As the threat posed by quantum computing becomes increasingly tangible, developers are actively exploring methods to enhance the security of Bitcoin, the world’s oldest cryptocurrency. Recent research from Google indicates that a sufficiently powerful quantum computer could potentially compromise Bitcoin’s cryptographic framework in under nine minutes, raising alarms about the future of digital currency.
Currently, approximately 6.5 million Bitcoin tokens, valued at hundreds of billions of dollars, are at risk of being targeted by quantum attacks. This includes coins associated with Bitcoin’s pseudonymous creator, Satoshi Nakamoto. The implications of such a breach would undermine the foundational principles of Bitcoin, including its emphasis on trust in code and the integrity of sound money.
To understand the vulnerabilities, it is essential to grasp how Bitcoin’s security operates. The system relies on a one-way mathematical relationship between a private key and a public key. When a wallet is created, these keys are generated, allowing users to prove ownership without exposing the private key itself. This mechanism is currently secure against conventional computing threats, as breaking the elliptic curve cryptography utilized in Bitcoin would take billions of years with existing technology.
However, quantum computers could reverse this relationship, deriving private keys from public keys and potentially draining wallets. Public keys can be exposed through two primary methods: long-exposure attacks on idle coins and short-exposure attacks on coins in the transaction memory pool. The latter involves transactions waiting for confirmation, during which a quantum computer could access the public key and signature.
Several initiatives are being considered to mitigate these risks:
- BIP 360: Removing Public Key – This Bitcoin Improvement Proposal aims to eliminate the public key permanently visible on-chain by introducing a new output type called Pay-to-Merkle-Root (P2MR). While this would protect new coins, it does not address the existing 1.7 million BTC in older addresses.
- SPHINCS+ / SLH-DSA: Hash-Based Post-Quantum Signatures – This signature scheme, standardized by NIST in August 2024, is designed to be resistant to quantum threats. However, its larger signature size could lead to increased transaction fees and block space demand.
- Tadge Dryja’s Commit/Reveal Scheme – Proposed by the co-creator of the Lightning Network, this approach separates transaction execution into two phases to protect against quantum attacks in the mempool. While it enhances security, it also increases transaction costs.
- Hourglass V2: Slowing the Spending of Old Coins – This proposal seeks to limit the sale of older, exposed coins to one Bitcoin per block, aiming to prevent a sudden market crash. However, it has faced criticism for potentially infringing on users’ rights to access their funds.
These proposals are still in the discussion phase and have not yet been implemented. The decentralized nature of Bitcoin governance, which includes developers, miners, and node operators, means that any upgrades will require consensus and time to materialize. Nonetheless, the ongoing dialogue around quantum resistance indicates that developers are proactively addressing the vulnerabilities highlighted by recent research.
As quantum computing advances, Bitcoin developers are considering various proposals to enhance the cryptocurrency's security against potential quantum attacks. Initiatives like BIP 360 and SPHINCS+ aim to address vulnerabilities, although implementation remains a complex challenge within the decentralized governance structure of Bitcoin.