Quantum Computing: A Threat to Bitcoin?
TL;DR Quantum computers threaten Bitcoin because Shor’s algorithm can derive a private key from an exposed public key, breaking the ECDSA and Schnorr signatures that authorise transactions. The threat is real but not imminent. Credible estimates put a cryptographically relevant quantum computer somewhere between 2029 and 2035. Research cited by Google and Bitcoin security analysts suggests a roughly 10% chance of a break by 2032. Around 6.9 million BTC - close to a third of all supply - sit in addresses with exposed public keys, including roughly 1 million BTC believed to belong to Satoshi Nakamoto. These are the coins most at risk. Mining (SHA-256) is far less exposed. Grover’s algorithm only offers a quadratic speed-up, which higher network difficulty can absorb. Bitcoin’s defences are forming: BIP-360 adds a quantum-resistant address type, BIP-361 proposes a controversial migrate-or-freeze deadline, and NIST has finalised post-quantum standards (ML-DSA, SLH-DSA) for future signature schemes to draw on. The safest action for an ordinary holder today: use a modern address and never reuse it, so your public key stays hidden behind a hash until you spend. Overview Quantum computing is one of the most significant theoretical threats to modern cryptography. For Bitcoin, the core concern is that a sufficiently powerful quantum computer could run Shor’s algorithm to solve the elliptic curve discrete logarithm problem - the hard maths that secures Bitcoin’s public-key cryptography. ...