The quantum threat is resurfacing in Bitcoin. If quantum computers capable of breaking ECDSA emerge, some Bitcoins whose public keys are already exposed could be vulnerable. Yet some developers consider the risk to be remote. Should we be worried right now?
Does the quantum risk truly threaten the Bitcoin blockchain?
The debate over “quantum risk” regularly resurfaces in the crypto world. While Ethereum and other alternative chains are actively working on the issue, Bitcoiners seem to discuss it less—or even underestimate its potential.
Yet the risk is very real; the security of the Bitcoin protocol relies on cryptographic primitives, notably ECDSA for signing transactions, which could be compromised within the next decade, according to some experts’ projections.
If a powerful quantum computer were to emerge, Shor’s algorithm could, in theory, derive a private key from a public key.
The feared scenario is not a network outage, but an asymmetric breach allowing the theft of certain Bitcoins, particularly those with exposed public keys, such as some older addresses and reused ones.
According to estimates, nearly one-third of all BTC in circulation have their public keys visible on-chain and could be targeted by a quantum attacker. Among these at-risk funds are notably the 1 million Bitcoins mined by Satoshi Nakamoto, which have remained untouched since his disappearance in 2011.
In a recent article, essayist and analyst Nic Carter asserts that, contrary to what some publicly suggest, the majority of the most influential developers do not consider quantum security a priority.
Carter argues that power within Bitcoin is diffuse, which intentionally makes any modification to the protocol more difficult. The “maintainers” of Bitcoin Core are not decision-makers in the strict sense, but form a sort of elite group of highly respected contributors who act as gatekeepers. Without the support of at least one of them, a major change—such as a post-quantum migration—is unlikely to succeed.
What exactly do Peter Todd and Adam Back say about the quantum risk?
Carter then reviews several quotes and positions from certain Bitcoin developers:
- Pieter Wuille acknowledges the issue and participates in discussions, but sees no urgency;
- Gloria Zhao, for her part, believes the risk is more likely to materialize over the next 30 to 50 years;
- Adam Back mentions 20 to 40 years;
- Peter Todd even strongly rejects the idea that “cryptographically-relevant quantum” is imminent, or even physically plausible.
Everyone’s arguments should be taken into account. In theory, the quantum computer poses a threat, but in practice, there is no guarantee that we will ever succeed in building and then stabilizing a machine of such complexity.
Furthermore, even if such a computer were to be developed, it is likely that using it to break ECDSA would cost more—in terms of energy and cooling—than the value of the potentially recoverable Bitcoins. In other words, even if the machine existed in 5 years, it could still be 50 years before an attack becomes technically feasible.
Finally, other developers are taking the subject very seriously, such as HunterBeast, a former RGB developer who is now focused on quantum computing through Anduro, a quantum research platform funded by the miner Mara.
