What happens to blockchain, DeFi, stablecoins, and digital payments infrastructure when quantum computing reaches cryptographically relevant scale — and is post-quantum migration realistic on the required timeline?

Structural Analysis: Quantum Computing and Blockchain/Payments Infrastructure

---

Key Findings

1. A bifurcated threat architecture converges on a single governance node.
The graph encodes two structurally distinct threat types: cryptographic (Shor's Algorithm ECC Attack Mechanism → ECDSA Blockchain Exposure Surface) and sociotechnical (coordination failures, regulatory vacuums). These converge at Bitcoin BIP-361 Governance Crisis (29 connections, w=9), which is simultaneously a target of technical attack vectors, a recipient of coordination failure amplifiers, and a node that multiple solution paths explicitly `absent_in` or `contradicts`. The governance node's weight matches the primary attack node (Cryptographically Relevant Quantum Computer, w=9), encoding them as co-equal structural risks.

2. The HSM certification gap is the critical path item for all major migration timelines.
Payment Infrastructure HSM Certification Gap (22 connections, w=7.5) receives blocking edges from NIST PQC Standards, SwiftNet 8.0, CBDC migration, Fedwire remediation, BIS Project Leap 2, SWIFT migration, G7 roadmap, Mosca's Inequality, and FALCON implementation — simultaneously. No major institutional PQC migration path in the graph bypasses this node. It is the convergence point for physical infrastructure constraints across every domain modeled.

3. The solution landscape is structurally asymmetric with threat landscape.
Threat nodes cluster at higher weights (Shor's at 8.5, CRQC at 9, ECDSA Exposure at 8, Harvest-Now at 8) than most solution nodes (NIST PQC Standards at 8, Ethereum Account Abstraction at 8.5, Crypto-Agility Architecture at 7.5–8.5). The primary exceptions are zk-STARK Hash-Based Quantum Resistance (w=8, multiple outbound `hedges_against` and `enables` edges) and Ethereum Account Abstraction PQC Migration (w=8.5). This asymmetry is consistent across the graph rather than being an artifact of any single cluster.

4. IBM Quantum Starling 2029 Roadmap is the lowest-weight high-centrality node.
At 18 connections but w=5.9, IBM Quantum Starling 2029 Roadmap is structurally the most anomalous hub node. Its connections are predominantly outbound deadline constraints and threat triggers (IBM Starling 2029 Blockchain Migration Race, Bitcoin BIP-361 Governance Crisis, BLS12-381 Staking Layer Quantum Attack, Ethereum Account Abstraction PQC Migration, etc.), but its weight encodes it as less inherently certain than the mechanisms it triggers. This asymmetry — high structural influence, low epistemic weight — marks it as the timeline uncertainty anchor.

5. Positive first-mover events amplify the penalty for non-movers.
Algorand Falcon Live Deployment `--[triggers, w=7.5]-->` Quantum Migration First-Mover Penalty. Successful migration by one actor directly increases the competitive pressure on non-migrating actors. This creates a structural dynamic where early adoption accelerates the urgency of the problem for laggards, rather than demonstrating that migration is feasible and tractable (even though it also `--[contradicts]-->` Bitcoin BIP-361 Governance Crisis).

---

Feedback Loops

Loop 1: The First-Mover Penalty Amplification Loop (5 nodes, all reinforcing)

```
Quantum Migration First-Mover Penalty
--[amplifies, w=8.5]--> PQC Regulatory Vacuum for Crypto
--[enables, w=8]--> Harvest-Now-Decrypt-Later Attack
--[amplifies, w=8]--> Fedwire Quantum Cascade Risk
--[triggers, w=8]--> Saxo Bank Q-Day Market Cascade Scenario
--[amplifies, w=8]--> Quantum Migration First-Mover Penalty
```

This is a reinforcing loop: each iteration of competitive delay increases the systemic cost of the next round of delay. The loop runs through the regulatory vacuum (no mandate → no migration), to active threat accumulation (harvesting), to cascading institutional failure, and back to increased competitive disincentive.

Loop 2: The Regulatory Vacuum Tight Loop (2 nodes, bidirectional)

```
PQFIF Crypto Regulatory Vacuum
--[enables, w=8.5]--> Quantum Migration First-Mover Penalty
--[depends_on, w=7]--> PQFIF Crypto Regulatory Vacuum
```

The First-Mover Penalty both depends on and enables the regulatory vacuum. The absence of mandate creates the first-mover disincentive; the first-mover disincentive removes pressure for mandate creation. This is an explicit mutual reinforcement encoded in two edges of opposite direction between the same pair of nodes.

Loop 3: ECDSA Exposure Harvesting Loop (4 nodes)

```
ECDSA Blockchain Exposure Surface
--[amplifies, w=9]--> Harvest-Now-Decrypt-Later Attack
--[depends_on, w=8.5]--> Cryptographically Relevant Quantum Computer
--[enables, w=9.5]--> Shor's Algorithm ECC Attack Mechanism
--[exploits, w=9.5]--> ECDSA Blockchain Exposure Surface
```

The ECDSA exposure motivates current harvesting; harvesting's eventual utility depends on CRQC; CRQC enables Shor's; Shor's exploits ECDSA. The loop is not "self-sustaining" in the traditional sense (it requires an external CRQC development input), but once CRQC is achieved, harvested data retroactively closes the loop.

Loop 4: Coordination Failure Co-Activation Loop (3 nodes, partly via Hebbian edges)

```
Cryptographically Relevant Quantum Computer
--[co_activated, w=0.5]--> Quantum Migration Systemic Coordination Failure
--[amplifies, w=8.3]--> Harvest-Now-Decrypt-Later Attack
--[depends_on, w=8.5]--> Cryptographically Relevant Quantum Computer
```

The coordination failure co-activation edge (Hebbian learning, w=0.5) reflects that these concepts are frequently recalled together. The high-weight outbound edges from Coordination Failure and the depends_on edge back to CRQC close this loop at lower structural confidence than Loops 1–3.

Loop 5: Stablecoin Cascade Amplification (5 nodes)

```
DeFi Liquidity Pool Quantum Drain
--[amplifies, w=8.5]--> Stablecoin Admin Key Quantum Attack
--[amplifies, w=8.5]--> Tether USDT Offshore Quantum Reserve Risk
--[triggers, w=8]--> Saxo Bank Q-Day Market Cascade Scenario
--[amplifies, w=8]--> Quantum Migration First-Mover Penalty
--[amplifies, w=8.5]--> PQC Regulatory Vacuum for Crypto
--[undermines, w=8]--> DeFi Liquidity Pool Quantum Drain
```

The PQC Regulatory Vacuum `--[undermines]--> DeFi Liquidity Pool Quantum Drain` closes this loop by encoding that absence of regulation actively weakens DeFi's ability to address the quantum drain vulnerability.

---

Non-Obvious Connections

1. CBDC centralization as a migration advantage
`TradFi PQC Mandate Advantage Over Crypto --[inverts, w=8.5]--> CBDC Quantum Vulnerability` and `CBDC Centralization PQC Migration Advantage --[inversely_correlates, w=7]--> CBDC Quantum Vulnerability`. The property that makes CBDCs organizationally controversial (centralized control with no key distribution problem across participants) is the same property that enables faster PQC migration. The graph encodes this not as coincidence but as structural inversion: the liability in one frame is an asset in the other.

2. MPC custody amplifies the attack it is deployed to prevent
`MPC Custody Quantum False-Safety Trap --[amplifies, w=8.5]--> Stablecoin Admin Key Quantum Attack`. MPC threshold signatures are a common institutional crypto custody security measure. The graph encodes them as amplifying rather than mitigating the primary stablecoin quantum attack vector, because MPC schemes built on ECDSA carry the same ECDSA exposure surface.

3. zk-STARK quantum resistance is conditional on Grover's infeasibility
`zk-STARK Hash-Based Quantum Resistance --[depends_on, w=8]--> Grover Algorithm SHA-256 Non-Threat`. zk-STARK's quantum resistance rests on hash function security, which Grover's algorithm attacks at O(√N) complexity. The graph encodes this as a structural dependency: zk-STARK is quantum-resistant *given* that Grover's remains computationally infeasible at scale. This conditionality is not prominently surfaced elsewhere.

4. SIDH's catastrophic failure strengthens the overall solution architecture
`SIDH Catastrophic Break as PQC Meta-Risk --[triggers, w=8]--> Cryptographic Agility Architecture` and `--[undermines, w=7.5]--> NIST Post-Quantum Cryptography Standards`. The 2022 laptop-level break of SIDH both weakens confidence in NIST's selection process and motivates adoption of crypto-agility (ability to swap schemes). The same event has opposite structural effects depending on which downstream node is considered.

5. Algorand deployment increases the penalty it disproves
`Algorand Falcon Live Deployment --[triggers, w=7.5]--> Quantum Migration First-Mover Penalty` and `--[contradicts, w=8]--> Bitcoin BIP-361 Governance Crisis`. Algorand's successful PQC migration simultaneously disproves the "technically impossible" objection to migration and increases the competitive disadvantage for chains that have not migrated. It is both a demonstration of feasibility and an accelerant of urgency for non-movers.

6. QRL's safe haven is accessible only through the infrastructure it hedges against
`QRL XMSS Safe-Haven Bridge Paradox --[depends_on, w=8]--> Cross-Chain Bridge Quantum Attack Surface`. QRL is the only public blockchain with zero ECDSA exposure, but any actor seeking to migrate assets into QRL must use cross-chain bridges, which the graph encodes as "THE SINGLE MOST CONCENTRATED ECDSA TARGET IN ALL OF CRYPTO." The safe haven is structurally reachable only through the primary attack surface.

7. Taproot (Bitcoin's newest address format) is worst for quantum security
`Taproot P2TR Quantum Exposure Paradox --[amplifies, w=8.5]--> ECDSA Blockchain Exposure Surface`. Taproot/P2TR is Bitcoin's most recently recommended address format, but unlike P2PKH which only exposes public keys when spending (giving a brief window), P2TR exposes public keys at receipt. The graph encodes user adoption of the "improved" format as amplifying quantum vulnerability.

---

Central Mechanisms

Cryptographically Relevant Quantum Computer (34 connections, w=9)
Functions as the system's universal trigger. All attack chains terminate in it as a prerequisite (Harvest-Now `depends_on` it; Stablecoin Admin Key Attack `triggered_by` it; BLS12-381 Attack `depends_on` Fault-Tolerant Quantum Computing which `enables` it). All defenses are calibrated against it as the threat horizon. The node's gatekeeper is Quantum Error Correction Threshold (which `gates` CRQC), making that threshold the deepest upstream variable in the entire graph. The node's 34 connections are split between inbound technical prerequisites (Quantum Error Correction Threshold, IBM roadmap, Google roadmap, Jiuzhang distinction) and outbound attack enablers.

Bitcoin BIP-361 Governance Crisis (29 connections, w=9)
The most connected non-infrastructure, non-mechanism node. It receives from: IBM 2029 Roadmap (triggers), Mosca's Inequality (constrains), Lightning Network HTLC Attack (undermines), Quantum Migration First-Mover Penalty (amplifies), Taproot Paradox (amplifies), Project Eleven (amplifies), Collective Action Impossibility (constrains), Satoshi Coins Dilemma (contains), Bitcoin ETF Time Bomb (amplifies). It is contradicted by: Algorand Falcon deployment, Algorand Falcon mainnet, Solana FALCON plan, XRPL roadmap, zk-STARK (bypasses it), Ethereum Account Abstraction (contrasts with it). Its `attempts_to_fix` edge to ECDSA Blockchain Exposure Surface is the only outbound constructive edge. All other outbound edges are absent relationships (`Crypto-Agility as Quantum Survival Architecture --[absent_in]-->`) or downstream effects.

Quantum Migration First-Mover Penalty (25 connections, w=7.5)
The economic amplifier. It receives from coordination failures and regulatory vacuums and outputs to more regulatory vacuum and governance crises. Its role is to translate individual rational inaction into collective systemic risk. Key structural feature: it is simultaneously constrained by (G7 roadmap, Mastercard doctrine, Hybrid bridge, Solana FALCON plan) and amplified by (PQFIF vacuum, Collective Action Impossibility, MPC False Safety trap, Saxo Scenario). The constraining edges represent voluntary/market responses; the amplifying edges represent structural/systemic forces. The amplifying edges currently outnumber the constraining edges.

NIST Post-Quantum Cryptography Standards (23 connections, w=8)
The solution convergence point. Every technical migration path eventually implements, depends on, or is blocked relative to NIST PQC Standards. Key structural tension: it is both the foundation for all solutions (Ethereum, Algorand, QRL, SwiftNet, CBDC, NSM-10 mandate) and has a known vulnerability via `SIDH Catastrophic Break --[undermines]-->` it. The XMSS statefulness trap `constrains` it for certain use cases. Its `blocked_by` edge to HSM Certification Gap means that even having the standards does not guarantee deployment.

Payment Infrastructure HSM Certification Gap (22 connections, w=7.5)
A physical infrastructure node that functions as the bottleneck for the entire TradFi migration stack. Notable: it has almost no outbound edges that enable anything — it is primarily a blocker. Its connections are dominated by inbound `blocked_by`, `constrains`, `compounds`, and `depends_on` edges from solution nodes. The G7 CEG roadmap and Mosca's Inequality `constrain` it, but the graph does not encode a resolution path for HSM certification as a named node — the gap is structurally present but its solution is unresolved.

---

Tensions and Open Questions

Tension 1: Tether vs. Circle as stablecoin quantum strategy
`Tether Ardoino Lost-Coins Recirculation Thesis --[contrasts_with, w=8.5]--> Circle Arc Quantum-Native L1 Strategy`. Tether's position (quantum-vulnerable coins will simply be recirculated into circulation, net effect neutral) is encoded as amplifying both `Stablecoin Admin Key Quantum Attack` and `Satoshi Coins Quantum Freeze Dilemma`. Circle's position is encoded as hedging against the attack. The graph does not adjudicate which model of stablecoin quantum impact is correct; both positions exist simultaneously with their downstream effects modeled separately.

Tension 2: CBDC quantum vulnerability vs. CBDC migration advantage
Two competing node-level claims coexist: `CBDC Quantum Vulnerability` (CBDCs are threatened) and `CBDC Centralization PQC Migration Advantage` (CBDCs can migrate faster). These are connected via `CBDC Centralization PQC Migration Advantage --[inversely_correlates, w=7]--> CBDC Quantum Vulnerability` and `TradFi PQC Mandate Advantage Over Crypto --[inverts, w=8.5]--> CBDC Quantum Vulnerability`. The graph encodes this as a temporal tension: CBDCs are currently vulnerable but structurally better positioned to remediate. The resolution depends on migration timelines relative to CRQC timelines.

Tension 3: IBM 2029 weight vs. IBM 2029 centrality
IBM Quantum Starling 2029 Roadmap is the lowest-weight hub node (w=5.9) but the 10th most connected (18 connections). The graph encodes the timeline as structurally load-bearing (many things depend on it) but epistemically uncertain (low weight). This is unresolved: if IBM's 2029 roadmap slips, many of the deadline-dependent migration race edges lose their temporal anchor, but the graph doesn't model a "timeline slippage" scenario explicitly.

Tension 4: PQC migration as technically feasible vs. governmentally impossible
`Algorand Falcon PQC Production Proof --[demonstrates, w=8.5]--> Crypto-Agility Architecture` and `--[contradicts, w=8]--> Bitcoin BIP-361 Governance Crisis`. The same period that demonstrates PQC migration is feasible (Algorand mainnet, Solana FALCON plan, XRPL roadmap) contains the encoding of Bitcoin's governance crisis as high-weight (9) and multiply reinforced. The technical feasibility proof and the governance impossibility coexist without resolving into a single prediction.

Tension 5: Hybrid ECDSA-PQC introduces the vulnerabilities it bridges
`ML-KEM Implementation Side-Channel Attack Surface --[amplifies, w=7]--> Hybrid ECDSA-PQC Dual Signature Bridge`. The primary migration mechanism (hybrid signatures) is itself amplified as an attack surface by ML-KEM's side-channel vulnerability. The bridge is simultaneously the migration path and a new attack vector. The graph encodes this without resolving which effect dominates.

Open Question 1: What resolves HSM certification gap?
The HSM Certification Gap blocks the most migration paths of any single node, but no node in the graph encodes a resolution path. G7 CEG roadmap and Mosca's Inequality `constrain` it; NSM-10 `drives` demand against it; but no node resolves or supersedes it.

Open Question 2: What is the actual CRQC timeline?
Jiuzhang 4.0 Boson Sampling vs Gate-Model CRQC Distinction `constrains` both CRQC and Fault-Tolerant Quantum Computing, encoding that China's photonic supremacy claims are architecturally distinct from gate-model CRQCs (which enable Shor's). But the graph does not encode a node for when or whether gate-model CRQCs will arrive — IBM's roadmap is the closest proxy, but its low weight (5.9) encodes uncertainty.

Open Question 3: Is QRL's safe-haven viable given bridge dependence?
QRL XMSS Safe-Haven Bridge Paradox encodes that QRL's quantum safety is undermined by bridge infrastructure — but the graph does not encode a resolution. Whether QRL gains traction as a safe haven before Q-Day, or whether bridge vulnerability neutralizes it, is unresolved.

---

Hypotheses

H1: The HSM certification gap will determine whether any major payment system migrates before CRQC.
The graph encodes HSM Certification Gap as blocking NIST standards adoption for CBDC, SwiftNet, Fedwire, and SWIFT simultaneously. If the gap is not resolved independently of CRQC timelines, Mosca's Inequality will be violated for all major payment systems — the migration time (Y) will exceed the remaining time to CRQC (Z) even if migration begins immediately. Testable indicator: pace of HSM PQC certification approvals by FIPS against IBM/Google roadmap milestones.

H2: Governance-incapable blockchains will bifurcate into "quantum-frozen" and "hard-forked" variants rather than migrating.
Bitcoin BIP-361 Governance Crisis is multiply reinforced (29 connections, w=9) with no high-weight outbound constructive edge except `attempts_to_fix` ECDSA exposure. Meanwhile, Algorand's production PQC proof `contradicts` the governance crisis but does not resolve it. The structural prediction is that governance-resistant chains will split: a fork implementing PQC and the original chain remaining on ECDSA. Testable: track BIP-361 adoption rate vs. first proof-of-concept quantum attack on Bitcoin public keys.

H3: Stablecoin admin key attacks will precede wallet attacks as the first economically significant quantum threat.
Stablecoin Admin Key Quantum Attack (w=8.5) is encoded as requiring fewer attacker resources than wallet attacks because it targets one key to compromise system-wide assets. The graph shows a concentrated attack chain: Shor's → admin key → Tether reserve risk → Saxo scenario → systemic cascade. By contrast, individual wallet attacks require enumerating exposed public keys and attacking high-value targets one at a time. Testable: at what CRQC qubit scale does the admin-key attack become feasible vs. the individually-targeted wallet attack.

H4: Nations with sovereign CBDC programs will have quantum-secure payment infrastructure before most private crypto.
`TradFi PQC Mandate Advantage Over Crypto` combined with `CBDC Centralization PQC Migration Advantage` and `NSM-10 Federal PQC Mandate Cascade` encode a structural divergence: regulated, centralized payment systems face mandatory migration timelines; decentralized crypto faces voluntary market pressure with first-mover penalties. The WEF Quantum Financial Two-Tier Divide node explicitly encodes the resulting inequality. Testable: compare PQC deployment timelines for CBDC pilots (e.g., mBridge, e-CNY, digital euro) against voluntary PQC adoption on public blockchains.

H5: The first demonstrated quantum reduction of a live blockchain key will activate the Bitcoin ETF regulatory cascade.
`Bitcoin ETF Quantum Regulatory Time Bomb --[depends_on, w=8.5]--> MPC Custody Quantum False-Safety Trap` and `--[amplifies, w=8]--> Bitcoin BIP-361 Governance Crisis` with `NSM-10 Federal PQC Mandate Cascade --[amplifies, w=7.5]--> Bitcoin ETF Quantum Regulatory Time Bomb`. The graph encodes a latent regulatory trigger: ETF custodians using MPC on ECDSA, when confronted with a demonstrated quantum attack on ECDSA, would face fiduciary liability questions that convert quantum risk from a technical concern to a regulated disclosure/remediation requirement. Testable: SEC/CFTC language on quantum risk in ETF product filings over the next 24 months.

H6: Bitcoin's quantum migration probability decreases monotonically with time.
The graph does not encode a scenario where Bitcoin BIP-361 Governance Crisis self-resolves. Its amplifiers (First-Mover Penalty, Taproot Paradox, Project Eleven report, Mosca's Inequality, Collective Action Impossibility) accumulate over time; its countervailing edges are all from external actors (Algorand, Solana, XRPL) demonstrating alternatives, not from internal governance evolution. Testable: track BIP-361 specification progress rate against the number of high-value Taproot addresses exposed. A governance crisis that grows while the technical problem deepens has no equilibrium resolution in this model.