Alexander Bechtel

By Alexander Bechtel

For Bitcoin, the race against the first quantum computer is much more than a software update: it is a decision about whether to abandon the principles of immutability and decentralization for the security of billions in assets.

It is a technological race whose outcome will determine the fate of assets that in their sum reach the gross domestic product of a medium-sized European state. Whoever is first to construct a sufficiently powerful quantum computer could gain access to a treasure currently worth around 700 billion dollars.

This sum corresponds to the equivalent of around six to eight million bitcoins stored at addresses whose cryptographic shield could be compromised. Experts disagree on when this “Q-Day” will occur. Estimates range from a few years to several decades. As early as the 2030s, quantum computers could be capable of operating a sufficiently large number of logical qubits, making a technical upgrade of the Bitcoin network necessary.

Bitcoin’s security promise is based on asymmetric cryptography, more specifically on elliptic curves. Put simply, it is virtually impossible for conventional computers to calculate the private key (the password) from a public key (the account number). However, a quantum computer could solve this problem using the so-called Shor algorithm. This algorithm uses quantum superposition and interference to efficiently factor large numbers or calculate discrete logarithms. This could break elliptic curve cryptography.

How many bitcoins are really at risk?

Of the current 20 million bitcoins, however, only a fraction would be vulnerable to quantum computers. The key difference between vulnerable and protected bitcoins lies in the visibility of the public keys. For around six to eight million coins, these keys are permanently visible on the blockchain. This is due to technical reasons related to the use of special address types. Once a public key is visible, it would be vulnerable to attack by a quantum computer at any time.

The good news is that, in principle, sending these bitcoins to secure addresses is sufficient to protect them. In these addresses, the public key is hidden by means of an additional hashing process and remains inaccessible to quantum computers for the time being.

In the long term, this does not replace the necessary upgrade from Bitcoin to quantum-secure cryptography, but it does buy time. This is because even on these protected addresses, the public keys become visible the moment a transaction is initiated. However, since transactions are processed within ten minutes on average, the window of opportunity for an attack is extremely small.

The real problem arises from those coins that cannot be transferred to secure addresses. This mainly affects holdings whose private keys have been lost or whose owners have died. For example, around one million bitcoins are held in addresses belonging to Bitcoin founder Satoshi Nakamoto, who has never moved them and has been missing for almost 15 years. A total of around 1.5 to 2 million bitcoins are likely to be affected.

The cultural challenge

The only way to protect these holdings from access by quantum computers would be a so-called hard fork, in which the rules of the network are rewritten and the affected coins are frozen. Such a step seems unthinkable against the backdrop of the Bitcoin ethos, which focuses on decentralization and immutability.

The challenge posed by quantum computers is therefore less technical than cultural. How should the 1.5 to 2 million bitcoins that remain vulnerable even after a technical upgrade be handled? For the Bitcoin community, the possible solutions are like choosing between a rock and a hard place: either let development run its course and risk these coins, currently worth around $160 billion, falling into the wrong hands, or break with the iron law of immutability and freeze the coins.

In summary, the quantum problem can be divided into two dimensions that must be considered separately: the technical upgrading of the network and the fate of vulnerable legacy coins, which will remain vulnerable even after an upgrade. While there is no reason to panic from a purely technical standpoint, the community should prepare to address the cultural problem. The past has shown that such fundamental discussions can take years and divide the network. For a system that claims to be eternal, a decade is just the blink of an eye. It would be disastrous if the community were caught unprepared by the first quantum computer attack.

—

This article was originally published in Frankfurter Allgemeine Zeitung (FAZ) in German. For the original version, click here.

Disclaimer: The contents of this article reflect the private opinion of the author.