Experts argue quantum computing does not pose an immediate, execution-ready threat to Bitcoin because today’s hardware cannot realistically run the required attacks at scale, while the ecosystem is already building post-quantum migration paths. The operational posture described is long-horizon risk management, not near-term crisis response.
Quantum risk to Bitcoin: why it is not immediate, and how mitigation is evolving
Current quantum processors lack the scale and stability required to run algorithms that would compromise Bitcoin’s elliptic-curve signatures. The text explains that breaking ECDSA keys with Shor’s algorithm would require millions of stable, error-corrected qubits and long coherence times, while today’s leading machines operate with tens to a few hundred noisy qubits, with examples including 53 qubits (Google’s Sycamore) and 433 qubits (IBM’s Osprey). High error rates and short coherence windows are presented as the core blocker that makes practical key recovery infeasible at present. The text also notes Grover’s algorithm as a smaller concern that could accelerate brute-force work on hash functions and affect mining efficiency, but it is not framed as the primary existential risk.
No, quantum computers won't break Bitcoin in the near future. We'll keep observing their evolution.
Yet, making thoughtful changes to the protocol (and an unprecedented migration of funds) could easily take 5 to 10 years.
We should hope for the best, but prepare for the worst.
— Jameson Lopp (@lopp) December 21, 2025
The principal vulnerability described is public-key exposure rather than a blanket break of all Bitcoin holdings. Bitcoin’s Pay-to-Public-Key-Hash (P2PKH) addresses reveal the public key when funds are spent, and once that key is revealed, Shor’s algorithm could theoretically derive the private key if quantum hardware matures enough. The text explicitly outlines a “harvest now, decrypt later” risk model in which adversaries collect exposed public keys today for potential future exploitation. It also cites technical literature estimates that a meaningful share of supply, on the order of 20–30% (roughly 4–10 million BTC), could sit in addresses where public keys have already been revealed.
Bitcoin is described as having practical defensive upside when public keys remain unexposed and address reuse is minimized. The text states that single-use behavior reduces exposure because public keys are not revealed until spending occurs. It also notes that newer address types such as SegWit (P2WPKH) and Taproot (P2TR) reduce public-key exposure or make extracting the key harder, lowering immediate risk. In governance terms, these design and usage patterns are positioned as risk-reduction controls that improve the network’s security baseline while longer-term upgrades are engineered.
The mitigation roadmap centers on post-quantum cryptography being standardized and operationalized ahead of a practical quantum break. The text notes that NIST has selected candidate algorithms for standardization, including CRYSTALS-Kyber for key exchange and signature schemes such as CRYSTALS-Dilithium and FALCON, alongside hash-based SPHINCS+. It also references a protocol proposal, BIP 360, which would introduce a Pay-to-Quantum-Resistant-Hash (P2QRH) address type that supports multiple post-quantum schemes and envisions a migration path likely via soft forks. This is framed as a programmatic transition strategy that enables staged adoption rather than a disruptive, all-at-once cutover.
Industry activity described in the text indicates early prototyping and testnet planning rather than passive monitoring. One company is said to have announced a prototype implementing NIST-standardized PQC signatures, with a Q4 2025 testnet and a Q2 2026 mainnet target, while another firm is developing hybrid and hardware approaches to accelerate transition. The text also notes that expert timelines vary materially, with some expecting cryptographically relevant quantum computers to be decades away (20–40+ years), while others assign non-negligible probability to earlier advances in the late 2020s or early 2030s. NIST’s planning horizon extending into the 2030s is presented as evidence that transitions of this scale require long lead times and disciplined execution.
The consensus view in the text is that quantum risk is a long-term, manageable engineering and governance challenge, not an immediate security failure mode. The core message is that standards work, protocol proposals like BIP 360, and active prototyping together position Bitcoin to migrate before quantum capability becomes practically exploitable.