ZCash and Algorand are not quantum resistant.

[DiscoJoker]

Algorand and Zcash are not quantum-resistant in the strict cryptographic sense, even though they are sometimes included in informal discussions about post-quantum systems.

Algorand’s security is based on Ed25519 signatures and a VRF-based leader selection mechanism, both built on elliptic curve cryptography over Curve25519. Its Pure Proof-of-Stake consensus and cryptographic sortition define how validators are selected and how agreement is reached, but they do not change the underlying cryptographic assumptions. The system ultimately depends on the hardness of the elliptic curve discrete logarithm problem, which is vulnerable to Shor’s algorithm once a sufficiently capable quantum computer exists. Algorand itself acknowledges this limitation: its current signature and VRF schemes are not post-quantum secure. While it has introduced Falcon-based state proofs for certain cross-chain verification use cases, these do not extend quantum resistance to user accounts or validator signatures, which remain exposed.

Zcash has a more layered exposure. Its shielded transactions rely on zk-SNARKs built over the BLS12-381 elliptic curve. These proofs depend on standard elliptic curve and pairing assumptions, which are not resistant to quantum attacks. zk-SNARKs provide zero-knowledge and succinct verification, but they do not avoid the underlying reliance on elliptic curve hardness. If those assumptions break, the integrity of the system’s privacy and correctness guarantees also breaks, enabling potential forgery of proofs and unauthorized note creation.

There is also a separate issue in Zcash’s encryption model. Transaction notes are encrypted using ECDH between a recipient’s viewing key and an ephemeral key. The ephemeral public key is published on-chain. A sufficiently powerful quantum attacker could recover the shared secret, allowing decryption of historical shielded transactions. This creates a “harvest now, decrypt later” risk for all encrypted data recorded today.

Under a strict definition, neither Algorand nor Zcash can be considered quantum-resistant.

Systems that can legitimately claim native post-quantum design are limited. The common examples are Quantum Resistant Ledger (QRL), Mochimo, and Abelian.

QRL uses XMSS, a hash-based signature scheme standardized in NIST SP 800-208 and RFC 8391, which avoids elliptic curves entirely. Mochimo relies on WOTS+, another hash-based one-time signature construction. Abelian is based on lattice cryptography, using assumptions derived from Learning With Errors (LWE), which is widely considered resistant to both classical and quantum attacks.

Hash-based and lattice-based systems share a key property: no known quantum algorithm, including Shor’s, breaks them in polynomial time. Grover’s algorithm only reduces the security of hash functions quadratically, which can be compensated for by increasing parameter sizes.

The main distinction is structural. Most blockchains, including Algorand and Zcash, rely on classical elliptic curve assumptions that will fail in the presence of a sufficiently powerful quantum computer. QRL, Mochimo, and Abelian remove that dependency entirely by redesigning the signing layer around post-quantum primitives.

[Oshosondy]

I do not know about zcash, it was only algo that Google said recently that is quantum resistant which caused the price of algo to increased to almost double at the time before falling back.

But algo is planning on full quantum resistant cryptography
https://pluang.com/en/news-feed/algorand-ungkap-peta-jalan-ketahanan-kuantum-2027

[DiscoJoker]

I do not know about zcash, it was only algo that Google said recently that is quantum resistant which caused the price of algo to increased to almost double at the time before falling back.

But algo is planning on full quantum resistant cryptography
https://pluang.com/en/news-feed/algorand-ungkap-peta-jalan-ketahanan-kuantum-2027

Thanks for sharing the link. I agree that Algorand having a roadmap is a positive thing, and it’s something worth recognizing. But there is a difference between having a migration plan and being quantum-resistant today. The roadmap itself acknowledges that the current cryptographic stack still relies on primitives that are not post-quantum secure.

Algorand’s current security model still depends on Ed25519 signatures and an ECVRF construction based on elliptic curve cryptography. Those are well-tested schemes against classical attacks, but they are not designed to withstand a sufficiently powerful quantum computer running Shor’s algorithm.

The Falcon-based state proofs are definitely an important development and show that Algorand is actively researching the problem. However, they do not make the entire network quantum-resistant. They are mainly focused on specific verification use cases, such as cross-chain proofs. User account keys, validator signatures, and the consensus layer still rely on traditional elliptic curve assumptions.

The difficult part is not adding one quantum-resistant component, it is migrating the entire cryptographic foundation of a live blockchain. Replacing the signature scheme, VRF mechanism, and account structure while maintaining performance, compatibility, and decentralization is a major engineering challenge. Post-quantum alternatives, especially lattice-based systems, usually come with larger keys, larger signatures, and additional computational overhead.

Regarding the Google/Falcon announcement: it was a meaningful step, but some coverage exaggerated what it meant. Implementing Falcon in a specific part of the ecosystem is not the same as making Algorand fully quantum-resistant.

The same discussion applies to many major chains, including Bitcoin. Any network relying on ECDSA, EdDSA, or similar elliptic curve-based cryptography will eventually need to address this transition. Algorand deserves credit for recognizing the issue earlier than many projects, but awareness of the problem is not the same as having solved it.

The projects that are quantum-resistant today are the ones that were designed around post-quantum cryptography from the beginning.