The quantum threat is resurfacing in Bitcoin. If quantum computers capable of breaking ECDSA appear, some Bitcoins whose public key is already exposed could be vulnerable. However, some developers consider the risk to be remote. Should we be concerned now?
Does the quantum risk really threaten the Bitcoin blockchain?
The debate on “quantum risk” regularly resurfaces in the crypto world. While Ethereum and other alternative chains are actively working on the issue, Bitcoiners seem to talk about it less and even underestimate its potential.
However, the risk is very real. The security of the Bitcoin protocol relies on cryptographic primitives, notably ECDSA for signing transactions, which could be compromised over the next decade, according to some experts’ projections.
With the advent of a powerful quantum computer, Shor’s algorithm could, in theory, find a private key from a public key.
The feared scenario is not a network failure, but an asymmetric break allowing the theft of certain Bitcoins, particularly those whose public key is exposed, such as certain old addresses and those that have been reused.
According to estimates, nearly one-third of BTC in circulation have their public key visible on-chain and could be targeted by a quantum attacker. Among these at-risk funds are the 1 million Bitcoins mined by Satoshi Nakamoto, which have remained untouched since his disappearance in 2011.
In a recent article, essayist and analyst Nic Carter argues that, contrary to what some publicly suggest, the majority of the most influential developers do not consider quantum to be a priority.
Carter argues that power within Bitcoin is diffuse, which deliberately makes it more difficult to change the protocol. Bitcoin Core “maintainers” are not decision-makers in the strict sense, but form a kind of elite group of highly respected contributors who act as gatekeepers. Without the support of at least one of them, a major change, such as a post-quantum migration, is unlikely to succeed.
What exactly do Peter Todd and Adam Back say about the quantum risk?
Carter then reviews several quotes and positions from certain Bitcoin developers:
- Pieter Wuille acknowledges the issue and participates in discussions, but does not see any urgency;
- Gloria Zhao believes that the risk is more likely to occur in the next 30 to 50 years;
- Adam Back mentions 20 to 40 years;
- Peter Todd strongly rejects the idea that “cryptographically-relevant quantum” is close, or even physically plausible.
Everyone’s arguments must be taken into account. In theory, quantum computers pose a threat, but in practice, there is no guarantee that we will ever succeed in building and stabilizing such a complex machine.
Furthermore, even if such a computer were to be developed, it is likely that using it to break ECDSA would cost more in energy and cooling than the value of the Bitcoins that could potentially be recovered. In other words, even if the machine existed in five years’ time, it could still be 50 years before an attack became technically feasible.
Finally, other developers are taking the issue very seriously, such as HunterBeast, a former RGB developer who is now focused on quantum computing thanks to Anduro, a quantum research platform funded by the miner Mara.
