Recent research from Google has raised alarms in the Bitcoin community by indicating that a sufficiently powerful quantum computer could decrypt Bitcoin’s core cryptography in under nine minutes, surpassing the average Bitcoin block settlement time by one minute. As quantum computing technology continues to advance, analysts believe that the capacity to pose a threat to Bitcoin could emerge as early as 2029.
Currently, an estimated 6.5 million bitcoin tokens—valued at hundreds of billions of dollars—reside in addresses vulnerable to potential quantum attacks. This includes coins belonging to Bitcoin’s pseudonymous creator, Satoshi Nakamoto. The ramifications of a quantum breach would not only jeopardize financial assets but also undermine Bitcoin’s foundational principles—”trust the code” and “sound money.”
At the heart of this concern lies Bitcoin’s security framework, which employs a one-way mathematical relationship to construct its cryptographic system. When a wallet is generated, a private key and a secret number are created, leading to a public key that proves ownership when spending bitcoins. This process is currently deemed secure, as modern computers would take billions of years to breach the Elliptic Curve Digital Signature Algorithm (ECDSA). However, quantum computers could turn this security model into a vulnerability by deriving private keys from public keys, thereby endangering user funds.
The potential attacks are categorized into two types: long-exposure and short-exposure. Long-exposure attacks can exploit dormant coins stored in pay-to-public-key (P2PK) addresses, which include coins mined in Bitcoin’s early days and, notably, those belonging to Nakamoto. Since their public keys have always been exposed, the threat is immediate and persistent. On the other hand, short-exposure attacks target transactions waiting in the memory pool, where public keys and signatures are visible before transactions are confirmed.
In response to these vulnerabilities, a variety of initiatives are under consideration. Among these, Bitcoin Improvement Proposal (BIP) 360 aims to remove the public key that is permanently etched on-chain in the current Taproot address format. By introducing a new output type known as Pay-to-Merkle-Root (P2MR), this proposal seeks to eliminate the public key, effectively depriving quantum attackers of their target. However, it would only protect new bitcoins and not the existing 1.7 million BTC held in older addresses.
To counter the quantum threat more robustly, hash-based post-quantum signature schemes, such as SPHINCS+ and the upcoming SLH-DSA, are being explored. These schemes employ hash functions instead of elliptic curve cryptography, potentially shielding Bitcoin from the vulnerabilities posed by quantum computing. Although adopting these systems may lead to increased transaction sizes and, consequently, higher fees, they represent a more secure framework for future transactions.
Another intriguing proposal comes from Lightning Network co-creator Tadge Dryja, called the Commit/Reveal scheme. This strategy aims to safeguard transactions in the mempool by dividing transaction execution into two distinct phases: the commit phase and the reveal phase. The initial phase would involve publishing a hash that commits to a transaction without revealing its contents. The actual transaction could then be broadcast later, with checks in place to prevent unauthorized spending based on prior commitments registered on-chain.
Lastly, the Hourglass V2 proposal seeks to mitigate risks associated with the 1.7 million BTC sitting in older, vulnerable addresses by limiting withdrawals to one bitcoin per block. This controversial approach is likened to managing a bank run to prevent sudden massive liquidations that could destabilize the market. Critics, however, argue that such limitations could infringe on users’ rights to access their funds.
As of now, these proposals have not been activated, and the decentralized nature of Bitcoin’s governance—comprising developers, miners, and node operators—means any upgrades are likely to take significant time. Nonetheless, the wave of proposals arising in the wake of Google’s findings underscores the urgency of addressing quantum vulnerabilities, suggesting that developers have long been cognizant of this looming threat.
