Bitcoin and the Threat of Quantum Computing: Timeline and Solutions (2025–2035)

Recent breakthroughs in quantum computing have led market analysts to once again say that Bitcoin's future is at risk.

Google's Willow quantum chip and the quantum chip's ability to drastically reduce the number of errors are the new source of fear, uncertainty and doubt about Bitcoin's survival prospects in a post-quantum computing world.

The main concern is that a sufficiently advanced quantum computer could break the various forms of encryption used in Bitcoin (and many other cryptocurrencies), rendering the system useless and worthless. For example, someone could attack the network with a 51% attack by mining with a quantum computer, or steal coins held in an address simply by guessing the private keys associated with them.

So is this a real and inevitable threat? And what can developers do to fix this much-discussed issue?

According to longtime Bitcoin researcher Ethan Helman, protecting the Bitcoin cryptocurrency from quantum computers and other threats is a never-ending battle for developers.

“Bitcoin should protect people's money for generations,” Helman told the magazine.

“The history of cryptography is change and new attacks, faster computers and better algorithms. So, the biggest challenge for people working on Bitcoin cryptography is: How to protect coins over decades or even centuries, given the mercurial nature of cryptographic security?

Is Google Willow's Quantum Computer a Threat to Bitcoin in 2024?

The first thing to note about the potential threat of quantum computers to Bitcoin is that at this point the issue is completely overblown. Willow is one of the leading players in quantum computing developed to this point, but it's nowhere near what it takes to challenge the cryptography used in Bitcoin.

In the year According to a 2022 research study by Universal Quantum, a spin-off company affiliated with the University of Sussex, it would take a quantum computer with 13 million qubits a day to crack a private key linked to a vulnerable Bitcoin address. Google Willow has only 105 qubits.

Indeed, Google itself told The Verge that Willow is not a threat to modern cryptography. Furthermore, according to NVIDIA CEO Jensen Huang, “very useful quantum computers” are probably still twenty years away, suggesting that their real-world applications will be limited for some time.

In a recent episode of ARK Invest's Bitcoin Brainstorm podcast, Blockstar founder and CEO Adam Back also pushed for what he says is the inevitable quantum risk to Bitcoin.

“For some, it is very tempting to make a bet because they are saying that we have to be careful in 2028 – like no way,” he said.

However, the threat posed by quantum computing to Bitcoin has long been a known issue, and discussions around it – or at least theoretical discussions around the SHA-256 algorithm used in the mining process – until the time when Bitcoin's creator Satoshi Nakamoto still When he was involved in the project. Improvements to quantum-proof Bitcoin addresses or other improvements to the cryptography used in Bitcoin can be implemented as needed.

As a note, this is far from a Bitcoin-only problem, as the cryptography used in traditional banking is vulnerable to attacks from quantum computers and is currently an even bigger target.

When will quantum computers crack bitcoin? Professional forecasts for 2030-2035

Bitcoin developers and other interested parties are generally skeptical and wary of the potential risk.

“I want to make sure we're thinking about it right,” said Cathy Wood, CEO of ARK Invest, at a recent Bitcoin Brainstorm event focused on quantum computing.

“I don't want to leave any options behind because I think technologies are advancing faster and faster.”

While there are too many different innovations in quantum computing to pose a serious threat to Bitcoin, it's important to start seriously discussing the issue today.

Most estimates do not see quantum computing as a threat to the cryptography used in Bitcoin until the early 2030s. Specifically, the National Institute of Standards and Technology (NIST) recommends migrating to a new cryptographic system by 2035 to reduce future privacy risks related to future quantum risks. However, according to Ledger's Chief Technology Officer Charles Guillemette, Bitcoin will still be safe at this level of risk, as it will not be affected by future privacy concerns.

Additionally, IBM's quantum computing roadmap points to a few thousand qubits by 2033. This is still far less than the millions of qubits needed to break the encryption in Bitcoin.

Bernstein's analysts still see quantum risk in Bitcoin as decades away.

Indeed, speculation from Bitcoin developers and industry workers about when quantum computing poses a real threat is wide-ranging, and some refer to quantum computing as an outright scam. In a recent discussion about quantum resistance on the Bitcoin development mailing list, estimates ranged from a decade or two to “not in my lifetime.”

However, recent developments indicate that there is a growing call for the matter to be taken seriously. “I think the message today should be: yes, unequivocally, he should be worried about this now,” wrote theoretical computer scientist Scott Aronson. “Have a plan.”

The good news is that 75% of Bitcoin wallets are already protected from potential attacks due to the type of Bitcoin address they are stored in, according to a previous study by accounting giant Deloitte. In particular, P2PK addresses and reused P2PKH addresses are address types that are vulnerable to quantum attacks. Of course, non-reused P2PKH addresses make quantum computers more powerful and vulnerable because signed transactions can appear in Mempool before they are verified (transactions are unblocked and sent directly to miners). .

That said, there is at least one development proposal to improve Bitcoin to address this concern.

Bitcoin Quantum Resistance: Current Protection and Future Solutions

There are two key concerns surrounding the algorithms associated with quantum computers, which offer significant advantages over current methods for breaking encryption achieved by traditional computers.

One of them is called the Grover Algorithm, which can be attacked or censored by a quantum computer through a quantum computer to gain an insurmountable advantage in the Bitcoin mining process and completely centralize the Bitcoin accounting system. Secondly, Shor's algorithm can be used in certain Bitcoin signature schemes to steal funds held in addresses. Shor's algorithm provides greater gains compared to traditional methods and is faster risk.

In particular, it is known to be a slow and difficult process for Bitcoin wallets to prepare for today's threat to Bitcoin address security without any changes to the Bitcoin consensus rules. Quantum resistance on the network is necessary for soft forks to eventually activate a consensus rule change. However, arrangements can be made long before any quantum of Bitcoin threats appear.

The process is for wallets to begin deploying an additional, quantum-secure signature scheme within their wallet software in the near future. Then the nodes on the Bitcoin network will need to disable the old, quantum-vulnerable signature schemes and use the new quantum-resistant schemes in a soft fork once the threat of quantum computers is imminent.

QuBit: Bitcoin's proposed quantum resistance upgrade explained.

A draft Bitcoin Improvement Proposal (BIP) known as QuBit by counterfeiter Beast introduces a new address type, Pay to Quantum Resistant Hash (P2QRH), which uses a variety of quantum-resistant signature schemes to protect against attacks using Shorn's algorithm. The new address type can come with a 16x reduction in block space costs, providing an economic incentive for users to migrate to quantum-proof addresses. A similar economic incentive has previously been used to promote the adoption of distributed Jehovah's Witnesses addresses on the Internet.

The QuBit scheme includes four levels: a quantum-resistant addressing standard, a Taproot-compatible quantum-resistant addressing level, a soft fork, and a quantum-safe addressing standard.

Hunter Beast's work on P2QRH is supported by Surmount Systems, an initiative to defend Bitcoin against the risks associated with quantum computing. P2QRH addresses make quantum attacks on a single address uneconomical if not impossible, similar to proof-of-work mining in Bitcoin.

According to Predator, making addresses fully secure would require deploying more quantum computing hardware among Bitcoin users. However, this update may eventually be soft-forked. Additional protections for the mining process will come down the line and are not considered relevant at this time.

In particular, P2QRH does not implement a specific quantum-resistant hashing algorithm. Instead, users can choose from a variety of supported standards, including SPHINCS+-256f and FALCON-1024. Quantum-proof signature schemes are still relatively new and unproven, so it is difficult to identify the best option to integrate into Bitcoin. Additionally, the most trusted signature plans will also be the largest, which may introduce a new scaling problem.

Alternative solutions: OP_CAT and STARK based protection

There may also be new opcodes such as OP_CAT, a previously inactive opcode that some developers want to re-enable on Bitcoin to enable quantum-resistant addresses on Bitcoin.

Blockstream's Jonas Nick has recently published code for an experimental tool that can be used to create quantum-resistant signatures using re-enableable opcodes in the Great Script Recovery proposal. However, as with any Bitcoin change, OP_CAT can be considered controversial, and there are potential centralization risks associated with enabling the Maximum Extractable Value (MEV) associated with it.

“OP_CAT can be used to implement post-quantum cryptography on Bitcoin, but it is very inefficient in terms of transaction volume,” Hunter told the magazine.

OP_CAT co-author Ethan Helman agrees that the idea of ​​the beast can be implemented before the problem arises. “Deployment of OP_CAT is a helpful tool during a cryptographic crisis. I think we should solve this problem with quantum resistant products like QuBit (BIP-360) before such a crisis occurs.”

There are transactions made by QuBit, such as effectively lowering Bitcoin's onchain transaction capacity, but many consider this more acceptable as it acts as a strict security advantage. Due to the large scale of quantum-resistant transactions, there have been discussions of adding quantum-resistant signatures in combination with increasing block size.

There is also the possibility of using Scalable Transparent Arguments of Knowledge (STARKs), a zero-knowledge (ZK) proof technology, as another way to bring quantum resistance to Bitcoin, which comes with additional privacy and scalability benefits. This function can be enabled by OP_CAT or another opcode specifically to verify ZK assertions.

“The STARK support in Bitcoin allows miners to merge non-interactive quantum-proof signatures into a single STARK and exchange the signatures with a single STARK,” Helman told the magazine.

“This eliminates a major drawback of such signature schemes and may also have privacy benefits. Many people, including myself, are looking into this, but this work is still early days, and changes like this are not very simple or easy.”

That said, STARKs are more practical for flexible and malleable cryptosystems, such as Ethereum or Solana. Indeed, Ethereum creator Vitalik Buterin has previously commented on the use of STARKs in a quantum contingency.

As for STARKs or other methods for quantum computing resilience even for unmodified addresses (as Buterin puts it), Hunter says, “It's possible.” . . The only problem with this approach is that the addition of ZK opcodes is a soft fork, but there may be little agreement on which ones to add and even if it works. They should also disable all transactions with modern HD wallets (which accept mnemonic seeds and generate new addresses when used). A hardcoded private key won't work, and not sure how that works with multisig. So, no, it's not really practical to do that.

Bitcoiners value stability and consistency, so change can be slow and gradual. But although there is no clear threat, as preparations are being made, this issue is likely to be resolved in time.

The threat of quantum computing to Bitcoin was recently summed up well by Blockstream CEO Adam Back at X: “I think quantum readiness is the right balance – no current risk or maybe this decade or maybe next,” Back said. “But it's good to be ready.”

Kyle Thorpe

Kyle Thorpe has been covering Bitcoin and crypto since 2014. In particular, he has covered Bitcoin's blockchain war for Bitcoin Magazine and Forbes. Over the years, his work has been published in Fortune, Vice, Investopedia and many other media outlets