Back, Bernstein: Quantum computers not immediate Bitcoin threat

Adam Back, CEO of Blockstream, and analysts at Bernstein argued that current quantum computing technology does not present an immediate existential threat to Bitcoin. They pointed to limitations in scale and error correction that prevent today’s machines from breaking the cryptography that protects Bitcoin funds.

Their analysis distinguishes today’s noisy, small quantum devices from the large, fault-tolerant quantum computers needed to run Shor’s algorithm against elliptic-curve digital signatures. Shor’s algorithm can derive a private key from a revealed public key, but that requires many qubits and effective error correction that current hardware does not provide.

The speakers highlighted a practical protection built into common Bitcoin address usage: many addresses do not reveal a public key until coins are spent. Coins held at addresses that publish only a hashed public key remain harder to target than coins moved from addresses that disclose the public key during spending.

Bernstein analysts recommended ongoing monitoring of advances in quantum hardware and cryptanalysis to judge when the risk could grow meaningful. They identified signature schemes based on elliptic-curve cryptography as the primary long-term vulnerability and said stakeholders should watch the technical progress rather than assume immediate danger.

Potential mitigation paths include adopting signature algorithms designed to resist quantum attacks and moving funds from vulnerable address types to safer ones before large-scale quantum capability appears. Back urged users to avoid address reuse, and custodial services were advised to consider migration strategies for high-value holdings. Implementing new signature schemes would require coordination among developers, node operators and wallet providers to update software without disrupting the network.

Additional technical context notes that quantum algorithms produce different effects on Bitcoin’s cryptography: Shor’s algorithm targets public-key signatures, while hash functions used in proof-of-work and address formats would at most see a square-root speedup from quantum search algorithms. That difference focuses defensive work on signature schemes rather than on the protocol’s entire cryptographic stack.

The long-term concern remains rooted in widely shared research: building error-corrected quantum computers capable of breaking public-key cryptography would require orders of magnitude more stable qubits and reliable error-correction than exist today. Cryptographers are developing post-quantum signature candidates, and standards bodies are evaluating those algorithms for broader adoption.