Skip to main content

Quantum Exposure Clock

The Quantum Exposure Clock is a simple way to understand quantum risk at the wallet level. It is not a universal doomsday countdown, and it is not a prediction that a specific wallet will be hacked. Instead it asks a more practical question:
How long has this wallet’s public key been exposed, and how much value is at risk?

What it is

The clock is a reading of a wallet’s long-horizon quantum/signature exposure, derived from the Quantum Exposure Score. It translates the score’s components — public-key exposure, value at risk, dormancy, and migration friction — into a single, easy-to-grasp sense of how high this wallet should sit on a migration-readiness list. It maps directly onto the shared risk tiers:
Exposure readingRisk tierWhat it signals
Low / Moderate exposureMonitorPublic key may be unexposed or value is low. Keep watching.
Moderate–High exposure with meaningful valueReviewWorth a closer look and a migration plan.
High exposure / Migration priorityMigrateHigh value in a classical EOA with a feasible path. Prioritize.
Long-horizon, high-value, exposedVault PrototypeExperimental migration paths are relevant. Research-oriented, conditional.

What it is not

  • It is not a Q-Day countdown. WalletWall does not claim to know when a cryptographically relevant quantum computer will exist.
  • It is not a statement of current vulnerability. No practical quantum attack exists against ECDSA today.
  • It is not a verdict that a wallet is “unsafe” or “quantum-vulnerable.”
  • It is not investment advice.
A high reading does not mean a wallet is currently vulnerable to any existing technology. The clock measures forward-looking exposure for migration planning, not present-day risk.

Why exposure is wallet-specific

There is no single clock that applies to every wallet. Two wallets on the same chain, at the same moment, can carry very different exposure:
  • A wallet that has never sent a transaction has not revealed its public key, so its immediate signature exposure is lower.
  • A high-value wallet that has sent many transactions and reused its address has fully revealed its public key and presents a larger analysis surface.
  • A dormant high-value wallet may be unmonitored and slow to migrate, raising readiness risk even if everything else is equal.
Because exposure depends on what a specific wallet has done and holds, the only useful clock is a per-wallet one. WalletWall computes that reading from public on-chain history.

How public-key and signature exposure matter

Ethereum EOAs sign with ECDSA over secp256k1. The public key is recoverable from a signature once the wallet sends its first outgoing transaction. After that, the key is permanently public. Long-horizon quantum risk is about the eventual ability to derive a private key from a known public key. So a wallet’s exposure rises sharply at the moment it first reveals its public key, and reuse over time only widens the surface. A wallet that has only ever received funds has not yet crossed that line. Smart-contract wallets (Safe, multisig, ERC-4337 AA) can have an upgrade path to new signature schemes — which is why migration friction, not just exposure, is part of the reading.

Why value and dormancy affect prioritization

Exposure alone does not set priority. WalletWall weights it by:
  • Value at risk — the more value held, the higher the stakes of migration. This is the “bounty” dimension.
  • Dormancy — a long-dormant, high-value, exposed wallet is both higher-stakes and harder to migrate (the owner may not be watching or responsive).
Together, these turn “is this wallet exposed?” into “how soon should this wallet be migrated relative to others?” — which is the question a fund, treasury, or custodian actually needs answered across a portfolio.

How NIST standardization legitimizes readiness planning

Post-quantum readiness is not speculative positioning. In 2024, NIST finalized its first post-quantum cryptography standards, including ML-DSA (FIPS 204, formerly CRYSTALS-Dilithium) and SLH-DSA (FIPS 205, formerly SPHINCS+) for digital signatures. Standards bodies and large institutions are now planning multi-year migrations off classical signature schemes. That makes wallet migration-readiness a legitimate planning exercise today, independent of any specific Q-Day estimate. WalletWall’s role is to make that planning concrete at the wallet level. (See the limitations below — WalletWall reports standardization as public fact and does not predict timelines.)

How WalletWall turns exposure into migration readiness

The clock is the assess step. WalletWall then completes the loop:
  1. Scan a wallet.
  2. Assess its exposure (the clock reading).
  3. Recommend a migration-readiness path and risk tier.
  4. Report the result in a shareable Wallet Risk Report.
  5. Monitor how the reading changes over time.
Exposure is the input; readiness is the output. WalletWall never stops at “this is exposed” — it always pairs the reading with a recommended posture.

A note on the metaphor

If it helps: in a trade-based game economy like RuneScape, the moment you place an item in the trade window, everyone watching can see exactly what you’re holding and what it’s worth. You haven’t lost anything yet — but you’ve revealed the prize, and how much attention it deserves changes accordingly. Revealing a public key on-chain is a little like that: nothing is taken at the moment of exposure, but the wallet’s holdings and the fact of exposure are now public, and that’s what sets how high it should sit on a readiness list. The metaphor is only an intuition pump — the real reading comes from the scored on-chain signals above.

Limitations & disclosures

  • The clock is a forward-looking heuristic, not a measurement of current risk.
  • It does not predict Q-Day or any quantum-computing timeline.
  • Readings depend on data completeness; missing or stale data lowers confidence or yields “Unknown.”
  • NIST standardization is reported as public fact; WalletWall does not infer attack timelines from it.
  • This is not investment advice.