ECC

Romanizer

Really? I thought Ethereum was structrually more vulnerable because address are re-used and public keys exposed. With BIP360, I would assume that Bitcoin is the main choice of quantum-resistant wealth accumulation going forward. However, such an attack is still a theoretical thought experiment. Cracking ECC (with SHA256 still out of reach) is at the end of the adoption curve, no matter what algorithm you use. And there is no company working towards this, as other use-cases come with economic incentives.

Romanizer

Yes, you would need a mostly error-free quantum computer that can operate Shor's algorithm for at least 9 minutes, based on the recent very aggressive assumptions by Google. From my understanding, Willow by Google is one candidate. I am not really sure what to make out of these roadmaps as they usually get tuned down on the part when they reach general purpose capabilities. And then, almost every single use cases needs "easier" builds than what cracking ECC needs. I don't see the economical incentive to go that way, because that is what we decides in the end.

Ok-Operation4437

That’s just false. NIST has released the first finalized post-quantum encryption standards to protect against quantum computer threats. These guidelines focus on algorithms resistant to attacks like Shor’s, which could break traditional RSA and ECC encryption. The primary standards are FIPS 203 (ML-KEM for general encryption), FIPS 204 (ML-DSA for digital signatures), and FIPS 205 (SLH-DSA as a hash-based backup). NIST urges immediate transitions for systems like TLS, VPNs, and email, with full migration targeted by 2035. These lattice- and hash-based algorithms offer strong security for key exchange and signatures without hardware changes. Crypto however…

Romanizer

The best quantum computer runs on 100 qubits. The same amount as the best one 2 years ago. Barely any progress. Google's new very aggressive assumption says an attack could be tried with 500,000 qubits. Maybe possible in a few years? That's not the only point. Google's very aggressive new assumption says Shor's algorithm could crack ECC (from a known public key) in 9 minutes of continuous work. The longest time a quantum computer was able to do a task to this day was 1.1 seconds. Not to mention the quality gates, qec-cycles and fault-tolerance. Cracking cryptography is the very end of the adoption curve of quantum computers and more of a theoretical benchmark.

Rare_Rich6713

Yeah, that 1200 logical qubits claim is exactly the kind of thing that shifts the conversation. On paper, that number sounds much closer than what people were assuming a few years ago. But the nuance is that logical qubits is not physical qubits you’d still need a huge number of stable physical qubits plus error correction to get there. So it’s not like ECC is getting cracked tomorrow. That said, the signal is clear, the barrier is coming down faster than expected. I think the bigger takeaway isn’t panic now, it’s stop delaying preparation. Crypto ecosystems move slowly, and upgrading something like Bitcoin takes years of debate, testing, and coordination. Also, it’s easy to talk about quantum-secure algorithms, but the hard part is actually migrating to them without breaking wallets, contracts, and user experience. That’s where approaches like QVM stand out they focus on making that transition gradual and compatible, instead of forcing a full reset.

Ok-Operation4437

NIST has released the first finalized post-quantum encryption standards to protect against quantum computer threats. These guidelines focus on algorithms resistant to attacks like Shor’s, which could break traditional RSA and ECC encryption. The primary standards are FIPS 203 (ML-KEM for general encryption), FIPS 204 (ML-DSA for digital signatures), and FIPS 205 (SLH-DSA as a hash-based backup). NIST urges immediate transitions for systems like TLS, VPNs, and email, with full migration targeted by 2035. These lattice- and hash-based algorithms offer strong security for key exchange and signatures without hardware changes. Crypto however…

offgridgecko

The point of ECC encryption breaking is that they can decipher your private key from your public key. This is what Shor's Algorithm and similar do. They don't need to "intercept." They get granted access to your wallet and with the private key they can do whatever they like.

AutoModerator

Post is by: Hot_Local_Boys_PDX and the url/text [ ](https://goo.gl/GP6ppk)is: /r/CryptoMarkets/comments/1sbezmv/how_coinmarketcap_manipulates_quantumresistant/ Posting on behalf of someone else: >I started looking into CoinMarketCap’s “quantum-resistant” category, and the whole thing looks ridiculous. First problem: Zcash is not quantum-resistant today. It still relies on elliptic curve cryptography in important parts of the system, which is exactly the kind of cryptography quantum computers are meant to break. Calling it “quantum-resistant” right now is misleading Second problem: Starknet is an L2. Even if some parts of it are more resistant than older systems, it still sits on top of a Layer 1 world that is not fully quantum-safe. Putting it high on the list without that context is misleading too. Third problem: Qubic is questionable as well. Its own materials talk more about adaptation and future resistance than about already being a fully quantum-resistant blockchain. That is not the same thing as being truly post-quantum today. Fourth problem: QRL got buried. This is where it starts looking less like sloppy categorization and more like market interference. QRL was built specifically around the quantum threat from the beginning, so by actual relevance it should be near the top of this category, especially if the unrelated or weakly related projects were removed. Instead, it got pushed down to around rank 4000 after spending years around the top 200–400 range. Then CMC said the market cap was not verified, even though the team says they provided the required documents. And when asked publicly, the response suddenly shifted into talk about liquidity ratios and tier 1 exchanges. That is not a clear explanation. That sounds like moving the goalposts. Fifth problem: Algorand is missing completely. That alone makes the section look broken. If projects with weaker or more questionable claims can get into the category, how is Algorand not even there? At this point the category does not look like neutral data. It looks curated in a way that shapes perception. And that is the bigger issue here: CoinMarketCap has enormous power over visibility in crypto. If they rank you high, people see you. If they bury you, you effectively disappear. Most retail users are not reading whitepapers or checking cryptography details. They look at CMC categories, rankings, tags, and market cap. So when CMC puts questionable projects at the top, leaves relevant ones out, and pushes down one of the few actually quantum-focused chains, that is not some harmless metadata mistake. That changes who gets attention, who gets volume, and who gets taken seriously. That is why the QRL situation looks so bad. QRL is a small project already fighting an uphill battle in a market full of hype, exchange favoritism, and paid visibility. If CMC strips away ranking credibility and then starts implying the fix is better liquidity or tier 1 listings, that feels less like objective analysis and more like gatekeeping. And because CMC is owned by Binance, people are obviously going to question whether this system is fair at all. Honestly, this is what makes crypto exhausting. Everyone talks about decentralization, fairness, open markets, and permissionless competition. But in reality, a few giant platforms still act like gatekeepers. They decide what gets seen, what gets buried, and what narrative retail investors are supposed to believe. A project can spend years building around a real problem, and one ranking decision can wipe out its visibility overnight. So no, maybe nobody can prove intent from the outside. But from the outside it absolutely looks like CMC is diminishing projects while inflating the credibility of a broken “quantum-resistant” category. And when a platform with that much influence keeps making “mistakes” in one direction, people are going to stop calling them mistakes. \--- TL;DR: CMC’s quantum-resistant category looks broken. Zcash still depends on ECC, Starknet is only an L2, Qubic does not clearly qualify as fully quantum-resistant, QRL got buried with vague excuses about verification and liquidity, and Algorand is missing entirely. At some point this stops looking like incompetence and starts looking like a platform shaping the market. *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/CryptoMarkets) if you have any questions or concerns.*

Romanizer

Breaking ECC (while SHA-256 remains effectively out of reach) is the ultimate stress test for quantum computing, more of a theoretical benchmark than a practical business goal. Just like a crewed mission to Mars in spaceflight that's discussed just when Sputnik is flown into orbit, it’s not where the economic value starts but where the technology proves it can operate at the absolute edge of complexity, stability, and scale. The real money will come earlier from things like chemistry, materials, and optimization, where even smaller, imperfect systems can deliver value. Cracking ECC is what happens when everything finally works at full capacity, not what drives the development in the first place. There is no economical incentive to accelerate in that direction, though it will happen one day. Also keep in mind that the newest discussion is based on very aggressive new assumptions while progress is stalling in that area.

Romanizer

Breaking ECC (while SHA-256 remains effectively out of reach) is the ultimate stress test for quantum computing, more of a theoretical benchmark than a practical business goal. Just like a crewed mission to Mars in spaceflight that's discussed just when Sputnik is flown into orbit, it’s not where the economic value starts but where the technology proves it can operate at the absolute edge of complexity, stability, and scale. The real money will come earlier from things like chemistry, materials, and optimization, where even smaller, imperfect systems can deliver value. Cracking ECC is what happens when everything finally works at full capacity, not what drives the development in the first place. There is no economical incentive to accelerate in that direction, though it will happen one day.

HSuke

Honestly, I think QC breaking ECC is far away. However, I'm not concerned about banks because they can update their sites fairly quickly. Bitcoin does not have a solution to QC that doesn't increase its block size by at least 10-15x. Their devs haven't even started looking at PQR signature aggregation, and that takes a decade to research, develop, and implement.

HSuke

Aes256 and xchacha20 are symmetric ciphers for encrypting/decrypting keys ECC and RSA are asymmetric ciphers used with PKI used to encrypt SSL traffic Different purpose. They can't be used interchangeably.

HSuke

> The FBI, CIA, the Pentagon. Nuclear Passcodes That's ridiculous. Do you know what a SCADA is? Nuclear and defence systems are not connected to the Internet, and they certainly would not be using ECC.

Georgiy8

COMMON MISCONCEPTIONS: "The quantum threat = the end of BTC" — no, this is a threat   to a specific algorithm (ECDLP), which can be addressed through migration "Only crypto is vulnerable" — no, the same threat   applies to banks, SWIFT, HTTPS, and military systems CZ (Binance): "we just need to update the algorithms" —   true in theory, but for decentralized networks   coordinating updates is extremely difficult CORRECT INFORMATION: On March 30, 2026, Google Quantum AI published a peer-reviewed whitepaper showing a \~20x reduction in quantum resource requirements for breaking ECC-256. Theoretically, a future QC system with \~500K qubits could derive a private key in \~9 minutes during an on-spend attack (41% chance per block). \~6.9 million BTC have exposed public keys. But current hardware (105 qubits) is \~5,000 times less than what is needed. The threat is real ON THE HORIZON, not now.

Financial_Design_801

Writing these papers and theories is very easy for anyone to do, but actually building one and engineering it is completely different Logical qubits achieved so far: Labs have demonstrated dozens to low hundreds in protected (error-detected or error-corrected) form. Quantinuum recently hit up to 94 error-detected logical qubits and 48 error-corrected ones from just 98 physical qubits We're nowhere near the ~1,200 logical qubits the paper assumes, let alone with the low error rates and circuit depths needed for a real attack Timelines for a true cryptographically relevant quantum computer (CRQC) capable of breaking ECC still have big uncertainties —hardware scaling, coherence times, and control systems are nowhere near solved yet

HSuke

Banks don't need to uograde any accounts. The part that most security experts are worried about is ECC signatures used in TLS certificates for web traffic. So fixing the problem would simply need to request new certificates for all their servers, which IT already does every couple of years for all web servers. Not that hard. There are other parts on the back-end that also need to be updated, but they don't affect customer accounts.

oogally

ECC for me too. Hash functions, Merkle roots, and the rest I can grok, but the fact that elliptic curve cryptography works at all is still kind of mind blowing.  Linear signature aggregation with Schnorr sigs even moreso!

suspicious_Jackfruit

What you snide-ly fail to grasp is that banks can update cryptography freely as they choose (and many are already in the process of doing so), but decentralised systems need consensus and lengthy solutions to transition the entire stack because it's exposed fully due to it's distributed and public nature. Anyone going hur-dur but banks is doing themselves a disservice, it's peak head-in-the-sand herd mentality. You are at risk from today until Q-day, either hedge by putting a portion of your crypto into a proven cryptocurrency that is fully quantum resistant or continue to bet on talking heads and developers integrating solutions before the hundreds of multibillion dollar companies, private research and foreign state actors find a way to run shors. The most recent research dropped logic gates required to run shors from 1 million+ to ~100k, how long until that number and ECC gets to something plausible? Not long...

pop-1988

This is a superficial analysis. It parrots one quantum claim about physical qubits, and then asserts that capacity is years away, not decades. One quote isn't a valid basis for this prediction. The quote itself doesn't even make a time prediction. The article writer made it up > By contrast, modern, more commonly used address types, including Pay-to-Public-Key-Hash (P2PKH) and SegWit, store only a hash of the public key onchain, concealing the key itself until the coins are spent . > However, this protection is conditional, as spending BTC from these address types reveals the public key onchain, making them viable targets indefinitely. This means that address reuse—which is frowned upon, but nevertheless widespread among Bitcoiners—significantly expands the attack surface Frowned upon, for sure. But this discussion is missing the point about the supposed solution. The most likely post-quantum digital signature scheme will be one of the hash-based schemes. But these schemes are even more exposed by address reuse. If you use a key-pair more than once, the private key can be derived from the signature, using conventional computing Nobody is going to change Bitcoin's design to enforce single-use keys. Nobody is going to change Bitcoin users' view of address reuse, "we get that single-use addresses are important, but optional". The years go past. Post-quantum signatures are introduced. Users don't change their attitude, "it's my address, I don't want to generate a new one for every payment". Coins will be lost > roughly 1.1 million of these are Satoshi’s coins Rubbish. There are approximately 24,000 unspent P2PK 50-BTC coins. **Each coin has a different address.** During that period, hundreds of people mined BTC. The myth that they were all mined by one person is ludicrous > the protocol must minimize the exposure of public keys onchain The protocol is not relevant to this. The owners of those coins are responsible for moving each exposed coin to a unique P2WPKH address > the signature size remains an issue Not a serious issue. Block size does not need to increase. For SegWit and TR, the signature is part of the Witness, so its byte-size has a 75% discount in the calculation of transaction size for block size purposes. Larger post-quantum signatures can have a proportionally larger discount. They will occupy more disk space. Disk space has never been a scaling issue > verification speeds This is a deal-breaker. If block verification time increases by as much as the animation indicates, the Bitcoin block interval may need to be increased from 10 minutes to 100 minutes to avoid the node network suffering a permanent stall condition This is the main reason not to hurry. Fortunately (contrary to the assertion at the top of the linked article) there is no hurry. If ever a quantum computer becomes powerful and reliable enough to run Shor's algorithm against ECC key pairs, it is still many decades into the future > A sufficiently capable quantum adversary, most plausibly a state actor, begins selectively compromising high-value targets such as exchange cold wallets or institutional custodians The community has been warning exchanges to stop indulging in address reuse, since at least 2017, probably earlier. Some exchanges got the message. If there are still exchanges (and casinos, cold custodians, etc) indulging in address reuse even in 2 years from now, they deserve to have those coins raided Several large-scale reallocations of coins out of address reuse have been reported here since the discussion around the QRAMP confiscation proposal. They all know to stop reusing addresses. They have no excuse [Proposal for Quantum-Resistant Address Migration Protocol](https://groups.google.com/g/bitcoindev/c/8PM6iZCeDMc) Note: I don't support this. It's not appropriate for the node software to interact with the price markets. More importantly, coin confiscation is a step too far, the kind of action supported by the discredited lawsuit scammer Faketoshi [Tulip Trading Case](https://bitcoindefense.org/craig-wright-discontinues-tulip-trading-case-in-major-win-for-bitcoin-developers)

OkWillingness6059

I don’t think we’re at the point where quantum machines can just break Bitcoin’s encryption tomorrow. Right now, it’s still theoretical for most public blockchains. However, quantum computing is catching up with classical cryptography limits, which means threats to widely used public key schemes like RSA and ECC are gradually increasing, and people can see that within the next 5 - 10 years, the requirement for quantum-resistant solutions in blockchains and critical infrastructure will become more urgent. I skimmed a bit through PQC, and one of the quantum-resistant blockchains that stands out is [https://armchain.org/](https://armchain.org/) which is not only EVM-compatible but is also planning upgrades that will be fully post-PQC friendly.

Rare_One_3

I have sent a report to ECC just now. With each eMail, when they reply, they are playing for time.

Original-Assistant-8

While the odds favor your confidence, I saw this post in how things have progressed QC requirements to break ECC/RSA: - 2019: 20 million physical qubits - 2022: 13 million physical qubits - May 2025: < 1 million physical qubits - January 2026: 370,000 physical qubits - February 2026: < 100,000 physical qubits Current QC roadmap qubit targets: - IonQ (2030) - 2,000,000 - PsiQuantum (2027-2029) - 1,000,000 - Google Quantum AI (2029) - 1,000,000 - IBM (2033) - 100,000 - OQC (2034) - 1,000,000 Seems things are converging

OkWillingness6059

I don’t think we’re at the point where quantum machines can just break Bitcoin’s encryption tomorrow. Right now, it’s still theoretical for most public blockchains. However, quantum computing is catching up with classical cryptography limits, which means threats to widely used public key schemes like RSA and ECC are gradually increasing, and people can see that within the next 5 - 10 years, the requirement for quantum-resistant solutions in blockchains and critical infrastructure will become more urgent.

kkjk00

RSA/ECC is used in https, upgrading https would save, what other vectors do you have to enter the network? SSH, that will be upgraded too, is already upgraded if you wanna, with an option you can activate quantum safe. You can upgrade any vectors of attack in one weekend, and no the stock won't crash, how was for gdpr, every company announced that will do changes to be safe and grew they stoock, same will be for quantuam, all will announce they are shutting preemptively down for safety to upgrade and people will approve.

Valuable_Charge_7106

Upgrading HTTPS won't save you from Shor's algorithm. If a quantum computer can factor large integers, your current RSA/ECC encryption is mathematically broken at its core. You can’t just 'patch' the transport layer when the underlying math is compromised. Also, telling the market you’re shutting down the bank for a few days to fix an existential security flaw would crash your stock, not raise it. Stay in the front office, the IT basement is clearly not your place

postexitus

Even if this 5bit AES cracked thing was correct (it's not - it's ECC, not AES; they actually followed that up by breaking 6-bit lately) going from 5-bit to 128-bit is a massive scale challenge - it's not "just a matter of time"; or it's not "just scaling". Who knows if adding ability to break one bit is not an exponential undertaking - in terms of qubit stability? Look at Nuclear Fusion - demos have been available for decades - any usable application has so far proven to be infeasible. Who knows if Quantum Computing won't go the same way.

raphaiki

Quantum Computing: The Ultimate Vanity Project of the 21st Century For over a decade, quantum computing has been paraded as the next technological revolution — a mythical silver bullet that will unlock untold computational power, revolutionize industries, and redefine modern life. The reality? It remains little more than a scientific vanity project, a multibillion-dollar chase after a theoretical construct that, even if made functional, has limited real-world application beyond breaking encryption and generating fancy random numbers. At the heart of the issue is quantum decoherence — the tendency of quantum states to collapse into classical noise the moment they interact with their environment. This isn’t a minor bug. It's a foundational barrier. The very fabric of quantum computing is based on maintaining fragile quantum superpositions long enough to perform calculations. And yet, decades into development, we still don’t have a full grasp of decoherence, let alone a scalable way to beat it. Trying to build a machine that leverages quantum behavior while failing to tame decoherence is like trying to build a jet engine without understanding gravity . Even if these machines reach so-called "quantum advantage," their application domain is razor thin. Outside of specialized optimization problems or theoretical chemistry simulations, most problems tackled by quantum machines are either contrived or better solved using classical approaches. The promise of quantum AI or instant protein folding is, for now, mostly vapor. And let’s address the big one: cryptography. Yes, quantum computers could break widely used encryption standards like RSA or ECC — if they were large and stable enough. But this is precisely why quantum-secure cryptography and blockchains are already in development. In fact, quantum-resistant blockchain protocols can dynamically adjust difficulty levels and cryptographic standards, making them arguably the most secure data networks ever conceived. If quantum computing's killer app is cracking crypto, but crypto already knows how to defend itself — what, then, is left? Meanwhile, China isn’t Buying the Hype — They’re Building Reality Contrast this with China's approach. The Chinese leadership sees quantum computing for what it is: mostly smoke and mirrors, not a route to near-term strategic supremacy. Instead of funneling billions into increasingly exotic quantum architectures with no practical use, they’re focusing on tangible, scalable infrastructure: the Digital Yuan, photonic quantum communication, and catching up — fast — in extreme ultraviolet (EUV) lithography. While Western institutions obsess over qubit counts and hypothetical supremacy milestones, China is busy industrializing. Their light lithography sector — once an afterthought — is fast approaching ASML-level capabilities, with domestic EUV platforms based on alternative plasma generation methods. Their Digital Yuan project, meanwhile, is already being tested in real cities, integrated with real payment systems, and designed to sidestep Western-controlled financial networks. And if they're still investing in quantum, it’s with a laser focus on quantum communication and photonic networks — not universal quantum computers. They’re using quantum for what it's good at: secure transmission, not hypothetical simulation. The West’s Quantum Fetish is an Economic Drain Quantum computing has become the darling of tech investors, governments, and universities not because of its utility, but because of its mystique. It's the perfect buzzword cocktail: inscrutable physics, impossible promises, and the illusion of strategic inevitability. It's science fiction masquerading as inevitability. It sucks oxygen and funding away from more grounded, impactful innovation — like energy tech, edge AI, chipmaking, and secure digital infrastructure. In short, quantum computers are a dream pursued for prestige, not pragmatism. They are the technological equivalent of a luxury supercar that can’t drive uphill and breaks down every ten miles — but looks beautiful parked in a press release. Final Word If the goal is national security, data privacy, energy resilience, or industrial competitiveness, quantum computing is not the answer — it’s a distraction. The real battle is being fought with semiconductors, cryptographic infrastructure, and digital currencies. And on that front, the Chinese are playing chess while the West fiddles with Schrödinger’s calculator.

uncapchad

It's a regulated exchange, you can report them to BaFin, ECC, BKA or FIU

Independent-Sell-217

Quantum Computing threat is more existential for banks and legacy systems than for Bitcoin. Traditional banking relies on centralized, slow-to-update RSA/ECC encryption. Bitcoin, being open-source, can undergo "soft forks" to implement Quantum-Resistant signatures. Furthermore, its hashing algorithm (SHA-256) is naturally more resilient to quantum attacks than public-key encryption.

jawni

It's sad that you think these are gotcha questions, when people settle for this kind of concern trolling, you know they're desperate. >1) What is the number of SOL validators including last 3year trend? ~800 is the current number, largest validator set than any other blockchain of the same age or younger. And even 800 is actually far more than is needed. 100-200 would actually be the sweet spot, assuming ideal geographic stake distribution. It is down from 2500. Why? [Because the delegation program that was started to bootstrap the network has winded down.](https://x.com/SolanaFndn/status/2018338765211926940) * Non-SFDP delegated stake grew ~230% * Foundation stake share fell from 44.4% to ~5.9% * Independent validators increased by 121% Solana has gotten substantially more decentralized over these 3 years, but people generally aren't very good at using any nuance so they typically just look at raw validator numbers, which give you maybe 10% of the data you need to make to have a comprehensive view on decentralization. Beyond that you need to look at client diversity, development diversity, geographic distribution of stake, hosting diversity, nakamoto coefficient and many other factors, including but not limited to the ones in the bullet points. >2) What is the HW spec. for SOL node as of now? * CPU: 12 cores / 24 threads or more, with a base clock speed of 2.8GHz or faster. Must support SHA extensions (AMD Gen 3 or newer, Intel Ice Lake or newer) and AVX2 instructions; AVX512f support is beneficial. * RAM: 256GB or more, with Error Correction Code (ECC) memory recommended. * Storage: PCIe Gen3 x4 NVMe SSD or better.Accounts: 1TB or larger, high Total Bytes Written (TBW) endurance. Ledger: 1TB or larger, high TBW suggested. OS/Snapshots: 500GB or larger. >3) What is the size of SOL blockchain giventhough the vast amount of transactions incl. those non-client one? Validators have no need to store all of it but if they wanted to, it would be 100TB. >4) What is the consensus of SOL PoS - how fairly are block producers chosen giventhough early SOL coin distribution scheme (vesting schedule)? So you're kind of conflating two things here. There is block production and then there is the tokenomics and vesting. The vesting has been done for a while now, so block producers aren't really being chosen in 2026 due to tokens they received half a decade ago. You can watch them in real-time here: https://gui.firedancer.io/ It's pretty clear that many validators produce blocks for Solana and it has little to do with vesting schedules. Even if it did, that would necessarily mean that whichever group that was that invested over 5 years ago, has diamondhanded those coins through all unlocks, which I would think would be a good thing. On the consensus mechanism itself, it uses TowerBFT and Proof of History for now, but soon will deprecate that when Alpenglow is implemented and we'll have Votor and Rotor. Learn more here: https://www.helius.dev/blog/alpenglow

biba8163

> Bitcoin's encryption is based on ECC and not prime factoring Factoring small numbers is trivial compared to breaking ECDSA and quantum computers still cannot do that or haven't made any progress in that after 25 years. Yes, it's ironic

baIIern

>the range of private keys is between 1 and this number which is more atoms that exist in the known universe that **dummies** think that quantum computers will be able to guess How ironic. Bitcoin's encryption is based on ECC and not prime factoring...

cpunkai

The dismissiveness in these comments is exactly the problem. "It's FUD" isn't a solution. NIST has set clear timelines: ECC 256 deprecated by 2030, disallowed by 2035. Whether quantum breaks crypto next year or in 10 years, the migration window for decentralized networks is measured in years, not months. And unlike banks, you can't just push an overnight update to millions of uncoordinated participants. Some projects are actually building with post-quantum cryptography from the start instead of hoping to retrofit later. CPUNK uses NIST-approved algorithms (Dilithium5, Kyber1024) - same standards Apple adopted for iMessage PQ3. They're also building DNA-Messenger for quantum-secure P2P communication. The smart move isn't debating whether Q-day is real - it's positioning for a future where NIST's timeline plays out exactly as planned.

OverheadSplatRoll

Your opinion is 50 to 100 years though. IONQ and IBM have public roadmaps with a QC strong enough to run Shor's and break ECC before 2030. NSA has already advised everyone to have abandoned ECC and NIST is deprecating ECC in 2030. The annual QC readiness survey of industry experts had a 12-15% chance that a strong enough QC already exists. It's fine if you personally don't think it's an imminent issue, but there's more than enough professional and academic opinion that disagrees with you to warrant acting on it yesterday

Numerous_Wonders81

Algorand already supports quantum-safe accounts via rekeying and protects chain history with post-quantum State Proofs (FALCON). You don’t need quantum safety from genesis because keys can rotate before any quantum threat. Quantum safety isn’t about “never using ECC,” it’s about safe migration. Algorand already has it; Ethereum doesn’t.

Numerous_Wonders81

Algorand already secured the ledger itself using post-quantum FALCON-signed State Proofs (live since 2022). That’s the part that cannot be fixed later and is already quantum-safe. Account signatures being ECC today is intentional. They’re upgradeable, which is exactly what cryptographic agility requires while PQ standards are still evolving. “Quantum-safe from genesis” isn’t necessary and actually creates long-term rigidity. Algorand solved the hard, irreversible problem first and can migrate accounts when quantum risk becomes real.

Mquantum

Yeah, I am surprised people in the crypto community are not sufficiently aware that the NIST has deprecated ECC 256 in 2030 and disallowed it in 2035. Big (centralized) institutions have aleady started their plans for migration

Escapement_Watch

they have about 30 years to upgrade unless a major breakthrough arrives. |Expert / Study|Estimated Timeline|Notes| |:-|:-|:-| |NSA (2023)|15–25 years|For large-scale quantum attacks on RSA/ECC| |:-|:-|:-| |NIST / PQC Advisory|10–20 years|Advocating post-quantum cryptography now| |:-|:-|:-| |IBM / Google Research|20+ years|Practical, error-corrected quantum machines| |:-|:-|:-| |Cryptocurrency-focused estimates|20–30 years|Safe window for Bitcoin if no sudden breakthroughs| |:-|:-|:-|

Escapement_Watch

Quantum timeline estimates btc has 30 years left to upgrade: |Expert / Study|Estimated Timeline|Notes| |:-|:-|:-| |NSA (2023)|15–25 years|For large-scale quantum attacks on RSA/ECC| |:-|:-|:-| |NIST / PQC Advisory|10–20 years|Advocating post-quantum cryptography now| |:-|:-|:-| |IBM / Google Research|20+ years|Practical, error-corrected quantum machines| |:-|:-|:-| |Cryptocurrency-focused estimates|20–30 years|Safe window for Bitcoin if no sudden breakthroughs| |:-|:-|:-|

bbqyak

Zcash is decentralized and open source, meaning no single person or entity manages, controls or develops it. It's a labor of love by various parties. That being said, the original non-profit company that created Zcash is ECC. Recently what happened was the CEO (Swihart) accused the majority of the board of being in misalignment with Zcash's original mission, while the accused board members have cited "hostile or intolerable” working conditions. They had an internal dispute and eventually a large portion of the board left ECC to start their own for-profit project. ECC developed Zashi wallet, and this new company the former board members would create be working on a new wallet. The Zcash protocol itself remains unaffected. I'd been following Zcash for a long time and to be honest the price was already headed down prior to the announcement but the announcement accelerated it for sure. If I had to speculate, I would say the board members intentionally left in such a way that it would negatively affect the price by creating more uncertainty. They might have even revenged dumped some of their ZEC.

DHracer

I've always wondered what would be the leading signs to look out for once ECC is cracked across different organizations. EG what does it look like when a government organization cracks ECC? Private company? Individuals? I'm guessing a government organization might try and target known crypto wallets that are ECC protected for targeted reasons and most likely don't throw a wide net with exploiting it. They may use it when it's absolutely needed and so that they don't show their cards to the other team. Private companies? Maybe they keep it under their hats, but it's possible they discuss with government organizations or public organizations (NIST?) about ramifications. Individuals? All hell breaks loose

Crypto_future_V

Good overview. One nuance worth adding is that fault-tolerant quantum computing at the scale needed to run Shor on real-world ECC is still a massive leap from today’s devices. Logical qubit counts, error correction overhead, and sustained coherence remain the real bottlenecks, not just raw qubit numbers.

lookingglass91

That’s not true, The entire Zcash dev team just walked out. Electric Coin Company - the people who actually build Zcash - resigned yesterday.  All of them. At once. The dispute: "malicious governance" by Bootstrap, the nonprofit that controls ECC. The CEO says the board changed employment terms to make it impossible to work. He's calling it constructive discharge. Translation: the builders and the board couldn't agree on who controls the money and the roadmap. So the builders left. ZEC was down 19% in 24 hours after this. From $480 to $392. Why this matters: Zcash isn't like Bitcoin where the protocol is "done." It's actively developed - zk-SNARKs, Sapling, Orchard. Without the core team, there's no roadmap. The chain runs, but the future doesn't. The devs say they're forming a new company to continue building "unstoppable private money." Whether that means a fork, a competitor, or something else - unclear. Whatever. The deeper issue: Nonprofit governance structures in crypto are a liability. When the builders and the board diverge, you get this - a public meltdown while the token tanks. Monero doesn't have this problem. No company, no foundation with a board, no dev fund to fight over. Just contributors who show up. Zcash was the "institutional-friendly" privacy coin. Now it doesn't have institutions OR developers. Privacy coins are consolidating. This accelerates that.

coinfeeds-bot

tldr; Electric Coin Company's Zcash developer team has left the company following a governance dispute with its parent nonprofit, Bootstrap. ECC CEO Josh Swihart accused Bootstrap board members of misalignment with Zcash's mission. The team plans to continue working on Zcash under a new company, while the Zcash protocol remains unaffected. The split raises concerns about future funding, coordination, and governance within the Zcash ecosystem. The Zcash Foundation emphasized the protocol's decentralization and ongoing functionality. *This summary is auto generated by a bot and not meant to replace reading the original article. As always, DYOR.

AutoModerator

Post is by: Express_Classic_1569 and the url/text [ ](https://goo.gl/GP6ppk)is: https://peakd.com/hive-167922/@cryptoandcoffee/zeczcash-having-a-wobble-fts ZEC down \~15 to20% after ECC core team resigns, governance dispute hits price *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/CryptoMarkets) if you have any questions or concerns.*

_DaBau5_

the coin doesn’t have a CEO lol. the company that employs developers has a CEO. and the devs quit that company to start a new company where they are not limited by the ECC board

coinfeeds-bot

tldr; Electric Coin Company (ECC), the core development team behind Zcash (ZEC), resigned en masse on January 7 due to governance disputes with the board. ECC’s CEO described the exit as a result of 'constructive discharge,' citing board actions that hindered the team’s ability to fulfill Zcash’s mission. The developers plan to form a new company to continue working on Zcash’s privacy technology. The resignation has caused a governance crisis, raising concerns about the project's future, though the Zcash network remains operational and decentralized. *This summary is auto generated by a bot and not meant to replace reading the original article. As always, DYOR.

downtherabbit

What does that even mean. Quantum computing is a THEORY. A lot of quantum mechanics isn't even proven, it is just pretty maths. The closest we will get to "Quantum computing" is figuring out how to store a bit on an electron spinning around a neutron. And to make this useful for computing you would need something that could 'read' that particle to ask if it is a zero or one without changing it from a zero to one. Then you would need another mechanism that changes the way the electron spun from a zero to one. Then you would need to create another standard of defining what an electrons position around a neutron constitutes a one or a zero. Traditional gates with electrical current passing through them wouldn't work. Another option would be to leave our entire binary system behind (for which you would need to throw away UNIX, and create a completely new software and electrical engineering field from the ground up) and use the cosine of the angle of the electron from the neutron to give out a number between 1-360. You could use every group of subsequent four numbers and create an entire new field using base-60 (Sexagesimal) and using every group of subsequent four numbers would be a form of error correction (ECC). So each bit in sexagesimal would be represented by a possibility of four numbers from 1-360. And it would be the same as before, you would need to define what the electrons position around the nucleus correspods to what number. You would need to create a completely new invention that could reliably keep an electron in a certain space or side of the particle (using electromagnetism), and you would need one of these completely new inventions attached to EACH particle. Then you would need a completely new invention that could read the electrons position reliably, whilst corresponding to the input of the other new invention. None of these inventions work. And figuring out how to make them so small that could attach to a single particle without having an impact on other particles around it would require also an entirely new field of technology and physics that doesn't even exist yet. So even if you did all of this. You would have a series of particles running in series that would have to be insulated from all total outside EMF inteference like a faraday cage of sorts which again would require completely new inventions and a new field of science in itself. After all that. You would just have.... a very fast CPU..... And it still wouldn't be able to "speed up" the block speed. It could only be used to increase the hashrate of bitcoin mining. And it still wouldn't break SHA-256 encryption. All faster compute power over the next century is going to do is this. Wont break Bitcoin encyption, and wont break Bitcoin's fundamental code (block rate). It will only increase the hashrate. In short, whoever breaks moore's law and sees a massive improvement in CPU compute power over a very short time without other people having the technology yet will be able to take over the mining pool instantly and take up a large portion of the hashrate, and effectively own all brand new bitcoin. This is the possibility of "QuAnTuM ComPutInG" and the only thing we should be scared of. As this would centralise all new bitcoin to a single entity.

AutoModerator

Post is by: Tsmacks1 and the url/text [ ](https://goo.gl/GP6ppk)is: /r/CryptoMarkets/comments/1q2dj4g/quantum_risk_in_crypto_are_timelines_being/ **Quantum computing timelines are often presented as settled fact. The reality, however, is much less certain.** Some firms and individuals may have financial incentives to downplay near-term risk, while academic researchers hopefully don’t. Researchers may have other biases, but their different incentives generally make their assessments worth examining. Here’s one case to consider: **Preprint: Quantum Resource Estimation for Breaking Elliptic Curve Cryptography** Lays out conditional scenarios showing how NISQ-era progress could reduce resource requirements faster than older estimates. It presents a range of plausible timelines, including possibilities in the late 2020s and early 2030s. [https://www.preprints.org/manuscript/202509.2429](https://www.preprints.org/manuscript/202509.2429) (full PDF: [https://www.preprints.org/frontend/manuscript/662675b70df5bd2d3481cb18c89ceba7/download\_pub](https://www.preprints.org/frontend/manuscript/662675b70df5bd2d3481cb18c89ceba7/download_pub)) I’m not a quantum expert, but learning from experts in the field is invaluable. And yes, it’s a preprint. Even so, preprints are worth paying attention to since the field is moving so fast that papers can already be outdated by the time they are published. Worth reading and consider using an LLM. It’s worth noting that the preprint relies only on publicly available information. Actual quantum progress is unknown. **Confidential research, government programs, and new startups are wildcards for timeline predictions.** Forecasting becomes even more complex with algorithmic improvements to Shor’s algorithm, several of which have already occurred. Also of note, the paper does not include some of the most aggressive public roadmaps (IonQ, PsiQuantum, etc.), instead using a conservative sampling for forecasting. ECC isn’t broke tomorrow and I’m not claiming quantum attacks are imminent, but saying “it’s decades away” does not help anyone when credible researchers are presenting alternative scenarios. It’s the confidence behind the claims that’s concerning. **The key takeaway is the reality of uncertainty.** Quantum progress is real and treating extending timelines as a given without accounting for incentive bias and technical complexity can create a false sense of calm rather than an honest assessment of risk. Not trying to cause alarm or spread FUD, but preparing for a low probability/high impact event should not be swept under the rug. *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/CryptoMarkets) if you have any questions or concerns.*

Old_Shop_2601

Hope so. 8000 logical qubits is for 2029. But there are recent algorithmic optimization for Shor that require a lower threshold. To crack 256-bit ECC, you need about 600-700 qubits. Which means as early as 2027, if Ionq delivers as per their roadmap, secp256k1 will be broken. Simple like that. Don't hold your breath...

terp_studios

That’s true. Quantum computers will be a threat, but they are very far away and not a threat right now or even in the next few decades most likely. Cracking ECC requires a quantum computer to have 1500-2000 error correcting qubits…they haven’t even been successful making a single error correcting one. If they can’t figure that out, they’ll need ***millions*** of noisy qubits with better error correction than they have now. The best quantum computer now has 100-1000 very noisy qubits. It’s best to remember that these “quantum experts’” jobs depend on their predictions…it’s most likely further out than they are saying. Everyone shouting “quantum computing is going to kill Bitcoin” from the rooftops have absolutely no idea how difficult of a problem it really is to create, operate and run one.

Shoddy_Trifle_9251

The security vulnerability for blockchains has nothing to do with sha256. The issue is the digital signature that use ECC. It's amazing how many people shout from the rooftop that Bitcoin is not in danger have absolutely no idea what in the hell they are talking about.

Shoddy_Trifle_9251

Dunning Kruger effect. It's not sha256 that is the problem...it's the digital signature that use ECC. "But muh banks...nuclear codes...sha256"...

Old_Shop_2601

PGP is partially at risk because of quantum computing. The components that are based on RSA, DSA, Ecdsa or EdDSA are vulnerable to quantum computers. Any public-private key based on these algorithms will be broken by QC. I see you are part of the WHATABOUTISM herd. The telcos, banks, etc are aware of these risks and implementing post-quantum security measures. You should worry instead about BTC, Ethereum and countless of cryptos relying on ECC. https://preview.redd.it/9bxczlph3y7g1.jpeg?width=1179&format=pjpg&auto=webp&s=3ad009bb14c98ecef2c149fde0b4355fc7dfc9d5

Cryptizard

> Why use something that barely works (and won’t as quantum computers improve) It doesn't "barely work" it is a completely acceptable level of security for the foreseeable future. And, again, quantum computers don't change that. >As to ECC do you know the differences between a blockchain and a hashgraph right? Yes. And I know it has nothing to do with how ready a chain is for post-quantum cryptography.

jpetros1

The key sentence you’re saying is “SHA-256 at a minimum”. Why use something that barely works (and won’t as quantum computers improve) when there’s a solution (Hedera) that’s natively SHA-384? As to ECC do you know the differences between a blockchain and a hashgraph right? Blockchains are fundamentally broken (mathematically) and unable to adjust to scale in a post-quantum computing world. No matter how many forks they have.

Cryptizard

>I disagree, quantum computers will drastically reduce the safety margin Well then you're just fucking wrong. It is factually incorrect. >Show me a government or global corporate enterprise that’s willing to bet their technology stack on anything less than sha-384. Uhhh... basically all of them. >NIST encourages application and protocol designers to implement SHA-256 at a minimum [https://csrc.nist.gov/projects/hash-functions/nist-policy-on-hash-functions](https://csrc.nist.gov/projects/hash-functions/nist-policy-on-hash-functions) >As to ECC my point is Hedera is much better positioned to adapt to this change vs every other blockchain that will require forking. Said with no reasoning to back it up whatsoever.

jpetros1

I disagree, quantum computers will drastically reduce the safety margin making those chains less than sha-384 unusable in a world dominated by quantum computers. Show me a government or global corporate enterprise that’s willing to bet their technology stack on anything less than sha-384. As to ECC my point is Hedera is much better positioned to adapt to this change vs every other blockchain that will require forking.

ReelTech

I have a friend who is very close to Bitcoin development and he mentioned that network upgrade is going to be very challenging because of the likely capacity difference between Elliptic Curve Cryptography (ECC), specifically the Secp256k1 curve, and algorithm required in the context of quantum computing.

pop-1988

There is no Satoshi wallet. There are thousands of unspent mining reward coins with different addresses. The belief that all were mined by one person is ridiculous There's a proposal to freeze all unspent ECC coins - the P2PK early mining coins, and all unspent P2PKH and P2WPKH coins. There was a short period of debate. Some people support this. Some people oppose. The arguments are easy to find in Bitcoin developer mailing lists and on GitHub. It's not likely to happen. Also, there's no threat of a powerful enough QC for at least 70 years

biba8163

Any time now! > “IBM researchers make another advance in quantum computing, demonstrating ‘Shor’s Algorithm,’ which can break large encryption codes.” > “It was that algorithm, and the promise it holds for its ability to break large encryption codes, that spurred interest in quantum computing in the 1990s.” **(2001)** > https://www.wired.com/2001/12/big-blue-takes-quantum-step/ | Year | Largest universal quantum computer | What it could do | Crypto threat? | Source | |------|------------------------------------|------------------|----------------|--------| | 2001 | 7 qubits (IBM NMR machine) | Factored 15 (toy demo) | ❌ No | https://www.wired.com/2001/12/big-blue-takes-quantum-step/ | | 2015 | ~5–10 gate-model qubits (typical academic/industry machines at that time) | Only toy demonstrations; conceptual discussion of quantum risk | ❌ No | https://www.wired.com/2015/09/tricky-encryption-stump-quantum-computers/ | | 2024–2025 | ~105 physical qubits (Google Willow chip) | Early error-correction research; not capable of breaking crypto | ❌ Still cannot even dream of breaking RSA/ECC | https://www.theverge.com/2024/12/12/24319879/google-willow-cant-break-rsa-cryptography | > “…Yesterday, we published a preprint demonstrating that 2048-bit RSA encryption could **theoretically be broken by a quantum computer with 1 million noisy qubits** running for one week.” - Google Online Security Blog. Google researchers Craig Gidney and Sophie Schmieg on May 23, 2025. It explicitly states the 1 million noisy qubits figure for a theoretical break of 2048-bit RSA under certain assumptions. https://security.googleblog.com/2025/05/tracking-cost-of-quantum-factori.html

RobotAlfie

My understanding is that the hashing mechanics bitcoin uses to create the blockchain was invented by the nsa. The sha-256 formula to encrypt information was made by them, and then Satoshi paired that hash formula with wallet ECC (elliptic-curve cryptography) encryption to create the blockchain. ECC existed before bitcoin and blockchain technology. Much like other innovators, satoshi built and combined peoples past work to make something new but still made up of the parts created by others. for example the iphone wasnt the first phone, but it combined past invention with screen touch capabilities to totally revolutionize the personal computer industry.

faelingboy

Grayscale filing for a Zcash ETF is pretty significant for privacy coins as a whole. It shows institutional interest in the privacy-focused sector that many thought would remain fringe due to regulatory concerns. Worth noting that while Zcash has pumped 1000%, this isn't solely due to the ETF filing - the rally started earlier with Zcash's halving in November and the ECC restructuring to a DAO model. The ETF filing is adding fuel to existing momentum. If approved, this would be the first privacy coin ETF in the US, which is surprising given the historical regulatory scrutiny on privacy coins. SEC hasn't been friendly to crypto in general, so

AutoModerator

Post is by: Tsmacks1 and the url/text [ ](https://goo.gl/GP6ppk)is: /r/CryptoMarkets/comments/1p61o1o/if_you_want_a_quantum_hedge_zcash_isnt_it_heres/ ZEC is not a quantum-resistant crypto. A few key points: * **Uses elliptic-curve cryptography (ECC)** \- Zcash relies on elliptic-curve cryptography, which is vulnerable to Shor’s algorithm on a sufficiently powerful quantum computer. * **Current zk-SNARKs are not quantum-resistant** \- The zero-knowledge proofs that power Zcash’s privacy features depend on cryptographic assumptions that quantum computers could break. * **Protocol-level quantum-resistant cryptography has not been implemented** \- Zcash developers have not yet integrated post-quantum signature schemes or hashing into the protocol. * **Privacy could be unwound retroactively** \- Because Zcash’s past shielded transactions depend on ECC-based security, a quantum computer could theoretically deanonymize years of transaction history. * **Focus is currently on “quantum recoverability,” not true resistance -** Zcash is building a temporary defense mechanism as way to survive long enough to upgrade the system. This is not the same thing as being a quantum-resistant crypto. * **Migration and upgrade risks remain** \- Emergency protocol changes are chaotic and unpredictable, unlike a system designed for quantum resistance from the start, making ZEC still susceptible to a quantum induced panic. If you want a quantum hedge, **do it with the correct coin,** or don’t do it all. Buying a privacy coin for the purpose of quantum resistance is like buying a boat to drive on the highway. *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/CryptoMarkets) if you have any questions or concerns.*

digital_n01se_

Is ECC vulnerable to Shor's algorithm?

Billy_Bowleg

You are wise to be asking these questions as most of the crypto space either refuses to believe quantum is viable tech or thinks it's much farther out than it is. Trad-fi will be quick to transition to post-quantum encryption and in fact many institutions are already developing PQC to protect customer assets. There are ways to hedge the arrival of quantum computer in the crypto space, just have to do your research. There are exciting projects out there that are positioned to take on the quantum age with natively integrated PQC. Just about every legacy blockchain using ECC (bitcoin, all its forks, eth etc) will have to hard fork and require users to manually migrate to PQC wallets or face eventual security compromises.

pop-1988

> How does the network react if thousands of old UTXOs begin to move under attacker control? If the spending txinput has a valid signature, the network confirms the transaction. There's no attack, no doom > Is post quantum secure technology already available Not practically. Several algorithms were recently approved by NIST, but they're too new to know if they're really secure > would integrating it materially change the blockchain today? Signature verification would be several hundred times slower, making Bitcoin's 10-minute block interval infeasible Also, the popular habit of address reuse (missing from your analysis) would cause significant losses when using post-quantum key pairs. Unlike ECC key pairs, a quantum-safe key-pair is unsafe to reuse after it has made one signature. Bitcoin users have always been advised that an address is single-use, but the blockchain has no address index for fast lookup of already-used addresses, so it's technically impossible to enforce single-use addresses. This won't be changed post-quantum. What will change is that users who ignore the advice - no address reuse - will find their coins being stolen > it deserves serious attention Not really. The development of quantum computers which might be able to run Shor's algorithm is at least 60 years into the future, and is extremely unlikely to ever happen But here you are, another doom predictor posting the same urgency claim as we read here at lest once every week. Plus ça change, plus c'est la même chose Did you try reading all the other threads making exactly the same claim?

hollisimo

Not gonna happen. If QC breaks ECC tomorrow then pause mining at a given block till the replacement QC crypto is brought in ( there are options). Inconvenient, but not the end.

CoconutEven3404

Quantum computing is like a ticking time bomb for blockchain security. Its ability to break the cryptographic algorithms that most cryptocurrencies rely on is what has everyone on edge. The culprit? Elliptic Curve Cryptography (ECC). This is the tech behind generating private and public keys, authenticating transactions, and securing digital signatures. If quantum computers can crack this, we might as well throw blockchain security out the window. Possibly by 2028-2030. What are your thoughts on the long-term viability of the security and if they do crack the security how does crypto recover?

CoconutEven3404

Quantum computing is like a ticking time bomb for blockchain security. Its ability to break the cryptographic algorithms that most cryptocurrencies rely on is what has everyone on edge. The culprit? Elliptic Curve Cryptography (ECC). This is the tech behind generating private and public keys, authenticating transactions, and securing digital signatures. If quantum computers can crack this, we might as well throw blockchain security out the window. How do you feel about the possible long term threat to their security?

CoconutEven3404

Long term bear, volatility bull. I read a article that said Quantum computing is like a ticking time bomb for blockchain security. Its ability to break the cryptographic algorithms that most cryptocurrencies rely on is what has everyone on edge. The culprit? Elliptic Curve Cryptography (ECC). This is the tech behind generating private and public keys, authenticating transactions, and securing digital signatures. If quantum computers can crack this, we might as well throw blockchain security out the window.

Billy_Bowleg

The conspiracy theorist in me thinks this draw down is an exit of long-term holders motivated by the in-the-know intel on the arrival of Qday. Looking into it, the arrival of QC seems to be coming sooner than we all think. Many people choose to stick their head in the sand and not think about such a possibility. Or use whataboutisms like if QC arrives, the world is screwed anyways. This is fundamentally not true as we know PQC already exists and centralized institutions are already testing PQC in anticipation to protect customer assets. As it stands, BTC, its forks and other legacy chains protected by ECC type encryption are vulnerable and will remain vulnerable until drastic changes occur. Changes that will involve complicated migration of assets and/or consensus on difficult decisions that will fundamentally change the story. Personally I believe it be wise to hedge against this very real threat in this rapidly changing world. PQC is the future, DYR.

anymonero

The network traffic is encrypted with TLS, so you can't just read it with Wireshark but once ECC is broken, you can decrypt it because you could derive the shared secret. Though Firefox and Chromium already have post quantum TLS implemented through ML-KEM, so it's actually already fixed.

anymonero

What will be hit harder than the complete and irrecoverable destruction of the entire cryptocurrency system? Everything else that relies on ECC would only lead to privacy issues, not reset the entire economy.

Critical_Sun_7602

No where NEAR that fast though; None of those scale exponentially. None of those improve just because capital increases. We’re dealing with material science ceilings and thermodynamic ceilings, not tech hype cycle ceilings. Right now, we have 1 maybe 2 logical qubits after error correction in lab conditions. To break ECC we need thousands of logical qubits and millions of physical qubits, stable for hours, not milliseconds. There is no trend line, accelerated or otherwise, that bridges that gap in four years. None. You can throw $50B or even $100B at this tomorrow and you still can’t fix decoherence or error rates with money. I’m not saying it won’t happen. I’m saying the timeline isn’t remotely compatible with next cycle. The engineering, physics, and cryogenic demands make this a decades problem, not an election cycle problem. And so I disagree with you strongly.

Critical_Sun_7602

If only you knew how far away we are from efficient quantum computers that can even break ECC or other encryption algo’s , we can barely hold a few hundred stable qubits with our current tech, in order for quantum computing to even get close to cracking ECC and such will require an immense amount compute power, we can barely hold these stable for seconds let alone long enough to crack an algo like this, more to the point we need 100’s of thousands if not millions of stable qubits before this will happen. Though mark my words, the moment it does, the entire system and every security infra goes down at light speed.

HSuke

Nah, they'll be fine. Let's check some popular websites: * Chase, Ally, and Charles Schwab: Use TLS 1.3, X25519, and AES_256_GCM or AES_128_GCM * Coinbase & Kraken (and Reddit): Use TLS 1.3, X25519MLKEM768, and AES_128_GCM * **X25519** is ECC and vulnerable to quantum computing * **X25519MLKEM768** is post-quantum * **AES 128** might be vulnerable to quantum computing, but it depends on Grover's algorithm, which doesn't parallelize well * **AES 256** is not vulnerable NONE of the banks currently use PQC encryption. So we are screwed right? Nope. * First, banks can upgrade pretty easily with new SSL/TLS certificates. Just takes an IT support ticket. * Second, this is just for web traffic. Passwords and authentications keys are still strongly-hashed before they're transmitted. So even if they decrypt web traffic, they still can't get to the passwords from the hashes. I've decrypted web traffic before--all the login keys are still hashed. * The part they can steal are the session authentication tokens. * All banks use 2FA and conditional access. If an attacker takes over a session, they probably can't replay at their own computer because conditional access detects source locations and will require that new location to sign in again with a separate 2FA code. * Quantum computing still requires a super computer and weeks/months to break a single key. It's not instant cracking. * Attackers will go after big targets, not short ephemeral keys of end users. Bank access is the least of our worries. Dev authentication tokens are HUGE targets. Take over an important Github repository, and you can control half the Internet. * Session keys for banks are very ephemeral. Even if an attacker takes over a session, they only get short-term access. It's so not worth it. * The vector for attacks is expected to be "harvest now, decrypt later". Log web traffic now to be attacked later. These kinds of attacks are useless against going after session keys and ephemeral keys because they will be long-expired by the time of attack. After the first attack, many systems will upgrade.

AutoModerator

Post is by: tornavec and the url/text [ ](https://goo.gl/GP6ppk)is: /r/CryptoMarkets/comments/1p1tj23/buterin_warns_bitcoin_ethereum_could_die_by_the/ Vitalik Buterin has made a radical change to his forecast for the security of cryptocurrencies. Speaking at the Devcon conference, he claimed that Bitcoin and Ethereum could be susceptible to hacking within the next four years, by which time the next US presidential election will have taken place. The main threat comes from quantum computers. While he previously considered their emergence to be a distant prospect comparable to thermonuclear fusion, he is now calling for urgent action. The current encryption standard (ECC), on which almost the entire blockchain is based, may be compromised by new capabilities. The Ethereum founder insists that the industry must transition immediately to quantum-resistant cryptography. *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/CryptoMarkets) if you have any questions or concerns.*

Romanizer

Yeah, that's what I mean. Noisy qubits won't do anything with Bitcoins encryption. RSA is a joke in comparison. If they need 10 years for RSA, they won't even live to see ECC open public keys reverse engineered.

Romanizer

All the talks about quantum vulnerability are about ECC and known public keys. Most optimistic estimates of when we get enough error-free logical qubits (>2,300) in a quantum computer are at roughly 50 years. There is no computer with a single logical qubit that could operate with this algorithm today. However, most of satoshis addresses are P2PKH, so no visible public key (only the hash). This is some order magnitudes harder to do. Probably never. So if Google or IBM invest many trillions with the goal to crack Bitcoin in 50 years, they could very theoretically be able to get access to some of the first 50 BTC addresses and then probably take several days per key.

Cryptizard

No, AES is not broken by quantum computers. Only RSA and ECC.

iknewaguytwice

IBM, Microsoft, Google, and Amazon all have real, functional, quantum computers. IBM just used one of its quantum processors to generate a 34% speed increase in a bond trading algorithm over competing classical computers. That was in a system with WAY fewer qubits than what Google has been able to achieve. And unless you think The Guardian publishes fluff papers, or that peered reviewed scientific journals are not a legitimate source of information, the you can read all about the latest achievements of Google’s quantum system here : https://www.theguardian.com/technology/2025/oct/22/google-hails-breakthrough-as-quantum-computer-surpasses-ability-of-supercomputers Sure, these are specific algorithms. Just like Shors algorithm is one specific algorithm. 10 years MAX before RSA is being cracked commercially, likely far less before we see governments cracking it, due to the absolutely massive value and power that would give to an intelligence agency. But if you want to snuggle into your copium safety blanket and tell yourself that ECC is safe and that bitcoin is a future, then by all means.

RetiredAvocado

Bitcoin keys use ECDSA. All articles about "seized" bitcoin should be read as "surrendered" bitcoin. No they did not use some imaginary SHA256 backdoor to crack ECC based bitcoin keys. Those are not the same things. Pull up a grokipedia page on both and read them.

coinfeeds-bot

tldr; The article discusses the potential threats posed by quantum computing to Ethereum Virtual Machine (EVM) chains, which rely on elliptic curve cryptography (ECC) for security. Quantum computers could exploit vulnerabilities in ECC, making signatures and public keys susceptible to attacks. While post-quantum cryptographic (PQC) standards exist, implementing them across diverse EVM chains is complex and costly. Solutions include adopting PQC standards, leveraging account abstraction, and chain-specific adjustments. However, coordination challenges and operational costs remain significant hurdles for securing EVM chains against quantum risks. *This summary is auto generated by a bot and not meant to replace reading the original article. As always, DYOR.

detectiverylan12

"Quantum ready" is just marketing fluff. Since Bitcoin hasn't yet updated to be quantum ready, we don't know current wallets would support it. It uses conventional ECC and SHA-256 like any other wallet.

CoinMongerer

No one is arguing that the messages get sent quickly - SWIFT is primarily a messaging network. But it's NOT A SETTLEMENT SYSTEM. When you send money internationally, SWIFT only sends the message; the actual transfer occurs through correspondent banks, often taking 2–5 business days. Crypto enable p2p settlement without intermediaries, no matter the time or what day of the week it is. SWIFT won't be rendered obsolete because of latency limitations on SWIFTNet, or SWIFT FIN, or InterAct, or FileAct. It will be rendered obsolete in the same way high street travel agents were, and video rental stores, and print news papers and magazines. It will be rendered obsolete because Blockchain presents a superior proposition from the perspective of convenience. It will also be forced to go in the not so distant future as there's no extensibility built into it's systems and protocols, and therefore it will be rendered completely useless once quantum computers running Shor’s algorithm break it's RSA-2048 or it's ECC; this will occur in minutes once the computers reach sufficient qubit stability and scale. Keeta Network is extensible to support additional cryptographic algorithms and can be migrated to fully support post-quantum cryptography (PQC), including deprecating all algorithms which are not post-quantum cryptography. Ultimately, none of us know what will happen in the future. Everything at this point is just potential. But if you ACTUALLY READ THE WHITEPAPERS, you'll see that Keeta has that in heaps.

GERALD_64

Great question. The potential of quantum computing to undermine current cryptographic systems is not just a sci-fi idea; it poses a real risk to blockchains that depend on ECC, RSA, and others. I’ve researched more than just the well-known companies like IonQ and Rigetti. An interesting example is Quantum eMotion (QNC / QNCCF). They’re positioning themselves not as a computing company but as part of the security infrastructure for the quantum age, especially through quantum random number generation (QRNG) and encryption hardware and software integrations. What stood out to me is how the “security aspect” might be overlooked in these conversations. Everyone focuses on who makes the fastest qubit, but if quantum computers emerge without secure cryptography, we could face a disaster. Projects like QeM illustrate that the ecosystem needs to grow in several areas: compute, communication, encryption, and trust. Personally, I view the quantum field as a competition across the board computation and defenses. I’m maintaining a broad investment in the sector (crypto and quantum) while avoiding heavy concentration on any single bet.

Original-Assistant-8

And every crypto will say they have a plan. We'll see. It's not a simple switch, very disruptive to any signing with ECC

ImpossibleHodler

Seriously? If quantum computers break ECC, last thing people will worry is Bitcoin. The world would face a complete collapse of digital security infrastructure, rendering online banking, encrypted communications and critical systems like power grids vulnerable to attack. This would trigger massive financial losses, erosion of trust in digital systems and potentially force a global regression from digital to physical transactions until quantum-resistant cryptography can be deployed at scale.

jkl2035

I mean to topic for BTC if we start Talking about possible solutions just when we reach this 1k+ logical BTC State - Migration and pre-discussion about a solution will take way to Long (3-4y) I‘d wish to have a more neutral discussion about this topic in BTC community. It’s always in both extremes. Do we have an issue with quantum Security due to ECC - yes! Will it crash in the next 5y - probably no! Are there solutions available to make BTC quantum Secure - yes (99% sure) Will it take some while to implement - yes, probably 3-4y Imho we have to start now taking this serious and stop denying / ignoring - we have enough time if we start now!

HSuke

I wrote this for the CryptoTechnology sub awhile ago: **TL;DR**: Decentralization has become a **buzzword**. It's a relic of when all blockchains used PoW and Nakamoto Consensus protocols, which require decentralization. Newer PoS blockchains don't actually need full decentralization. Ultimately, what people really want are several aspects related to decentralization: **Safety, Anti-Censorship, Anti-Confiscation**. But newer blockchain security protocols can provide these properties with even light decentralization. ---------------------------- **The term "decentralization" has been OVERUSED as a buzzword so often in the crypto community that it has been decoupled from actual utility and meaning.** These are the traits people actually want instead of the "Decentralization" buzzword: * **Safety**: No bad/invalid transactions; no dangerous reorgs and double-spends * **Anti-censorship**: Transactions always go through in a timely and predictable manner * **Anti-confiscation**: No one can spend another entity's assets without permission. Nearly every blockchain has this property, so it's not a concern (until quantum attacks on ECC) * **Anti-corruption**: The governance or code of the system cannot be taken over by bad actors **There are many issues with over-simplifying this down to "decentralization"**: * It's possible to acquire those properties with very limited decentralization. * Decentralization by itself doesn't guarantee those properties. (Even with high decentralization, PoW blockchains can fail Safety and Anti-censorship due to selfish mining attacks and spam if the underlying protocol is vulnerable.) * The only part that truly requires decentralization is Anti-Corruption. The development needs to be decentralized (or immutable), and the only project that satisfies that property is Ethereum with its 10+ independent core dev client teams. Solana is trying to copy that concept by allowing for multiple nodes, but it's not quite there yet. * Decentralization is inefficient. There's a tradeoff between decentralization and scalability/mobility. Smaller teams develop faster than larger teams. Larger security is more expensive to maintain and slower to operate than small security. **Early PoW blockchains require decentralization** "Decentralization" matter greatly for PoW, longest-chain, heaviest-weight Nakamoto-Consensus protocols like Bitcoin where the winner takes all. It's an old-school idea that has still persisted because most PoW networks actually require decentralization to be secure. By design, they need it to avoid 51% attacks because the winning miner single-handedly has the full power to propose, sequence, reorganize, and validate blocks. In PoS consensus blockchains, those powers are usually separated to different groups. Ironically, despite aiming for decentralization, Bitcoin has some of the lowest true decentralization due to large, centralized mining pools, 98-99% of which are running a centralized Stratum v1 protocol. There is also centralized control over Bitcoin Core's repository by Blockstream and the ~5 members of Bitcoin Core's maintenance team. **Newer PoS blockchains get all the anti-censorship benefits of decentralization without needing to be fully decentralization** Later crypto projects (mostly using some variation of PoS) have vastly different protocols that are extremely resistant to attacks even without moderate decentralization. Their protocol are innately resistant to safety and censorship attacks by design. They have high safety thresholds. This is coupled with some form of anti-censorship block production like separation of powers (block producers are not block attestors) and high rates of block production/low block times. So they already have high security even without needing full decentralization.

ReallyOrdinaryMan

Nope, quantum computing is ineffective against security of banking systems. Closed and centralized system are not vulnerable to it. Its effective against blockchains, because how blockchain cryptography works (ECC).

ChillerID

He says: RSA-2048 and ECC-256 will be compromised in the next few years.

ConcernNormal9255

They are certainly not quantum proof. Their cryptography relies on ECC which is vulnerable.

Maybe_Factor

Some things are currently known to be vulnerable. Particularly RSA and ECC, which work on mathematical principles. Some trad fi relies on such algorithms, but it's entirely possible to build a system which doesn't.

Maybe_Factor

Only 50/50 risk? The algorithm already exists, it needs a quantum computer with a register of roughly double the qubits as the bits used in a bitcoin key (256 bit ECC key) and a register of qubits the same size of the key. So a 2 \* 256 qubit register and a 256 qubit register. IBM has a quantum computer with reportedly over 1000 qubits. The technology exists already to break bitcoin, someone just needs to put it to together and do it.

HSuke

ECDSA and all ECC protocols are the biggest concerns. Basically there will be super quantum computers with the power to crack a single message over the timeline of months or years. The attackers will need to pick big targets since the cost of attacking is high. The first targets will be major security-related organizations. Then maybe large Bitcoin addresses still using P2PK. But keep in mind that much of US government data is already FIPS-140 compliant of resistant to quantum computing. They have already been preparing. So perhaps Bitcoin will be among the first targets.

unthocks

I wouldn't even worry about that for the next 5-10 years. Quantum FUD pops up every cycle. Bitcoin runs on elliptic curve cryptography, and if quantum computers ever get strong enough to break that, the network can soft fork to a quantum-resistant algo. Your coins in a Trezor are fine unless you’ve already exposed the public key (by spending from that address). And no, governments aren’t secretly cracking Bitcoin in the basement — if they could break ECC, banks, military comms, and the entire internet would already be wrecked long before they touched your sats

coinfeeds-bot

tldr; IBM's recent success in breaking a 6-bit ECC key using a quantum computer highlights the potential threat quantum computing poses to Bitcoin's cryptographic security. While current quantum computers are far from capable of breaking Bitcoin's 256-bit keys, experts predict that such a threat could become real between 2027 and 2033. To mitigate risks, the Bitcoin community must adopt post-quantum cryptography and avoid address reuse, as approximately 33% of BTC are currently vulnerable to quantum attacks due to outdated practices. *This summary is auto generated by a bot and not meant to replace reading the original article. As always, DYOR.

Eastern-Smell6565

It's not that splitting into wallets magically makes ECC safe. It's about limiting the number of public keys that ever get revealed, and making sure big balances don't sit exposed after a spend. More addresses = less chance one key compromise dooms the whole treasury.