Last weekend at ETHGlobal's hackathon in Buenos Aires, I prototyped a post-quantum secure hardware wallet based on Falcon-512. I ended up winning Ledger's most creative project award.
Most production blockchains today rely on elliptic-curve cryptography (ECC) for authentication and consensus. Ethereum, for example, uses ECDSA at the application layer and BLS at the protocol / consensus layer.
A quantum computer capable of running Shor’s algorithm would render ECC insecure by making the discrete logarithm problem tractable. In that setting, any account that has ever broadcast a signed transaction leaks enough information to reconstruct its private key once such a quantum computer exists.
Institutions will not commit multi-billion-dollar positions on-chain if there is even a small but credible probability that ECC could be broken over the next five years. At the same time, institutional custody standards effectively require hardware-backed key isolation and auditable signing workflows, which in practice means relying on dedicated hardware wallets rather than purely software-based solutions.
Falcon-512 is, in my view, a strong candidate for post-quantum digital signatures in this context. It offers significantly smaller public keys and signatures than Dilithium, and much smaller signatures than hash-based schemes, which translates directly into lower on-chain calldata and bandwidth costs. Its verification algorithm is also relatively efficient to arithmetize in zkVMs, which is one reason blockchains like Miden already use a Falcon variant as the default PQ DSA for accounts at the application layer.
To explore this design space, I implemented a Falcon-512 post-quantum hardware wallet on an STM32 microcontroller, the same class of chip used in several commercial hardware wallet devices.
How did I build it? 😃 🤔
Concretely, I forked an existing Rust implementation of Falcon-512 and ported it to no_std to run on bare metal, replaced standard-library and floating-point dependencies with core and libm, and aggressively optimized memory usage to fit within the STM32’s SRAM constraints. The firmware exposes a minimal message-based protocol: the host sends a message or hash, the device returns a Falcon-512 signature, and the private key never leaves the microcontroller.
This prototype is intended as a feasibility demonstration: post-quantum signatures, specifically Falcon-512, can be implemented efficiently on commodity microcontrollers used in hardware wallets today. For teams working on institutional custody, Ethereum infrastructure, or PQC deployments, I’m happy to compare notes and discuss potential next steps.
Links to the project:
Try it out: https://lnkd.in/g5aGvsRB
Hackathon demo: https://lnkd.in/gSckkG-h
GitHub repo: https://lnkd.in/ghAu3t8J