The discussion around the threat of quantum computing for the crypto industry has intensified in recent months as research groups and crypto experts outline their estimated timelines for these machines to potentially challenge the security of current cryptographic systems, including blockchains. For investors, the question is how blockchains can circumvent this, even if the risk remains mostly hypothetical for now.
Ethereum co-founder Vitalik Buterin recently suggested a “nontrivial” probability that quantum computers could break cryptography before 2030, placing the likelihood at around 20 percent. And while other analysts place the median expectation a decade later, the potential timelines are enough to encourage development teams to take preventative measures.
What is quantum computing?
Quantum computing refers to a method of computation that uses “quantum principles” (from fundamental physics) to process information in ways that the current hardware cannot match. A classical computer, for example, stores and manipulates data in bits that take the value of 0 or 1, while a quantum computer uses quantum bits, or “qubits”, which can occupy a wider range of states during a calculation. This allows certain types of complex mathematical problems to be explored more efficiently.
A common example is the ability to identify hidden periodicities inside large numerical systems (essentially repeating patterns), which becomes impractical for current hardware once the numbers grow beyond a certain size. Today’s hardware cannot create and stabilise computations like this for long. However, these experiments give researchers an indication of how more advanced quantum machines might be able to approach the types of problems used in public key cryptography, which is why blockchain projects have been following this field closely.
Why quantum computing matters for crypto
Public blockchains rely on digital signatures to establish ownership of funds. Most networks use Elliptic Curve Signature Algorithm (ECDSA) or Schnorr schemes to prove that a transaction was authorised using a private key, which also makes the corresponding public key visible once the transaction is sent. If quantum computing became capable of deriving private keys from public ones, these signature schemes would need to change.
It is important to note that this does not affect the underlying blockchain itself, because a blockchain’s core components (i.e., block production and consensus rely on hashing functions) are not compromised by quantum algorithms. The hypothetical point of vulnerability, or attack vector, is only linked with accounts whose public keys have been revealed during past activity.
For example, a Bitcoin address that has never sent a transaction stays protected because only the hashed version of the key appears on-chain. Once a transaction is sent to the network, the full public key becomes visible. This creates a point where a quantum machine could attempt to compute the private key associated with it.
For Ethereum, which is a smart contract platform, the logic is still the same. Actively used addresses (including protocol treasuries and multi-sig wallets) all rely on signature schemes that reveal public keys when they interact with the network.
With this in mind, the process used to verify fund ownership may need to eventually shift to “quantum-resistant” alternatives, thereby requiring wallets to upgrade to new signature schemes. The scale of this transition is, however, quite substantial, as millions of on-chain accounts would need a steady path to migrate without losing access to historical balances and transaction records. Developers are already testing ways to do this gradually over time.
Bitcoin and Ethereum
Bitcoin is the largest and oldest blockchain therefore any proposed adjustments to its signature scheme will require a very conservative approach. The issue for Bitcoin is its large number of untouched or lost addresses that were created many years ago. This means, hypothetically, that a sufficiently advanced quantum computer (i.e., using Shor’s algorithm) could attempt to recover the private keys associated with them. These coins, which form large part of the supply, cannot migrate to quantum-resistant signature schemes, and this creates a unique problem for Bitcoin because any future upgrade would rely on active accounts to move their funds voluntarily.
Adding a new signature scheme is technically straightforward and could be implemented through a soft fork, similar to how SegWit and Taproot upgrades were introduced. The difficult part is coordinating a major shift across millions of existing wallets while leaving the lost supply untouched. Any attempt to deal with the lost supply would require a change to Bitcoin’s consensus rules, which goes against longstanding principles such as immutability and property rights and is therefore very unlikely. Another proposal, suggested by Bitcoin developer Agustin Cruz, is a hard fork known as the Quantum-Resistant Address Migration Protocol (QRAMP), which essentially means coins would have to move to the new chain to remain spendable, while the unmoved or lost coins would simply become unspendable after a certain deadline.
In addition, quantum computing arguably has no real impact on Bitcoin’s mining process. Proof-of-Work relies on SHA-256, which essentially functions as a blind guessing mechanism, and quantum methods do not provide a meaningful shortcut to that process. Even with algorithms such as Grover (a quantum search method), the structure of the puzzle does not change, and specialised ASIC hardware continues to outperform anything a quantum machine could offer for the foreseeable future. Moreover, the difficulty adjustment would also absorb any marginal efficiency gains, keeping block production at its normal schedule.
Ethereum is better positioned to manage signature scheme upgrades because it already supports wallet designs in which the rules that validate a transaction are written into the wallet itself (instead of fixed at the protocol level). These wallets can incorporate new signature schemes, allowing users to move their balances into quantum-resistant formats without altering their existing transaction history. Zero-knowledge (ZK) proof systems give an additional layer for users to demonstrate control over their existing holdings without revealing information that would be unsafe in a quantum environment.
Ethereum has also outlined how the network could respond if quantum progress accelerates. Vitalik Buterin addressed this in one of his research posts, explaining that the chain could (in an extreme emergency) revert to the last block before any theft became visible, and that externally owned accounts (EOAs) relying on exposed signatures would be prevented from sending further transactions until their funds were secured.
The current state of quantum computing
While measures are certainly being taken as a precaution to a potential future threat, it is perhaps more important to mention that quantum computers today are still far from being able to threaten public key cryptography. Breaking an exposed ECDSA key would require millions of qubits, and the current machines are nowhere near powerful enough to handle such a computational workload.
For instance, it is estimated that a quantum computer with around 13 million qubits would take a full day to crack a private key associated with a vulnerable Bitcoin address. Google’s Willow processor only has 105 qubits and IBM’s Heron processors range from 133 to 156.
Meanwhile, the cryptographic community has not been complacent and continues to advance the research field known as post-quantum cryptography (PQC) in parallel. The National Institute of Standards and Technology (NIST) has already selected a first set of PQC signature standards that will eventually replace today’s cryptographic and public key schemes over the coming years.
Admittedly, if quantum computing threats were to even emerge, the economic incentives for an adversary would likely appear first in TradFi infrastructure. Banks, custodians, payment networks, settlement rails, for example, protect substantially larger pools of capital and sensitive data. Any adversary capable of operating a quantum threat would prioritise these centralised environments long before attempting to drain individual crypto accounts (global fixed income and equity markets are valued at approximately USD 154 trn and USD 128 trn, respectively). This is also why financial institutions will likely be among the earliest adopters of quantum-resistant solutions, with their implementations setting the standards that blockchain protocols will eventually have to work with.
Outlook
Based on the information available today, quantum computing is making progress, but only an unanticipated technical breakthrough would warrant a reassessment of the estimated timelines.
In any case, it is a sensible move for blockchain developers to take preventative measures well ahead of time, even if the probability of a genuine quantum threat remains negligible for the time being. The truth is that quantum computing does not threaten existing blockchains and public key cryptography today, and the signature schemes in use will almost certainly be replaced long before quantum computers become powerful enough to break the status quo. Because of that, however exciting the subject itself may be, the actual transition to quantum-resistant signature schemes is likely to be slow and uneventful.
Sign up for Future Finance
Join our 40,000 strong global community to future proof your investments. Sign up now to be the first to receive our news, product launches, industry reports and educational series.
Disclaimer: The information in this publication pertaining to Sygnum Bank AG (“Sygnum”) is for general information purposes only, as per date of publication, and should not be considered exhaustive. This publication does not consider the financial situation of any natural or legal person, nor does it provide any tax, legal or investment advice. This publication does not constitute any advice or recommendation, an offer or invitation by or on behalf of Sygnum to purchase or sell any assets. No elements of precontractual or contractual relationship are intended. While the information is believed to be from accurate and reliable sources, Sygnum makes no representation or warranties, expressed or implied, as to the accuracy of the information. Sygnum expressly disclaims any and all liability that may be based on such information, omissions, or errors thereof. Any statements contained in this publication attributed to a third party represent Sygnum‘s interpretation of the data, information and/or opinions provided by that third party either publicly or through a subscription service, and such use and interpretation have not been reviewed by the third party. Sygnum reserves the right to amend or replace the information, in part or entirely, at any time, and without any obligation to notify the recipient of such amendment / replacement or to provide the recipient with access to the information. Simultaneously, there is no obligation of Sygnum to inform recipients of information, if before provided information later becomes outdated, inaccurate or obsolete, unless otherwise provided by applicable law. The information provided is not intended for use by or distributed to any individual or legal entity in any jurisdiction or country where such distribution, publication or use would be contrary to the law or regulatory provisions or in which Sygnum does not hold the necessary registration, approval authorisation or license. Except as otherwise provided by Sygnum, it is not allowed to modify, copy, distribute or reproduce, display, license, or otherwise use any content for commercial purposes.