Will Bitcoin be cracked by quantum computers by 2030?

Original author: TigerResearch

Original translation by: AididiaoJP, ForesightNews

Advances in quantum computing are introducing new security risks to blockchain networks. This section aims to explore technologies designed to address the quantum threat and examine how Bitcoin and Ethereum are preparing for this shift.

Key points

• The Q-Day scenario, in which quantum computers can break blockchain cryptography, is estimated to arrive within 5 to 7 years. BlackRock also pointed out this risk in its Bitcoin ETF application.
• Post-quantum cryptography provides protection against quantum attacks on three security levels: communication encryption, transaction signing, and data preservation.
• Companies like Google and AWS have begun adopting post-quantum cryptography, but Bitcoin and Ethereum are still in the early stages of discussion.

A new technology raises unfamiliar questions

If a quantum computer can crack a Bitcoin wallet in minutes, can the security of the blockchain still be maintained?

The core of blockchain security is private key protection. To steal someone's Bitcoin, an attacker must obtain the private key, which is practically impossible with current computing methods. Only the public key is visible on the chain, and even using a supercomputer, deriving the private key from the public key would take hundreds of years.

Quantum computers have changed this risky situation. Classical computers process 0s or 1s sequentially, while quantum systems can process both states simultaneously. This ability makes it theoretically possible to derive a private key from a public key.

Experts estimate that quantum computers capable of breaking modern cryptography may emerge around 2030. This projected moment, known as Q-Day, indicates that it is still five to seven years before a practical attack becomes feasible.

Source: SEC

Regulators and major institutions have recognized this risk. In 2024, the National Institute of Standards and Technology (NIST) introduced post-quantum cryptography standards. BlackRock also noted in its Bitcoin ETF application that advancements in quantum computing could threaten Bitcoin's security.

Quantum computing is no longer a distant theoretical problem. It has become a technological problem that requires practical preparation rather than relying on assumptions.

Quantum computing challenges blockchain security

To understand how blockchain transactions work, consider a simple example: Ekko sends 1 BTC to Ryan.

When Ekko creates a transaction stating "I send my 1 BTC to Ryan," he must attach a unique signature. This signature can only be generated using his private key.

Ryan and the other nodes in the network then use Ekko's public key to verify the signature's validity. The public key acts as a tool that can verify a signature but cannot recreate it. As long as Ekko's private key remains confidential, no one can forge his signature.

This forms the foundation for blockchain transaction security.

A private key can generate a public key, but a public key cannot reveal a private key. This is achieved using the Elliptic Curve Digital Signature Algorithm, which is based on elliptic curve cryptography. ECDSA relies on a mathematical asymmetry: computation in one direction is straightforward, while computation in the reverse direction is computationally infeasible.

With the development of quantum computing, this barrier is weakening. The key element is the qubit.

Classical computers process 0 or 1 sequentially. A qubit can represent both states simultaneously, enabling massively parallel computing. With a sufficient number of qubits, a quantum computer can complete in seconds a computation that would take a classical computer decades.

Two types of quantum algorithms pose a direct risk to blockchain security.

Shor's algorithm provides a way to derive a private key from a public key, thus weakening public-key cryptography. Grover's algorithm reduces the effective strength of hash functions by accelerating brute-force search.

Shor's Algorithm: Direct Asset Theft

Most internet security today relies on two public-key cryptosystems: RSA and ECC.

Most internet security today relies on two public-key cryptosystems: RSA and ECC. They defend against external attacks by utilizing difficult mathematical problems such as integer factorization and discrete logarithms. Blockchain uses the same principles through an elliptic curve digital signature algorithm based on ECC.

With current computing power, it would take decades to crack these systems, so they are considered practically secure.

Shor's algorithm changed that. Quantum computers running Shor's algorithm can perform large integer factorization and discrete logarithm calculations at high speeds, a capability that could break RSA and ECC.

Using Shor's algorithm, a quantum attacker can deduce the private key from the public key and arbitrarily transfer assets in the corresponding address. Any address that has ever sent a transaction is at risk because its public key becomes visible on the blockchain. This could lead to a scenario where millions of addresses could be at risk simultaneously.

Grover Algorithm: Intercepting Transactions

Blockchain security also relies on symmetric key encryption (such as AES) and hash functions (such as SHA-256).

AES is used to encrypt wallet files and transaction data; finding the correct key requires trying all possible combinations. SHA-256 supports proof-of-work difficulty adjustment, requiring miners to repeatedly search for hash values that meet specified conditions.

These systems assume that when a transaction is waiting in the mempool, other users do not have enough time to analyze or forge it before it is packaged into a block.

The Grover algorithm weakens this assumption. It leverages quantum superposition to accelerate the search process and reduces the effective security level of AES and SHA-256. A quantum attacker can analyze transactions in the mempool in real time and generate a forged version that uses the same input (UTXO) but redirects the output to a different address.

This creates the risk that transactions could be intercepted by attackers equipped with quantum computers, resulting in funds being transferred to unintended destinations. Withdrawals from exchanges and regular transfers are common targets for such interceptions.

Post-quantum cryptography

How can we maintain blockchain security in the era of quantum computing?

Future blockchain systems will require cryptographic algorithms that remain secure even under quantum attacks. These algorithms are known as post-quantum cryptography.

The National Institute of Standards and Technology (NIST) has proposed three major PQC standards, which are being discussed by the Bitcoin and Ethereum communities as the basis for long-term security.

Kyber: Protecting Inter-Node Communication

Kyber is an algorithm designed to allow two parties on a network to securely exchange symmetric keys.

Traditional methods that have long supported internet infrastructure, such as RSA and ECDH, are vulnerable to Shor's algorithm attacks and are exposed in quantum environments. Kyber addresses this problem by using a lattice-based mathematical problem (called Module-LWE), which is believed to be resistant even to quantum attacks. This structure prevents data from being intercepted or decrypted during transmission.

Kyber protects all communication paths: HTTPS connections, exchange APIs, and wallet-to-node messaging. Within the blockchain network, nodes can also use Kyber when sharing transaction data to prevent third-party monitoring or information extraction.

In fact, Kyber rebuilt the security of the network transport layer for the quantum computing era.

Dilithium: Verify Transaction Signatures

Dilithium is a digital signature algorithm used to verify that a transaction was created by the rightful holder of the private key.

Ownership in a blockchain relies on the ECDSA model, which uses a private key to sign and a public key to verify. The problem is that ECDSA is vulnerable to Shor's algorithm attacks. By accessing the public key, a quantum attacker can deduce the corresponding private key, enabling signature forgery and asset theft.

Dilithium avoids this risk by using a lattice-based structure that combines Module-SIS and LWE. Even if an attacker analyzes the public key and signature, the private key cannot be deduced, and the design remains secure against quantum attacks. Applying Dilithium can prevent signature forgery, private key extraction, and large-scale asset theft.

It protects both asset ownership and the authenticity of each transaction.

SPHINCS+: Preserves long-term records

SPHINCS+ uses a multi-level hash tree structure. Each signature is verified through a specific path in the tree, and because a single hash value cannot be reverse-engineered to derive its input, the system remains secure even against quantum attacks.

Once Ekko and Ryan's transaction is added to a block, the record becomes permanent. This can be likened to a document fingerprint.

SPHINCS+ converts each part of a transaction into a hash value, creating a unique pattern. If even a single character in the document changes, its fingerprint will be completely altered. Similarly, modifying any part of the transaction will change the entire signature.

Even decades later, any attempt to alter the Ekko and Ryan transactions would be immediately detected. While the signature generated by SPHINCS+ is relatively large, it is well-suited for financial data or government records that must maintain verifiability over long periods. Quantum computers would find it extremely difficult to forge or replicate this fingerprint.

In summary, PQC technology builds three layers of protection against quantum attacks in a standard 1 BTC transaction: Kyber for communication encryption, Dilithium for signature verification, and SPHINCS+ for record integrity.

Bitcoin and Ethereum: Different Paths, Same Destination

Bitcoin emphasizes immutability, while Ethereum prioritizes adaptability. These design principles are shaped by past events and influence how each network addresses the threat of quantum computing.

Bitcoin: Protecting the existing chain by minimizing changes

Bitcoin's emphasis on immutability dates back to the 2010 value spillover event. A hacker exploited a vulnerability to create 184 billion BTC, which the community invalidated within five hours via a soft fork. Following this emergency, the principle that "confirmed transactions must never be altered" became central to Bitcoin's identity. This immutability maintains trust but also makes rapid structural changes difficult.

This philosophy extends to Bitcoin's approach to quantum security. Developers agree that upgrades are necessary, but a full-chain replacement via a hard fork is considered too risky for network consensus. Therefore, Bitcoin is exploring a gradual transition through a hybrid migration model.

Source: bip360.org

This philosophy extends to Bitcoin's approach to quantum security. Developers agree that upgrades are necessary, but a full-chain replacement via a hard fork is considered too risky for network consensus. Therefore, Bitcoin is exploring a gradual transition through a hybrid migration model.

If adopted, users will be able to use both traditional ECDSA addresses and the new PQC addresses simultaneously. For example, if Ekko's funds are held in an old Bitcoin address, he can gradually migrate them to a PQC address as Q-Day approaches. Security is improved because the network recognizes both formats simultaneously, without forcing a disruptive transition.

The challenges remain significant. Hundreds of millions of wallets need to be migrated, and there is still no clear solution for wallets with lost private keys. Divergent opinions within the community may also increase the risk of chain forks.

Ethereum: Achieving a Rapid Transition Through Flexible Architectural Redesign

Ethereum's adaptability principle stems from the 2016 DAO hack. When approximately 3.6 million ETH were stolen, Vitalik Buterin and the Ethereum Foundation executed a hard fork to reverse the theft.

This decision split the community into Ethereum (ETH) and Ethereum Classic (ETC). Since then, adaptability has become a defining characteristic of Ethereum and a key factor in its ability to implement rapid changes.

Source: web3edge

Historically, all Ethereum users relied on external accounts that could only send transactions using the ECDSA signature algorithm. Because every user relied on the same cryptographic model, changing the signature scheme required a network-wide hard fork.

EIP-4337 changed this structure, enabling accounts to function like smart contracts. Each account can define its own signature verification logic, allowing users to adopt alternative signature schemes without modifying the entire network. Signature algorithms can now be replaced at the account level, rather than through protocol-wide upgrades.

Based on this, several proposals have emerged that support the adoption of PQC:

• EIP-7693: Introduces a hybrid migration path that supports a gradual transition to PQC signatures while maintaining compatibility with ECDSA.
• EIP-8051: Apply the NISTPQC standard on-chain to test PQC signatures under real-world network conditions.
• EIP-7932: Allows protocols to simultaneously recognize and verify multiple signature algorithms, enabling users to choose their preferred method.

In practice, users of ECDSA-based wallets can migrate to Dilithium-based PQC wallets when a quantum threat looms. This transition occurs at the account level and does not require replacing the entire chain.

In summary, Bitcoin aims to maintain its current structure while integrating PQC in parallel, while Ethereum is redesigning its account model to directly incorporate PQC. Both pursue the same goal of quantum resistance, but Bitcoin relies on conservative evolution, while Ethereum adopts structural innovation.

While blockchain is still being debated, the world has already changed.

The global internet infrastructure has begun to transition to new security standards.

Web2 platforms, powered by centralized decision-making, are moving rapidly. Google began enabling post-quantum key exchange by default in its Chrome browser in April 2024 and has deployed it to billions of devices. Microsoft announced an organization-wide migration plan with the goal of full PQC adoption by 2033. AWS began using hybrid PQC by the end of 2024.

Blockchain faces different situations. Bitcoin's BIP-360 is still under discussion, while Ethereum's EIP-7932 has been submitted for months but has yet to have a public testnet. Vitalik Buterin has outlined a gradual migration path, but it remains unclear whether the transition can be completed before quantum attacks become practically feasible.

A Deloitte report estimates that approximately 20% to 30% of Bitcoin addresses have already exposed their public keys. These are currently secure, but could become targets once quantum computers mature in the 2030s. If the network attempts a hard fork at that stage, the likelihood of a split is high. Bitcoin's commitment to immutability, while fundamental to its identity, also makes rapid change difficult.

Ultimately, quantum computing presents both technological and governance challenges. Web2 has already begun its transition. Blockchain is still debating how to begin. The decisive question will not be who acts first, but who can safely complete the transition.