The Chaincode report warns that quantum computers could emerge in 2030, threatening 4-10 million Bitcoins using ECDSA cryptography.
A new report from Chaincode warns that quantum computers capable of breaking encryption could emerge as early as 2030, putting Bitcoin's cryptographic foundations and the entire digital asset space in jeopardy. It is estimated that between 4 to 10 million BTC are at risk, with approximately 6.26 million BTC identified as the most vulnerable due to the use of address types that can be exploited by Shor's algorithm.
Quantum computers capable of breaking encryption may use Shor's algorithm to disrupt cryptosystems based on ECDSA, the current method used by Bitcoin to authenticate coin ownership. Addresses particularly vulnerable to attack include P2PK, which exposes the public key directly on the blockchain, P2MS, which uses multiple public keys in multi-signature transactions, and P2TR, which publicly reveals the public key as a script tree in certain situations. Especially dangerous are reused addresses, organizational wallets, and long-standing UTXOs that may have lost their private keys.
While Bitcoin mining operations currently do not face direct risks from quantum machines due to limitations in Grover's algorithm and poor parallelization capabilities, the risk of mining centralization and network instability will significantly increase if superior quantum miners emerge.
Transition solution to post-quantum cryptography
The Bitcoin community is discussing various proposals to counter the quantum threat by transitioning to post-quantum cryptography. Proposed algorithms include SPHINCS+, FALCON, and CRYSTALS-Dilithium. Additionally, many Bitcoin Improvement Proposals are being considered, such as BIP-360, which uses a post-quantum key hash function instead of a public key as currently done, BIP-347 to reactivate the OP_CAT opcode to support Lamport signatures, and OP_SPHINCS to add a new opcode specifically for SPHINCS+ signatures.
The transition strategy is divided into two phases. The short term, over the next 2 years, will focus on research, implementing minimum protection for vulnerable UTXOs, and beginning the process of moving coins from risky addresses. The long term, over the next 7 years, will redesign the system architecture, fully apply optimal post-quantum algorithms, and implement large-scale movement.
