technical 7 min read

The Wallet That Doesn't Trust Quantum Computers—By Design

When true quantum randomness meets zero-knowledge security: Building Ethereum wallets with IBM Quantum hardware while ensuring IBM can never derive your private keys. A new paradigm in cryptocurrency security.

By Aunova Team
The Wallet That Doesn't Trust Quantum Computers—By Design

What if the very system generating your randomness could be your biggest vulnerability?

Most cryptocurrency wallets trust their random number generators blindly. Use Python’s secrets module. Use /dev/urandom. Hope for the best. But in a world where quantum computers are becoming reality, that trust might be your downfall.

We built something different: an Ethereum wallet generator that uses real IBM Quantum computers for true randomness—while assuming IBM is actively trying to compromise you.

The Quantum Paradox

Here’s the contradiction that keeps security experts up at night:

Quantum computers generate the most random, non-deterministic numbers possible. True randomness sourced from the fundamental laws of quantum mechanics. No pseudo-random algorithms. No seeds. No patterns. Just pure, quantum uncertainty.

But what if the quantum provider can see those random bits?

IBM Quantum runs on cloud infrastructure. Every qubit measurement, every quantum circuit execution, potentially observable and logged. If those quantum-generated random numbers become your Ethereum private key, and IBM keeps a record…

You see the problem.

Three Layers of Defense

Our solution doesn’t avoid quantum randomness—it embraces it, then neutralizes the risk.

Layer 1: Quantum Entropy (256 bits) Generated on real IBM Quantum hardware. True quantum randomness from superposition and measurement. IBM Quantum can see this. We assume they store every bit.

Layer 2: OS Entropy (256 bits) Generated locally using your system’s cryptographic random number generator. From your keyboard timings, disk seeks, hardware noise. IBM Quantum cannot see this. Ever.

Layer 3: User Salt (256 bits) Optional user-provided randomness. Your secret contribution to the entropy pool. IBM Quantum cannot see this either.

Then comes the magic: HKDF-SHA256.

A cryptographically secure, one-way key derivation function mixes all three entropy sources. Even if IBM Quantum stores your quantum random bits forever, they’re missing two-thirds of the puzzle—and the mixing function is mathematically irreversible.

Result: Your Ethereum private key is quantum-random but cryptographically impossible for IBM to derive.

See It In Action

$ uv run python main.py

======================================================================
  ULTRA-SECURE QUANTUM ETHEREUM WALLET GENERATOR
======================================================================

[1/8] 🎲 Generating quantum entropy from IBM Quantum...
 Using: ibm_torino
    ⚛️  Quantum chunk 1/8: 10110101...
    ⚠️  Note: IBM Quantum CAN see these bits

[2/8] 🔐 Generating OS entropy (invisible to IBM)...
    🔒 This entropy is LOCAL ONLY (IBM cannot see)

[3/8] 🔄 Mixing entropy sources with HKDF...
 IBM cannot derive this even with quantum entropy!

[4/8] 🔑 Deriving Ethereum key (local only)...
 Ethereum address: 0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb
    🔒 Private key derived (IBM cannot compute this)

Every step is transparent. Every security guarantee is explicit. You know exactly what IBM can see (quantum bits) and what they cannot (your private key).

Why This Architecture Matters

For Cryptocurrency: Your private key is the only thing standing between you and financial ruin. A compromised random number generator means compromised funds. Forever.

For Quantum Computing: As quantum computers become more powerful and accessible, quantum randomness becomes the gold standard. But cloud-based quantum services create new attack vectors we must address.

For Zero-Knowledge Systems: This isn’t just about wallets. It’s a blueprint for using powerful cloud infrastructure while maintaining cryptographic guarantees that the provider learns nothing.

For Future-Proofing: When large-scale quantum computers threaten current encryption (10-15 years out), the organizations thinking about quantum security today will dominate tomorrow.

Beyond Generation: Secure Viewing

Having quantum-secure generation is pointless if viewing your wallet is vulnerable. That’s why we built a memory-safe TUI viewer:

$ uv run python view_wallet.py

Features that matter:

  • Hidden password input - Never displayed on screen
  • Memory scrubbing - Sensitive data zeroed after use
  • Auto-clearing clipboard - Private keys automatically removed after 30 seconds
  • Beautiful interface - Rich terminal UI with security proof display
  • View-only - Never writes decrypted data to disk

Security isn’t just about generation. It’s about the entire lifecycle.

The Math That Makes It Possible

Let’s talk about why this works cryptographically.

IBM Quantum sees: Q = [256 bits of quantum entropy]

They don’t see:

  • O = [256 bits of OS entropy]
  • S = [256 bits of user salt]

Your private key is:

K = HKDF-SHA256(Q || O || S)

Even with unlimited computing power, IBM cannot:

  1. Reverse the HKDF function (one-way by design)
  2. Brute force without O and S (2^512 possibilities)
  3. Derive K from Q alone (cryptographically impossible)

The math isn’t just strong. It’s provable.

Real Quantum Hardware, Real Time

This isn’t a simulator. Every wallet generation uses actual IBM Quantum computers:

  • ibm_torino
  • ibm_brisbane
  • ibm_kyoto
  • Or whichever quantum computer is least busy

Real qubits in superposition. Real quantum measurements. Real quantum uncertainty translated into cryptographic strength.

All in about 1-2 minutes, start to finish.

The Trust Elimination Timeline

Traditional security: “Trust us to generate random numbers.” Cloud services: “Trust us not to log your data.” Blockchain: “Trust the math, not the institution.”

This project: “Trust the math. Assume the institution is compromised. Sleep soundly anyway.”

That’s the evolution of security thinking. Not building systems that require trust, but building systems where trust is irrelevant because the math guarantees security.

Industry-Agnostic Principles

While we built this for Ethereum wallets, the architecture applies anywhere you need:

  • Cloud-based processing with local security guarantees
  • Quantum randomness without quantum trust
  • Verifiable entropy mixing
  • Cryptographic proof of security properties

Imagine:

  • Healthcare records processed by quantum AI without exposing patient data
  • Financial models using quantum computing without revealing trading strategies
  • Government communications leveraging quantum encryption without key exposure
  • Research collaborations sharing quantum computing resources without IP leakage

The pattern is universal: Use powerful cloud infrastructure, maintain zero-knowledge guarantees.

Open Source, Open Security

Security through obscurity is security theater. Real security survives public scrutiny.

That’s why this project is fully open source:

View on GitHub: ethqrng

  • Read every line of entropy generation
  • Audit the HKDF implementation
  • Verify the security guarantees

When you’re trusting code with private keys, you should be able to read that code.

Start Building

# Clone the repository
git clone https://github.com/ngmisl/ethqrng
cd ethqrng

# Install with uv
uv sync

# Configure IBM Quantum token
cp .env.example .env
# Edit .env with your IBM Quantum token from quantum.ibm.com

# Generate your quantum-secure wallet
uv run python main.py

# View your wallet securely
uv run python view_wallet.py

Requirements:

  • Python 3.12+
  • IBM Quantum account (free at quantum.ibm.com)
  • uv package manager
  • 1-2 minutes for quantum entropy generation

The Quantum Security Mindset

The question isn’t whether quantum computers will break current encryption. The question is whether your organization will be ready when they do.

Organizations making quantum-aware security decisions today will have an insurmountable advantage. Those waiting for the threat to materialize will face crisis-mode migrations with no good options.

This wallet generator demonstrates that quantum-aware security isn’t science fiction or five years away. It’s practical, deployable, and running on everyday hardware right now.

Beyond Demonstration

We’re not just building a wallet generator. We’re building a proof of concept for a larger truth:

Quantum computing doesn’t force a choice between power and privacy. With the right architecture, you get both.

The same principles securing these Ethereum private keys can secure:

  • Medical AI running on quantum processors
  • Financial models leveraging quantum advantage
  • Scientific research sharing quantum resources
  • Government communications using quantum encryption

The architecture is the insight. The wallet is the demonstration.

Experience It Yourself

The best way to understand zero-knowledge quantum security is to see it work:

  1. Generate: Watch quantum bits become private keys IBM can’t derive
  2. View: See memory-safe wallet access with auto-clearing secrets
  3. Verify: Audit the source code and cryptographic guarantees
  4. Adapt: Fork the architecture for your use case

The code is open. The math is sound. The quantum computers are real.

Get Started on GitHub

Made with ❤️ by Aunova Support this work: Donate

Building the future where quantum power and zero-knowledge security coexist.