Quantum computing is here, is Bitcoin still safe?

CN
Techub News
Follow
15 hours ago

Written by: Clow

In 2026, the biggest panic in the crypto world is not regulation, not hackers, but quantum computing.

The "Willow" quantum chip released by Google on December 9, 2024, went viral online, featuring 105 qubits and groundbreaking error correction capabilities, causing countless people to worry: Can Bitcoin's encryption algorithm withstand this?

Following this, crypto KOLs began to speak out intensively. Some said, "Bitcoin will go to zero in 2026," others claimed, "Q-Day (Quantum Break Day) is not far off," and some took the opportunity to promote so-called "quantum-resistant tokens."

The market fell into anxiety. After all, the security of Bitcoin is based on the ECDSA elliptic curve encryption algorithm. Once a quantum computer can run Shor's algorithm to crack private keys, the entire trust foundation of the crypto world will collapse instantly.

So, how real is the quantum threat? How should Bitcoin respond?

The Truth About the Willow Chip: Breakthroughs in Error Correction vs. Actual Gaps

To answer the question of "Can it be cracked in the short term?", we must first understand the true level of quantum hardware in 2026.

Google's Willow chip is indeed a milestone. It first proved that as the number of physical qubits increases, the error rate of logical qubits constructed using surface codes can decrease exponentially.

What does this mean?

Before Willow, increasing qubits often introduced more noise, making the system less stable. Willow broke this bottleneck, turning "fault-tolerant quantum computing" from a theoretical concept into an engineering reality.

But this does not mean that the day of cracking Bitcoin has arrived.

Cracking Bitcoin's secp256k1 elliptic curve requires about 2300 to 2600 logical qubits and tens of billions of quantum gate operations. Under traditional surface code architectures, creating one logical qubit may require 1000 physical qubits.

In conversion, cracking Bitcoin may require 2 million to 20 million physical qubits.

As of early 2026, the Willow chip only has 105 physical qubits.

Although companies like IBM, IonQ, and QuEra have aggressive roadmaps, even the most optimistic predictions suggest that reaching the threshold of thousands of logical qubits will not happen until 2029-2033. (IonQ plans to reach about 1,600 logical qubits by 2028, while IBM aims for a fault-tolerant quantum computer with 200 logical qubits by 2029.)

There is a gap of 3 to 4 orders of magnitude from physical qubits to logical qubits. This is akin to the leap from transistor radios to modern smartphones.

In the short term, the possibility of quantum computing directly cracking modern Bitcoin addresses remains extremely low.

The Misinterpretation of "20 Times Efficiency Improvement"

If hardware progress is linear, algorithm breakthroughs are often stepwise.

In August 2023, Oded Regev from New York University proposed an improved version of Shor's algorithm. In October 2023, MIT's Vinod Vaikuntanathan and his student Seyoon Ragavan further optimized it, reducing the quantum steps for 2048-bit RSA from 4.2 million steps to 92,700 steps, equivalent to about a 45-fold efficiency improvement.

This academic conclusion was sensationalized by some KOLs and media, interpreted as: "Cracking Bitcoin has become 20 times easier!"

What is the truth?

Regev's algorithm indeed reduces the depth of quantum circuits (the time qubits need to maintain coherence) through a "space-for-time" strategy. But the cost is that it requires more qubits as "memory."

Even with a 20-fold efficiency improvement, the number of required logical qubits remains in the thousands. The Willow chip still has a significant gap to this threshold.

A more important variable is the quantum low-density parity-check code (qLDPC). IBM and QuEra are researching this new error correction code, which theoretically can reduce the error correction overhead from 1000:1 to 10:1.

If Regev's algorithm is combined with qLDPC hardware, the cracking threshold would indeed be significantly lowered. However, this requires support from a completely new hardware architecture (high connectivity), which currently only QuEra's neutral atom solution has shown potential for.

Conclusion: The 20-fold efficiency improvement does not eliminate the exponential hardware threshold required for cracking. In the short term, panic outweighs the actual threat.

The Vast Difference Between Two Types of Bitcoin Addresses

The threat of quantum computing does not treat all Bitcoin equally. Understanding the risks requires distinguishing between two types of address.

P2PKH (Pay-to-Public-Key-Hash): A relatively safe cover

Modern Bitcoin addresses (starting with 1, 3, or bc1) use a double hash of the public key (SHA-256 + RIPEMD-160). The public key itself is not disclosed until the user initiates a transaction, at which point the public key is broadcast to the network.

An attacker can only intercept the public key, run a quantum algorithm to calculate the private key, and construct a higher-fee replacement transaction to steal funds during the time the transaction is in the mempool before being packed into a block (usually 10 minutes). This type of attack is known as a "transit attack."

Even with a quantum computer with cryptographic capabilities (CRQC), completing the decryption within 10 minutes is still highly challenging.

P2PK (Pay-to-Public-Key): Extremely high-risk "naked" assets

In 2009-2010, Satoshi Nakamoto and early miners primarily used P2PK scripts. This type of script directly exposes the raw public key in the block data.

Attackers do not need to wait for a transaction to occur. They can directly scan the blockchain's historical data, extract millions of BTC's raw public keys, and run Shor's algorithm offline on a quantum computer to calculate the private keys.

This is a typical "harvest now, decrypt later" scenario.

Affected funds: An estimated 2 to 4 million BTC, including about 1.1 million BTC in Satoshi's wallet (according to researcher Sergio Lerner's "Patoshi pattern" analysis, Satoshi mined about 22,000 blocks).

Once Q-Day arrives, this portion of funds could be instantly transferred by hackers.

Satoshi's 1 Million BTC: The Biggest Gray Rhino

In this light, the biggest quantum crisis facing Bitcoin seems not to be technical, but rather governance and politics.

Once quantum-resistant upgrades are deployed, the network must make decisions regarding those P2PK old coins that have never moved.

The dilemma is that the public keys of these addresses are exposed and cannot be protected through a simple soft fork. Unless the private key holders actively go online to sign and migrate to new addresses.

If Satoshi does not reappear, these coins will remain perpetually exposed to quantum attacks. Once CRQC is realized, hackers will steal these coins and crash the market.

The community may be forced to "freeze" or "destroy" these unmigrated P2PK assets through a soft fork.

This would violate the principles of "private property is sacred and inviolable" and "code is law," potentially leading to a more severe split in Bitcoin than BCH/BTC.

This is the real "gray rhino."

The Bitcoin Community's Response Plan

In the face of potential threats, the Bitcoin developer community is not sitting idle.

Quantum-resistant technologies are moving from theory to engineering practice. Hash-based signature schemes (such as Lamport signatures, Winternitz one-time signatures), zero-knowledge proof technologies (STARKs), and NIST-standardized post-quantum cryptographic algorithms (such as SPHINCS+) have been included in discussions of Bitcoin Improvement Proposals (BIPs).

Core solution: P2TSH (Pay-to-Tapscript-Hash)

This is a new transaction output type proposed in BIP-360 (renamed from P2QRH at the end of 2024). Proposed by Hunter Beast, Ethan Heilman, and Isabel Foxen Duke, this scheme utilizes the existing Taproot architecture, removing the "keypath spend" vulnerable to quantum attacks, while retaining only the "script-path." Because the script path is hashed, quantum computers cannot see the internal structure.

This upgrade is backward compatible and can be implemented through a soft fork.

Emergency defense mechanism: Commit-Delay-Reveal

If a quantum computer suddenly appears, the Bitcoin network can urgently activate this mechanism to protect P2PKH fund migration:

Commit: The user sends a transaction containing the hash of the new quantum-safe address but does not include the old public key and signature.

Delay: The protocol forces this transaction to wait on-chain for several blocks (for example, 144 blocks, about 1 day).

Reveal: After the delay period, the user sends a second transaction, revealing the old public key and ECDSA signature to unlock the funds and transfer them to the new address.

Principle: Even if a quantum attacker sees the public key during the "reveal" phase, the timestamp established by the first step of "commit" prevents the attacker from rolling back the blockchain to insert their own transaction.

This method cleverly uses time locks to offset the decryption speed advantage of quantum computers.

Lamport and Winternitz Signatures: The Return of OP_CAT

As calls within the Bitcoin community to restore the OP_CAT opcode grow louder, hash-based Lamport signatures and Winternitz one-time signatures (WOTS) have become popular alternatives for quantum resistance.

Once OP_CAT is activated, developers can directly write the logic to verify WOTS signatures in Bitcoin scripts without needing a hard fork, achieving permissionless quantum upgrades.

Summary

Quantum computing cannot crack modern Bitcoin addresses (P2PKH) in the short term (2026-2028).

Although current physical hardware development is rapid, the expansion of logical qubits is still constrained by enormous error correction overhead. While the Oded Regev algorithm has reduced gate operation requirements by 20 times, it has not brought the required number of qubits down to a range accessible by current hardware.

However, 2030-2035 is a highly dangerous window. As IonQ, QuEra, and IBM plan to deliver machines with thousands of logical qubits between 2028-2030, Bitcoin must complete protocol upgrades before then.

The arrival of quantum computing is not the end of Bitcoin, but a countdown to a technological upgrade.

History always moves forward in crises. Whether Bitcoin can survive in the quantum era depends on whether the community can complete this upgrade with no turning back before the threat truly arrives.

免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。

Share To

Related Articles

avatar
avatarAiCoin
25 minutes ago
AiCoin Daily Report (January 10)
avatar
avatarOdaily星球日报
13 hours ago
Power Competition National Strategy: Four Survival Models and the Overlooked "Arbitrage" Space
avatar
avatar律动BlockBeats
14 hours ago
Why is on-chain fixed-rate lending difficult to gain traction? The "interest rate spread" trading is the way out.
avatar
avatarTechub News
14 hours ago
Weekend Recommended Reading: Zcash Erupts in "Internal Strife," Polymarket Becomes a Paradise for Insider Trading?
avatar
avatarOdaily星球日报
14 hours ago
The biggest variable in the post-cryptocurrency market: Can the CLARITY Act make it through the Senate?
APP

X

Telegram

Facebook

Reddit

CopyLink