Will Quantum Computing Put Your Bitcoin at Risk? I explain it in simple terms. (#198 - 22 Dec 2024)

Looking for an educational and fun Christmas gift?

What about my new kids book: “Decoding Crypto with Henri & Hodler”

The first interactive children's book on the future of money and digital assets!

Available on Amazon (https://a.co/d/1xp9wEc) or our official website (www.henriandhodler.com). Published by Brown Books Kids

Will Quantum Computing Put Your Bitcoin at Risk?

Google's announcement of Willow last week and its ability to reach 105 cubits is a major milestone in the research on quantum computing.

This has restarted the debate in the crypto space as to whether the Bitcoin network will be secure or could it be broken one day with quantum technology?

It's a complicated topic but I will explain it below in simple terms.

For those who are impatient, the TLDR is yes, quantum can break certain transactions on the the Bitcoin network.

Early Bitcoin mined from 2010 to 2012 that has not moved is potentially at risk aw well as Bitcoin transactions from that same period but only in cases where the public address is known.

But, as I will explain below, there are solutions.

What is the problem?

The Bitcoin network uses a number of algorithms.

One is an algorithm called ECDSA (Elliptic Curve Digital Signature Algorithm) that is used to generate a public key using a private key.

Experts believe that ECDSA could potentially be broken by quantum computers using a modified version of Shor’s algorithm.

However, the other algorithm used in Bitcoin, SHA-256, which is used to generate a hash function and is seen by many experts as being quantum-safe.

Whilst there is a known quantum algorithm, Grover’s algorithm, which performs “quantum search” over a black-box function, SHA-256 has proven to be secure against it.

So ECDSA is potentially at risk.

How are these algorithms used in Bitcoin transactions?

To explain this in simple terms, let's focus on basic person-to-person Bitcoin payments.

These can be divided into 2 categories, each affected differently by quantum computing.

In the first type, a public key directly serves as the Bitcoin address of the recipient.

A transaction to such an address is called ‘pay to public key’ (P2PK).

This was the most common type of address used in the early days of Bitcoin, from 2010 to 2012.

Many of the original coins mined by Satoshi Nakamoto himself are still stored in such addresses.

Since every transaction across the Bitcoin network is public, anyone can obtain the public key from any P2PK address. A quantum computer running Shor’s algorithm could then be used to derive the private key from this address as it can break the ECDSA algorithm.

This would allow any malicious actor with quantum technology to basically take control of the coins that are stored in that address.

The second, and most important type of address, is called ‘pay to public key hash’ (P2PKH).

In the second type of transaction, the address of the recipient is composed of a hash of the public key.

Since a hash is a one-way cryptographic function, the public key is not directly revealed by the address. And this type of hash with SHA-256 is believed to be quantum resistant.

The public key cannot be retrieved from such an address and is only revealed when the owner or private key holder initiates a transaction.

This means that as long as funds haven’t been transferred from a P2PKH address, the public key is not known and the private key cannot be derived using a quantum computer, as quantum computers are unlikely to be able to break an SHA-256 algorithm according to experts.

However, if any funds, of any amount, have at one point been transferred from a specific P2PKH address, the public key is revealed and thus subject to a quantum attack by someone running Shor’s algorithm.

So the answer for the risk on P2PKH addresses depends on how your Bitcoin is stored.

In short, if your Bitcoin is stored in an address that you have already used, your Bitcoin could indeed be at risk. But if it's in a new address, the risk will be limited.

This is why whether an address has already been used matters.

In practice, usage of P2PK addresses has declined significantly since the introduction of P2PKH in 2010; as of 2012, P2PKH has become dominant.

In addition, most wallets today are programmed not to use the same address more than once, which reduces the risk with P2PKH. So if you are using any of the reputable custodians or wallets in the market, the risk is relatively low.

But a real risk of a quantum attack remains for all Bitcoins in P2PK addresses and reused P2PKH addresses.

But how big of a risk is this to the Bitcoin network?

Many have tried to quantify this risk, including a team of researchers from Deloitte who analyzed the Bitcoin blockchain.

They found that the number of Bitcoin in P2PK addresses has stayed practically constant over the years at around 2 million Bitcoin.

These coins can be assumed to have been generated through mining and have never been moved from their original address.

Following the introduction of P2PKH in 2010, most of the Bitcoin has been stored in these "safer" types of addresses.

The Deloitte research team also found that the number of Bitcoins stored in reused P2PKH addresses increased from 2010 to 2014, and since then has been slowly decreasing to reach the current amount of 2.5M Bitcoins, which suggests that people are generally following the best practice of not using P2PK address as well as not reusing P2PKH addresses.

However, this means that there are still anywhere from around 2 to 4.5 million Bitcoins that are potentially vulnerable to a quantum attack, with the original P2PKH coins (about 2 million Bitcoin) at most risk.

So what can be done to mitigate this risk?

Let's discuss the two main types of Bitcoin at risk: those in P2PK addresses and then those in P2PKH addresses that have been reused.

First, for the original coins from Satoshi and early miners from 2010 to 2012 that are in P2PK addresses.

These Bitcoins (roughly 2 million in total) are basically sitting ducks, just waiting for the first person to be able to use quantum computers to guess their private keys.

In theory, if Satoshi and early miners would transfer their Bitcoin to a new P2PKH Bitcoin address, then they would not be vulnerable to a quantum attack.

But the reality is that this will be impossible, as many of the early day Bitcoin “owners” have most likely lost their private keys by now and Satoshi is unlikely to make a comeback!

Some have proposed solutions. For example, providing a time ultimatum to move them to a new address or else have miners refuse transactions from such addresses. This is also called "freezing" these transactions.

But this is a controversial solution as goes against the decentralized ideology of Bitcoin and getting the buy-in from Bitcoin miners may prove tricky, for both practical and ideological reasons.

But if the risk of quantum gets real, I would not be surprised to see support for this solution to grow.

Now for the remainder of the Bitcoin network using P2PKH, there are numerous practical options that are available, such as upgrading the current ECDSA algorithm to a quantum-resistant one.

This is something that even Satoshi himself has discussed in forums on Bitcoin talk (although in relation to SHA-256).

This is doable and will likely happen as we get closer to an actual quantum risk. We have been through such upgrades multiple times over the years, either via a soft or hard fork.

Many believe that this is similar to the Y2K bug, as there is a clear path as to how we can fix this issue, which can be implemented when the time is right.

The reality is that, for the moment, we are far from quantum computers posing an immediate risk to the Bitcoin network. Whilst reaching 105 cubits now is a major milestone, many experts believe that anywhere from thousands to millions of?qubits would be required to break the Bitcoin blockchain.

As we continue to see more debate about the rise of Quantum in the coming years, I expect to see such conversations about quantum resistant algorithms in the Bitcoin network to pop up.

In this article, I discussed the practical risks and don't cover the entire game theory around a state nation or a bad actor with quantum technology targeting the Bitcoin network. But in short, any such actor attacking the Bitcoin network will see the value of its own Bitcoin that it has hacked fall which acts as a natural deterrent against such an attack. This is the same logic around bad actors in Bitcoin mining.

I also don't cover the fact that if a state nation has such quantum capabilities, the Bitcoin network is the least of our worries. Everything from government databases to personal electronic devices could be targets.

This is not a problem that will arise in the coming months nor years but is something that may happen in the next decade.

So expect increased discussions on this topic over the coming years!

—

Looking for a Christmas gift for your kids or loved ones?

The first interactive children's book on the future of money and digital assets!

Combines education with entertainment, guiding young readers, ages 7 to 13, through the fascinating world of digital assets and the future of money.

Available on Amazon (https://a.co/d/1xp9wEc) or follow Henri and Hodler on social for more ways to learn:

Instagram - https://bit.ly/4gzWc3W

X - https://bit.ly/47BzZyh

Facebook - https://bit.ly/3Zbuxi6

—

Join My WhatsApp Community

Interested in getting daily curated crypto news updates and hearing my point of view on major developments?

You can join my WhatsApp Announcement Group community here.

Found this content useful? Make sure to subscribe!

A new Future of Money newsletter will be in your inbox each week!

See you all next week!!

Henri Arslanian

*Please note that this newsletter reflects Henri’s personal views and not those of any organisation he is involved with. This newsletter is for educational purposes only, and none of its content should be construed as investment or financial advice of any kind.