Foundation publishes a complete public inventory at pq.ethereum.org and across consensus-specs. Inventory is complete and primitive-specific.

Zero PQ-safe primitives in active mainnet use.

Zero PQC family deployed on mainnet. All primitives are classically-hard and quantum-vulnerable. Diversity Cap not yet applicable.

ECDSA secp256k1: 128-bit classical, 0-bit post-quantum; BLS12-381: ~120-128-bit classical, 0-bit post-quantum; KZG/Groth16/BN254: pairing, 0-bit post-quantum; Keccak-256: 256→128-bit Grover-weakened. No NIST PQC category 1-5 primitive in mainnet.

ECDSA and BLS12-381 implementations broadly audited across five execution clients (geth, nethermind, besu, erigon, reth) and five consensus clients (Prysm, Lighthouse, Teku, Nimbus, Lodestar). Machine-checked formal proofs for prospective leanXMSS / SLH-DSA exist in academic literature but no PQ primitive is in mainnet client code yet. blst (BLS), libsecp256k1 (ECDSA), audited. Tier 1-2 maturity; no tier-3 or tier-4 PQ primitive deployed.

Every EOA reveals its full secp256k1 public key on its first outbound transaction. Approximately all active EOAs holding meaningful balances have transacted at least once. Validator deposit contract reveals BLS12-381 G1 public keys for every active validator. Both surfaces are forge-vulnerable post-Shor. Ethereum's TVL (~$300B+ in May 2026) is the largest exposed pubkey surface in crypto.

120 months of mainnet history; large unmoved EOA balances exist with revealed pubkeys. Institutional cold-storage signs ECDSA secp256k1, all classical. No PQ migration pathway in cold storage publicly disclosed.

Every historical ECDSA secp256k1 signature, every historical BLS12-381 attestation, and every KZG blob commitment archived on-chain or in beacon archives is forgeable post-Shor. Archive nodes retain all execution-layer signatures; beacon archive nodes retain attestations.

Validator gossip over libp2p uses Noise XX with classical X25519 ECDH; execution-layer devp2p uses ECIES over secp256k1; RPC endpoints (Infura, Alchemy, QuickNode) terminate TLS 1.3 with classical ECDH or RSA. No hybrid PQ KEM deployed in any major Ethereum client or major RPC provider. HNDL surface for validator-to-validator gossip and RPC traffic is open.

Fully transparent ledger; every tx, every contract call, every value transfer publicly readable. Largest tx graph in crypto.

Top-3 RPC: Infura (Consensys), Alchemy, QuickNode, combined market share estimated >70% of public-RPC traffic. Mempool gossip is fully observable; private mempools (Flashbots, MEV-Share) used by significant fraction of validators but base-layer mempool is public. Validator metadata retention undeclared at protocol level.

Largest bridge surface in crypto: LayerZero, Wormhole, Circle CCTP, canonical L2 bridges (Optimism, Arbitrum, Base, ZKsync), all enable address-to-address correlation across chains via passive observation.

ZK applications on Ethereum (Tornado Cash historical sets, Aztec Network, Railgun, Semaphore-based mixers) build on Groth16 over BN254 or Halo2-KZG over BLS12-381, both Shor-breakable via pairings. Post-Shor, any historical shielded set is retroactively de-anonymizable.

No protocol-level mixnet. Application-layer mixers (Tornado Cash historically) operate on Ethereum but are not part of the consensus protocol.

EIP-7702 (Set Code for EOAs) shipped Final and activated in Pectra hard fork on 2025-05-07 at epoch 364032. Allows any EOA to delegate to smart-contract code, enabling per-account verification logic without protocol-wide hard fork. ERC-4337 native account abstraction live since 2023. EIP-8141 (Frame Transactions, type 0x06; CFI for Hegotá H2 2026) generalizes signature verification to user-defined logic supporting future ML-DSA / FN-DSA / SLH-DSA verifier contracts.

ERC-4337 + EIP-7702 deployed on mainnet since 2023 / 2025-05-07 respectively; smart-contract accounts can implement arbitrary signature validation. Documented client-layer migration path via EIP-8141 (CFI for Hegotá H2 2026) and ML-DSA EVM precompile proposal at WG-stage (EIP-8051). No PQ verifier contracts deployed in production yet.

Coordinated hard forks last 3 years: Shapella (2023-04), Dencun (2024-03), Pectra (2025-05-07). Glamsterdam scheduled H1 2026, Hegotá scheduled H2 2026. No contested forks since DAO 2016. Cadence reliable.

Foundation publicly endorses hybrid migration via account abstraction (EIP-7702 + EIP-8141 + EIP-8051), allowing EOAs to migrate to PQ verifier contracts incrementally. Architecturally possible; not yet announced as foundation policy with formal sunset for classical schemes.

Primary consensus PQ candidate is leanXMSS, a stateful hash-based scheme. Per pq.ethereum.org and design notes, the slot-tied design (each slot mapped to a different leaf in the Merkle tree) makes state management a protocol-level concern. No mainnet enforcement spec yet; design-level discussion only.

BLS12-381 aggregate path on consensus is in scope (sync committee aggregates ~512 validators per ~27.3-hour rotation; up to ~1M+ validator attestations per epoch). Foundation declared path is hash-based (leanXMSS) signatures + leanVM SNARK aggregation (~250× compression target). Public spec exists at pq.ethereum.org; ~10 client teams running weekly post-quantum interop devnets. No mainnet pilot.

0%. Ethereum has shipped zero PQC primitive into mainnet consensus or execution. All ~1M+ validators sign BLS12-381 attestations; all EOA transactions sign ECDSA secp256k1. leanXMSS is roadmap, not deployed.

PQC research code lives in EF research repos and the leanSig Rust implementation; approximately ten client teams run weekly post-quantum interop devnets. Zero PQC code merged into mainnet branches of Prysm, Lighthouse, Teku, Nimbus, or Lodestar.

All active validators use BLS12-381. Zero PQ keys registered in deposit contract.

VOIDED per v3.1 because 5a = 0. For the record, Ethereum publishes more dated PQ milestones than any chain in this batch: pq.ethereum.org hub launched Q1 2026; Glamsterdam H1 2026 / Hegotá H2 2026 fork windows; 2029 stated planning target for L1 PQ protocol upgrades; the Poseidon Initiative $1M Poseidon Prize headline + a research-paper bounty fund of approximately $90K with $5K minimum (≈$66K already claimed). None are enforcement-mechanism-backed sunset dates for classical schemes.

Trailing 12 months announced: ≥18 distinct named announcements/blog posts/press articles tied to pq.ethereum.org launch, EF prize programs, EF PQ team formation, leanXMSS / leanVM / leanSig publications, EIP-8141 / EIP-8051 / EIP-7851 drafts and proposals, weekly interop devnets. Shipped to mainnet: 0. Substantive technical research backing exists, distinguishing this from pure PR; partial deduction rather than full narrative-only cap.

Reference multipliers per design: SLH-DSA-128s ~110-125× raw; ML-DSA-44 ~38× raw; Falcon-512 ~10-11× raw; leanXMSS one-time-per-slot signatures larger than BLS aggregates, with leanVM SNARK aggregation targeting ~250× compression. Without leanVM aggregation the raw footprint sits in the 10-38× band; with aggregation target met, multiplier could fall under 2×.

Top-3: MetaMask, Ledger HW, Safe (formerly Gnosis Safe). No top-3 Ethereum wallet has published a binding PQC roadmap as of 2026-05-01. Ledger publishes general Side-Channel Attacks & Post Quantum Cryptography educational content but no firmware migration timeline.

Top-3: LayerZero, Wormhole, Circle CCTP. LayerZero acknowledges PQ as future work without binding spec or date. Wormhole grants for ZK light clients exist but with no PQ-named primitive commitment. Circle CCTP, no public PQ migration plan.

Top-3: Coinbase Custody, BitGo, Anchorage Digital. Custodian sector publishes general PQ alignment with NIST language but no migration date for ECDSA secp256k1 or BLS12-381 key material. BitGo's January 2026 IPO filing raises PQ topic as sector concern. MPC architectures (Fireblocks, BitGo) face additional PQ-MPC research gap.

Top-3 RPC: Infura, Alchemy, QuickNode. No published PQ-TLS migration timeline. HSM: AWS KMS, YubiHSM, Thales Luna, no PQC-for-secp256k1 product publicly announced. TEE: Intel SGX (server-only) and TDX continue PCS API v2/v3 EOL transition; PCS attestation chains themselves are not PQ-protected.

~1M+ validators, largest set in crypto. Lido ~27% beacon stake share is primary concentration risk; Coinbase, Binance, Kraken next tier. Five-client diversity at consensus and execution layers.

Pectra delivered 2025-05-07 after Holesky/Sepolia finality issues required Hoodi testnet fallback, recovered without contested mainnet event. Glamsterdam H1 2026 / Hegotá H2 2026 active. EIP-8141 / EIP-8051 / EIP-7851 PQ track in CFI/draft pipeline.

Public PQ leadership hub at pq.ethereum.org with explicit mandate, named team page, and identified roles (PQ team lead, consensus PQ design, Protocol Snarkification team, program coordination). Multi-client culture with named client teams.

DAO fork (2016) demonstrates adversarial coordination capability, but produced a permanent contentious split (ETC). No precedent for emergency cryptographic primitive change. Lido governance dynamics and proposer-builder separation introduce coordination complexity at scale.

No published canary, honeypot, or tripwire mechanism for quantum cryptanalytic events. EIP-7851 (deactivate delegated EOA's key with 7-day delay) is a per-account migration tool, not a network-level tripwire.