Will Quantum Computing pose a threat to Bitcoin by 2030?

Author: Tiger Research

Compiled by: AididiaoJP, Foresight News

Original title: Will Bitcoin be broken by quantum computers in 2030?

The advancements in quantum computing are bringing new security risks to blockchain networks. This section aims to explore technologies designed to address quantum threats and examine how Bitcoin and Ethereum are preparing for this transition.

Key Points

• Q-Day scenario, where quantum computers can break blockchain cryptography, is expected to arrive in 5 to 7 years. BlackRock also pointed out this risk in its Bitcoin ETF application documents.
• Post-quantum cryptography provides protection against quantum attacks at three security levels: communication encryption, transaction signing, and data persistence.
• Companies like Google and AWS have begun adopting post-quantum cryptography, but Bitcoin and Ethereum are still in the early discussion stage.

A new technology raises strange questions

If a quantum computer can crack a Bitcoin wallet in a few minutes, can the security of the blockchain still be maintained?

The core of blockchain security is private key protection. To steal someone's Bitcoin, an attacker must obtain the private key, which is practically impossible with current computing methods. Only the public key is visible on the chain, and even with a supercomputer, it would take hundreds of years to derive the private key from the public key.

Quantum computers have changed this risk situation. Classical computers process 0 or 1 sequentially, while quantum systems can handle both states simultaneously. This capability theoretically makes it possible to derive a private key from a public key.

Experts estimate that quantum computers capable of breaking modern cryptography may emerge around 2030. This anticipated moment is referred to as Q-Day, indicating that there are five to seven years left until actual attacks become feasible.

Source: SEC

Regulators and major institutions have recognized this risk. In 2024, the National Institute of Standards and Technology in the United States introduced post-quantum cryptography standards. BlackRock also pointed out in its Bitcoin ETF application documents that advancements in quantum computing could threaten the security of Bitcoin.

Quantum computing is no longer a distant theoretical issue. It has become a technical problem that requires practical preparation rather than hoping for assumptions.

Quantum Computing Challenges Blockchain Security

To understand how blockchain transactions work, let's look at a simple example: Ekko sends 1 BTC to Ryan.

When Ekko creates a transaction stating “I send my 1 BTC to Ryan”, he must attach a unique signature. This signature can only be generated using his private key.

Then, Ryan and the other nodes in the network use Ekko's public key to verify whether the signature is valid. The public key acts like a tool that can verify the signature but cannot recreate it. As long as Ekko's private key remains confidential, no one can forge his signature.

This forms the basis of blockchain transaction security.

A private key can generate a public key, but a public key cannot reveal the private key. This is implemented through the Elliptic Curve Digital Signature Algorithm, which is based on elliptic curve cryptography. ECDSA relies on a mathematical asymmetry, where computation in one direction is straightforward, while the reverse computation is computationally infeasible.

With the development of quantum computing, this barrier is weakening. The key element is the quantum bit.

Classical computers process in sequence 0 or 1. Quantum bits can represent two states simultaneously, enabling large-scale parallel computing. With a sufficient number of quantum bits, quantum computers can perform calculations in seconds that would take classical computers decades to complete.

There are two quantum algorithms that pose a direct risk to blockchain security.

The Shor algorithm provides a way to derive private keys from public keys, thereby weakening public key cryptography. The Grover algorithm reduces the effective strength of hash functions by accelerating brute-force searches.

Shor's Algorithm: Direct Asset Theft

Most of today's internet security relies on two types of public key cryptosystems: RSA and ECC.

Most internet security today relies on two types of public key cryptosystems: RSA and ECC. They resist external attacks by leveraging difficult mathematical problems such as integer factorization and discrete logarithms. Blockchain uses the same principle through the ECC-based Elliptic Curve Digital Signature Algorithm.

With the existing computing power, it would take decades to crack these systems, so they are considered practically secure.

Shor's algorithm changed this. A quantum computer running Shor's algorithm can perform large integer factorization and discrete logarithm computations at high speed, a capability that can break RSA and ECC.

Using Shor's algorithm, quantum attackers can derive private keys from public keys and arbitrarily transfer assets from the corresponding address. Any address that has ever sent a transaction is at risk, as its public key becomes visible on the chain. This could lead to a scenario where millions of addresses are potentially at risk simultaneously.

Grover's Algorithm: Intercepting Transactions

Blockchain security also relies on symmetric key encryption (such as AES) and hash functions (such as SHA-256).

AES is used to encrypt wallet files and transaction data, and finding the correct key requires trying all possible combinations. SHA-256 supports proof-of-work difficulty adjustment, and miners need to repeatedly search for hash values that meet specified conditions.

These systems assume that while a transaction is waiting in the mempool, other users do not have enough time to analyze or forge it before it is packed into a block.

The Grover algorithm weakens this assumption. It utilizes quantum superposition to accelerate the search process and reduces the effective security level of AES and SHA-256. Quantum attackers can analyze transactions in the memory pool in real-time and generate a forged version that uses the same input (UTXO) but redirects the output to a different address.

This has led to the risk of transactions being intercepted by attackers equipped with quantum computers, resulting in funds being transferred to unintended destinations. Withdrawals from exchanges and regular transfers may become common targets for such interceptions.

Post-Quantum Cryptography

How to maintain blockchain security in the era of quantum computing?

Future blockchain systems need to maintain secure cryptographic algorithms even under quantum attacks. These algorithms are referred to as post-quantum cryptography technologies.

The National Institute of Standards and Technology has proposed three main PQC standards, and both the Bitcoin and Ethereum communities are discussing adopting them as a long-term security foundation.

Kyber: Protecting Communication Between Nodes

Kyber is an algorithm designed to allow two parties on a network to securely exchange symmetric keys.

Traditional methods supporting Internet infrastructure, such as RSA and ECDH, are vulnerable to attacks from Shor's algorithm and have exposure risks in quantum environments. Kyber addresses this issue by using a lattice-based mathematical problem (known as Module-LWE) that is believed to be resistant even to quantum attacks. This structure can prevent data from being intercepted or decrypted during transmission.

Kyber protects all communication paths: HTTPS connections, exchange APIs, and messaging from wallets to nodes. Within the blockchain network, nodes can also use Kyber when sharing transaction data to prevent third-party monitoring or extraction of information.

In fact, Kyber has rebuilt the security of the network transport layer for the era of quantum computing.

Dilithium: Verifying Transaction Signatures

Dilithium is a digital signature algorithm used to verify that transactions are created by the legitimate holder of the private key.

The ownership of blockchain relies on the ECDSA model of “signing with a private key and verifying with a public key.” The problem is that ECDSA is vulnerable to Shor's algorithm attacks. By accessing the public key, a quantum attacker can derive the corresponding private key, enabling signature forgery and asset theft.

Dilithium avoids this risk by using a lattice-based structure that combines Module-SIS and LWE. Even if an attacker analyzes the public key and signature, the private key cannot be inferred, and the design remains secure against quantum attacks. The application of Dilithium can prevent signature forgery, private key extraction, and large-scale asset theft.

It protects both the ownership of assets and the authenticity of each transaction.

SPHINCS+: Long-term Record Keeping

SPHINCS+ uses a multi-layer hash tree structure. Each signature is verified through a specific path in the tree, and because a single hash value cannot be reverse-engineered to deduce its input, the system remains secure even against quantum attacks.

Once Ekko and Ryan's transaction is added to the block, the record becomes permanent. This can be compared to a document fingerprint.

SPHINCS+ converts each part of the transaction into a hash value, creating a unique pattern. If even a single character in the document changes, its fingerprint will change entirely. Similarly, modifying any part of the transaction will change the entire signature.

Even decades later, any attempts to modify the transactions of Ekko and Ryan will be immediately detected. Although the signatures produced by SPHINCS+ are relatively large, it is very suitable for financial data or government records that must maintain verifiability over the long term. Quantum computers will find it difficult to forge or replicate this fingerprint.

In summary, PQC technology constructs a three-layer protection against quantum attacks in a standard 1 BTC transaction: Kyber for communication encryption, Dilithium for signature verification, and SPHINCS+ for record integrity.

Bitcoin and Ethereum: Different Paths, Same Destination

Bitcoin emphasizes immutability, whereas Ethereum prioritizes adaptability. These design philosophies are shaped by past events and influence how each network responds to the threats posed by quantum computing.

Bitcoin: Protecting the Existing Chain by Minimizing Changes

The emphasis on the immutability of Bitcoin can be traced back to the value overflow incident in 2010. A hacker exploited a vulnerability to create 184 billion BTC, and the community invalidated the transaction within five hours through a soft fork. After this emergency action, the principle that “confirmed transactions can never be altered” became central to Bitcoin's identity. This immutability maintains trust, but also makes rapid structural changes difficult.

This concept extends to Bitcoin's approach to quantum safety. Developers agree that an upgrade is necessary, but a full chain replacement through a hard fork is considered too risky for network consensus. Therefore, Bitcoin is exploring a gradual transition through a hybrid migration model.

Source: bip360.org

This concept extends to Bitcoin's approach to quantum security. Developers agree that an upgrade is necessary, but a full chain replacement through a hard fork is considered too risky for network consensus. Therefore, Bitcoin is exploring a gradual transition through a hybrid migration model.

If adopted, users will be able to use both traditional ECDSA addresses and new PQC addresses simultaneously. For example, if Ekko's funds are held in an old Bitcoin address, he can gradually migrate them to a PQC address as Q-Day approaches. Since the network recognizes both formats simultaneously, security is enhanced without forcing a disruptive transition.

The challenges are still significant. Hundreds of millions of wallets need to be migrated, and there is currently no clear solution for wallets with lost private keys. Different opinions within the community may also increase the risk of chain forks.

Ethereum: Redesigning for a Swift Transition through Flexible Architecture

The principle of adaptability in Ethereum originates from the DAO hack in 2016. When approximately 3.6 million ETH were stolen, Vitalik Buterin and the Ethereum Foundation executed a hard fork to reverse the theft.

This decision split the community into Ethereum (ETH) and Ethereum Classic (ETC). Since then, adaptability has become a defining feature of Ethereum and a key factor in its ability to implement rapid changes.

Source: web3edge

Historically, all Ethereum users relied on external accounts, which could only send transactions via the ECDSA signature algorithm. Since every user depended on the same cryptographic model, changing the signature scheme required a hard fork across the entire network.

EIP-4337 has changed this structure, allowing accounts to operate like smart contracts. Each account can define its own signature verification logic, enabling users to adopt alternative signature schemes without modifying the entire network. The signature algorithm can now be replaced at the account level, rather than through protocol-wide upgrades.

Based on this, some proposals supporting the adoption of PQC have emerged:

• EIP-7693: Introduces a hybrid migration path that supports a gradual transition to PQC signatures while maintaining compatibility with ECDSA.
• EIP-8051: Implement NIST PQC standards on-chain to test PQC signatures under real network conditions.
• EIP-7932: Allows the protocol to recognize and verify multiple signature algorithms simultaneously, enabling users to choose their preferred method.

In practice, users with ECDSA-based wallets can migrate to Dilithium-based PQC wallets when quantum threats loom. This transition occurs at the account level and does not require replacing the entire chain.

In summary, Bitcoin aims to parallelly integrate PQC while maintaining its current structure, whereas Ethereum is redesigning its account model to directly incorporate PQC. Both pursue the same goal of quantum resistance, but Bitcoin relies on conservative evolution, while Ethereum adopts structural innovation.

While the blockchain is still being debated, the world has already changed

The global internet infrastructure has begun to transition to new security standards.

Web2 platforms supported by centralized decision-making act quickly. Google will enable post-quantum key exchange by default in the Chrome browser starting April 2024 and will deploy it to billions of devices. Microsoft announced an organization-wide migration plan with the goal of fully adopting PQC by 2033. AWS will start using hybrid PQC at the end of 2024.

The blockchain faces different situations. Bitcoin's BIP-360 is still under discussion, while Ethereum's EIP-7932 has been submitted for months but has not yet had a public testnet. Vitalik Buterin has outlined a gradual migration path, but it is unclear whether the transition can be completed before quantum attacks become practically feasible.

A Deloitte report estimates that approximately 20% to 30% of Bitcoin addresses have already exposed their public keys. They are currently safe, but once quantum computers mature in the 2030s, they may become targets. If the network attempts a hard fork at that stage, the likelihood of a split is high. Bitcoin's commitment to immutability, while foundational to its identity, also makes rapid change difficult.

Ultimately, quantum computing presents both technical and governance challenges. Web2 has already begun its transition. Blockchain is still debating how to start. The decisive question will not be who acts first, but who can safely complete the transition.