The argument that Bitcoin needs to update its anti quantum algorithm in the next 10 years In the next decade, Bitcoin is highly likely to need to upgrade its underlying encryption algorithm to counter the threat of quantum computing. This statement is based on the following core logic: The timeline for quantum computers to crack encryption is accelerating The latest research, such as Google's paper on RSA, indicates that the estimated resources required for quantum computers to crack existing asymmetric encryption are rapidly decreasing. Although Bitcoin uses elliptic curve cryptography (ECC) instead of RSA, both are susceptible to attacks from the Shor algorithm. The Shor algorithm can efficiently solve large number decomposition and discrete logarithm problems, and the security of ECC is based on the difficulty of elliptic curve discrete logarithm problems. When the number of quantum bits required to crack RSA decreases significantly, it also indicates that the timeline for cracking ECC will also accelerate. 2. Public key exposure brings the risk of "stealing now, decrypting in the future" The operation mechanism of Bitcoin determines that its core security vulnerability lies in the timing of public key exposure. Before transferring funds, the public key is hidden: when you have a Bitcoin address but have not used it to send any transactions, the corresponding complete public key is not publicly available. Only the hashed address is publicly visible. Due to the one-way nature of hash functions, it is not possible to directly derive the public key or private key based solely on the address. Regarding the exposure of public keys for different address types: Pay to Public Key (P2PK) addresses: These types of addresses were used in the early days of Bitcoin, and their public keys were already made public at the time of creation. This type of address is the most direct target of quantum attacks, such as Satoshi Nakamoto's early Bitcoin, many of which are stored in this type of address. Pay to Public Key Hash (P2PKH) address (starting with '1'): This is the most common type of address. It only exposes the hash value of the public key when receiving funds. The public key itself is only exposed at the first expenditure. Pay to Script Hash (P2SH) address (starting with '3'): This type of address allows users to send Bitcoin to a script hash value. The detailed content of this script (called redeem script), including any public keys it may contain, will only be made public when funds are spent. P2SH is widely used in multi signature wallets or some complex smart contracts. SegWit addresses (starting with 'bc1', including P2WPKH and P2WSH): SegWit improves transaction structure and signature verification methods. P2WPKH (Pay to Witness Public Key Hash): This type of address corresponds to the SegWit version of P2PKH, with the public key hash value in the address and the complete public key exposed as witness data when spent. P2WSH (Pay to Witness Script Hash): This type of address corresponds to the SegWit version of P2SH, with the script hash value in the address, and the complete script and the public key contained therein are exposed as witness data at the time of expenditure. Taproot address (starting with 'bc1p', P2TR): Taproot is the latest upgrade of Bitcoin, which uses Schnorr signatures and Merkle abstraction syntax tree (MAST). The design of Taproot addresses aims to improve privacy, efficiency, and flexibility. However, Taproot addresses also lack quantum resistance. Although Schnorr signatures may provide stronger aggregation in some aspects, their underlying security still relies on elliptic curves, and once public key exposure is involved, they are still threatened by the Shor algorithm. Even some analyses suggest that due to its characteristics, Taproot addresses may be more susceptible to so-called 'long exposure attacks' than other address types in certain situations. Therefore, for the vast majority of Bitcoin address types, their public key (or script containing the public key) will not be exposed until any spending operations are performed, and the private key is relatively secure. When transferring funds, the details of the public key or script are inevitably exposed: however, when you send Bitcoin from a Bitcoin address, in order to verify the legitimacy of the transaction, the corresponding complete public key (for P2PKH/P2WPKH) or Redeem Script/Witness Script and its internal public key (for P2SH/P2WSH/Taproot) will be included as part of the transaction and broadcasted to the Bitcoin network. Once the transaction is confirmed and included in the blockchain, this information will be permanently recorded on the public ledger. The threat of 'stealing now, decrypting in the future': Even if there are currently not sufficiently powerful quantum computers, potential attackers can collect these exposed public keys (or scripts containing public keys) and their associated encrypted data now, and wait for quantum computing machines to develop to a level sufficient to crack ECC within the next decade. Once the technology matures, they can use the Shor algorithm to derive private keys from these publicly available public keys, thereby stealing the corresponding Bitcoin. This attack pattern poses future quantum threats to even past transactions. To address this risk, users should try to use disposable addresses and avoid address reuse. When you reuse a Bitcoin address, the corresponding public key or script containing the public key will also be repeatedly exposed on the blockchain, providing more opportunities for future quantum computers to derive private keys. Although a one-time address cannot completely eliminate the risk (as the public key is still exposed during the first use), it can at least limit the opportunity for future attackers to collect more information by repeatedly observing the same public key, and reduce the risk of more funds being affected by a single public key leak due to address reuse. 3. The development and deployment cycle of quantum computers coincide Leading quantum computing companies have released roadmaps to achieve million qubit systems by the early 2030s. This means that within a time window of less than ten years, a quantum computer capable of cracking 256 bit ECC keys is highly likely to move from the laboratory to reality. Meanwhile, large-scale decentralized systems like Bitcoin require several years or even longer for protocol upgrades and global deployment. Conclusion: The rapid advancement of quantum computing technology, coupled with the inherent characteristics of Bitcoin's public key exposure (although some risks can be mitigated by using disposable addresses as much as possible), and the long time required to update large decentralized systems, together constitute a strong reason why Bitcoin must update its anti quantum algorithms in the next 10 years. If not updated in a timely manner, Bitcoin will face the risk of being fundamentally threatened by quantum computers for its security.