ECC

DHracer

I've always wondered what would be the leading signs to look out for once ECC is cracked across different organizations. EG what does it look like when a government organization cracks ECC? Private company? Individuals? I'm guessing a government organization might try and target known crypto wallets that are ECC protected for targeted reasons and most likely don't throw a wide net with exploiting it. They may use it when it's absolutely needed and so that they don't show their cards to the other team. Private companies? Maybe they keep it under their hats, but it's possible they discuss with government organizations or public organizations (NIST?) about ramifications. Individuals? All hell breaks loose

Crypto_future_V

Good overview. One nuance worth adding is that fault-tolerant quantum computing at the scale needed to run Shor on real-world ECC is still a massive leap from today’s devices. Logical qubit counts, error correction overhead, and sustained coherence remain the real bottlenecks, not just raw qubit numbers.

lookingglass91

That’s not true, The entire Zcash dev team just walked out. Electric Coin Company - the people who actually build Zcash - resigned yesterday.  All of them. At once. The dispute: "malicious governance" by Bootstrap, the nonprofit that controls ECC. The CEO says the board changed employment terms to make it impossible to work. He's calling it constructive discharge. Translation: the builders and the board couldn't agree on who controls the money and the roadmap. So the builders left. ZEC was down 19% in 24 hours after this. From $480 to $392. Why this matters: Zcash isn't like Bitcoin where the protocol is "done." It's actively developed - zk-SNARKs, Sapling, Orchard. Without the core team, there's no roadmap. The chain runs, but the future doesn't. The devs say they're forming a new company to continue building "unstoppable private money." Whether that means a fork, a competitor, or something else - unclear. Whatever. The deeper issue: Nonprofit governance structures in crypto are a liability. When the builders and the board diverge, you get this - a public meltdown while the token tanks. Monero doesn't have this problem. No company, no foundation with a board, no dev fund to fight over. Just contributors who show up. Zcash was the "institutional-friendly" privacy coin. Now it doesn't have institutions OR developers. Privacy coins are consolidating. This accelerates that.

coinfeeds-bot

tldr; Electric Coin Company's Zcash developer team has left the company following a governance dispute with its parent nonprofit, Bootstrap. ECC CEO Josh Swihart accused Bootstrap board members of misalignment with Zcash's mission. The team plans to continue working on Zcash under a new company, while the Zcash protocol remains unaffected. The split raises concerns about future funding, coordination, and governance within the Zcash ecosystem. The Zcash Foundation emphasized the protocol's decentralization and ongoing functionality. *This summary is auto generated by a bot and not meant to replace reading the original article. As always, DYOR.

AutoModerator

Post is by: Express_Classic_1569 and the url/text [ ](https://goo.gl/GP6ppk)is: https://peakd.com/hive-167922/@cryptoandcoffee/zeczcash-having-a-wobble-fts ZEC down \~15 to20% after ECC core team resigns, governance dispute hits price *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/CryptoMarkets) if you have any questions or concerns.*

_DaBau5_

the coin doesn’t have a CEO lol. the company that employs developers has a CEO. and the devs quit that company to start a new company where they are not limited by the ECC board

coinfeeds-bot

tldr; Electric Coin Company (ECC), the core development team behind Zcash (ZEC), resigned en masse on January 7 due to governance disputes with the board. ECC’s CEO described the exit as a result of 'constructive discharge,' citing board actions that hindered the team’s ability to fulfill Zcash’s mission. The developers plan to form a new company to continue working on Zcash’s privacy technology. The resignation has caused a governance crisis, raising concerns about the project's future, though the Zcash network remains operational and decentralized. *This summary is auto generated by a bot and not meant to replace reading the original article. As always, DYOR.

downtherabbit

What does that even mean. Quantum computing is a THEORY. A lot of quantum mechanics isn't even proven, it is just pretty maths. The closest we will get to "Quantum computing" is figuring out how to store a bit on an electron spinning around a neutron. And to make this useful for computing you would need something that could 'read' that particle to ask if it is a zero or one without changing it from a zero to one. Then you would need another mechanism that changes the way the electron spun from a zero to one. Then you would need to create another standard of defining what an electrons position around a neutron constitutes a one or a zero. Traditional gates with electrical current passing through them wouldn't work. Another option would be to leave our entire binary system behind (for which you would need to throw away UNIX, and create a completely new software and electrical engineering field from the ground up) and use the cosine of the angle of the electron from the neutron to give out a number between 1-360. You could use every group of subsequent four numbers and create an entire new field using base-60 (Sexagesimal) and using every group of subsequent four numbers would be a form of error correction (ECC). So each bit in sexagesimal would be represented by a possibility of four numbers from 1-360. And it would be the same as before, you would need to define what the electrons position around the nucleus correspods to what number. You would need to create a completely new invention that could reliably keep an electron in a certain space or side of the particle (using electromagnetism), and you would need one of these completely new inventions attached to EACH particle. Then you would need a completely new invention that could read the electrons position reliably, whilst corresponding to the input of the other new invention. None of these inventions work. And figuring out how to make them so small that could attach to a single particle without having an impact on other particles around it would require also an entirely new field of technology and physics that doesn't even exist yet. So even if you did all of this. You would have a series of particles running in series that would have to be insulated from all total outside EMF inteference like a faraday cage of sorts which again would require completely new inventions and a new field of science in itself. After all that. You would just have.... a very fast CPU..... And it still wouldn't be able to "speed up" the block speed. It could only be used to increase the hashrate of bitcoin mining. And it still wouldn't break SHA-256 encryption. All faster compute power over the next century is going to do is this. Wont break Bitcoin encyption, and wont break Bitcoin's fundamental code (block rate). It will only increase the hashrate. In short, whoever breaks moore's law and sees a massive improvement in CPU compute power over a very short time without other people having the technology yet will be able to take over the mining pool instantly and take up a large portion of the hashrate, and effectively own all brand new bitcoin. This is the possibility of "QuAnTuM ComPutInG" and the only thing we should be scared of. As this would centralise all new bitcoin to a single entity.

AutoModerator

Post is by: Tsmacks1 and the url/text [ ](https://goo.gl/GP6ppk)is: /r/CryptoMarkets/comments/1q2dj4g/quantum_risk_in_crypto_are_timelines_being/ **Quantum computing timelines are often presented as settled fact. The reality, however, is much less certain.** Some firms and individuals may have financial incentives to downplay near-term risk, while academic researchers hopefully don’t. Researchers may have other biases, but their different incentives generally make their assessments worth examining. Here’s one case to consider: **Preprint: Quantum Resource Estimation for Breaking Elliptic Curve Cryptography** Lays out conditional scenarios showing how NISQ-era progress could reduce resource requirements faster than older estimates. It presents a range of plausible timelines, including possibilities in the late 2020s and early 2030s. [https://www.preprints.org/manuscript/202509.2429](https://www.preprints.org/manuscript/202509.2429) (full PDF: [https://www.preprints.org/frontend/manuscript/662675b70df5bd2d3481cb18c89ceba7/download\_pub](https://www.preprints.org/frontend/manuscript/662675b70df5bd2d3481cb18c89ceba7/download_pub)) I’m not a quantum expert, but learning from experts in the field is invaluable. And yes, it’s a preprint. Even so, preprints are worth paying attention to since the field is moving so fast that papers can already be outdated by the time they are published. Worth reading and consider using an LLM. It’s worth noting that the preprint relies only on publicly available information. Actual quantum progress is unknown. **Confidential research, government programs, and new startups are wildcards for timeline predictions.** Forecasting becomes even more complex with algorithmic improvements to Shor’s algorithm, several of which have already occurred. Also of note, the paper does not include some of the most aggressive public roadmaps (IonQ, PsiQuantum, etc.), instead using a conservative sampling for forecasting. ECC isn’t broke tomorrow and I’m not claiming quantum attacks are imminent, but saying “it’s decades away” does not help anyone when credible researchers are presenting alternative scenarios. It’s the confidence behind the claims that’s concerning. **The key takeaway is the reality of uncertainty.** Quantum progress is real and treating extending timelines as a given without accounting for incentive bias and technical complexity can create a false sense of calm rather than an honest assessment of risk. Not trying to cause alarm or spread FUD, but preparing for a low probability/high impact event should not be swept under the rug. *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/CryptoMarkets) if you have any questions or concerns.*

Old_Shop_2601

Hope so. 8000 logical qubits is for 2029. But there are recent algorithmic optimization for Shor that require a lower threshold. To crack 256-bit ECC, you need about 600-700 qubits. Which means as early as 2027, if Ionq delivers as per their roadmap, secp256k1 will be broken. Simple like that. Don't hold your breath...

terp_studios

That’s true. Quantum computers will be a threat, but they are very far away and not a threat right now or even in the next few decades most likely. Cracking ECC requires a quantum computer to have 1500-2000 error correcting qubits…they haven’t even been successful making a single error correcting one. If they can’t figure that out, they’ll need ***millions*** of noisy qubits with better error correction than they have now. The best quantum computer now has 100-1000 very noisy qubits. It’s best to remember that these “quantum experts’” jobs depend on their predictions…it’s most likely further out than they are saying. Everyone shouting “quantum computing is going to kill Bitcoin” from the rooftops have absolutely no idea how difficult of a problem it really is to create, operate and run one.

Shoddy_Trifle_9251

The security vulnerability for blockchains has nothing to do with sha256. The issue is the digital signature that use ECC. It's amazing how many people shout from the rooftop that Bitcoin is not in danger have absolutely no idea what in the hell they are talking about.

Shoddy_Trifle_9251

Dunning Kruger effect. It's not sha256 that is the problem...it's the digital signature that use ECC. "But muh banks...nuclear codes...sha256"...

Old_Shop_2601

PGP is partially at risk because of quantum computing. The components that are based on RSA, DSA, Ecdsa or EdDSA are vulnerable to quantum computers. Any public-private key based on these algorithms will be broken by QC. I see you are part of the WHATABOUTISM herd. The telcos, banks, etc are aware of these risks and implementing post-quantum security measures. You should worry instead about BTC, Ethereum and countless of cryptos relying on ECC. https://preview.redd.it/9bxczlph3y7g1.jpeg?width=1179&format=pjpg&auto=webp&s=3ad009bb14c98ecef2c149fde0b4355fc7dfc9d5

Cryptizard

> Why use something that barely works (and won’t as quantum computers improve) It doesn't "barely work" it is a completely acceptable level of security for the foreseeable future. And, again, quantum computers don't change that. >As to ECC do you know the differences between a blockchain and a hashgraph right? Yes. And I know it has nothing to do with how ready a chain is for post-quantum cryptography.

jpetros1

The key sentence you’re saying is “SHA-256 at a minimum”. Why use something that barely works (and won’t as quantum computers improve) when there’s a solution (Hedera) that’s natively SHA-384? As to ECC do you know the differences between a blockchain and a hashgraph right? Blockchains are fundamentally broken (mathematically) and unable to adjust to scale in a post-quantum computing world. No matter how many forks they have.

Cryptizard

>I disagree, quantum computers will drastically reduce the safety margin Well then you're just fucking wrong. It is factually incorrect. >Show me a government or global corporate enterprise that’s willing to bet their technology stack on anything less than sha-384. Uhhh... basically all of them. >NIST encourages application and protocol designers to implement SHA-256 at a minimum [https://csrc.nist.gov/projects/hash-functions/nist-policy-on-hash-functions](https://csrc.nist.gov/projects/hash-functions/nist-policy-on-hash-functions) >As to ECC my point is Hedera is much better positioned to adapt to this change vs every other blockchain that will require forking. Said with no reasoning to back it up whatsoever.

jpetros1

I disagree, quantum computers will drastically reduce the safety margin making those chains less than sha-384 unusable in a world dominated by quantum computers. Show me a government or global corporate enterprise that’s willing to bet their technology stack on anything less than sha-384. As to ECC my point is Hedera is much better positioned to adapt to this change vs every other blockchain that will require forking.

ReelTech

I have a friend who is very close to Bitcoin development and he mentioned that network upgrade is going to be very challenging because of the likely capacity difference between Elliptic Curve Cryptography (ECC), specifically the Secp256k1 curve, and algorithm required in the context of quantum computing.

pop-1988

There is no Satoshi wallet. There are thousands of unspent mining reward coins with different addresses. The belief that all were mined by one person is ridiculous There's a proposal to freeze all unspent ECC coins - the P2PK early mining coins, and all unspent P2PKH and P2WPKH coins. There was a short period of debate. Some people support this. Some people oppose. The arguments are easy to find in Bitcoin developer mailing lists and on GitHub. It's not likely to happen. Also, there's no threat of a powerful enough QC for at least 70 years

biba8163

Any time now! > “IBM researchers make another advance in quantum computing, demonstrating ‘Shor’s Algorithm,’ which can break large encryption codes.” > “It was that algorithm, and the promise it holds for its ability to break large encryption codes, that spurred interest in quantum computing in the 1990s.” **(2001)** > https://www.wired.com/2001/12/big-blue-takes-quantum-step/ | Year | Largest universal quantum computer | What it could do | Crypto threat? | Source | |------|------------------------------------|------------------|----------------|--------| | 2001 | 7 qubits (IBM NMR machine) | Factored 15 (toy demo) | ❌ No | https://www.wired.com/2001/12/big-blue-takes-quantum-step/ | | 2015 | ~5–10 gate-model qubits (typical academic/industry machines at that time) | Only toy demonstrations; conceptual discussion of quantum risk | ❌ No | https://www.wired.com/2015/09/tricky-encryption-stump-quantum-computers/ | | 2024–2025 | ~105 physical qubits (Google Willow chip) | Early error-correction research; not capable of breaking crypto | ❌ Still cannot even dream of breaking RSA/ECC | https://www.theverge.com/2024/12/12/24319879/google-willow-cant-break-rsa-cryptography | > “…Yesterday, we published a preprint demonstrating that 2048-bit RSA encryption could **theoretically be broken by a quantum computer with 1 million noisy qubits** running for one week.” - Google Online Security Blog. Google researchers Craig Gidney and Sophie Schmieg on May 23, 2025. It explicitly states the 1 million noisy qubits figure for a theoretical break of 2048-bit RSA under certain assumptions. https://security.googleblog.com/2025/05/tracking-cost-of-quantum-factori.html

RobotAlfie

My understanding is that the hashing mechanics bitcoin uses to create the blockchain was invented by the nsa. The sha-256 formula to encrypt information was made by them, and then Satoshi paired that hash formula with wallet ECC (elliptic-curve cryptography) encryption to create the blockchain. ECC existed before bitcoin and blockchain technology. Much like other innovators, satoshi built and combined peoples past work to make something new but still made up of the parts created by others. for example the iphone wasnt the first phone, but it combined past invention with screen touch capabilities to totally revolutionize the personal computer industry.

faelingboy

Grayscale filing for a Zcash ETF is pretty significant for privacy coins as a whole. It shows institutional interest in the privacy-focused sector that many thought would remain fringe due to regulatory concerns. Worth noting that while Zcash has pumped 1000%, this isn't solely due to the ETF filing - the rally started earlier with Zcash's halving in November and the ECC restructuring to a DAO model. The ETF filing is adding fuel to existing momentum. If approved, this would be the first privacy coin ETF in the US, which is surprising given the historical regulatory scrutiny on privacy coins. SEC hasn't been friendly to crypto in general, so

AutoModerator

Post is by: Tsmacks1 and the url/text [ ](https://goo.gl/GP6ppk)is: /r/CryptoMarkets/comments/1p61o1o/if_you_want_a_quantum_hedge_zcash_isnt_it_heres/ ZEC is not a quantum-resistant crypto. A few key points: * **Uses elliptic-curve cryptography (ECC)** \- Zcash relies on elliptic-curve cryptography, which is vulnerable to Shor’s algorithm on a sufficiently powerful quantum computer. * **Current zk-SNARKs are not quantum-resistant** \- The zero-knowledge proofs that power Zcash’s privacy features depend on cryptographic assumptions that quantum computers could break. * **Protocol-level quantum-resistant cryptography has not been implemented** \- Zcash developers have not yet integrated post-quantum signature schemes or hashing into the protocol. * **Privacy could be unwound retroactively** \- Because Zcash’s past shielded transactions depend on ECC-based security, a quantum computer could theoretically deanonymize years of transaction history. * **Focus is currently on “quantum recoverability,” not true resistance -** Zcash is building a temporary defense mechanism as way to survive long enough to upgrade the system. This is not the same thing as being a quantum-resistant crypto. * **Migration and upgrade risks remain** \- Emergency protocol changes are chaotic and unpredictable, unlike a system designed for quantum resistance from the start, making ZEC still susceptible to a quantum induced panic. If you want a quantum hedge, **do it with the correct coin,** or don’t do it all. Buying a privacy coin for the purpose of quantum resistance is like buying a boat to drive on the highway. *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/CryptoMarkets) if you have any questions or concerns.*

digital_n01se_

Is ECC vulnerable to Shor's algorithm?

Billy_Bowleg

You are wise to be asking these questions as most of the crypto space either refuses to believe quantum is viable tech or thinks it's much farther out than it is. Trad-fi will be quick to transition to post-quantum encryption and in fact many institutions are already developing PQC to protect customer assets. There are ways to hedge the arrival of quantum computer in the crypto space, just have to do your research. There are exciting projects out there that are positioned to take on the quantum age with natively integrated PQC. Just about every legacy blockchain using ECC (bitcoin, all its forks, eth etc) will have to hard fork and require users to manually migrate to PQC wallets or face eventual security compromises.

pop-1988

> How does the network react if thousands of old UTXOs begin to move under attacker control? If the spending txinput has a valid signature, the network confirms the transaction. There's no attack, no doom > Is post quantum secure technology already available Not practically. Several algorithms were recently approved by NIST, but they're too new to know if they're really secure > would integrating it materially change the blockchain today? Signature verification would be several hundred times slower, making Bitcoin's 10-minute block interval infeasible Also, the popular habit of address reuse (missing from your analysis) would cause significant losses when using post-quantum key pairs. Unlike ECC key pairs, a quantum-safe key-pair is unsafe to reuse after it has made one signature. Bitcoin users have always been advised that an address is single-use, but the blockchain has no address index for fast lookup of already-used addresses, so it's technically impossible to enforce single-use addresses. This won't be changed post-quantum. What will change is that users who ignore the advice - no address reuse - will find their coins being stolen > it deserves serious attention Not really. The development of quantum computers which might be able to run Shor's algorithm is at least 60 years into the future, and is extremely unlikely to ever happen But here you are, another doom predictor posting the same urgency claim as we read here at lest once every week. Plus ça change, plus c'est la même chose Did you try reading all the other threads making exactly the same claim?

hollisimo

Not gonna happen. If QC breaks ECC tomorrow then pause mining at a given block till the replacement QC crypto is brought in ( there are options). Inconvenient, but not the end.

CoconutEven3404

Quantum computing is like a ticking time bomb for blockchain security. Its ability to break the cryptographic algorithms that most cryptocurrencies rely on is what has everyone on edge. The culprit? Elliptic Curve Cryptography (ECC). This is the tech behind generating private and public keys, authenticating transactions, and securing digital signatures. If quantum computers can crack this, we might as well throw blockchain security out the window. Possibly by 2028-2030. What are your thoughts on the long-term viability of the security and if they do crack the security how does crypto recover?

CoconutEven3404

Quantum computing is like a ticking time bomb for blockchain security. Its ability to break the cryptographic algorithms that most cryptocurrencies rely on is what has everyone on edge. The culprit? Elliptic Curve Cryptography (ECC). This is the tech behind generating private and public keys, authenticating transactions, and securing digital signatures. If quantum computers can crack this, we might as well throw blockchain security out the window. How do you feel about the possible long term threat to their security?

CoconutEven3404

Long term bear, volatility bull. I read a article that said Quantum computing is like a ticking time bomb for blockchain security. Its ability to break the cryptographic algorithms that most cryptocurrencies rely on is what has everyone on edge. The culprit? Elliptic Curve Cryptography (ECC). This is the tech behind generating private and public keys, authenticating transactions, and securing digital signatures. If quantum computers can crack this, we might as well throw blockchain security out the window.

Billy_Bowleg

The conspiracy theorist in me thinks this draw down is an exit of long-term holders motivated by the in-the-know intel on the arrival of Qday. Looking into it, the arrival of QC seems to be coming sooner than we all think. Many people choose to stick their head in the sand and not think about such a possibility. Or use whataboutisms like if QC arrives, the world is screwed anyways. This is fundamentally not true as we know PQC already exists and centralized institutions are already testing PQC in anticipation to protect customer assets. As it stands, BTC, its forks and other legacy chains protected by ECC type encryption are vulnerable and will remain vulnerable until drastic changes occur. Changes that will involve complicated migration of assets and/or consensus on difficult decisions that will fundamentally change the story. Personally I believe it be wise to hedge against this very real threat in this rapidly changing world. PQC is the future, DYR.

anymonero

The network traffic is encrypted with TLS, so you can't just read it with Wireshark but once ECC is broken, you can decrypt it because you could derive the shared secret. Though Firefox and Chromium already have post quantum TLS implemented through ML-KEM, so it's actually already fixed.

anymonero

What will be hit harder than the complete and irrecoverable destruction of the entire cryptocurrency system? Everything else that relies on ECC would only lead to privacy issues, not reset the entire economy.

Critical_Sun_7602

No where NEAR that fast though; None of those scale exponentially. None of those improve just because capital increases. We’re dealing with material science ceilings and thermodynamic ceilings, not tech hype cycle ceilings. Right now, we have 1 maybe 2 logical qubits after error correction in lab conditions. To break ECC we need thousands of logical qubits and millions of physical qubits, stable for hours, not milliseconds. There is no trend line, accelerated or otherwise, that bridges that gap in four years. None. You can throw $50B or even $100B at this tomorrow and you still can’t fix decoherence or error rates with money. I’m not saying it won’t happen. I’m saying the timeline isn’t remotely compatible with next cycle. The engineering, physics, and cryogenic demands make this a decades problem, not an election cycle problem. And so I disagree with you strongly.

Critical_Sun_7602

If only you knew how far away we are from efficient quantum computers that can even break ECC or other encryption algo’s , we can barely hold a few hundred stable qubits with our current tech, in order for quantum computing to even get close to cracking ECC and such will require an immense amount compute power, we can barely hold these stable for seconds let alone long enough to crack an algo like this, more to the point we need 100’s of thousands if not millions of stable qubits before this will happen. Though mark my words, the moment it does, the entire system and every security infra goes down at light speed.

HSuke

Nah, they'll be fine. Let's check some popular websites: * Chase, Ally, and Charles Schwab: Use TLS 1.3, X25519, and AES_256_GCM or AES_128_GCM * Coinbase & Kraken (and Reddit): Use TLS 1.3, X25519MLKEM768, and AES_128_GCM * **X25519** is ECC and vulnerable to quantum computing * **X25519MLKEM768** is post-quantum * **AES 128** might be vulnerable to quantum computing, but it depends on Grover's algorithm, which doesn't parallelize well * **AES 256** is not vulnerable NONE of the banks currently use PQC encryption. So we are screwed right? Nope. * First, banks can upgrade pretty easily with new SSL/TLS certificates. Just takes an IT support ticket. * Second, this is just for web traffic. Passwords and authentications keys are still strongly-hashed before they're transmitted. So even if they decrypt web traffic, they still can't get to the passwords from the hashes. I've decrypted web traffic before--all the login keys are still hashed. * The part they can steal are the session authentication tokens. * All banks use 2FA and conditional access. If an attacker takes over a session, they probably can't replay at their own computer because conditional access detects source locations and will require that new location to sign in again with a separate 2FA code. * Quantum computing still requires a super computer and weeks/months to break a single key. It's not instant cracking. * Attackers will go after big targets, not short ephemeral keys of end users. Bank access is the least of our worries. Dev authentication tokens are HUGE targets. Take over an important Github repository, and you can control half the Internet. * Session keys for banks are very ephemeral. Even if an attacker takes over a session, they only get short-term access. It's so not worth it. * The vector for attacks is expected to be "harvest now, decrypt later". Log web traffic now to be attacked later. These kinds of attacks are useless against going after session keys and ephemeral keys because they will be long-expired by the time of attack. After the first attack, many systems will upgrade.

AutoModerator

Post is by: tornavec and the url/text [ ](https://goo.gl/GP6ppk)is: /r/CryptoMarkets/comments/1p1tj23/buterin_warns_bitcoin_ethereum_could_die_by_the/ Vitalik Buterin has made a radical change to his forecast for the security of cryptocurrencies. Speaking at the Devcon conference, he claimed that Bitcoin and Ethereum could be susceptible to hacking within the next four years, by which time the next US presidential election will have taken place. The main threat comes from quantum computers. While he previously considered their emergence to be a distant prospect comparable to thermonuclear fusion, he is now calling for urgent action. The current encryption standard (ECC), on which almost the entire blockchain is based, may be compromised by new capabilities. The Ethereum founder insists that the industry must transition immediately to quantum-resistant cryptography. *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/CryptoMarkets) if you have any questions or concerns.*

Romanizer

Yeah, that's what I mean. Noisy qubits won't do anything with Bitcoins encryption. RSA is a joke in comparison. If they need 10 years for RSA, they won't even live to see ECC open public keys reverse engineered.

Romanizer

All the talks about quantum vulnerability are about ECC and known public keys. Most optimistic estimates of when we get enough error-free logical qubits (>2,300) in a quantum computer are at roughly 50 years. There is no computer with a single logical qubit that could operate with this algorithm today. However, most of satoshis addresses are P2PKH, so no visible public key (only the hash). This is some order magnitudes harder to do. Probably never. So if Google or IBM invest many trillions with the goal to crack Bitcoin in 50 years, they could very theoretically be able to get access to some of the first 50 BTC addresses and then probably take several days per key.

Cryptizard

No, AES is not broken by quantum computers. Only RSA and ECC.

iknewaguytwice

IBM, Microsoft, Google, and Amazon all have real, functional, quantum computers. IBM just used one of its quantum processors to generate a 34% speed increase in a bond trading algorithm over competing classical computers. That was in a system with WAY fewer qubits than what Google has been able to achieve. And unless you think The Guardian publishes fluff papers, or that peered reviewed scientific journals are not a legitimate source of information, the you can read all about the latest achievements of Google’s quantum system here : https://www.theguardian.com/technology/2025/oct/22/google-hails-breakthrough-as-quantum-computer-surpasses-ability-of-supercomputers Sure, these are specific algorithms. Just like Shors algorithm is one specific algorithm. 10 years MAX before RSA is being cracked commercially, likely far less before we see governments cracking it, due to the absolutely massive value and power that would give to an intelligence agency. But if you want to snuggle into your copium safety blanket and tell yourself that ECC is safe and that bitcoin is a future, then by all means.

RetiredAvocado

Bitcoin keys use ECDSA. All articles about "seized" bitcoin should be read as "surrendered" bitcoin. No they did not use some imaginary SHA256 backdoor to crack ECC based bitcoin keys. Those are not the same things. Pull up a grokipedia page on both and read them.

coinfeeds-bot

tldr; The article discusses the potential threats posed by quantum computing to Ethereum Virtual Machine (EVM) chains, which rely on elliptic curve cryptography (ECC) for security. Quantum computers could exploit vulnerabilities in ECC, making signatures and public keys susceptible to attacks. While post-quantum cryptographic (PQC) standards exist, implementing them across diverse EVM chains is complex and costly. Solutions include adopting PQC standards, leveraging account abstraction, and chain-specific adjustments. However, coordination challenges and operational costs remain significant hurdles for securing EVM chains against quantum risks. *This summary is auto generated by a bot and not meant to replace reading the original article. As always, DYOR.

detectiverylan12

"Quantum ready" is just marketing fluff. Since Bitcoin hasn't yet updated to be quantum ready, we don't know current wallets would support it. It uses conventional ECC and SHA-256 like any other wallet.

CoinMongerer

No one is arguing that the messages get sent quickly - SWIFT is primarily a messaging network. But it's NOT A SETTLEMENT SYSTEM. When you send money internationally, SWIFT only sends the message; the actual transfer occurs through correspondent banks, often taking 2–5 business days. Crypto enable p2p settlement without intermediaries, no matter the time or what day of the week it is. SWIFT won't be rendered obsolete because of latency limitations on SWIFTNet, or SWIFT FIN, or InterAct, or FileAct. It will be rendered obsolete in the same way high street travel agents were, and video rental stores, and print news papers and magazines. It will be rendered obsolete because Blockchain presents a superior proposition from the perspective of convenience. It will also be forced to go in the not so distant future as there's no extensibility built into it's systems and protocols, and therefore it will be rendered completely useless once quantum computers running Shor’s algorithm break it's RSA-2048 or it's ECC; this will occur in minutes once the computers reach sufficient qubit stability and scale. Keeta Network is extensible to support additional cryptographic algorithms and can be migrated to fully support post-quantum cryptography (PQC), including deprecating all algorithms which are not post-quantum cryptography. Ultimately, none of us know what will happen in the future. Everything at this point is just potential. But if you ACTUALLY READ THE WHITEPAPERS, you'll see that Keeta has that in heaps.

GERALD_64

Great question. The potential of quantum computing to undermine current cryptographic systems is not just a sci-fi idea; it poses a real risk to blockchains that depend on ECC, RSA, and others. I’ve researched more than just the well-known companies like IonQ and Rigetti. An interesting example is Quantum eMotion (QNC / QNCCF). They’re positioning themselves not as a computing company but as part of the security infrastructure for the quantum age, especially through quantum random number generation (QRNG) and encryption hardware and software integrations. What stood out to me is how the “security aspect” might be overlooked in these conversations. Everyone focuses on who makes the fastest qubit, but if quantum computers emerge without secure cryptography, we could face a disaster. Projects like QeM illustrate that the ecosystem needs to grow in several areas: compute, communication, encryption, and trust. Personally, I view the quantum field as a competition across the board computation and defenses. I’m maintaining a broad investment in the sector (crypto and quantum) while avoiding heavy concentration on any single bet.

Original-Assistant-8

And every crypto will say they have a plan. We'll see. It's not a simple switch, very disruptive to any signing with ECC

ImpossibleHodler

Seriously? If quantum computers break ECC, last thing people will worry is Bitcoin. The world would face a complete collapse of digital security infrastructure, rendering online banking, encrypted communications and critical systems like power grids vulnerable to attack. This would trigger massive financial losses, erosion of trust in digital systems and potentially force a global regression from digital to physical transactions until quantum-resistant cryptography can be deployed at scale.

jkl2035

I mean to topic for BTC if we start Talking about possible solutions just when we reach this 1k+ logical BTC State - Migration and pre-discussion about a solution will take way to Long (3-4y) I‘d wish to have a more neutral discussion about this topic in BTC community. It’s always in both extremes. Do we have an issue with quantum Security due to ECC - yes! Will it crash in the next 5y - probably no! Are there solutions available to make BTC quantum Secure - yes (99% sure) Will it take some while to implement - yes, probably 3-4y Imho we have to start now taking this serious and stop denying / ignoring - we have enough time if we start now!

HSuke

I wrote this for the CryptoTechnology sub awhile ago: **TL;DR**: Decentralization has become a **buzzword**. It's a relic of when all blockchains used PoW and Nakamoto Consensus protocols, which require decentralization. Newer PoS blockchains don't actually need full decentralization. Ultimately, what people really want are several aspects related to decentralization: **Safety, Anti-Censorship, Anti-Confiscation**. But newer blockchain security protocols can provide these properties with even light decentralization. ---------------------------- **The term "decentralization" has been OVERUSED as a buzzword so often in the crypto community that it has been decoupled from actual utility and meaning.** These are the traits people actually want instead of the "Decentralization" buzzword: * **Safety**: No bad/invalid transactions; no dangerous reorgs and double-spends * **Anti-censorship**: Transactions always go through in a timely and predictable manner * **Anti-confiscation**: No one can spend another entity's assets without permission. Nearly every blockchain has this property, so it's not a concern (until quantum attacks on ECC) * **Anti-corruption**: The governance or code of the system cannot be taken over by bad actors **There are many issues with over-simplifying this down to "decentralization"**: * It's possible to acquire those properties with very limited decentralization. * Decentralization by itself doesn't guarantee those properties. (Even with high decentralization, PoW blockchains can fail Safety and Anti-censorship due to selfish mining attacks and spam if the underlying protocol is vulnerable.) * The only part that truly requires decentralization is Anti-Corruption. The development needs to be decentralized (or immutable), and the only project that satisfies that property is Ethereum with its 10+ independent core dev client teams. Solana is trying to copy that concept by allowing for multiple nodes, but it's not quite there yet. * Decentralization is inefficient. There's a tradeoff between decentralization and scalability/mobility. Smaller teams develop faster than larger teams. Larger security is more expensive to maintain and slower to operate than small security. **Early PoW blockchains require decentralization** "Decentralization" matter greatly for PoW, longest-chain, heaviest-weight Nakamoto-Consensus protocols like Bitcoin where the winner takes all. It's an old-school idea that has still persisted because most PoW networks actually require decentralization to be secure. By design, they need it to avoid 51% attacks because the winning miner single-handedly has the full power to propose, sequence, reorganize, and validate blocks. In PoS consensus blockchains, those powers are usually separated to different groups. Ironically, despite aiming for decentralization, Bitcoin has some of the lowest true decentralization due to large, centralized mining pools, 98-99% of which are running a centralized Stratum v1 protocol. There is also centralized control over Bitcoin Core's repository by Blockstream and the ~5 members of Bitcoin Core's maintenance team. **Newer PoS blockchains get all the anti-censorship benefits of decentralization without needing to be fully decentralization** Later crypto projects (mostly using some variation of PoS) have vastly different protocols that are extremely resistant to attacks even without moderate decentralization. Their protocol are innately resistant to safety and censorship attacks by design. They have high safety thresholds. This is coupled with some form of anti-censorship block production like separation of powers (block producers are not block attestors) and high rates of block production/low block times. So they already have high security even without needing full decentralization.

ReallyOrdinaryMan

Nope, quantum computing is ineffective against security of banking systems. Closed and centralized system are not vulnerable to it. Its effective against blockchains, because how blockchain cryptography works (ECC).

ChillerID

He says: RSA-2048 and ECC-256 will be compromised in the next few years.

ConcernNormal9255

They are certainly not quantum proof. Their cryptography relies on ECC which is vulnerable.

Maybe_Factor

Some things are currently known to be vulnerable. Particularly RSA and ECC, which work on mathematical principles. Some trad fi relies on such algorithms, but it's entirely possible to build a system which doesn't.

Maybe_Factor

Only 50/50 risk? The algorithm already exists, it needs a quantum computer with a register of roughly double the qubits as the bits used in a bitcoin key (256 bit ECC key) and a register of qubits the same size of the key. So a 2 \* 256 qubit register and a 256 qubit register. IBM has a quantum computer with reportedly over 1000 qubits. The technology exists already to break bitcoin, someone just needs to put it to together and do it.

HSuke

ECDSA and all ECC protocols are the biggest concerns. Basically there will be super quantum computers with the power to crack a single message over the timeline of months or years. The attackers will need to pick big targets since the cost of attacking is high. The first targets will be major security-related organizations. Then maybe large Bitcoin addresses still using P2PK. But keep in mind that much of US government data is already FIPS-140 compliant of resistant to quantum computing. They have already been preparing. So perhaps Bitcoin will be among the first targets.

unthocks

I wouldn't even worry about that for the next 5-10 years. Quantum FUD pops up every cycle. Bitcoin runs on elliptic curve cryptography, and if quantum computers ever get strong enough to break that, the network can soft fork to a quantum-resistant algo. Your coins in a Trezor are fine unless you’ve already exposed the public key (by spending from that address). And no, governments aren’t secretly cracking Bitcoin in the basement — if they could break ECC, banks, military comms, and the entire internet would already be wrecked long before they touched your sats

coinfeeds-bot

tldr; IBM's recent success in breaking a 6-bit ECC key using a quantum computer highlights the potential threat quantum computing poses to Bitcoin's cryptographic security. While current quantum computers are far from capable of breaking Bitcoin's 256-bit keys, experts predict that such a threat could become real between 2027 and 2033. To mitigate risks, the Bitcoin community must adopt post-quantum cryptography and avoid address reuse, as approximately 33% of BTC are currently vulnerable to quantum attacks due to outdated practices. *This summary is auto generated by a bot and not meant to replace reading the original article. As always, DYOR.

Eastern-Smell6565

It's not that splitting into wallets magically makes ECC safe. It's about limiting the number of public keys that ever get revealed, and making sure big balances don't sit exposed after a spend. More addresses = less chance one key compromise dooms the whole treasury.

RefrigeratorLow1259

Doesn't take much power as it is centralised! Only has 23 nodes all run by big corporations - The hardware requirements are massive! The hardware requirements for Hedera nodes are quite specific and depend on whether you are running a consensus node or a mirror node. It's important to note that you can't just run a consensus node; they are currently permissioned and operated by the Hedera Governing Council members. However, anyone can run a mirror node. Consensus Node Requirements The requirements for a consensus node are very high-end and are designed for enterprise-grade performance and security. These are not for a typical home setup. * CPU: A high-performance, multi-core processor (e.g., Intel Xeon or AMD EPYC) with a minimum of 24 cores/48 threads is required. There are also specific performance benchmarks (Geekbench, Passmark) that must be met. * Memory (RAM): A large amount of ECC Registered DDR4 RAM is needed, with a minimum of 256GB and a recommendation of 320GB or more. * Storage: A substantial and very fast storage solution is essential. The requirements include at least 5TB of usable NVMe SSD storage with high sequential and random read/write speeds (e.g., 2,000-6,200 MB/s sequential read). The use of RAID arrays (e.g., RAID 1 for the OS, RAID 0 or 10 for data) is recommended for redundancy and performance. * Network: A sustained, unmetered 1 Gbps internet connection is required to handle the high volume of traffic. The node must also be deployed in an isolated DMZ network with specific ports open.

pontificuxius

For the more technical side of things (if you really want to get into it), look into Elliptic Curve Cryptography (ECC), hashing and Proof-of-Work.

KarateKid84Fan

🔐 Estimating the Probability of Quantum Computing Cracking SHA-256 Let’s clarify what’s involved: ⸻ ⚙️ SHA-256 in a Nutshell • A cryptographic hash function widely used in Bitcoin, blockchain, and digital signatures. • It’s designed to be one-way, meaning you can’t feasibly reverse or “crack” it with classical methods. • Output: 256-bit hash (2²⁵⁶ possibilities ≈ 1.16 × 10⁷⁷). ⸻ ⚛️ What Quantum Computing Can (and Can’t) Do ✅ Quantum Advantage: • Grover’s Algorithm can search an unstructured space of N possibilities in √N time. • For SHA-256, that brings the effective security level from 256 bits to 128 bits. • This is still extremely strong — as strong as AES-128, which is still considered secure. ❌ Quantum Limitations (as of 2025): • Grover’s Algorithm doesn’t “crack” SHA-256 — it only speeds up brute force guessing. • SHA-256 is not broken by Shor’s Algorithm (which is used for breaking RSA/ECC). • A quantum computer capable of attacking SHA-256 with Grover’s Algorithm would need: • Around 10⁶ – 10⁷ logical qubits (not physical qubits — those are much more error-prone). • Millions of quantum gates per query • Extremely low error rates and fault-tolerant architecture. Current state-of-the-art quantum computers (as of 2025): • Have hundreds of physical qubits, not logical qubits. • No current machine can run Grover’s algorithm at SHA-256 scale. ⸻ 🧠 Bottom Line: SHA-256 is quantum-resistant for now. A quantum computer cracking it with Grover’s Algorithm would still take 2¹²⁸ operations, which is still infeasible for the foreseeable future. Estimated probability today (2025): 0% If your application uses SHA-256 (e.g., Bitcoin), it is currently safe from quantum attacks — but future-proofing (e.g., post-quantum cryptography) is worth monitoring for long-term planning.

pbfarmr

It is not a threat to all encryption equally. It is a particular threat to ECC. And a password hashing routine for some random website can easily be changed to one of the NIST accepted quantum resistant options in a few days/weeks. Doing so for BTC would be a political nightmare as has been seen with other proposed changes.

Admirable_Ice3247

A Base58Check-encoded address showing consistent partial matches across many attempts would be statistically improbable if it were happening beyond pure chance. But here's the thing: Bitcoin addresses aren't raw outputs of ECC or SHA-256 alone; they go through multiple layers, including SHA-256, RIPEMD-160, a version prefix, a checksum, and finally Base58Check encoding. So a “33% match” in address characters might feel significant, but it doesn’t necessarily imply proximity in key space. Base58 encoding isn't linear, and small character overlaps don’t mean the inputs are mathematically close. If your AI is consistently getting partial matches better than chance across millions of samples, then yes, that would be noteworthy. But you need to verify that your dataset is truly random and not biased; for example, if you’re sampling from a narrow subset of keys, burn addresses, or vanity address prefixes, the character distributions might not reflect the true address space. It’s also important to compare your results against a statistical baseline for random attempts, and ensure your parsing of Base58Check addresses is correct. Some characters appear more frequently than others due to the checksum and version byte structure, which can skew superficial comparisons. If the anomaly holds under careful scrutiny, but chances are this is due to random noise, encoding quirks, or flawed assumptions in the match criteria. Still, it's good you're probing it; asking these kinds of questions.

Admirable_Ice3247

This is interesting, but just to clarify for others reading — cracking Bitcoin wallets isn’t just a matter of finding matching characters in addresses. Bitcoin’s security is based on two cryptographic pillars: Elliptic Curve Cryptography (ECC) and SHA-256, and both are extremely robust. ECC (specifically secp256k1) is used to generate public keys from private keys via one-way elliptic curve multiplication. The process is mathematically irreversible with current computing power — even with AI — due to the difficulty of solving the elliptic curve discrete logarithm problem. Then SHA-256 (followed by RIPEMD-160 and Base58Check encoding) is used to turn public keys into wallet addresses. SHA-256 is a secure, one-way hash function designed to be patternless and collision-resistant. Matching a few characters in a Bitcoin address doesn’t get you any closer to recovering the private key or even the full address. Unless your AI can reverse either ECC or SHA-256 (which would be a global cryptographic breakthrough), matching partial characters is statistically insignificant. You’re likely just seeing noise from brute force attempts.

mustachechap

Selling all my BTC for alts at the top of 2018 and not taking any profits. I basically entered that bear market bag holding a number of alts (XRP, XLM, VET, and ECC). I spent that bear market DCA'ing more heavily into BTC and ETH, so I've managed to turn things around for me, but that was definitely the biggest mistake I've made. In 2021 I sold about half my portfolio for some nice profits, which I'm happy with. This year I've taken things further, switched to fidelity, and am also playing things like MSTR, FBTC, and BITX. Fingers crossed, but so far it's working out well.

cueballspeaking

Whenever there is any risk, any risk at all, diversifying becomes essential. Of course, everyone has their own risk tolerance. Some examples of bitcoin risk, albeit, unlikely but not zero: 1. 51% attack. Any super power could overnight decide they’re going to stand up infrastructure and takeover mining, regardless of cost.. that would make it centralized and susceptible to attack. 2. Governments could reverse course, making your ability to on/off ramp difficult or impossible. 3. ECC gets cracked and BIPs fail to pass in time to prevent quantum computing from destroying the coin. Centralized authorities like banks can move swiftly to implement post quantum cryptography. 4. Another coin could take dominance. 5. Stocks could have an incredible bull run due to Ai / productivity gains, could overshadow crypto over the next decade. And the list goes on.

bazookateeth

In retrospect, it may look like the easiest investment of the last 100 years and for some people, that is true. Its very rare to have something that has been this consistent with its cycles while still having insane multiples of growth. Now, for those who were investing before it was mainstream (i.e. 2020 although some might say earlier) it was far from a guarantee. Most of OG's will tell you that it was a completely speculative asset and not something that they threw their entire networth into. With that being said, if there was ever an asset that was ripe for disruption based strictly on historical trends and blind allegiance (meaning people who hear "Bitcoin is a good investment" from MSNBC but have no idea what BTC actually is or what blockchain technology means) it would be Bitcoin for sure. This is purely speculative but I think we are in for a massive shake-up in crypto next cycle. It could be due to quantum cracking of the ECC, it could be due to genesis wallets being completely liquidated or Satoshi's wallet being liquidated, it could be a number of things. The thesis is that BTC has had a historical run and we have never seen something perform this consistently well too a "T". Now just because something is having a crazy run doesn't mean based on merit alone that it will come down, but rather in this speculation I we were to zoom out, compared to other historical assets, there is always a massive shake up for something that has run up the way that Bitcoin has. So by that logic, it would make sense that it will follow that principle. Just my two sense.

KeySpecialist9139

Why? Because most bitcoiners are delusional. When you strip all the layers of maxitalk, you are left with a useless technology that nobody needs and is severely flawed, ergo "don't dare point out the flaws we are going to the moon" attitude. Bitcoin, the digital leviathan hailed as the future of finance, rests on a brittle cryptographic pedestal. It relies on ECC, a foundation now vulnerable to Shor’s algorithm. When a wallet’s public key is exposed on-chain, it becomes a potential target for quantum-powered private-key attack. Studies and industry roadmaps now converge on 2028 to 2030 as the window when quantum computers could feasibly break ECC. This is the moment when Bitcoin becomes a worthless monument to human stupidity and greed. Maxis answer to that is the argument that only old legacy wallets are at risk. BUT, even if only one massive wallet (like Satoshi’s) gets hit, the impact would be explosive. Current Bitcoin lacks Quantum-safe cryptography, an urgent upgrade path via BIP or soft fork, and most importantly a consensus for transition. So, if we’re talking about the first truly viable hack into bitcoin guts, a realistic estimate would be around 2029, with a broader risk window extending late 2028 through 2032. When that happens bitcoin won't be worth the paper it's printed on. 😉 Cult is are there it's left, I am afraid.

Makunouchiipp0

ECC is comparably weak to what? A Quantum computer isn’t going to be able to just run around guessing private keys. It’s going to need the public key which is only exposed upon moving funds.

xpresstuning

I'll repeat what i said before: Let's use Willow (Google's state of the art quantum chip) as an example. Willow was a major milestone wrt error rates. The current generation still has 0 real-world applications like breaking encryption. There is no functionality other than proof of concept in being able to do some extremely specific tasks faster than modern computers. Many in computational mathematics do not consider RCS to even count as computations. Google's previous "quantum" processor, Sycamore, had 53 qubits (2019). Willow has 105 physical qubits. But wait - there's IBM's Condor, sitting at 1.121 physical qubits, making it more advanced. Then there's the most advanced quantum computer on Earth is Atom with 1,180 qubits. As an example, we will use Bitcoin - Cracking its ECC encryption requires \~1,500 logical qubits (millions of physical ones). IBM's most optimistic goals are to achieve 100.000 physical qubits by 2033. Cracking Bitcoin’s encryption would require millions of error-corrected qubits. The threat is multiple decades away, and Bitcoin can upgrade to quantum-resistant tech. The same applies to general security. Post-quantum algorithms will likely be integrated into any protocol before quantum computers pose a legitimate threat. Too long, didn't read -> No. It would require millions of physical qubits to hack Bitcoin encryption. Right now the most advanced quantum computer on Earth is Atom with 1,180 qubits. Every single aspect of this "quantum threat" is a worse pile of bullshit than Y2K was. Pure sensationalism feeding on fear mongering to attract attention.

Over_Significance996

Quantum computing's gonna fuck crypto up. Those fancy algorithms like RSA and ECC? Shattered like a glass dildo under a sledgehammer once quantum computers hit enough qubits. Shor's algorithm will rip through private keys like a horny teenager through a porn mag, exposing everyones wallets almost instantly. All of crypto not just bitcoin could collapse overnight if quantum tech scales before crypto adapts. Post-quantum cryptography’s the only hope, but it’s like trying to build a bomb shelter while the nuke’s already dropping. some nerds at NIST are scrambling for quantum-resistant algorithms, but good luck getting the whole ecosystem to upgrade before the quantum apocalypse. Oh, and just imagine the quantum miners. They’ll outhash a puny ASICs so fast, you’ll think your rig’s a goddamn abacus. Pretty much we gotta adapt or get fucked.

Cryptizard

Not really, no. You can't have a quantum computer in your living room, and probably won't be able to for a very long time if ever. But fortunately it isn't necessary, we have new ciphers that will replace RSA/ECC which are believed to be secure against quantum computers, we just have to switch to them.

OderWieOderWatJunge

Bei Bitcoin ist alles 256 Bit, die Verschlüsselung der Keys ist ECC. Bei normalen Anwendungen kann man einfach die Sicherheit hochschrauben, bei einer Blockchain ist das schwierig...

OderWieOderWatJunge

SHA256 is the hash algorithm, Bitcoin's encryption is 256 Bit ECC afaik. Why are you rambling about things you don't understand?

MPH2025

Great — future-proofing a multisig Bitcoin wallet for quantum resistance is smart, especially as quantum computing continues to progress. Here’s a clear path you can take today (and plan for tomorrow): ⸻ 🛡️ How to Future-Proof Your Multisig Wallet Against Quantum Attacks 1. Minimize Public Key Exposure Quantum attacks can only target public keys that have been exposed on-chain. So: • ✅ Use addresses derived from hashes of public keys, like P2SH or P2WSH (not raw P2PK). • ✅ Don’t reuse addresses — this avoids unnecessary key exposure. • ✅ Avoid leaving coins in addresses that have already been used to send — this exposes the public key. ⸻ 2. Use a Multisig Setup Wisely You already have a 3-of-4 multisig, which is strong. To improve: • 🔐 Store each key in separate geographic and security domains. • 🧩 Consider involving hardware wallets or air-gapped devices. • 🛠️ Avoid exposing all 4 keys during regular transactions — only the 3 required. ⸻ 3. Plan for a Post-Quantum Transition Bitcoin does not yet support post-quantum cryptography (PQC) natively, but you can prepare: 🔄 Strategy: Dual-Key (Hybrid) Wallets (Experimental) • Combine secp256k1 keys with quantum-safe keys like: • XMSS, SPHINCS+, or Lattice-based signatures. • Monitor projects exploring Taproot + quantum-safe tweaks. This isn’t supported in Bitcoin Core yet, but alternative protocols (like Bitcoin-sidechains, or layer 2s like Stacks, RSK, or Ark) may adopt PQ-safe scripts sooner. ⸻ 4. Watch for Protocol Upgrades Bitcoin Core and standards like BIPs will eventually propose post-quantum-compatible address/script formats. Stay informed by: • Watching Bitcoin developer discussions (e.g., Bitcoin dev mailing list, BIPs). • Tracking proposals related to quantum-safe script opcodes or alternative signature schemes. ⸻ 5. Have a Migration Plan When PQ-safe wallets become viable: • Be ready to sweep funds from ECC-based addresses to a PQ-safe wallet before public keys are exposed by spending. • Create a recovery playbook: include clear instructions and key access protocols for future wallet migration. ⸻ 📅 TL;DR Action Plan

MPH2025

From ChatGPT Cracking a Bitcoin 3-of-4 multisignature wallet with a current quantum computer is extremely unlikely at present. Let’s break down why. ⸻ 🔐 Understanding a 3-of-4 Multisig Wallet • This type of wallet requires any 3 out of 4 private keys to sign a transaction. • The keys use elliptic curve cryptography (ECC) — specifically the secp256k1 curve. ⸻ ⚛️ Quantum Threat to ECC Quantum computers could threaten ECC using Shor’s algorithm, which can efficiently solve the elliptic curve discrete logarithm problem (ECDLP). • To break one Bitcoin private key, a quantum computer needs: • Around 2,500 logical qubits and • Error correction with millions of physical qubits. • Current quantum computers (as of 2025) have: • Fewer than 100 logical qubits (if any), • Very limited coherence times, • High error rates, • And no capacity to run Shor’s algorithm at that required scale. Conclusion: They cannot break a single ECC key yet — let alone 3 of them. ⸻ 🔍 Why Multisig Is Even Harder A 3-of-4 wallet: • Requires breaking at least 3 different ECC keys. • If none of the public keys have been used (i.e., not yet exposed on-chain), then quantum computers have no target to attack. ⸻ 🧠 Key Points

Jonkonas

Even if, we already have PQC (Post-Quantum Cryptography) algorithms like Lattice-based cryptography, that are computable by standard computers, but even high qubit quantum computers struggle with. The network would have to agree to adopt it and people would have to transfer their Bitcoins from ECC wallets (current) to the new PQC wallets. Also, algorithms that can break asymmetric encryption that Bitcoin uses (e.g. Shor's algorithm) require an amount of qubits we won't have for at least 20 years (give or take). TLDR; You're safe for a long time and when quantum computers start getting reliable for these tasks, we will have implemented new algorithms for this.

ThereIsNoGovernance

Cuz QCs can't do jack shit. The sole purpose of QC is to raise FUD about crypto. To make people afraid of relying on it to ensure their funds and privacy. This is why they keep reminding us that in less than 10 years all of the collected encrypted internet traffic will be somehow amazingly decrypted and you will go to jail for downloading some shit on the net. Any quantum physicist with an ounce of moral fortitude will explain how utterly infeasible QC is. Its a glorified pipe dream being hyped through every portal. They are actually claiming on many wiki pages that it already breaks RSA and ECC. This is utter and complete BS. QC has never been able to factor any number greater than 21. That is the legal drinking age, i.e. 3x7 not 21 bits or bytes. Try to understand how absolutely ludicrous and preposterous it is for them to make the claim that they can currently break RSA and ECC. Those algos use numbers so huge they are greater than all the electrons in the known universe. Your private key is more than the coordinates to a single grain of sand on a beach. It is the coordinates to a molecule in a grain of sand on a specific beach on a specific planet in a specific galaxy somewhere out there in the vast reaches of space. In other words, if you lose that key your crypto is gone baby gone. More importantly it means that finding that key is literally impossible. No QC will ever get even vaguely close to cracking either RSA or ECC. This will NEVER happen. However, why waste a good scam? As long as they can keep hyping this vapor tech and keep us in fear that we will get caught with our pants down and our fingers in the cookie jar, they will continue to ride this thing and make announcements about new tech with 10x more Qubits that accomplish zilch, but sounds threatening.

ThereIsNoGovernance

Dem qUaNtUm cOmPuDeRs. Yesiree! QC, which has never reliably factored any number greater than 21 (legal drinking age, not 21 bits or bytes) will somehow through the power of pure super genius physicists (who really are just in it to rake in the massive grants given them by the likes of Google, MS, IBM etc. ) will manage to fake up some random number simulation that almost looks like its breaking RSA or ECC, but is just smoke and mirrors. But they are hoping this will somehow give them the ability to claim every cold wallet on the chain, or at least reliably threaten to claim them with all the interesting things that can be with such BS propagandized on the media.

HSuke

We're talking about ECDSA (vulnerable to Shor's Algorithm) for private keys, not SHA256 for mining. Fixing historical private keys is a hard fix requiring blacklisting. Either way, the whole Internet relies in ECC and ECDSA, so there will be plenty broken due to bring able to decrypting stored traffic from years ago.

ImpossibleHodler

Current quantum computing power is ~1,200 qubits vs. 1-20 million needed to break RSA/ECC. This will collapse internet security (HTTPS, banking authentication, digital signatures) and cryptocurrency systems by breaking public-key cryptography. Old Bitcoin wallets use ECC cryptography that quantum computers will break. When quantum computers arrive, all Bitcoin using old cryptography becomes vulnerable, active, dormant, lost wallets, doesn’t matter. If Bitcoin upgrades to post-quantum cryptography, there will be a race to steal coins from wallets that haven’t migrated, especially ‘lost’ wallets where owners are dead/missing and can’t upgrade. Probably 1-5 million Bitcoin could become accessible to whoever has quantum capability first.

HSuke

Shor's Algorithm on ECDSA. Early Bitcoin addresses used ECC. https://delvingbitcoin.org/t/bitcoin-and-quantum-computing/1730

ThereIsNoGovernance

Zero Ziltch Nada. Fucking QC is a FUD psyop. Prove me wrong! Can't even factor a number greater than 21 (legal drinking age, not 21 bits or bytes) IF you believe QC is any threat to current crypto you are gullible AF. And no, embedding lies that QC already cracks ECC or even RSA into every wiki page, does not make it a real threat.

xpresstuning

I'll paste a post I did on this subject a while back to put your mind at ease (unless you're intentionally spreading negative news): Let's use Willow (Google's state of the art quantum chip) as an example. Willow was a major milestone wrt error rates. The current generation still has 0 real-world applications like breaking encryption. There is no functionality other than proof of concept in being able to do some extremely specific tasks faster than modern computers. Many in computational mathematics do not consider RCS to even count as computations. Google's previous "quantum" processor, Sycamore, had 53 qubits (2019). Willow has 105 physical qubits. But wait - there's IBM's Condor, sitting at 1.121 physical qubits, making it the most advanced. Ok. As an example, we will use Bitcoin - Cracking its ECC encryption requires ~1,500 logical qubits (millions of physical ones). IBM's most optimistic goals are to achieve 100.000 physical qubits by 2033. Cracking Bitcoin’s encryption would require millions of error-corrected qubits.The threat is multiple decades away, and Bitcoin can upgrade to quantum-resistant tech. The same applies to general security. Post-quantum algorithms will likely be integrated into any protocol before quantum computers pose a legitimate threat. Too long, didn't read -> Every single aspect of this "quantum threat" is a worse pile of bullshit than Y2K was. Pure sensationalism feeding on fear mongering to attract attention.

xpresstuning

...... Let's use Willow (Google's state of the art quantum chip) as an example. Willow was a major milestone wrt error rates. The current generation still has 0 real-world applications like breaking encryption. There is no functionality other than proof of concept in being able to do some extremely specific tasks faster than modern computers. Many in computational mathematics do not consider RCS to even count as computations. Google's previous "quantum" processor, Sycamore, had 53 qubits (2019). Willow has 105 physical qubits. But wait - there's IBM's Condor, sitting at 1.121 physical qubits, making it the most advanced. Ok. As an example, we will use Bitcoin - Cracking its ECC encryption requires ~1,500 logical qubits (millions of physical ones). IBM's most optimistic goals are to achieve 100.000 physical qubits by 2033. Cracking Bitcoin’s encryption would require millions of error-corrected qubits.The threat is multiple decades away, and Bitcoin can upgrade to quantum-resistant tech. The same applies to general security. Post-quantum algorithms will likely be integrated into any protocol before quantum computers pose a legitimate threat. Too long, didn't read -> Every single aspect of this "quantum threat" is a worse pile of bullshit than Y2K was. Pure sensationalism feeding on fear mongering to attract attention.

ReallyOrdinaryMan

Wallets will never be vulnerable. Even if quantum computing works. ECC is unhackable, or cant be reverse engineered

AromaticQueef

You think Ethereum doesn't need to hardfork away from ECC just like everyone else?

AromaticQueef

Did you even read the article? SHA 256 isn't the nearest attack vector - it's the elliptic curve cryptography (ECC) underpinning the wallet. Grover's isn't even applicable in this regard; it's Shor's - an entirely different, and much more threatening, attack Centralized tech like banks, companies, etc... have a much easier time rolling out post quantum tooling and upgrades to combat against this because they are centralized. Bitcoin's greatest strength - decentralization - is it's greatest weakness here

Real-Hat-6749

Modern CPUs absolutely, but how modern OS uses them it is another story. There are several random number generators, mostly pseudo-random, with seeds from time, decay of isotopes, mouse, keyboards, .... If after that they continue using ECC, there might be a back door.

Real-Hat-6749

As long as RNG is not based on ECC, I agree with u

RipplesOfDivinity

I think a quantum computer coming online in the wrong hands is going to have an enormous impact on bitcoin. All it takes is beating the ECC one time, and *bam* Shor’s algorithm is used and suddenly hackers have accessed millions of private keys from the public keys listed on the blockchain. Trillions of dollars of wealth are stolen or destroyed. There’s no recovering from that.

pop-1988

> consensus from 90% of all mining pools Not correct. The upgrade consensus is for 90% of a specific number of consecutive blocks to signal for the upgrade, not 90% of mining pools > Do you guys think they wouldn't agree to do the same for post-quantum cryptographic algorithms? Taproot didn't increase the size of transactions. In some cases, taproot txinputs are smaller So-called quantum-proof signatures are substantially larger than Bitcoin's current signatures, reducing the number of transactions which can fit into a block. Yes, these algorithms will be controversial > 1. Must have a non-zero balance > 2. Once condition 1 above is met, the wallet then becomes vulnerable to a "quantum-powered theft Nonsense. A Bitcoin address does not have a balance An unspent coin (UTXO) is vulnerable if its public key is exposed. An address is not a public key, it is a hash of a public key. Quantum computers are not a threat to hashing algorithms, only to public ECC keys. The public key is secret until the coin is spent. A coin is vulnerable * if it has the same address as other coins, and * if one of the other coins has been spent

Azzuro-x

"Experts estimate a 256-bit ECC key could be cracked with 2,000 logical qubits, potentially within a decade." Source: Project Eleven https://thequantuminsider.com/2025/04/18/quantum-contest-offers-1-bitcoin-for-cracking-encryption-with-shors-algorithm/ https://www.qdayprize.com/

ReallyOrdinaryMan

Quantum computing possess risk because bitcoin is defenseless to brute force attacks. Brute force attacks meaning you could create private keys and there is a chance those keys have already used and has balance in it. Nothing stops you to create private keys. Right now its not important because our computing power is so low, we need billions of devices those running for million years to find any wallet with a balance. But if quantum tech mature enough, our computing power will be multiply with thousands, if not millions. Then people would create private keys more effectively, so their chances to find wallets with balance will increase. Keys and wallets will remain untargetable because ECC still stay. But ecc will have no meaning if you could create all private keys with quantum computers.

caoram

Quantum computing is a field even experts say is very difficult and not well understood so I will defer to them rather then make claims about its capabilities and risks to existing technologies. They write warnings such as this one by paloalto a Nasdaq listed cybersecurity company: The cybersecurity risks posed by quantum computing include: Breaking Asymmetric Encryption: Quantum computers can use algorithms like Shor's to quickly factorize large integers, rendering public-key encryption methods like RSA, ECC, and DH obsolete. [source](https://www.paloaltonetworks.com/cyberpedia/what-is-quantum-computings-threat-to-cybersecurity#:~:text=The%20cybersecurity%20risks%20posed%20by,%2C%20ECC%2C%20and%20DH%20obsolete.)

ReallyOrdinaryMan

He(?) wrote "quantum key decryption" which is bullshit. I dont think they know how ECC or quantum works. ECC (bitcoin algorithm) can't be decrypted, quantum computing has nothing to do with this fact.

OderWieOderWatJunge

That's not entirely right. Bitcoin uses 256 bit ECC and upgrading it isn't too easy (didn't see a single solution yet to be precise). Your Browser and bank website can be updated easily... at least to much longer keys until you find another solution.

ReallyOrdinaryMan

Elliptic-curve cryptography is how bitcoin handles encryption. Its not about computing power, it designed that way that encryption can't be reverse engineerable. No matter how much computing power you have. What you saying in your post is different thing. Its brute forcing. Its nothing to do with encryption method (ECC). Will ECC ever be broken? I have no clue, I'm not an math expert. I hope not.