Reassessing the Quantum Threat: Why Crypto Isn’t on the Brink Yet

The Myth of Imminent Quantum Doom

(Image source: a16zcrypto)

Claims that “quantum computers are about to break all cryptography” have become increasingly common, often accompanied by calls for an immediate and universal migration to post-quantum cryptography.

These arguments, however, tend to overlook two critical realities:

• Cryptographically capable quantum computers do not yet exist
• Quantum risk varies significantly across different cryptographic primitives

Failing to distinguish between these factors can lead to poor trade-offs between security, performance, and cost.

What Does a “Cryptographically Relevant” Quantum Computer Actually Mean?

Not every quantum computer poses a real threat to modern cryptography. A system becomes cryptographically meaningful only if it can:

• Run Shor’s algorithm at scale
• Break RSA-2048 or secp256k1 within a practical timeframe
• Operate as a fault-tolerant quantum system

Based on publicly available progress:

• Superconducting, trapped-ion, and neutral-atom architectures all remain far below required thresholds
• Systems with thousands of physical qubits still lack sufficient logical qubits and error correction
• The gap between current achievements and real cryptographic attacks spans multiple orders of magnitude

Buzzwords such as “quantum advantage” or “logical qubits” often create artificial urgency, despite their limited relevance to real-world cryptographic breakage.

Quantum Risk in zkSNARKs and Blockchain Systems

Zero-knowledge proofs, particularly zkSNARKs, face quantum considerations similar to digital signatures:

• The zero-knowledge property itself remains quantum-safe
• There is no meaningful harvest-now-decrypt-later (HNDL) risk
• Proofs generated before the advent of cryptographically capable quantum machines remain valid indefinitely

The only exposure lies in future proofs generated after such machines exist, not in historical data.

Why Most Blockchains Are Not Exposed to HNDL Attacks

For public blockchains like Bitcoin and Ethereum, cryptography is primarily used for authorization, not secrecy:

• On-chain data is already public
• Quantum risk relates to future signature forgery, not decrypting past transactions

Applying HNDL-style reasoning to these systems is therefore a common but serious misunderstanding.

Privacy Chains Face a Different Reality

Privacy-focused blockchains are an exception. Because they encrypt transaction details such as amounts and recipients:

• Encrypted historical data could be decrypted retroactively
• Past transactions may be exposed once quantum capabilities mature

These systems have a stronger case for earlier adoption of post-quantum or hybrid cryptography.

Bitcoin’s Pressure Is Structural, Not Purely Quantum

Bitcoin’s urgency around post-quantum discussions stems less from quantum timelines and more from internal constraints:

• Protocol upgrades move extremely slowly
• Many early addresses expose public keys directly
• Migration requires active user participation, not passive upgrades

Additionally, coins locked in lost or inaccessible wallets introduce unresolved governance and legal challenges. Even without immediate quantum threats, these factors force the community to plan ahead.

Conclusion

Post-quantum cryptography is inevitable—but the real challenge is not whether to migrate, but when, where, and how. For long-term confidential communications, early action is justified. For blockchain signatures and zero-knowledge systems, rushed transitions may introduce greater risks than they eliminate.

Only by aligning threat models with technological maturity can the industry avoid undermining itself long before quantum computers become a practical reality.