Chaincode Report Warns Quantum Computers May Emerge by 2030, Threatening 4-10 Million Bitcoin Using ECDSA Cryptography.
A new report from Chaincode warns that quantum computers capable of breaking encryption may emerge as early as 2030, putting Bitcoin's cryptographic foundation and entire digital assets at risk. Estimates suggest 4 to 10 million BTC are in the risk zone, with approximately 6.26 million BTC identified as most vulnerable due to address types that can be exploited by Shor's algorithm.
Quantum computers capable of breaking encryption could use Shor's algorithm to break ECDSA-based cryptosystems, the current method Bitcoin uses to validate coin ownership. Addresses particularly vulnerable include P2PK with directly exposed public keys on the blockchain, P2MS using multiple public keys in Multisignature transactions, and P2TR revealing public keys as script trees in certain situations. Especially dangerous are reused addresses, organizational storage, and long-standing UTXOs that may have lost private keys.
While Bitcoin mining currently does not face direct risks from quantum computers due to Grover's algorithm limitations and poor parallelization capabilities, if miners with superior quantum machines emerge, the risk of mining centralization and network instability would significantly increase.
Solutions for Transitioning to Post-Quantum Cryptography
The Bitcoin community is discussing multiple proposals to counter quantum risks by transitioning to post-quantum cryptography. Proposed algorithms include SPHINCS+, FALCON, and CRYSTALS-Dilithium. Additionally, several Bitcoin Improvement Proposals are being considered, such as BIP-360 using post-quantum key hash functions instead of public keys, BIP-347 reactivating the OP_CAT opcode to support Lamport signatures, and OP_SPHINCS adding a new opcode dedicated to SPHINCS+ signatures.
The transition strategy is divided into two phases. The short-term phase within the next 2 years will focus on research, implementing minimal protection for vulnerable UTXOs, and beginning the process of moving coins from high-risk addresses. The long-term phase over approximately 7 years will redesign the system architecture, fully implement optimal post-quantum algorithms, and execute large-scale migrations.
