The test used ML-DSA-44, an algorithm standardized by NIST to resist quantum computers.
The transaction also used MPC, which distributes key control between custodians.
A transaction with a post-quantum signature on institutional custody infrastructure was successfully executed by the company BitGo on the Sepolia network, an Ethereum test chain. It would be the first demonstration of this type carried out by a regulated custodian, as explained by BitGo on May 26.
BitGo, one of the largest bitcoin (BTC) and digital asset custody companies in the world, developed the test together with Silence Laboratories, a company specialized in cryptography, which provided its post-quantum signature scheme that combines the following mechanisms:
- The first is ML-DSA-44a variant of the ML-DSA signature scheme (based on lattices, mathematical structures that known quantum algorithms cannot solve efficiently) standardized by the US National Institute of Standards and Technology (NIST) in 2024.
- The second is MPC (multipart computing)the scheme that allows control of private keys to be distributed among several custodians without any one having full access to them. It is the central mechanism that makes regulated institutional custody viable.
The technical challenge was to combine both mechanisms, according to the statement– Migrate BitGo signature scheme to one resistant to quantum attacks without breaking the distributed control of keys that makes custody operational. The transaction was executed during a private conference on May 23.
However, the test occurred in Sepolia, a testnet without real assets and without the loading conditions of the Ethereum mainnet.
Why did you choose Ethereum for post-quantum testing?
Although BitGo’s May 26 statement did not explicitly clarify this, the BitGo technical documentation allows us to presume an underlying reason.
According to their own documents, “most UTXO-based blockchains, such as Bitcoin, natively support multi-signature wallets,” while “account-based chains, such as Ethereum, all support MPC.”
Since the test sought precisely to demonstrate post-quantum integration within an MPC (and not multi-signature) scheme, Ethereum was the technically appropriate environment to execute it.
The May 26 release reinforces that reading, as it describes that “the live simulated transaction demonstrated how post-quantum signing can be incorporated into an institutional portfolio workflow while preserving the benefits of MPC, including distributed key control, policy enforcement, and operational separation of duties.”
Bitcoin, whose institutional custody at BitGo operates primarily on multi-signature, would have required a different technical approach.
Companies advance in post-quantum studies
The BitGo demo does not happen in isolation. Fireblocks, another of the large providers of institutional custody infrastructure, declared post-quantum migration as strategic priority after the publication of paper from Google Quantum AI.
Likewise, the company Dfns Labs, an infrastructure provider for other institutions, works on quantum computer-resistant signatures supported by NIST, according to the company.
On the other hand, Anchorage Digital, a regulated institutional custody entity, shared a academic study with a mechanism Post-quantum migration for the Bitcoin network using zero-knowledge proofs (ZK)developed by our own researchers. Although Anchorage’s proposal is not designed to safeguard its clients’ funds, it is another relevant precedent in the sector that delves into post-quantum technologies.
A step in a debate that does not have consensus in the community
For companies with bitcoin (BTC) and other crypto assets in institutional custody, the direct implication is that the infrastructure protecting their funds now has a documented path to post-quantum schemes without the need to abandon existing operational controls.
The demonstration comes as the community discusses whether the timeline toward a cryptographically relevant quantum computer is getting shorter. Mikhail Lukin, a Harvard researcher and co-founder of the Harvard Quantum Initiative, estimated that Those machines could be available “at least in some form” before the end of this decade (a horizon between five and ten years ahead of the previous consensus).
Lukin’s vision coincides with what is estimated by companies such as Google, Cloudflare and Grayscale, which plan migrate to post-quantum structures by 2029.
In contrast, other voices in the ecosystem, such as cryptographer Adam Back, co-founder of Blockstream, maintains that the risk is at least a decade away.
In this context, institutional custody begins to document its first concrete technical steps. The question that the demonstration leaves open is how much time separates a testnet test from a production deployment at a regulated scale.