Currently, there are no quantum computers capable of breaching the Bitcoin blockchain. Nevertheless, developers are proactively exploring a series of enhancements to fortify defenses against this looming threat, which is increasingly seen as a real possibility rather than just a theoretical concern.
This week, Google released findings indicating that an adequately powerful quantum computer could potentially dismantle Bitcoin’s fundamental cryptography in less than nine minutes—one minute quicker than the average time it takes for a Bitcoin block to be settled. Some experts predict that such capabilities could emerge by 2029.
The stakes are significant: approximately 6.5 million bitcoins, valued at hundreds of billions of dollars, reside in wallets that could be directly targeted by quantum computers. Among these coins are those belonging to Satoshi Nakamoto, the pseudonymous creator of Bitcoin. Furthermore, any breach would undermine Bitcoin’s foundational principles—“trust in code” and “sound money.”
Below is an overview of the potential threat and various strategies being considered to counteract it.
Two Methods for Quantum Attacks on Bitcoin
Before delving into proposed solutions, it’s essential to grasp how vulnerabilities arise.
The security framework supporting Bitcoin relies on a one-way mathematical relationship. When you establish a wallet, both a private key and its corresponding public key are generated from secret numbers.
To spend bitcoin tokens successfully requires demonstrating ownership through the private key—not by disclosing it but by using it to create cryptographic signatures verifiable by the network.
This system is robust; modern computational power would require billions of years to break elliptic curve cryptography (specifically ECDSA) necessary for reverse-engineering private keys from public ones. Thus far, compromising the blockchain has been deemed computationally infeasible.
A future quantum computer could alter this dynamic significantly—transforming what was once one-directional into two-directional access—allowing attackers to derive your private key from your public key and deplete your funds.
Your public key can be exposed through two primary methods: either via idle coins on-chain (the long-exposure attack) or through active transactions waiting in memory pools (the short-exposure attack).
P2PK addresses (used historically by Satoshi and early miners) along with Taproot addresses activated in 2021 face risks associated with long exposure attacks since their public keys can be accessed without any movement required; they remain permanently visible online—including those linked with Satoshi’s holdings amounting roughly to 1.7 million $BTC.
The short exposure scenario relates closely with mempool activity—the temporary holding area for unconfirmed transactions where both your signature and public keys become accessible across the entire network while awaiting confirmation within blocks.
Proposed Solutions
BIP 360: Eliminating Public Keys
An earlier point raised concerns about new Taproot-generated addresses permanently exposing their associated public keys online—a persistent target for future quantum computing threats.
The proposal known as BIP 360 aims at eliminating these publicly embedded keys through introducing Pay-to-Merkle-Root (P2MR), thereby removing identifiable targets altogether.
If successful at erasing publicly visible data points like these from circulation while retaining other functionalities such as Lightning payments or multi-signature setups intact—it will safeguard only newly created coins moving forward; however existing vulnerable assets still pose challenges addressed below!
SPHINCS+ / SLH-DSA: Hash-Based Post-Quantum Signatures
SPHINCS+ represents an innovative post-quantum signature methodology relying upon hash functions which sidestep vulnerabilities present within elliptic curve systems utilized currently within Bitcoins ecosystem!
Standardized under FIPS205 following extensive reviews conducted throughout August ’24 – It offers heightened security albeit at larger sizes compared against conventional signatures — currently averaging around sixty-four bytes versus eight kilobytes or more when utilizing SLHDSA methods!
Thus implementation raises concerns regarding increased demand placed upon block space leading towards elevated transaction fees overall.
In response proposals like SHRIMPS have emerged aiming towards reducing signature sizes without sacrificing core protections offered up against emerging technologies threatening today’s infrastructure!
Tadge Dryja’s Commit/Reveal Scheme: A Safety Mechanism For Mempool Transactions
This soft fork suggestion presented originally Tadge Dryja aims primarily toward safeguarding ongoing mempool transactions amidst possible future attacks stemming forth due advanced computing capabilities found within Quantum realms!
It achieves this separation between execution phases dubbed commit/reveal phases respectively whereby initial commitments signify intentions prior actual broadcasting occurs later down line thus preventing premature disclosures until necessary time arrives .
Should forged attempts occur , network validation checks ensure authenticity behind each respective commitment registered previously ensuring attackers cannot simply fabricate competing spends freely . However cost implications arise due additional complexities introduced requiring further community discussions surrounding practicality !
Hourglass V2 : Mitigating Risks Associated With Older Coins
Developed Hunter Beast proposes Hourglass V targeting aforementioned vulnerabilities tied directly older exposed address holdings representing roughly seventeen hundred thousand BTC remaining susceptible should malicious actors strike during peak moments !
The goal remains limiting sales allowing only single bitcoin per block thus avoiding catastrophic liquidations overnight collapsing markets entirely akin bank runs where withdrawals must slow down rather than halt outright enabling stability maintain integrity systems overall despite inherent limitations imposed ! However pushback exists claiming even minimal restrictions violate core principles underpinning decentralized ethos governing crypto landscape itself .
Conclusion
At present none these proposals have been enacted yet given decentralized governance structure encompassing developers miners node operators alike means upgrades likely take considerable time before materializing fully into practice ! Nonetheless steady stream suggestions surfacing prior recent reports indicate awareness surrounding issues has existed longer term alleviating market apprehensions somewhat going forward !