pull down to refresh

Quantum Threats to Bitcoin — Part 1

Bitcoin’s security is based on hard math.
Quantum computers break that assumption.
Let’s walk through how visually.

Bitcoin’s Security is Based on Math

Bitcoin uses math (ECDSA, secp256k1, ..) to protect your coins.
So far, no one can break it…

1- But Quantum Breaks That Math

Quantum computers can punch through math-based defenses.
What’s hard for your laptop becomes easy for a quantum machine.

2- Classical Computers Use Bits

Bits can only be 0 or 1.
All computations are done one step at a time.

3- Quantum Computers Use Qubits

Qubits can be 0, 1, or both.
This allows quantum computers to do things in parallel (a massive leap in speed)

5- Parallelism Changes Everything

Classical = tries one possibility at a time.
Quantum = tries all possible combinations simultaneously.

🔐 What Does This Have to Do with Bitcoin?

Bitcoin uses elliptic curve cryptography (ECC).
Private key k, public key P = k*G.

🔁 ECC Is Easy One Way, Hard the Other

Easy: k → P
Hard: P → k
This asymmetry protects your Bitcoin.

🕳️ Brute Force Takes Forever

A normal computer would need ~10³⁸ operations to go from public key → private key.
That’s trillions of years.

🧠 Pollard’s Rho: The Best Classical Attack

Right now, attackers try all keys one-by-one.
The best known method is Pollard’s rho (still slow)

💥 Shor’s Algorithm Changes That

Quantum computers can run Shor’s algorithm, which breaks ECC.
It only takes around 10⁶ steps.
Classical: “Trillions of years”
Quantum: “Hours to days”

🚨 When You Spend BTC, You’re Vulnerable

When you spend, your public key is revealed.
A CRQC could see it, extract your private key, and steal your funds.

📉 20–50% of All Bitcoin at Risk

“Roughly 4–10 million BTC could be stolen if CRQCs arrive.”
— Last Chaincode Labs report on "Bitcoin and Quantum Computing"

🕰️ When Will They Arrive?

Experts give a 50% chance we’ll see quantum computers that can break ECC by 2030–2035.
NIST plans to ban ECC by 2035.

🔜 Next Up

Next explainer in the series:
Script Types and Their Quantum Vulnerability (P2PK, P2PKH, P2TR, etc.)

🧡 Stay Updated

We’ll be sharing more visual explainers on quantum threats, Bitcoin script vulnerabilities, and post-quantum proposals.
Follow @Bitcoin_Devs to stay in the loop.

Inspired by the Chaincode Research Report on Quantum Threats to Bitcoin.
Sigh, quantum fearmongering again.
Bitcoin uses elliptic curve cryptography (ECC).
Private key k, public key P = k*G.
Yeah, Elliptic Curve Digital Signature Algorithm (ECDSA) to be more specific.
When you spend, your public key is revealed.
That is the case for P2PKH, P2SH, P2WPKH and P2WSH. P2TR outputs (bc1p...) themselves are already the public key, so for those addresses it does not matter whether you spend or not.
Experts give a 50% chance we’ll see quantum computers that can break ECC by 2030–2035.
Highly doubt it. Right now there is no quantum computer in existence that can even run Shor's algorithm.
reply
0 sats \ 1 reply \ @anon 10h
I think that's kind of the point for P2TR. Those addresses are far more vulnerable than the hash and script based ones you mention.
reply
Those addresses are far more vulnerable than the hash and script based ones you mention.
Under the assumption that quantum computers can ever derive the private key from the public key.
On the other hand one could also argue that P2TR is more resistant to brute-force attacks than the hash-based addresses. The hashing algorithm used in P2PKH, P2WPKH... is RIPEMD160, which produces a 160 bit long hash. In principle, that means many different 256 bit private keys map to the same 160 bit hash (and therefore the same address). But a Taproot address consists of a 256 bit long compressed public key. That's much harder to brute-force.
reply
Nice explanation, thanks. That's a lot of assumptions though.
  1. Only bad guys will have quantum to break the encryption an steal your BTC
  2. If they can afford to buy or use quantum computer, why would they need to steal your BTC? :-)
  3. What if WE create our keys with quantum computer, (aka we have the same tools) then we go back to trillion years to find a solution?
Plus, I think we still have some time to figure this out. Quantum is mind bending and I can't wait for the future to come :-)
reply
Nice explainer! I think you have k and p reversed though in your "Brute Force Takes Forever" slide
reply
Oh wow... new information. now I have more questions!
reply
Big fan of these types of posts
reply
This is a solid breakdown the quantum threat to Bitcoin is real, especially for older outputs. We definitely need to start moving toward post quantum solutions before it’s too late.
reply
There is currently a BIP (BIP-360) - by the way, 360 is a "magic number" on quantum computing - that aims to fix vulnerable addresses.
reply