Will Bitcoin be broken by quantum computers in 2030?

Google and companies like AWS have begun adopting post-quantum cryptography, but Bitcoin and Ethereum are still in the early discussion stages.

Written by: Tiger Research

Translated by: AididiaoJP, Foresight News

The advancements in quantum computing are introducing new security risks to blockchain networks. This section aims to explore technologies designed to address quantum threats and examine how Bitcoin and Ethereum are preparing for this transition.

Key Points

The Q-Day scenario, where quantum computers can break blockchain cryptography, is estimated to arrive in 5 to 7 years. BlackRock has also pointed out this risk in its Bitcoin ETF application documents.
Post-quantum cryptography provides protection against quantum attacks at three security levels: communication encryption, transaction signatures, and data persistence.
Companies like Google and AWS have begun adopting post-quantum cryptography, but Bitcoin and Ethereum are still in the early discussion stages.

A New Technology Raises Unfamiliar Questions

If a quantum computer could crack a Bitcoin wallet in minutes, could the security of the blockchain still be maintained?

The core of blockchain security is private key protection. To steal someone's Bitcoin, an attacker must obtain the private key, which is practically impossible with current computing methods. Only the public key is visible on the chain, and even using a supercomputer, deriving the private key from the public key would take hundreds of years.

Quantum computers change this risk landscape. Classical computers process 0 or 1 sequentially, while quantum systems can process both states simultaneously. This capability theoretically makes it possible to derive the private key from the public key.

Experts estimate that quantum computers capable of breaking modern cryptography may emerge around 2030. This anticipated moment is referred to as Q-Day, indicating that there are still five to seven years before actual attacks become feasible.

Source: SEC

Regulators and major institutions have recognized this risk. In 2024, the U.S. National Institute of Standards and Technology introduced post-quantum cryptography standards. BlackRock also noted in its Bitcoin ETF application that advancements in quantum computing could threaten the security of Bitcoin.

Quantum computing is no longer a distant theoretical issue. It has become a technical problem that requires practical preparation rather than relying on assumptions.

Quantum Computing Challenges Blockchain Security

To understand how blockchain transactions work, consider a simple example: Ekko sends 1 BTC to Ryan.

When Ekko creates a transaction stating, "I send my 1 BTC to Ryan," he must attach a unique signature. This signature can only be generated using his private key.

Then, Ryan and other nodes in the network use Ekko's public key to verify whether the signature is valid. The public key acts like a tool that can verify the signature but cannot recreate it. As long as Ekko's private key remains confidential, no one can forge his signature.

This forms the foundation of blockchain transaction security.

A private key can generate a public key, but a public key cannot reveal the private key. This is achieved through the Elliptic Curve Digital Signature Algorithm (ECDSA), which is based on elliptic curve cryptography. ECDSA relies on a mathematical asymmetry where computation in one direction is simple, while the reverse computation is computationally infeasible.

As quantum computing advances, this barrier is weakening. The key element is the quantum bit.

Classical computers process 0 or 1 sequentially. Quantum bits can represent both states simultaneously, enabling massive parallel computation. With a sufficient number of quantum bits, a quantum computer can perform calculations in seconds that would take classical computers decades to complete.

Two quantum algorithms pose direct risks to blockchain security.

Shor's algorithm provides a way to derive private keys from public keys, thereby undermining public key cryptography. Grover's algorithm reduces the effective strength of hash functions by accelerating brute-force searches.

Shor's Algorithm: Direct Asset Theft

Most internet security today relies on two public key cryptosystems: RSA and ECC.

These systems defend against external attacks by leveraging difficult mathematical problems such as integer factorization and discrete logarithms. Blockchain uses the same principles through the ECC-based ECDSA.

With current computing power, breaking these systems would take decades, so they are considered practically secure.

Shor's algorithm changes this. A quantum computer running Shor's algorithm can quickly perform large integer factorization and discrete logarithm calculations, which can break RSA and ECC.

Using Shor's algorithm, a quantum attacker can derive the private key from the public key and arbitrarily transfer assets from the corresponding address. Any address that has ever sent a transaction is at risk because its public key becomes visible on the chain. This could lead to a scenario where millions of addresses are simultaneously at risk.

Grover's Algorithm: Intercepting Transactions

Blockchain security also relies on symmetric key encryption (like AES) and hash functions (like SHA-256).

AES is used to encrypt wallet files and transaction data, and finding the correct key requires trying all possible combinations. SHA-256 supports proof-of-work difficulty adjustments, requiring miners to repeatedly search for hash values that meet specified conditions.

These systems assume that when a transaction is waiting in the memory pool, other users do not have enough time to analyze or forge it before it is packed into a block.

Grover's algorithm undermines this assumption. It accelerates the search process using quantum superposition and reduces the effective security level of AES and SHA-256. Quantum attackers can analyze transactions in the memory pool in real-time and generate a forged version that uses the same input (UTXO) but redirects the output to a different address.

This leads to the risk of transactions being intercepted by attackers equipped with quantum computers, resulting in funds being transferred to unintended destinations. Withdrawals from exchanges and regular transfers may become common targets for such interceptions.

Post-Quantum Cryptography

How can blockchain security be maintained in the era of quantum computing?

Future blockchain systems need cryptographic algorithms that can remain secure even under quantum attacks. These algorithms are referred to as post-quantum cryptography (PQC) technologies.

The U.S. National Institute of Standards and Technology has proposed three main PQC standards, which both the Bitcoin and Ethereum communities are discussing adopting as a foundation for long-term security.

Kyber: Protecting Communication Between Nodes

Kyber is an algorithm designed to allow two parties on a network to securely exchange symmetric keys.

Traditional methods that have long supported internet infrastructure, such as RSA and ECDH, are vulnerable to attacks from Shor's algorithm and have exposure risks in a quantum environment. Kyber addresses this issue by using a lattice-based mathematical problem (called Module-LWE) that is believed to be resistant even to quantum attacks. This structure prevents data from being intercepted or decrypted during transmission.

Kyber protects all communication paths: HTTPS connections, exchange APIs, and messaging from wallets to nodes. Within the blockchain network, nodes can also use Kyber when sharing transaction data, preventing third-party monitoring or information extraction.

In essence, Kyber rebuilds the security of the network transport layer for the quantum computing era.

Dilithium: Verifying Transaction Signatures

Dilithium is a digital signature algorithm used to verify that a transaction was created by the legitimate holder of the private key.

Ownership in blockchain relies on the "sign with a private key, verify with a public key" ECDSA model. The problem is that ECDSA is vulnerable to attacks from Shor's algorithm. By accessing the public key, a quantum attacker can derive the corresponding private key, enabling signature forgery and asset theft.

Dilithium avoids this risk by using a lattice-based structure that combines Module-SIS and LWE. Even if an attacker analyzes the public key and signature, the private key cannot be inferred, and the design remains secure against quantum attacks. Implementing Dilithium can prevent signature forgery, private key extraction, and large-scale asset theft.

It protects both asset ownership and the authenticity of each transaction.

SPHINCS+: Preserving Long-Term Records

SPHINCS+ uses a multi-layer hash tree structure. Each signature is verified through a specific path in the tree, and since a single hash value cannot be reverse-engineered to reveal its input, this system can remain secure even against quantum attacks.

Once Ekko and Ryan's transaction is added to a block, the record becomes permanent. This can be compared to a document fingerprint.

SPHINCS+ converts each part of the transaction into a hash value, creating a unique pattern. If even a single character in the document changes, its fingerprint will completely change. Similarly, modifying any part of the transaction will alter the entire signature.

Even decades later, any attempt to modify the transaction between Ekko and Ryan will be immediately detected. Although the signatures produced by SPHINCS+ are relatively large, it is well-suited for financial data or government records that must maintain verifiability over the long term. Quantum computers will find it difficult to forge or replicate this fingerprint.

In summary, PQC technology builds a three-layer protection against quantum attacks in a standard 1 BTC transfer: Kyber for communication encryption, Dilithium for signature verification, and SPHINCS+ for record integrity.

Bitcoin and Ethereum: Different Paths, Same Goal

Bitcoin emphasizes immutability, while Ethereum prioritizes adaptability. These design philosophies are shaped by past events and influence how each network responds to the threat of quantum computing.

Bitcoin: Protecting the Existing Chain by Minimizing Changes

Bitcoin's emphasis on immutability can be traced back to the value overflow incident in 2010. A hacker exploited a vulnerability to create 184 billion BTC, and the community invalidated that transaction through a soft fork within five hours. After this emergency action, the principle that "confirmed transactions must never be changed" became central to Bitcoin's identity. This immutability maintains trust but also makes rapid structural changes difficult.

This philosophy extends to Bitcoin's approach to quantum security. Developers agree that upgrades are necessary, but a full chain replacement through a hard fork is considered too risky for network consensus. Therefore, Bitcoin is exploring a gradual transition through a hybrid migration model.

Source: bip360.org

If adopted, users will be able to use both traditional ECDSA addresses and new PQC addresses simultaneously. For example, if Ekko's funds are stored in an old Bitcoin address, he can gradually migrate them to a PQC address as Q-Day approaches. Since the network recognizes both formats simultaneously, security is enhanced without forcing a disruptive transition.

Challenges remain significant. Hundreds of millions of wallets need to be migrated, and there is currently no clear solution for wallets with lost private keys. Differing opinions within the community may also increase the risk of chain forks.

Ethereum: Redesigning for Rapid Transition Through Flexible Architecture

Ethereum's principle of adaptability stems from the DAO hack in 2016. When approximately 3.6 million ETH were stolen, Vitalik Buterin and the Ethereum Foundation executed a hard fork to reverse the theft.

This decision split the community into Ethereum (ETH) and Ethereum Classic (ETC). Since then, adaptability has become a defining feature of Ethereum and a key factor in its ability to implement rapid changes.

Source: web3edge

Historically, all Ethereum users relied on external accounts that could only send transactions through the ECDSA signature algorithm. Since each user depended on the same cryptographic model, changing the signature scheme required a hard fork across the entire network.

EIP-4337 changed this structure, allowing accounts to operate like smart contracts. Each account can define its own signature verification logic, enabling users to adopt alternative signature schemes without modifying the entire network. Signature algorithms can now be replaced at the account level rather than through a protocol-wide upgrade.

Based on this, several proposals supporting the adoption of PQC have emerged:

EIP-7693: Introduces a hybrid migration path that supports a gradual transition to PQC signatures while maintaining compatibility with ECDSA.
EIP-8051: Applies NIST PQC standards on-chain to test PQC signatures under real network conditions.
EIP-7932: Allows the protocol to recognize and verify multiple signature algorithms simultaneously, enabling users to choose their preferred method.

In practice, users with ECDSA-based wallets can migrate to Dilithium-based PQC wallets as quantum threats approach. This transition occurs at the account level without requiring a replacement of the entire chain.

In summary, Bitcoin aims to integrate PQC in parallel while maintaining its current structure, while Ethereum is redesigning its account model to directly incorporate PQC. Both pursue the same goal of quantum resistance, but Bitcoin relies on conservative evolution, while Ethereum adopts structural innovation.

As Blockchain Debates Continue, the World Has Changed

The global internet infrastructure has begun transitioning to new security standards.

Web2 platforms, supported by centralized decision-making, are acting swiftly. Google will enable post-quantum key exchange by default in Chrome starting April 2024, deploying it to billions of devices. Microsoft has announced an organization-wide migration plan aimed at fully adopting PQC by 2033. AWS will begin using hybrid PQC by the end of 2024.

The situation is different for blockchain. Bitcoin's BIP-360 is still under discussion, while Ethereum's EIP-7932 has been submitted for months but has yet to see a public testnet. Vitalik Buterin has outlined a gradual migration path, but it remains unclear whether the transition can be completed before quantum attacks become practically feasible.

A Deloitte report estimates that approximately 20% to 30% of Bitcoin addresses have already exposed their public keys. They are currently secure, but once quantum computers mature in the 2030s, they could become targets. If the network attempts a hard fork at that stage, the likelihood of a split is high. Bitcoin's commitment to immutability, while foundational to its identity, also makes rapid change difficult.

Ultimately, quantum computing presents both technical and governance challenges. Web2 has already begun its transition. Blockchain is still debating how to start. The decisive question will not be who acts first, but who can safely complete the transition.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。