The Quantum Threat to Bitcoin Dividing Crypto

Two new research papers—one from Google and another from Caltech researchers at startup Oratomic—have revived a long-running question in crypto. What happens when quantum computing becomes powerful enough to break modern cryptography?

Researchers warned this week that advances in the field could threaten the cryptographic systems underpinning cryptocurrencies and other digital infrastructure sooner than expected, showing that future machines may be able to break elliptic curve cryptography with fewer qubits and computational steps than previously believed. Caltech put the number at just 10,000-20,000 qubits.

Both papers suggest the resources required to do so may be lower than earlier estimates, shortening timelines many assumed were comfortably distant.

In response to the findings, Bitcoin security researcher Justin Drake this week suggested there is at least a 10% chance that a quantum computer capable of breaking cryptography could emerge by 2032.

Quantum computers and “Q-Day”

Quantum computers operate differently from classical machines. Instead of bits that are either 0 or 1, they use qubits, which can exist in multiple states simultaneously. That property allows them to run certain algorithms—most notably Shor’s algorithm—that could, in theory, solve the mathematical problems underpinning modern encryption far more efficiently than today’s computers.

Those mathematical problems underpin Bitcoin, Ethereum and much of the internet. Systems based on elliptic curve cryptography are designed to be easy to verify but extremely difficult to reverse. A sufficiently powerful quantum computer could change that, deriving private keys from public ones and potentially exposing funds, identities and encrypted communications.

The moment when that becomes possible is often referred to as “Q-Day.”

For now, that moment remains hypothetical. “No such computer exists today,” Alex Thorn, head of firmwide research at Galaxy Digital, told Decrypt. “What this Google research shows is that the distance between today and that eventual ‘Q-day’ may be easier to traverse than previously thought.”

He pointed out that Google researcher Craig Gidney gave a 10% chance that a quantum machine capable of breaking cryptography will be built by 2030—a probability similar to that of Drake’s.

Gidney caveated this by adding that a “10% risk is unacceptably high here, so I’m very in favor of transitioning to quantum-safe cryptography by 2029… Yes this means I 90% expect to be made fun of in 2030. Oh well.”

Many industry experts are urging preparation. While Thorn argued that the “bottom line” is that the odds of a quantum computer being able to attack Bitcoin in the next five years are low, “the Google research shows real progress,” he said. “Nonetheless, Bitcoin developers are increasingly working on mitigations and new post-quantum crypto integrations,” Thorn added.

Different networks, different challenges

Itai Turbahn, co-founder and CEO of Dynamic, said the industry “needs to move now,” but cautioned that not all blockchains face the same exposure.

“Bitcoin’s UTXO model offers near-term protection if addresses aren’t reused—Ethereum’s account model has no equivalent workaround. But every account that has ever transacted has its public key permanently on-chain,” he said.

“Institutions need to understand this isn’t a uniform risk, and they need to be building toward it now,” he added.

Assessments of the challenge vary across networks and different experts Decrypt spoke to had different opinions on the impact on specific projects. Lucas Schweiger, Sygnum’s digital asset ecosystem research lead, said he believed Ethereum is “well positioned through account abstraction and addressing the quantum topic very seriously,” while “Bitcoin’s path is more of a governance and coordination question than a technical one, but it is a manageable one.”

“The transition, when it comes, is likely to be slow and uneventful,” he added.

Shiv Shankar, CEO of Boundless, previously told Decrypt that he didn’t see it as a blockchain-specific issue. “If quantum computers actually recover a set private key within this timeline, the whole of the internet is at risk, and that means there is a larger piece at stake,” he said. “I think it’s actually quite exciting,” Shankar added, arguing that, “It also means the entire internet as we know it gets upgraded which puts zero knowledge front and center of this conversation.”

Decrypt has approached both the Ethereum Foundation and Bitcoin dev community Bitcoin Core for comment.

First TradFi, then Bitcoin?

Schweiger said the more useful frame for institutional investors is sequencing. “If a cryptographically relevant quantum computer did emerge, the economic incentive for an adversary would point first at traditional financial infrastructure—the banks, custodians and payment networks securing approximately $154 trillion in fixed income and $128 trillion in equities globally,” he said.

“Crypto is negligible in comparison, and the crypto ecosystem would have substantial warnings before becoming a primary target.”

So is quantum risk a near-term engineering problem or a long-term existential threat? “Neither framing quite captures it,” Schweiger said.

“Quantum computing does not threaten existing blockchains or public key cryptography today, and the signature schemes in use will almost certainly be replaced long before quantum computers become powerful enough to break them,” he said.

While that makes it a “long-term engineering challenge,” Schweiger said, it’s not an existential one. He explained that, “The cryptographic community—including NIST’s post-quantum standards—as well as blockchain projects, are already working on preemptive measures and testing migration paths.”