{ "id": 62900, "date": "2026-03-09T13:31:46", "date_gmt": "2026-03-09T06:31:46", "guid": { "rendered": "https:\/\/hbbgroup.net\/post-quantum-shift-could-force-crypto-exchanges-to-rethink-wallet-security\/" }, "modified": "2026-03-09T13:31:46", "modified_gmt": "2026-03-09T06:31:46", "slug": "post-quantum-shift-could-force-crypto-exchanges-to-rethink-wallet-security", "status": "publish", "type": "post", "link": "https:\/\/hbbgroup.net\/en_us\/post-quantum-shift-could-force-crypto-exchanges-to-rethink-wallet-security\/", "title": { "rendered": "Post-Quantum Shift Could Force Crypto Exchanges to Rethink Wallet Security" }, "content": { "rendered": "
\n

A widely used method that crypto exchanges rely on to generate deposit addresses while keeping private keys offline could break if blockchains migrate to post-quantum cryptography, according to new research.<\/span><\/p>\n

Exchanges such as Coinbase and Binance currently rely on hierarchical deterministic wallets, a system standardized under Bitcoin Improvement Proposal 32, or BIP32.\u00a0<\/span><\/p>\n

The design allows operators to generate fresh deposit addresses from a public key stored on a server while the private signing key remains offline in cold storage.<\/span><\/p>\n

That separation is foundational to how custodial crypto infrastructure works, enabling exchanges to create addresses on demand without exposing the keys that control customer funds.<\/span><\/p>\n

But researchers at Project Eleven argue the architecture may not function under some post-quantum signature schemes, including ML-DSA, a digital signature standard finalized by the U.S. National Institute of Standards and Technology as part of its post-quantum cryptography program.<\/span><\/p>\n

Project Eleven, a post-quantum cryptography startup founded in 2024 and backed by Castle Island Ventures with participation from Coinbase Ventures, is building tools to help financial and blockchain systems transition to quantum-resistant security.<\/span><\/p>\n

\u201cIf Bitcoin adopted ML-DSA without a construction like ours, you lose non-hardened derivation,\u201d Conor Deegan, CTO and co-founder of Project Eleven, told <\/span>Decrypt<\/span><\/i>. \u201cThat means any system that needs to generate fresh receiving addresses\u2014exchanges, payment processors, custodial services\u2014can no longer do so from a public key alone.\u201d<\/span><\/p>\n

Under that model, the private key would need to participate in every child-key derivation used to generate new addresses.\u00a0<\/span><\/p>\n

While systems could rely on hardware security modules, secure enclaves, or air-gapped devices to perform those operations, Deegan said such approaches add complexity and operational risk.<\/span><\/p>\n

\u201cThe clean separation that BIP32 provides today, with a public key on a hot server and private key in cold storage, goes away,\u201d he said.<\/span><\/p>\n

The team published<\/a> its findings on the cryptography-focused IACR research archive earlier this month and released a prototype wallet designed to restore this functionality using quantum-resistant techniques.<\/span><\/p>\n

The proposed design recreates a core feature of BIP32 known as non-hardened key derivation, allowing new public keys to be generated without exposing private keys even under post-quantum cryptography.<\/span><\/p>\n

The construction operates entirely at the wallet layer, meaning blockchains themselves would only need to support the underlying signature scheme used by the wallet. Bitcoin does not currently support ML-DSA or the alternative scheme used in the researchers\u2019 prototype, meaning a protocol upgrade would be required before such designs could be deployed on the network.<\/span><\/p>\n

Deegan added that similar wallet constructions could already be implemented on Ethereum using account abstraction, which allows more flexible signature logic without requiring protocol-level changes.<\/span><\/p>\n

\n

Daily Debrief Newsletter<\/h3>\n

Start every day with the top news stories right now, plus original features, a podcast, videos and more.<\/p>\n<\/div>\n<\/div>", "protected": false }, "excerpt": { "rendered": "

A widely used method that crypto exchanges rely on to generate deposit addresses while keeping private keys offline could break […]<\/p>", "protected": false }, "author": 5, "featured_media": 62901, "comment_status": "open", "ping_status": "open", "sticky": false, "template": "", "format": "standard", "meta": { "_acf_changed": false, "footnotes": "" }, "categories": [ 220 ], "tags": [], "class_list": [ "post-62900", "post", "type-post", "status-publish", "format-standard", "has-post-thumbnail", "hentry", "category-tien-dien-tu" ], "acf": [], "_links": { "self": [ { "href": "https:\/\/hbbgroup.net\/en_us\/wp-json\/wp\/v2\/posts\/62900", "targetHints": { "allow": [ "GET" ] } } ], "collection": [ { "href": "https:\/\/hbbgroup.net\/en_us\/wp-json\/wp\/v2\/posts" } ], "about": [ { "href": "https:\/\/hbbgroup.net\/en_us\/wp-json\/wp\/v2\/types\/post" } ], "author": [ { "embeddable": true, "href": "https:\/\/hbbgroup.net\/en_us\/wp-json\/wp\/v2\/users\/5" } ], "replies": [ { "embeddable": true, "href": "https:\/\/hbbgroup.net\/en_us\/wp-json\/wp\/v2\/comments?post=62900" } ], "version-history": [ { "count": 0, "href": "https:\/\/hbbgroup.net\/en_us\/wp-json\/wp\/v2\/posts\/62900\/revisions" } ], "wp:featuredmedia": [ { "embeddable": true, "href": "https:\/\/hbbgroup.net\/en_us\/wp-json\/wp\/v2\/media\/62901" } ], "wp:attachment": [ { "href": "https:\/\/hbbgroup.net\/en_us\/wp-json\/wp\/v2\/media?parent=62900" } ], "wp:term": [ { "taxonomy": "category", "embeddable": true, "href": "https:\/\/hbbgroup.net\/en_us\/wp-json\/wp\/v2\/categories?post=62900" }, { "taxonomy": "post_tag", "embeddable": true, "href": "https:\/\/hbbgroup.net\/en_us\/wp-json\/wp\/v2\/tags?post=62900" } ], "curies": [ { "name": "wp", "href": "https:\/\/api.w.org\/{rel}", "templated": true } ] } }