curve wallet security. Starknet’s account abstraction is a partial answer, it makes opting into a quantum-safe wallet possible without a fork, but it is opt-in, and like every such scheme, it only protects users who actually adopt it. StarkWare is also candid in its own disclosures that the roadmap is subject to Starknet’s governance process and that no timeline or outcome is guaranteed.
Where it sits in the Q-Day race
The roadmap lands in the middle of an industry-wide scramble that TCT has tracked across the major chains racing to survive “Q-Day.” Ethereum has its own multi-year plan built on account abstraction and hash-based signatures; Ripple is targeting a fully post-quantum XRP Ledger by 2028; Bitcoin faces the hardest road and the longest timeline; and NEAR has pitched a similar one-transaction migration rooted in its own account model. StarkWare itself is no newcomer to the problem, having earlier shipped a hash-based “Quantum Safe Bitcoin” tool for high-value holdings.
What separates this roadmap from a marketing document is its specificity: it names every vulnerable surface, attaches estimates to the parts StarkWare controls, and openly flags the parts it does not. The “architecture advantage” is real—a proving layer that sidestepped elliptic curves from the start is a meaningfully better place to begin than a retrofit. But beginning is the operative word. This is, as StarkWare puts it, the formal launch of its migration, not its conclusion—a starting line drawn from a strong position, with the finish still partly in Ethereum’s hands.
