Quantum Computing Threat to Bitcoin Security
Cryptographer Adam Back has stated that Bitcoin faces no meaningful quantum computing threat for at least two to four decades. He further noted that post-quantum encryption standards have already been approved and are ready for implementation. Back, a prominent figure in the cypherpunk movement and cited in the Bitcoin white paper, made these remarks in response to concerns regarding the potential for quantum computers to undermine the cryptocurrency's security foundations.
Back addressed the timeline on the social media platform X after a user questioned the existence of a quantum risk for Bitcoin. He emphasized that the National Institute of Standards and Technology (NIST) has already approved post-quantum encryption standards. Bitcoin, he explained, could adopt these standards long before cryptographically relevant quantum computers become a reality. This assessment stands in contrast to predictions made by entrepreneur Chamath Palihapitiya, who estimated that the quantum threat would materialize within the next two to five years.
Understanding Quantum Computing Requirements
Palihapitiya had previously noted that breaking SHA-256, the encryption standard that underpins Bitcoin's security, would necessitate quantum computers possessing approximately 8,000 qubits. Current quantum systems fall significantly short of this threshold, both in terms of qubit count and error correction capabilities. The technology remains constrained by high noise levels and lacks the necessary count of logical qubits required for encryption-breaking operations.
The Caltech neutral-atom array currently holds the record for qubit count with 6,100 physical qubits. However, this system cannot break RSA-2048 encryption, despite estimates suggesting that only 4,000 logical qubits are needed. Physical qubits and logical qubits differ substantially. Logical qubits represent idealized, error-free units essential for running encryption-breaking algorithms like Beauregard's Shor circuit. Real-world quantum systems require multiple physical qubits to construct each functional logical qubit due to the demands of error correction.
Quantinuum's Helios trapped-ion system has achieved 98 physical qubits functioning as 48 error-corrected logical qubits, demonstrating a two-to-one ratio between physical and usable qubits. In late 2023, Atom Computing achieved 1,180 qubits, becoming the first universal gate-based quantum computer to surpass 1,000 qubits. Despite these advancements, these systems remain far from posing a threat to current cryptographic standards.
Expert Disagreements and Future Implications
Experts hold differing views on the timelines for quantum computing progress. Some anticipate a linear advancement, while others foresee potential breakthroughs as research funding continues to increase. During an interview in April, Back suggested that the pressure from quantum threats might reveal whether Satoshi Nakamoto is still alive. He posited that quantum risks could compel the Bitcoin creator to move coins to quantum-resistant addresses to prevent potential theft. Nakamoto's estimated 1 million Bitcoin would become vulnerable without migration to updated security protocols.
The "harvest now, decrypt later" attack model represents the primary quantum threat to encrypted communications today. Adversaries collect encrypted data for storage, intending to decrypt it with future quantum computers. This attack vector does not directly impact Bitcoin's security model. Bitcoin's encryption is used to ensure rightful owners control asset access, rather than to hide long-term sensitive information.
Smart-contract researcher Gianluca Di Bella, who specializes in zero-knowledge proofs, recently advised that the migration to post-quantum encryption should commence immediately. He noted that while practical commercial quantum computing might emerge in 10 to 15 years, major institutions like Microsoft or Google could potentially develop solutions within a few years. The primary concern with this threat centers on protecting data that requires decades of confidentiality, rather than the transactional security of cryptocurrencies.
Bitcoin's Adaptability and Future Security
Bitcoin's capacity to implement quantum-resistant standards before quantum computers achieve cryptographic relevance provides a substantial safety margin. The blockchain's decentralized governance model facilitates protocol upgrades through consensus mechanisms, allowing for adaptation to emerging technological threats. Post-quantum cryptography standards offer proven mathematical frameworks for securing digital assets against future quantum capabilities.