How Much Bitcoin Is Quantum-Vulnerable? Researcher Says 6.9 Million BTC

Project 11 CEO Alex Pruden is difficult a CoinShares estimate that solely 10,200 bitcoin sit in “genuinely” quantum-vulnerable legacy addresses, arguing as a substitute that roughly 6.9 million BTC may very well be uncovered if cryptographically related quantum computer systems arrive ahead of the market expects.

The dispute, amplified by Castle Island companion Nic Carter, goes to the guts of a debate that has began to spill out of educational circles and into investor-facing analysis: not whether or not quantum computing can be catastrophic for right this moment’s signature schemes, however how a lot Bitcoin is already uncovered given how keys are used on-chain and the way shortly the ecosystem would want to coordinate a migration.

Why ‘Only 10,000’ Bitcoin Are The Wrong Estimate

Pruden’s core objection to the “only 10k BTC” framing is definitional. In his thread, he argues quantum vulnerability extends nicely past old-style pay-to-public-key (P2PK) outputs and contains “any deal with that has signed a transaction as soon as (and left residual funds there),” as a result of the general public key turns into seen on-chain as soon as a spend is signed. In that mannequin, cash left behind in these UTXOs may very well be susceptible to an attacker capable of derive a personal key from a recognized public key.

He factors to a “continuously up to date tracker” run by Project Eleven itemizing 6,910,186 BTC as quantum-vulnerable, and cites Chaincode Labs’ technical report on post-quantum threats to Bitcoin as a cross-reference.

Pruden additionally singles out Satoshi Nakamoto’s presumed holdings as a big, dormant goal floor. “The entity believed to be Satoshi alone holds 1,096,152 BTC throughout 21,924 addresses. All susceptible,” he wrote, framing these cash as uncovered underneath his broader definition.

Carter, responding to protection circulating across the CoinShares quantity, mentioned: “re that variety of ‘solely 10k quantum-vulnerable BTC’ you’re seeing reported right this moment… as a lot as I respect Chris and his work at Coinshares, he’s flawed on this one.”

Pruden situates the Bitcoin debate inside a wider shift amongst massive tech firms and safety establishments towards post-quantum planning. He cites a Google weblog submit by Hartmut Neven and Kent Walker that characterizes post-quantum cryptography as an pressing, systemic transition requiring coordinated motion and accelerated adoption.

He additionally references a Google analysis outcome suggesting breaking RSA-2048 could require “~1 million noisy qubits,” decrease than earlier estimates, and argues this compresses perceived timelines — even when Bitcoin makes use of ECDSA somewhat than RSA. To reinforce the uncertainty, Pruden quotes distinguished theoretical pc scientist Scott Aaronson warning towards complacency round Shor-vulnerable methods:

“On the opposite hand, in the event you suppose Bitcoin, and SSL, and all the opposite protocols based mostly on Shor-breakable cryptography, are virtually definitely protected for the subsequent 5 years … then I submit that your confidence can also be unwarranted. Your confidence may then be like most physicists’ confidence in 1938 that nuclear weapons had been many years away, or like my very own confidence in 2015 that an AI capable of cross an inexpensive Turing Test was many years away… The bother is that typically individuals, y’know, try this.”

Pruden’s conclusion from that framing is much less about predicting a date and extra about avoiding a planning regime constructed on “it’ll be gradual.”

Pruden argues the CoinShares submit underestimates the operational actuality of a post-quantum transition for an already-deployed, decentralized system. He highlights the necessity to migrate “thousands and thousands of distributed keys,” the dearth of a centralized authority, and the truth that asset possession is enforced purely by digital signatures, with “no fallback.”

He additionally cites peer-reviewed analysis claiming “the BTC blockchain must shut down for 76 days” to course of migration transactions for the prevailing UTXO set in a best-case state of affairs — a datapoint meant to emphasize that even a distant risk can demand near-term engineering and governance work.

Pruden additional criticizes what he calls an attraction to authority in citing a hardware-wallet government as proof quantum is way away, arguing distributors could have incentives to downplay urgency if quantum-resistant signatures would out of date current gadgets.

At press time, BTC traded at $69,050.