- Bitcoin is running out of time to adopt post-quantum cryptography.
- Upgrading too early or too late could have disastrous consequences.
- Faster-than-anticipated development of quantum computers is a major risk.
Bitcoin, like much of the world’s digital infrastructure, will need to upgrade its cryptography to new algorithms that cannot be cracked by superfast quantum computers.
Yet so far, that hasn’t happened.
Now, quantum researchers are warning that time’s running out for developers to seriously engage with what by many accounts will be Bitcoin’s biggest ever upgrade.
“The time to start thinking about this is now. An even better time would have been yesterday,” Scott Aaronson, a quantum computing researcher and scientific advisor at StarkWare, told DL News.
There are several reasons why Bitcoin hasn’t been upgraded yet, depending on who you ask.
Some say the biggest issue is coordinating the dozens of individual contributors who work to develop the top cryptocurrency.
Others argue it all comes down to timing.
Three to five years
Yet whatever the reason, one thing is clear: The clock is ticking.
Cryptographically relevant quantum computers could be a reality in just three to five years, Hayk Tepanyan, founder of BlueQubit, a quantum computing software developer, told DL News.
Tepanyan said he based his prediction on recent milestones achieved by companies at the forefront of quantum computer development.
A 2024 roadmap from Quantinuum predicted the company will achieve fully fault-tolerant quantum computing by 2030.
“I take all of these roadmaps with a huge grain of salt, because we don’t actually have principles that let us say how long this is going to take,” Aaronson said.
“But what gives me pause is that over the last couple of years Quantinuum and Google have actually been hitting their milestones.”
In November, the US Department of War mandated that its systems must be ready to upgrade to quantum-resistant encryption no later than December 31, 2030.
While such estimates are already alarming, the reality is the technology could progress even faster if new techniques are discovered, potentially blindsiding those who thought they had more time to work on a post-quantum upgrade for Bitcoin.
“You might think this quantum computer with 200,000 physical qubits is not enough for running Shor’s algorithm,” Aaronson said. “But someone else might have some incredible, clever encoding that they haven’t told you about, by which they could fit Shor’s algorithm into that number of physical qubits.”
Shor’s algorithm is a quantum algorithm that can theoretically be used to break the digital signatures that underpin Bitcoin transactions.
Threading the needle
For Bitcoin’s developers, the most difficult work has already been done. Several quantum resistant algorithms already exist.
In August 2024, the US National Institute of Standards and Technology officially finalised three post-quantum cryptography standards for federal use, with a fourth on the way.
We’ve seen before that NIST algorithms can break.— Chris Tam
The major hurdle, quantum researchers say, is timing.
Upgrade Bitcoin too early, and the new cryptography, which was believed to be quantum resistant, could turn out to be just as vulnerable as what it replaced.
While the NIST algorithms are understood to be quantum resistant, it’s impossible to know for sure.
“We’ve seen before that NIST algorithms can break,” Chris Tam, president and head of innovation at BTQ, a company focused on developing post-quantum cryptography, told DL News. In 2022, one NIST-standardised post-quantum signature scheme from 2016 was broken using a consumer-grade laptop in just 53 hours, Tam said.
Yet upgrade too late, and billions of dollars worth of Bitcoin — including Bitcoin creator Satoshi Nakamoto’s $75 billion stash — will be snatched away by whoever develops the technology the fastest, obliterating confidence in the top cryptocurrency and likely destroying its value among investors.
“It’s going to be a tricky balance,” Tepanyan said. “You want to give enough time to look at the algorithms so you don’t rush and upgrade to something that’s also vulnerable to attacks.”
According to Tepanyan, Rivest-Shamir-Adleman, or RSA, the cryptographic algorithm used to secure digital communications, among other things, took eight to ten years to enter mainstream use after it was introduced in 1977.
“The current post-quantum cryptography proposals are kind of getting there,” Tepanyan said.
Coordination issues
To be sure, some Bitcoin contributors are endeavouring to make Bitcoin quantum resistant.
In February, Bitcoin developers Hunter Beast and Ethan Heilman introduced a new transaction output that defends against the easiest forms of quantum attack. But it only applies to future transactions, and doesn’t do anything to protect the some $160 billion worth of Bitcoin in vulnerable wallets.
In December, Blockstream researchers Mikhail Kudinov and Jonas Nick proposed that Bitcoin could be upgraded to rely on hash-based signatures, one of the post-quantum cryptography standards formalised by NIST.
“What hash-based signatures have going for them is that they’re some of the oldest forms of math, in that they are as old and as well understood as elliptic curves,” Tam said.
Yet overall, progress has been slow. A big hurdle is that many developers don’t agree on how soon an upgrade should be prioritised, or what the best approach is.
Quantum isn’t a real threat. Bitcoin has much bigger problems to address.— Luke Dashjr
Many of the most influential people in Bitcoin development — such as Adam Back, CEO of Blockstream, and best known for inventing the proof-of-work system used in Bitcoin mining — argue that the threat is still decades away.
Some prominent developers have even denied the threat altogether.
“Quantum isn’t a real threat. Bitcoin has much bigger problems to address,” Luke Dashjr, a Bitcoin Core developer, said in December.
Bitcoin’s development is decentralised, meaning the network is maintained by a collective of contributors and has no central authoritative body. Because of this, large upgrades need to reach a consensus among contributors to have any hope of making it to production.
History shows that’s easier said than done.
Between 2015 and 2017 Bitcoin developers clashed over whether or not to increase the amount of data Bitcoin blocks can handle. The disagreement was so contentious it resulted in the network splitting in two, creating the Bitcoin Cash blockchain in August 2017.
More recently, disputes over whether non-financial Bitcoin transactions should be allowed on the network have also split opinions.
Unknown unknowns
Still, many Bitcoin developers are confident that, as things stand, there is no rush to make Bitcoin quantum resistant.
But according to researchers, the situation can potentially change overnight.
I wouldn’t be so sure about everyone playing super nice and publishing all their results.— Hayk Tepanyan
For the most part, the development of quantum computing hardware is predictable, and its progress can be extrapolated into the future with decent accuracy.
But hardware is only half of the equation. The more unpredictable element, researchers say, is the algorithms that can be fed into quantum computers to get them to do work.
“Where things get tricky is trying to predict the algorithmic innovations,” Tepanyan said.
“We could actually wake up one day, and there’s this paper or this result from this academic group or company or governmental National Lab that cuts the resource requirements by like 100x.”
To add to the uncertainty, the closer scientists get to creating powerful quantum computers or discovering new algorithms, the less they are willing to share about their progress. Because of this secrecy, it will become increasingly difficult to know how close researchers are to creating a cryptographically relevant quantum computer.
“When you’re getting to very important milestones, and breaking Bitcoin would be a huge milestone, I wouldn’t be so sure about everyone playing super nice and publishing all their results,” Tepanyan said.
For Aaronson, the situation is similar to the development of nuclear weapons almost 100 years ago.
“In 1939 scientists were still publishing in journals whatever they figured out about nuclear fission. But then by 1940, when they’re calculating exactly how much uranium 235 would you need for a chain reaction? At that point, they realised they shouldn’t publish anymore.”
There are already signs quantum development is going dark.
Back in the 1990s, Tepanyan said, researchers would freely publish and share their designs for creating qubits, the basic unit of information used is quantum computers. Now quantum computers have gotten closer to reality, and the potential benefits — and profits — are more tangible, that doesn’t happen anymore.
And it’s not just big companies like Google and Microsoft that Bitcoin developers need to be concerned about. Nation states and government labs are almost certainly looking into quantum computing, too.
“It’s even harder to predict how they are going to behave,” Tepanyan said.
Tim Craig is DL News’ Edinburgh-based DeFi Correspondent. Reach out with tips at tim@dlnews.com.
