Whalesbook
Quantum Computing's Bitcoin Threat
Nobel laureate John M. Martinis has raised alarms that powerful quantum computers could shatter Bitcoin's security. The main worry: Shor's algorithm, when run on a capable quantum machine, could potentially unlock a Bitcoin private key from its public counterpart. While quantum computing experts see this as a relatively straightforward application due to its mathematical nature, building such a machine remains a distant prospect.
Despite significant investment and progress from tech giants like Google, IBM, and Microsoft, creating computers strong enough to break current encryption (known as CRQCs) remains a massive engineering task. Though some theories suggest fewer qubits might be needed than first thought, building stable, error-free machines is still years off. Today's quantum computers are in the NISQ era, where qubits are fragile and prone to errors. Researchers estimate achieving the reliability and scale for cryptographic attacks could take until 2028-2030 or even later.
Bitcoin's Transaction Vulnerability
Bitcoin uses the Elliptic Curve Digital Signature Algorithm (ECDSA) for security, which Shor's algorithm can target. A critical weakness appears when a Bitcoin transaction is broadcast. Its public key is briefly exposed on the network's transaction pool (mempool) before being confirmed in a block. This provides a short window—potentially just minutes—for an advanced quantum computer to derive the private key and steal the funds. This is a tight race against Bitcoin's roughly 10-minute block confirmation time.
Bitcoin's blockchain structure exacerbates this risk. Around 6.9 million Bitcoins (roughly one-third of all coins) are in wallets where the public key is already visible on the chain. This includes older Bitcoin outputs and addresses that have been reused, or used with specific transaction types. These coins are considered immediately vulnerable to a quantum attack, a scenario known as "harvest now, decrypt later."
Moving to Quantum-Resistant Standards
In response to the quantum threat, the field of post-quantum cryptography (PQC) is advancing rapidly. The U.S. National Institute of Standards and Technology (NIST) released its first PQC standards in 2024, including algorithms like CRYSTALS-Kyber and CRYSTALS-Dilithium, designed to resist quantum attacks. Many governments and organizations are now planning their transition to these new standards, with some deadlines set for 2035.
Bitcoin can adapt through protocol upgrades, as seen with Taproot in 2021. However, the network's decentralized structure means making large-scale cryptographic changes is a complex and lengthy process. Technical proposals for quantum-resistant addresses are in development, but timelines are unclear. Other cryptocurrencies, like Ethereum, are discussing PQC integration, while projects such as QRL, Algorand, and Hedera are building or incorporating quantum-resistant features, often using different methods.
Why Immediate Risk is Limited
Despite alarmist headlines, the immediate quantum threat to Bitcoin is less severe than often portrayed. This is mainly due to the immense engineering hurdles in building CRQCs. While fewer qubits might be needed than previously thought, creating stable, fault-tolerant quantum computers is a colossal task. Building a machine capable of breaking Bitcoin's encryption would involve astronomical investment, likely making it an economically unviable attack vector compared to simpler exploits.
Active Bitcoin users face much lower risk. By avoiding address reuse, using new addresses for each transaction, and limiting public key exposure, users can significantly shrink the potential attack surface. The "harvest now, decrypt later" concern primarily affects long-term data security, not the immediate theft of actively managed funds. Furthermore, Bitcoin faces more pressing issues like regulatory changes, market swings, and standard cybersecurity threats, which require more immediate focus than the future prospect of CRQCs.
The Path Forward: Preparation, Not Panic
Experts still debate when CRQCs will be ready, with estimates varying widely from five to over twenty years. While quantum technology is advancing, most analysts and developers agree there is still ample time to transition to PQC. The crypto world is now focused on understanding these timelines and creating practical strategies for the shift, balancing future security with current quantum hardware development. Progress in PQC standards and Bitcoin's own upgrades indicate a path forward, requiring steady effort and cooperation rather than panic.