Bitcoin’s security relies heavily on the Elliptic Curve Digital Signature Algorithm (ECDSA) for key generation and signatures. But, as the development of quantum computers accelerates, a question arises: Could quantum computers eventually break Bitcoin’s cryptography and compromise the security of funds stored in wallets?

The Short Answer: Not Today

The key challenge with adopting PQC for Bitcoin is how to implement it without compromising the network’s performance. One approach that has been discussed is implementing a soft fork when quantum computers become a genuine threat. This would involve encouraging users to adopt quantum-resistant measures by incentivizing users with block space discounts (similar to what we did with the SegWit soft fork)

Right now, Bitcoin is not at risk from quantum computers. The technology required for quantum computers to break Bitcoin’s cryptographic defenses is still decades away. Even if quantum computers eventually become capable of breaking ECDSA, it’s expected that advancements in cryptography will outpace this risk.

Looking Ahead: Post-Quantum Cryptography (PQC)

Despite the current lack of immediate threat, there is ongoing discussion in the Bitcoin developer community about how to make Bitcoin quantum-resistant in the future. Developers are exploring the concept of Post-Quantum Cryptography (PQC) as a safeguard against future quantum threats.

For example, forums like the Bitcoin-dev mailing list and Delving Bitcoin have seen some discussions on approaches to quantum-resistant Bitcoin. Developers are discussing algorithms like:

SPHINCS+, a hash-based signature algorithm, is one of the prominent candidates being explored. While it is secure, its downside is the large signature size — about 17KB — which is quite large for the Bitcoin network.

Alternatively, SQISignHD, a more compact solution, is also gaining attention. This algorithm is only about 30% larger than the current ECDSA, making it a potentially more feasible choice for Bitcoin’s future scalability.

The key challenge with adopting PQC for Bitcoin is how to implement it without compromising the network’s performance. One approach that has been discussed is implementing a soft fork when quantum computers become a genuine threat. This would involve encouraging users to adopt quantum-resistant measures by incentivizing users with block space discounts (similar to what we did with the SegWit soft fork)

Another possible solution involves locking dormant coins. For instance, a proposal by Bitcoin developer achow101 suggests locking unspent transaction outputs (UTXOs) until an owner can provide zero-knowledge proofs (zk-proof) to confirm ownership. This would help protect coins from quantum threats without disrupting the entire network.

“For example, users could provide a proof that they have the BIP 32 seed that was used to derive the private key for the given public key. Since it is a Zero-Knowledge Proof, the seed itself is not exposed (note that the seed is not part of a public-private keypair so there is no public component that is shared). Since most wallets use BIP 32, this should be sufficient. There may be other ways to prove ownership without risking coins that have not been thought of yet.” 

The Challenge of Balancing Security and Scalability