THE QUANTUM INTELLIGENCER

Bitcoin Faces Quantum Threat: Researchers Push Hash-Based Signatures for Post-Quantum Security In Plain English: Quantum computers could one day break the security that protects Bitcoin, allowing hackers to steal money from digital wallets. To stop this, experts are looking at a new kind of digital signature that’s much harder for quantum computers to crack. These new signatures use math tricks that are already part of Bitcoin, making them a practical fix. If done right, this upgrade could keep Bitcoin safe for decades, especially for older accounts that are most at risk. Summary: Researchers are actively exploring hash-based signatures as a way to make Bitcoin resistant to quantum computers, which could eventually break the cryptographic methods currently securing the blockchain. In a revised paper published on December 5, Blockstream researchers Mikhail Kudinov and Jonas Nick argue that hash-based signatures are a strong candidate for post-quantum security because they rely on hash functions—mathematical tools already fundamental to Bitcoin’s design—and have been rigorously tested through the NIST post-quantum standardization process (Kudinov, email to Bitcoin developer mailing list). Unlike current public-key cryptography, hash functions can be made quantum-resistant by increasing their output size, thereby expanding the search space beyond quantum brute-force capabilities. The urgency stems from rapid advances in quantum computing: Microsoft unveiled a new quantum chip in February addressing scalability, and Google published research in October suggesting real-world applications are nearing feasibility, including potentially cracking blockchain security. Experts offer varying timelines—Pierre-Luc Dallaire-Demers estimates 5–10 years before quantum computers threaten Bitcoin, while Ethereum co-founder Vitalik Buterin warns of a risk before the 2028 U.S. presidential election. Implementation remains debated. Key questions include validation costs, standardization of multiple signature schemes, and whether full blockchain history should be required for transaction validation. A May proposal by Tadge Dryja, co-inventor of the Lightning Network, aimed to protect wallets from quantum attacks, particularly older Pay-To-Public-Key (P2PK) wallets created before 2012. These legacy wallets, including Satoshi Nakamoto’s estimated $98 billion stash, hold around $600 billion in Bitcoin and are most vulnerable (Project Eleven estimate). Dryja expressed a preference to delay action until quantum threats materialize, reflecting broader community hesitation. Key Points: - Hash-based signatures are being considered as a quantum-resistant upgrade for Bitcoin due to their reliance on secure hash functions. - Quantum computers threaten Bitcoin by potentially breaking current public-key cryptography used in digital signatures. - Blockstream researchers Kudinov and Nick advocate for hash-based signatures, citing their compatibility with Bitcoin’s existing architecture and validation through NIST’s post-quantum process. - Implementation challenges include cost, standardization, and data requirements for transaction validation. - Older Bitcoin wallets (P2PK, pre-2012) are most at risk - an estimated $600 billion in Bitcoin is vulnerable, including Satoshi Nakamoto’s holdings. - Advances by Microsoft (February quantum chip) and Google (October research) have intensified concerns about quantum timelines. - Expert predictions vary: 5–10 years (Dallaire-Demers) or before 2028 (Buterin). - Tadge Dryja proposed a wallet-level quantum protection mechanism, though prefers waiting for actual quantum threats before acting. Notable Quotes: - “These schemes have undergone extensive cryptanalysis during the NIST post-quantum standardisation process, adding confidence in their robustness.” — Mikhail Kudinov, Blockstream researcher, via email to the Bitcoin developer mailing list - “Quantum computers could break Ethereum’s underlying security model before the next US presidential election in 2028.” — Vitalik Buterin, Ethereum co-founder - “It would be nice to have a way to not deal with this issue until after [quantum computing] shows up.” — Tadge Dryja, co-inventor of the Bitcoin Lightning Network Data Points: - December 5: Revised paper published by Blockstream researchers on hash-based signatures. - February: Microsoft announced a new quantum computing chip addressing scalability. - October: Google released research advancing quantum computing toward real-world applications. - $1.8 trillion: Market value of the Bitcoin blockchain referenced in the article. - $600 billion: Estimated value of Bitcoin in vulnerable older wallets (Project Eleven estimate). - $98 billion: Estimated value of Satoshi Nakamoto’s Bitcoin stash. - 2012: Year after which Pay-To-Public-Key (P2PK) wallets were largely phased out in favor of more secure formats. - 2028: U.S. presidential election cited by Vitalik Buterin as a potential quantum threat horizon. Controversial Claims: - The claim that quantum computers could threaten Bitcoin within 5 to 10 years is speculative and depends on unproven scalability and error-correction breakthroughs in quantum hardware. - Vitalik Buterin’s assertion that Ethereum’s security could be broken before the 2028 U.S. election represents a notably aggressive timeline that may overestimate current quantum progress. - The idea that $600 billion worth of Bitcoin is vulnerable, including Satoshi Nakamoto’s stash, assumes that these wallets remain un-upgraded and that quantum computers will target them directly—both of which are uncertain. - Tadge Dryja’s preference to wait until quantum threats emerge contradicts proactive security principles, raising debate about risk tolerance in decentralized systems. Technical Terms: - Quantum computers: Devices using quantum mechanics to perform computations exponentially faster than classical computers for certain problems. - Hash-based signatures: Digital signature schemes relying on the security of cryptographic hash functions, considered quantum-resistant. - Public-key cryptography: Current method used in Bitcoin for securing transactions, vulnerable to quantum attacks via Shor’s algorithm. - Hash functions: Mathematical algorithms that convert input data into fixed-size strings, used widely in Bitcoin for security. - NIST post-quantum standardisation process: U.S. government effort to identify and standardize quantum-resistant cryptographic algorithms. - Pay-To-Public-Key (P2PK): Early Bitcoin wallet format that exposes public keys on-chain, making them vulnerable to quantum decryption. - Brute-force searches: Trial-and-error methods to crack codes, accelerated by quantum computing. —Ada H. Pemberley Dispatch from The Prepared E0