Bitcoin should adopt quantum‑resistant protections well before quantum computers become practical threats, Blockstream CEO Adam Back said at Paris Blockchain Week, as new research suggests the risk window may be much shorter than previously assumed.
Growing urgency around quantum threat
Back argued that optional upgrades must be designed and available in advance so the network can migrate to new cryptographic methods when needed, rather than reacting under pressure.
He noted that quantum computing progress has been slow and that current machines remain “less efficient than standard calculators.” Even so, he warned that waiting for a clear and present danger could expose Bitcoin to avoidable security shocks.
Recent studies from Google and the California Institute of Technology have accelerated that timeline. Research published last month indicates fully functional quantum computers could emerge before 2030, and that far fewer quantum resources may be needed to break widely used cryptography than previously believed.
One paper from Google’s Quantum AI team estimates that the number of physical qubits required to attack Bitcoin’s elliptic curve cryptography could be twenty times lower than earlier models suggested. Under specific conditions, a capable machine could derive a private key from a publicly exposed key in about nine minutes—roughly matching Bitcoin’s average ten‑minute block time.
Blockstream tests quantum defenses on liquid
To get ahead of the issue, Back said Blockstream has formed a dedicated research group examining quantum‑related vulnerabilities and trialing countermeasures on the company’s layer‑2 system, the Liquid Network.
Part of the work focuses on integrating hash‑based signatures, a class of cryptographic schemes considered more resistant to quantum attacks. According to Back, these signatures can be made to operate within Bitcoin’s existing Taproot framework without changing how users interact with the network.
Back has previously estimated that powerful enough quantum computers may still be 20 to 40 years away, but he now stresses that the timeline is uncertain. If the threat materialized sooner, he said, Bitcoin developers would move quickly to patch weaknesses, pointing to past technical issues that have been fixed within hours once clearly identified.
Older coins and exposed public keys seen as highest risk
New modeling suggests that not all bitcoin are equally exposed.
The most acute risk centers on coins secured using older address formats that reveal the public key directly on the blockchain, such as early “Pay‑to‑Public‑Key” (P2PK) addresses. Once a public key is visible, a future quantum computer could in theory use it to derive the corresponding private key and seize the funds.
Estimates suggest 3 to 5 million coins sit in these vulnerable formats, with some analyses placing the figure as high as 5.6 million dormant bitcoin—worth around $420 billion at current prices—that have not moved in over a decade.
More modern address types generally keep the public key hidden until a transaction is spent, limiting the window of exposure to the period when the transaction is being confirmed. That design makes them less attractive targets for a “harvest now, decrypt later” strategy, where attackers store encrypted data today in hopes of breaking it with quantum tools in the future.
An exception is Taproot addresses starting with “bc1p,” where the public key is embedded by default, potentially placing long‑unused Taproot outputs in a higher‑risk category once quantum machines become practical.
Researchers stress that the primary danger is not to Bitcoin’s mining process, which depends on a different computational assumption, but to ownership of coins protected by elliptic curve signatures.
Proposal to freeze vulnerable coins sparks backlash
Against this backdrop, Bitcoin developer Jameson Lopp and a team of researchers have advanced a controversial mitigation: freezing coins viewed as most vulnerable to quantum attacks.
Their proposal, known as BIP‑361, targets older, unprotected holdings, including an estimated $81.9 billion in early Bitcoin attributed to its pseudonymous creator. The idea is to prevent these coins from being stolen in a future quantum scenario by rendering them unspendable unless moved through a predefined upgrade path.
The plan has met stiff resistance from parts of the development community. Critics argue that freezing coins, even in the name of security, undermines property rights and the principle that valid coins should remain freely spendable under the existing rules.
The dispute highlights a deeper ideological split over how far Bitcoin should go to counter hypothetical threats and whether protocol‑level interventions should ever override the status quo of asset ownership.
Standards emerge as developers debate path forward
Beyond the Bitcoin ecosystem, broader cryptography efforts are already advancing.
In August 2024, the U.S. National Institute of Standards and Technology (NIST) finalized its first set of quantum‑resistant encryption standards after an eight‑year vetting process. These standards provide a reference for industries planning long‑term migrations to post‑quantum security, and they lend weight to approaches being tested within the Bitcoin community.
Back’s preferred methods, including hash‑based signatures, aim to fit within existing Bitcoin mechanisms such as Taproot, minimizing disruption while adding optional quantum‑safe paths for those who choose them.
Work on practical implementations is under way. A testnet for BIP‑360, a preliminary proposal related to quantum‑resistant mechanisms, has already processed more than 100,000 blocks with participation from dozens of miners, suggesting some technical groundwork is already in place.
Three to five‑year window for coordinated transition
Analysts now see the issue shifting from a distant theoretical concern to a nearer‑term engineering and governance challenge.
Financial services firm Bernstein has argued that the digital asset sector has a three to five‑year window to prepare for post‑quantum security, combining protocol changes with wallet‑level upgrades. Under this view, the objective is not to outrun fully mature quantum computers but to ensure that, once they appear, the infrastructure is ready to pivot.
Traders and service providers are being urged to review the address formats they use, gradually migrate away from older, fully exposed scripts, and monitor ongoing standards discussions.
Within the developer community, the central question is how aggressively to push upgrades. Some favor proactive, potentially contentious changes to shield at‑risk holdings; others support a slower, opt‑in approach that prioritizes network immutability and user autonomy.
The fate of proposals like Lopp’s BIP‑361 will serve as a key indicator of which philosophy prevails, and how quickly Bitcoin moves toward a post‑quantum security posture.
Worried about Bitcoin’s security future? Learn how cryptocurrency works and what’s really at risk in a quantum era.
Disclaimer: The content on this page is provided for general informational purposes only and does not represent the views or financial advice of Toobit. We make no guarantees regarding the accuracy or completeness of this information and shall not be held liable for any errors, omissions, or outcomes resulting from its use. Investing in digital assets involves risk; users should independently evaluate their financial situation and the risks involved. For further details, please consult our Terms of Service and Risk Disclosure.
