Experts including Jameson Lopp and Michael Saylor say quantum computers are unlikely to endanger Bitcoin in the immediate future, giving the network time to adapt. The assessment centers on the gap between current hardware and a “cryptographically relevant quantum computer” (CRQC), while outlining specific vulnerabilities and planned mitigations.
The prevailing view among practitioners and observers is that a CRQC—one capable of running Shor’s algorithm effectively against Bitcoin’s elliptic curve cryptography (ECDSA)—remains years to decades away. A CRQC is a quantum system with sufficient stable qubits and error correction to break widely used public-key schemes.
Estimates from prominent voices cluster around at least a decade, with some projections extending to the mid-2030s; a minority of researchers suggest an earlier window into the late 2020s or early 2030s. This range reflects uncertainties in qubit scaling, coherence times and fault-tolerant architectures, and supports the conclusion that the near-term threat is limited.
Shor’s algorithm can efficiently solve the discrete logarithm problem that underpins ECDSA, meaning a CRQC could derive a private key from a public key. The risk concentrates on addresses whose public keys are revealed on-chain after spending; reused or older addresses therefore carry disproportionate exposure.
Some analyses referenced in expert discourse estimate that 25%–30% of circulating bitcoin may be associated with such exposed public keys, creating a potential target set for a future attacker with quantum capabilities.
Mitigation plans and operational impact
The Bitcoin community and standards bodies are already working on migration paths to quantum-resistant cryptography. A notable proposal, BIP 360 (also called QuBit or P2QRH), aims to introduce address types that can accommodate multiple post-quantum signature schemes. National standards efforts have progressed as well; the National Institute of Standards and Technology has finalized sets of post-quantum cryptography (PQC) algorithms and recommends a phased migration to protect against forward-secrecy risks by 2035. Post-quantum signatures such as FALCON and CRYSTALS‑Dilithium are among candidates for integration.
Adopting PQC carries trade-offs: larger signature sizes, slower signing and verification, and heavier bandwidth and storage demands. Industry analyses warn these changes could degrade blockchain throughput and increase validation costs—one estimate cited a potential order-of-magnitude slowdown in worst-case scenarios. Nevertheless, the community favors a deliberate, multi-year transition that prioritizes compatibility and gradual adoption rather than emergency hard forks.
The balance of evidence in expert commentary positions quantum computing as a serious but long-term challenge for Bitcoin, not an immediate existential threat.
