Quantum computing poses a significant risk to Bitcoin, particularly through the potential for signature forgery rather than traditional decryption of encrypted data. This concern arises from the possibility that quantum computers could exploit publicly exposed keys, endangering approximately 6.7 million BTC unless wallets transition to post-quantum solutions before robust fault-tolerant machines become available.
In essence, Bitcoin does not store any encrypted secrets on its blockchain; instead, it relies on digital signatures and hash commitments for security. The real threat from quantum technology lies in Shor’s algorithm, which could enable an attacker to derive private keys from public ones and create valid signatures for unauthorized transactions.
Adam Back, a prominent figure in the Bitcoin community and creator of Hashcash, emphasizes that describing this issue as “quantum computers cracking Bitcoin encryption” is misleading. He points out that this misconception reflects a fundamental misunderstanding of how Bitcoin operates.
The primary security concern revolves around public-key exposure; if an address format reveals too much information on-chain, it increases vulnerability. While many formats obscure raw public keys until they are used in transactions by committing only their hashes initially, there are still risks involved.
Project Eleven is actively monitoring these vulnerabilities through its open-source “Bitcoin Risq List,” which tracks instances of public key exposure related to script and address reuse practices. Their findings indicate that around 6.7 million BTC fall under their criteria for at-risk addresses based on published methodologies.
The introduction of Taproot outputs (P2TR) modifies how public keys are represented within output programs by including tweaked versions instead of simple hashes as specified in BIP 341. However, Project Eleven notes that while this alters exposure patterns slightly, it remains critical only if large-scale fault-tolerant quantum systems come into play.
A study titled “Quantum resource estimates for computing elliptic curve discrete logarithms” by Roetteler et al., suggests an upper limit requiring roughly 2,330 logical qubits to compute elliptic-curve discrete logarithms over a prime field with n=256 bits.
Litinski’s research indicates that calculating a single 256-bit elliptic-curve private key would necessitate about 50 million Toffoli gates under certain assumptions—suggesting completion within ten minutes using approximately 6.9 million physical qubits—while other estimates propose needing around 13 million physical qubits to break encryption within one day or about 317 million qubits for one-hour targets.
The threat posed by Grover’s algorithm primarily affects hashing functions like SHA-256 but does not directly compare with breaking elliptic curve cryptography via discrete logarithm attacks since NIST has shown the work required remains at approximately (2^{128}) even after applying Grover’s enhancements.
Post-quantum signature schemes typically result in larger sizes measured in kilobytes rather than just tens of bytes—this change impacts transaction economics and user experience significantly according to technical guidelines provided by experts.
NIST has already begun standardizing post-quantum primitives such as ML-KEM (FIPS 203), forming part of broader migration strategies across various platforms including proposals like BIP360 advocating new output types resistant against quantum threats while qbip.org encourages phasing out legacy signatures altogether as an incentive towards necessary migrations.
Recent statements from IBM highlight advancements made regarding error-correction components aimed at achieving fault tolerance potentially around the year 2029—a notable development given reports indicating some key algorithms can operate effectively even on conventional AMD chips according another Reuters article detailing these findings.
The analysis conducted by Project Eleven identifies crucial factors such as proportions within UTXO sets exhibiting exposed public keys alongside wallet behaviors adapting accordingly plus overall network responsiveness towards adopting paths resilient against quantum challenges without compromising validation integrity or fee-market dynamics throughout transitions ahead
You might also enjoy: Trezor introduces pioneering hardware wallet designed specifically with quantum readiness features integrated seamlessly into secure elements ensuring enhanced protection moving forward.