Post-quantum cryptography (PQC) refers to cryptographic algorithms designed to resist attacks from both classical and future large-scale quantum computers (often called Cryptographically Relevant Quantum Computers or CRQCs). Bitcoin currently relies on ECDSA (Elliptic Curve Digital Signature Algorithm) using the secp256k1 curve for transaction signatures and ownership control. This is vulnerable to Shor's algorithm, which could efficiently solve the discrete logarithm problem underlying elliptic curve cryptography on a sufficiently powerful quantum computer.#StrategyAdds1550BTCatLowerPrices

The Quantum Threat to Bitcoin.
$BTC ‌
Public keys are the main target. In many Bitcoin transactions (especially pre-Taproot or certain spends), exposing a public key allows a quantum adversary to derive the private key.
Once a public key is revealed (e.g., when spending from an address), there's a window for a quantum computer to forge signatures and steal funds.
The blockchain history itself and SHA-256-based Proof-of-Work are generally considered more resistant (Grover's algorithm provides only quadratic speedup for hashing, not a practical break).
Estimates for "Q-Day" (when this becomes feasible) vary, but recent analyses (including from Google researchers) suggest it could happen sooner than previously thought, potentially with fewer resources, though still likely years away (e.g., late 2020s to 2030s).
Bitcoin does not natively use PQC today. Protection comes from ongoing research, proposals, and community-driven upgrades.