Five protocol specifications (BOLTs) depend directly on elliptic curve cryptography
Post-quantum signatures are up to 80 times heavier than current Schnorr signatures.
Olaoluwa Osuntokun, lead developer of the Lightning LND client, posted on the Delving Bitcoin forum on June 5 a detailed technical analysis on how quantum computing would affect the Lightning network and what changes would be necessary for the protocol to continue operating.
According to Osuntokun’s post, the question is not whether Lightning needs to adapt, but rather how to do it without dismantling your architecture. The analysis is based on a precise diagnosis: all layers of the protocol that rest on classical security assumptions require modifications.
Osuntokun identified five protocol specifications known by the acronym BOLT (Bases of Lightning Technology) with direct use of elliptic curve cryptography:
- The invoice format (BOLT 11/12) that generates and reads payment QR codes.
- Encrypted transport between nodes (BOLT 8), for secure node-to-node communication.
- Network discovery messages (BOLT 7), to find nodes and channels
- Onion routing (BOLT 4), to send payments privately
- The channel format (BOLT 2/3/5), to open, close and update channels.
The developer maintains that although each of these layers requires changesthe overall hierarchy of the protocol and its flows remain largely unchanged. In that sense, Osuntokun’s analysis is the first structured technical response to that exhibition.
Vulnerability is not theoretical. As CriptoNoticias reported last April, Lightning Network public keys are permanently exposed to third parties, which makes them a direct attack vector for a sufficiently powerful quantum computer.
One of the most significant structural changes proposed by the analysis is the loss of the universal key. Today, a single elliptic curve key is used to sign messages, establish encrypted connections, and authenticate nodes.
In the post-quantum scenario, it is most likely that three different cryptosystems will have to be implemented to achieve the current base functionality: ML-KEM for transportation, ML-DSA for off-chain signatures, and SLH-DSA for chain signatures.
The other central obstacle is size. A key plus Schnorr/ECDSA signature (currently used in Bitcoin) takes up 97 bytes; its equivalent in ML-DSA-44 reaches 3,732 bytes, and in SLH-DSA-128s it reaches 7,888 bytes.
Such a difference has concrete consequences. Osuntokun points out that the QR codes used today to transmit payment invoices do not could encode any of the post-quantum schemes within their current limits.
The dilemma of hash-based schemes
A relevant finding of the analysis is the limitation of the scheme SLH-DSA in its reduced variant (SLH-DSA-128-24). This variant imposes a limit of 16 million signatures per key.
For a node with a thousand channels that broadcasts updates every ten minutes, that limit would be exhausted in less than four months. For that reason, Osuntokun discards SLH-DSA-128-24 as a candidate for the network discovery layer and leans towards ML-DSA, the lattice-based scheme.
Faced with the dilemma between completely migrating to post-quantum cryptography or maintain a mixed approach, the analysis leans towards hybridization.
Hybrid post-quantum cryptography combines classical and post-quantum schemes so that if either is still secure, the entire system is secure. This logic goes both ways: post-quantum schemes could also prove vulnerable in the future.
Osuntokun proposes to introduce the new keys as optional fields in current messages and only in a later phase reject messages that do not include them.
Osuntokun’s analysis is, according to the author himself, the first concrete document written on the topic after receiving direct and indirect questions from the community on the impact of quantum computing on Lightning.
Its position as the main maintainer of LND—the Lightning client with the highest usage share in network nodes—gives technical and operational weight to its conclusions.
The underlying message of the analysis is that Lightning is not doomed by the quantum threat, but that the adaptation process will require coordinating simultaneous changes at multiple layers of the protocol. Something that has historically taken years in the Bitcoin ecosystem and that represents an unprecedented coordination challenge in the Bitcoin ecosystem.