Post-quantum signature standards could force exchanges to rethink the way they generate deposit addresses, new research warns.
A central piece of custodial crypto infrastructure — hierarchical deterministic (HD) wallets standardized by BIP32 — lets exchanges like Coinbase and Binance create new deposit addresses from a public key sitting on an online server, while the private signing key stays offline in cold storage. That separation is foundational: it enables on-demand address generation without exposing the keys that control customer funds.
But researchers at Project Eleven say that separation may crumble if blockchains migrate to some post-quantum signature schemes. In a paper posted to the IACR archive this month, the team argues that certain post-quantum signatures — including ML-DSA, a digital-signature standard recently finalized by the U.S. National Institute of Standards and Technology (NIST) — would break the BIP32-style “non-hardened” derivation that lets new public child keys be produced from a parent public key alone.
“If Bitcoin adopted ML-DSA without a construction like ours, you lose non-hardened derivation,” said Conor Deegan, Project Eleven’s CTO and co-founder, in an interview with Decrypt. “That means any system that needs to generate fresh receiving addresses—exchanges, payment processors, custodial services—can no longer do so from a public key alone.” Under such a model, the private key would need to be involved in each child-key derivation, removing the neat hot/cold split that many operators rely on.
Exchanges could try to replicate the same separation using hardware security modules (HSMs), secure enclaves, or air-gapped signing devices. But Deegan warns those approaches increase operational complexity and risk compared with the current clean BIP32 setup.
Project Eleven — a post-quantum startup founded in 2024 and backed by Castle Island Ventures with participation from Coinbase Ventures — isn’t just pointing out the problem. The team also published a prototype wallet that aims to restore non-hardened derivation in a quantum-resistant way. Their construction recreates the BIP32 feature that allows new public keys to be generated without exposing private keys, and it operates entirely at the wallet layer. That means blockchains would only need to support the underlying post-quantum signature scheme used by the wallet, rather than adopt a full protocol redesign.
That caveat is significant. Bitcoin does not currently support ML-DSA or the alternative scheme used in Project Eleven’s prototype, so a network-level upgrade would be required to deploy these designs on Bitcoin. By contrast, Deegan notes similar quantum-resistant wallet constructions could be implemented on Ethereum today via account abstraction, which permits more flexible signature logic without protocol-level changes.
The paper highlights a practical tension at the intersection of crypto custody and post-quantum security: migrating to quantum-resistant signatures may be necessary for long-term safety, but some migration paths could undermine operational patterns that custodians depend on today. Project Eleven’s prototype is an early attempt to bridge that gap; whether exchanges and networks will adopt similar approaches — and how quickly they move — remains to be seen.
Read more AI-generated news on: undefined/news
