Bitcoin and Quantum Computing
by nehan on 4/7/2026, 8:56:23 PM
https://nehanarula.org/2026/04/03/bitcoin-and-quantum-computing.html
Comments
by: fluxusars
The thing that supposedly sets Bitcoin apart from other cryptocurrencies is that it's deflationary and 'immutable', in that Satoshi is gone forever and any deviation of Bitcoin from his golden idea will result in undermining its essence. If Bitcoin can get quantum-attacked then, from a technical point of view, nothing will be lost. The Bitcoin core devs can issue a word-of-god statement stating that they'll roll back the chain to before the attack, and all is well. Then they'll change the cryptography. But at that point, is it still Bitcoin? Because you've undermined the immutability. If the core devs can just say "this core property of Bitcoin is now something completely different", who's to say that they won't change their minds about the deflationary nature in the future? All credibility will be lost. Now, if you accept that, is perhaps all credibility lost already? ...
4/7/2026, 10:37:32 PM
by: j2kun
> I personally care more about using Bitcoin than its price<p>I suspect that the author is in a pretty drastic minority here.
4/7/2026, 11:00:01 PM
by: mmastrac
The mostly likely quantum attack on Bitcoin will be a catastrophic transfer of large wallets to burn addresses along with a massive short position. No need to worry about washing stolen coins when you can just enjoy your "well timed" legal short position's windfall.
4/7/2026, 9:48:56 PM
by: glerk
One thing that is not addressed: say this quantum attack happens tomorrow and everyone agrees it was an attack, what would prevent the community (miners, node operators, and users) to hard fork the chain at a snapshot before the attack, patch the protocol, and call that Bitcoin? There would be loss of value of course, but it is not unrecoverable.<p>It’s worth remembering that Ethereum forked for much less (not even a bug in the protocol, but a bug in a private application running on the protocol) and nobody seems too upset about it a decade later.
4/7/2026, 10:10:44 PM
by: memnips
Somewhat ironic question, but as ETFs holdings of BTC continue to grow, is there a possibility that the custodians of those ETFs start to have a backup plan for ETF holders or create an alliance to push a fork forward? The management fee those companies generate is non-trivial, so they're incentivized to stay ahead of this.<p>Now, of course, the irony here would be traditional finance infrastructure winning out over decentralized, which could definitely deal a psychological blow to BTC's perceived value... but it's something I've been thinking about lately as this existential threat rises on the horizon.
4/7/2026, 10:29:20 PM
by: EthanHeilman
"A CRQC is an existential threat to Bitcoin (you might believe this is very low-likehood). Your measurement of this threat should literally be:<p>(A) How likely you think it is a CRQC appears by a given time, multiplied by (B) How likely it is you think Bitcoin will not successfully upgrade by that time."<p>It would interesting to survey people about their answers.<p>My off the cuff answer is:<p>2030: A=0.05, B=0.01<p>2035: A=0.50, B=0.001<p>2045: A=~1.0, B=~0.0<p>I reserve the right to change my mind on these answers at any point. This is not a serious prediction.
4/7/2026, 9:06:27 PM
by: schoen
As was alluded to in the comments, my colleagues at Blockstream Research are doing some work on this with mechanisms called SHRINCS and SHRIMPS.<p>Of course, inventing and demonstrating a quantum-resistant signature mechanism isn't the same thing as deploying it in consensus or upgrading everyone's UTXOs to it, and it's fair to say that there are many steps in between!
4/7/2026, 9:44:14 PM
by: jaspanglia
I think we still have a 3-4 years of escape window to reach the necessary qubit range of breaking the encryption. But China is unstoppable and advancing rapidly, So crypto community needs to upgrade to Post-Quantum Cryptography before the threshold breaks.
4/7/2026, 9:41:43 PM
by: EGreg
Apparently bitcoin foundation is already working on SHRINCS and SHRIMPS. But whether they will forcibly revoke keys of satoshi and all early bitcoin whales or not is another question!
4/7/2026, 10:39:14 PM
by: tromp
Good article with some questionable remarks like<p>> Q: Stealing is illegal, so why would anyone use a CRQC to steal Bitcoin?<p>> A: If you truly believe this, you really should value Bitcoin at 0 – it has many unnecessary components with a lot of overhead, like proof-of-work and digital signatures.<p>Proof of work is still necessary for two reasons:<p>1) to fairly distribute all coins (it's not sufficient though, e.g. Bitcoin's halvings still concentrate wealth on early miners/adopters)<p>2) to provide objective proof for the true transaction history, anchored in energy expenditure.<p>A related article on Bitcoin Core resistance to upgrading: <a href="https://murmurationstwo.substack.com/p/bitcoin-developers-are-mostly-not" rel="nofollow">https://murmurationstwo.substack.com/p/bitcoin-developers-ar...</a>
4/7/2026, 9:27:34 PM
by: burakhopsule
[dead]
4/7/2026, 10:05:38 PM
by: adhoc32
[dead]
4/7/2026, 9:49:24 PM
by: xoa
><i>Q: Stealing is illegal, so why would anyone use a CRQC to steal Bitcoin?</i><p>I've had this thought for awhile actually: how would reproducing some random number be legally "stealing" under any legal system in the world? Putting aside that cryptocurrencies have always been about "code decides" etc, that they're outside of the legal system entirely, but I'm struggling to see where there's any actual property interest here. Randomly generated numbers are not protected by IP in any way. There's no computer fraud act angle or the like here, nobody would be having so much as the slightest interaction with anyone else's private system. They'd merely be taking publicly available unprotected numbers and doing some math on them with their own quantum computer. Somebody else who has something related to those numbers is never deprived of them or interacted with in the slightest. There is nothing resembling "hacking", no flaws in the software exploited, all just math there from the start.<p>I can understand how suddenly a lot of proponents might wish to cling to and push the idea that it's "illegal" or "stealing", but doesn't appear to be any meat on dem bones. Maybe they hope to generate support to get laws passed banning it, though hard to see that working out either. As a practical matter seems like they're just going to have to agree on a transition to new version using PQE algorithms and try to convert over before it's too late?
4/7/2026, 9:43:49 PM