What Presidio Bitcoin Found About Quantum Computing: Threat Timeline And Next Steps
Non-profit group Presidio Bitcoin has launched a technical report analyzing the rising quantum computing threat to the Bitcoin community.
The doc seems to be at the place quantum capabilities stand immediately, how a lot of BTC’s worth might be uncovered, what mitigations are already possible, and the way the broader ecosystem would possibly coordinate a software program replace and migration.
Why Upgrades Are Harder In A Decentralized System
Presidio Bitcoin begins from a easy level: Bitcoin is software program, and that’s each its energy and its weak point. Because it’s constructed as a system of code, Bitcoin is comparatively straightforward to maneuver, confirm, and maintain.
At the identical time, it inherits digital dangers that include counting on cryptography. One of an important of these dangers has been mentioned since Bitcoin’s early days—cryptographically related quantum computer systems, usually shortened to CRQCs.
In idea, a CRQC might break the elliptic curve cryptography that underpins Bitcoin by enabling the derivation of personal keys from public keys. The report emphasizes that this might primarily allow quantum-enabled theft of cash tied to uncovered public keys.
The report argues that Bitcoin’s mitigation toolkit is broad and technically achievable immediately, however the path is much less easy than it’s for extra centralized programs.
In centralized environments, coordination may be directed extra simply. With Bitcoin, coordinating upgrades throughout builders, customers, wallets, custodians, and infrastructure is inherently extra complicated.
There can be the danger of creating modifications too early, too shortly, or in a means that creates new vulnerabilities. Presidio additionally notes that post-quantum schemes include significant trade-offs, not simply technical however sensible ones for the ecosystem.
6.5 Million Bitcoin Could Be At Risk
At the middle of the vulnerability is Shor’s algorithm. Presidio explains that if a sufficiently highly effective quantum laptop exists, it might execute Shor’s algorithm to derive personal keys from uncovered public keys.
The report gives a stark quantitative estimate of what that might imply. If a cryptographically related quantum computer existed immediately, roughly 6.5 million BTC— one-third of the overall provide—could be instantly susceptible to theft.
More than two-thirds of that publicity—about 4.5 million Bitcoin—comes from handle reuse. Much of the reuse, the report says, is concentrated amongst a small group of huge custodians that use the follow for simplicity.
While that focus will increase the danger profile, Presidio additionally factors out that this portion is reducible with none protocol change. The mitigation is easy in idea: rotate to contemporary addresses.
The remaining structural publicity is completely different in nature. Presidio estimates 1.72 million BTC sits in legacy pay-to-pubkey (P2PK) outputs, and the report notes that almost all of these are presumed misplaced.
It additionally distinguishes one other class: addresses which have by no means been spent and the place solely a hash of the general public key’s seen on-chain should not susceptible at relaxation underneath present understanding.
The Uncertain Clock For CRQCs
A significant a part of the report is the uncertainty round timing. Presidio stresses that the timeline for CRQCs stays unsure, with knowledgeable surveys putting the chance of cryptographically related machines rising between 2030 and 2035 at about 50%.
Even so, Presidio outlines a concrete technique for Bitcoin community’s path ahead. It includes deploying post-quantum signature schemes through a tender fork, slightly than a disruptive onerous change.
Activation is the place timing issues most. Presidio says the Bitcoin ecosystem will possible full the post-quantum signature activation properly earlier than a CRQC menace materializes.
However, Chaincode’s playbook—referenced within the report—locations activation round month 6–7 if it doesn’t occur earlier. After activation, migration would comply with.
Featured picture from OpenArt, chart from TradingView.com