New research suggests that a foundational mechanism used by cryptocurrency exchanges to generate deposit addresses may break under post-quantum cryptography, prompting researchers to propose a wallet design that preserves the existing security model.
A Core Mechanism of Crypto Infrastructure
A widely used architecture that underpins how cryptocurrency exchanges manage deposits and protect customer funds could face complications as blockchain systems transition toward quantum-resistant cryptography.
Today, exchanges such as Coinbase and Binance rely heavily on hierarchical deterministic wallets, a system standardized under Bitcoin Improvement Proposal 32, commonly known as BIP32. The design enables platforms to generate a large number of new deposit addresses without exposing the private keys that control the underlying funds.
Under this system, operators can derive new public addresses from a single public key stored on a server while keeping the private signing key offline in cold storage. The separation is considered a cornerstone of custodial crypto security, allowing exchanges to create addresses for customers on demand without risking exposure of sensitive signing keys.
However, new research indicates that this model may not function as intended if blockchains adopt certain forms of post-quantum cryptography.
The Challenge of Post-Quantum Signatures
Researchers at Project Eleven, a startup focused on post-quantum cryptography, argue that hierarchical deterministic wallet systems could break when blockchains transition to new digital signature standards designed to resist attacks from future quantum computers.
The concern centers on ML-DSA, a post-quantum digital signature algorithm finalized by the U.S. National Institute of Standards and Technology as part of its effort to standardize cryptographic methods that can withstand quantum computing attacks.
According to the researchers, wallet designs that depend on BIP32’s non-hardened key derivation could fail under certain post-quantum signature schemes. In that scenario, generating new receiving addresses from a public key alone would no longer be possible.
Conor Deegan, co-founder and chief technology officer of Project Eleven, explained that such a shift would significantly alter how custodial crypto infrastructure operates.
“If Bitcoin adopted ML-DSA without a construction like ours, you lose non-hardened derivation,” Deegan said in an interview with the publication Decrypt. “That means any system that needs to generate fresh receiving addresses—exchanges, payment processors, custodial services—can no longer do so from a public key alone.”
Instead, the private key would need to participate in each child-key derivation used to generate new addresses, potentially exposing systems to greater operational complexity and security risk.
A Proposed Wallet Design
To address the issue, the Project Eleven team has proposed a new wallet architecture designed to restore the functionality currently provided by BIP32 while remaining compatible with quantum-resistant cryptography.
The researchers published their findings earlier this month in the cryptography-focused International Association for Cryptologic Research archive and released a prototype wallet implementing the concept.
Their design recreates the ability to derive new public keys without exposing private keys—a capability known as non-hardened key derivation—even when using post-quantum signature systems.
The construction operates entirely at the wallet layer, meaning the underlying blockchain would only need to support the relevant signature scheme used by the wallet. In the prototype presented by the researchers, that scheme involves ML-DSA or a related alternative.
However, Bitcoin does not currently support ML-DSA or the alternative signature scheme used in the prototype. As a result, deploying such a design on the Bitcoin network would require a protocol upgrade before it could be implemented.
Possible Paths for Blockchain Adoption
While Bitcoin may face technical hurdles in adopting such wallet designs, the researchers suggested that other blockchain platforms could potentially implement similar constructions more easily.
In particular, they pointed to Ethereum’s account abstraction framework, which allows developers to define custom signature verification logic within wallets without requiring changes to the base protocol.
This flexibility could enable Ethereum-based systems to adopt post-quantum wallet constructions while maintaining the operational model currently used by exchanges and custodial services.
Project Eleven, founded in 2024 and backed by Castle Island Ventures with participation from Coinbase Ventures, is developing tools intended to help financial and blockchain systems transition toward quantum-resistant security.
The research highlights a technical challenge that may arise as the cryptocurrency ecosystem prepares for the long-anticipated era of quantum computing—an era in which traditional cryptographic assumptions may no longer hold, forcing fundamental components of digital infrastructure to evolve.
