Quantum computers pose a theoretical threat to Bitcoin’s cryptography, but the more immediate risk is political: the community’s ability to agree on and implement a quantum-resistant migration. Advanced quantum computers remain limited today, while around 25% of the supply (about 6 million BTC) is exposed by old or reused addresses, an operationally critical point for traders and managers.
Bitcoin’s cryptography rests on ECDSA (signatures) and SHA-256 (hashing). Shor is the quantum algorithm capable of deriving private keys from public keys and therefore threatens ECDSA; Grover offers only a quadratic speedup for hashing.
Today there are no quantum machines with the practical capacity required: estimates range between 10,000 and 100,000 logical qubits, which could require millions of physical qubits to achieve fault tolerance. Current processors cited include chips of ~105 qubits and projects with 1,121 or more than 6,000 neutral atoms, but they are far from the required scale. Industry estimates range between a more distant horizon (beyond 2030) and aggressive forecasts that place a possible “Q‑Day” toward 2028; some analysts call for action as early as 2026.
A relevant operational vector: many old P2PK addresses and reused addresses expose the public key on-chain, creating immediate attack windows as soon as sufficient quantum capability exists. The threat model “harvest now, decrypt later” describes the practice of storing encrypted data today to decrypt it in the future, increasing the risk of retroactive loss of funds.
Policy, Bitcoin´s governance and markets
The central challenge is not only technical but governance. Implementing post‑quantum cryptography (PQC) requires choosing algorithms —for example, lattice-based schemes like CRYSTALS‑Dilithium, or hash-based options like SPHINCS+— and agreeing on deployment mechanisms.
The Bitcoin community, distributed among miners, developers and users, has already shown prolonged disagreements on less drastic upgrades, which increases the likelihood of political friction in the face of an urgent migration. Operational tensions include increased signature size —which would raise transaction and block sizes— and the need to update hardware wallets, reigniting scalability debates.
Externally, bodies like NIST are standardizing PQC and governments are promoting migrations in federal systems, creating a mismatch between regulatory imperatives and the inability to coerce a decentralized network. This could trigger regulatory clashes and a market split if institutional investors demand “quantum readiness.”
On the product side, some chains have already advanced in quantum resistance; cited examples include QRL, IOTA, Nervos, Algorand, Cardano, Ethereum and Zcash. For managers and traders the implication is clear: mere expectation about sufficient quantum capability can erode confidence, trigger mass sell-offs and reconfigure ETF flows and demand for hedges. A conflict over the migration method —hard fork vs. phased solution— would add risk of fragmentation and volatility.
Bitcoin currently has a technical window to plan the transition, but the real test will be political: the speed and cohesion with which the community accepts and executes post‑quantum solutions.
