As blockchain developers debate protocol updates to counter possible future quantum attacks, Cardano founder Charles Hoskinson said the central issue is timing and not what changes to make, warning that moving too soon could carry a high cost for blockchain networks.

According to Hoskinson, the cryptographic tools needed to protect blockchains from future quantum attacks already exist, pointing to post-quantum standards released by the U.S. National Institute of Standards and Technology in 2024. The problem Hoskinson explained is what it would cost if the new protocols are implemented before miners and validators are ready.

“Post-quantum crypto oftentimes it’s about 10 times slower, 10 times larger proof sizes, and 10 times more inefficient,” Hoskinson told Decrypt. “So if you adopt it, what you’re basically doing is taking the throughput of your blockchain and reducing it by cutting off a zero.”

While researchers broadly agree that sufficiently powerful quantum computers could one day break today’s cryptography, there is far less agreement on when that threat becomes real. Estimates place the arrival of a practical quantum computing anywhere from a few years to more than a decade away.

Hoskinson said instead of focusing on hype and corporate timelines when judging how quickly the threat might arrive, paying attention to DARPA’s Quantum Benchmarking Initiative, which is testing whether different quantum computing approaches can deliver useful results, would be a better option.

“It’s the best independent, objective benchmark that can be referenced for whether quantum computers are going to be real or not, and when they’re going to hit and who’s going to make them,” he said.

DARPA has set 2033 as a target year for determining whether utility-scale quantum computing is feasible.

Like most major networks, including Bitcoin, Ethereum, and Solana, Cardano relies on elliptic-curve cryptography, which could theoretically be broken by Shor’s algorithm if sufficiently powerful quantum computers emerge. Hoskinson said the industry already knows how to address that vulnerability, but said the debate came down to a choice between two competing cryptographic approaches.

“There’s two big bets you can make,” Hoskinson said. “Hashes, which is what Ethereum is making, and lattices, which is what we’re making.”

What Is Q-Day? The Quantum Threat to Bitcoin Explained

Hash-based cryptography uses cryptographic hash functions to create digital signatures that are widely seen as safe from future quantum attacks. These systems are simple, well-studied, and conservative by design, but they are mainly used for signing data and are not suited for general-purpose encryption.

Lattice-based cryptography relies on hard mathematical problems that are expected to remain difficult even for quantum computers. Lattice cryptography supports not just digital signatures but also encryption, and more advanced cryptographic tools, which proponents say make it better suited for a post-quantum world.

Charles Hoskinson: Trump Crypto Ventures Have Been ‘Frustrating’—But Others Won’t Talk About It

“You can do all your crypto operations on your graphics card, like you would an AI operation,” he said. “So you get to reuse hundreds of billions of dollars of AI computers, and you don’t have to build ASICs to accelerate these things.”

Hoskinson, however, did not call for an immediate protocol-wide change in favor of one method or another. Instead, he described a staged mitigation approach. One option he noted involved creating post-quantum-signed checkpoints of Cardano’s ledger history using systems such as Mithril and the privacy-focused Midnight sidechain.

“There are always trade-offs with these systems,” he said. “You can’t go from instant finality to probabilistic finality. Once you’ve made that decision, you’ve made that decision, and you live with the consequences.”