The risks that quantum computing poses to Bitcoin are not uniform and do not affect the entire network equally. This is the conclusion of a report from Galaxy Digital published on March 19th, which claims that while the threat exists, it is limited to certain specific cases and that the entire system cannot be compromised at this time.
The main points of the analysis presented by Will Owens, the company’s analyst, are as follows. Bitcoin uses public-key cryptography to protect funds, and transactions expose public keys that advanced quantum computers could theoretically use to derive private keys and control funds. but, This is only possible if the public key is already publicly available on the network.
This makes an important difference. Most Bitcoin addresses do not publish their public keys, and the public key is only made public when funds are spent. Therefore, the Bitcoins stored in the address will never be used Stay protected against theoretical quantum attack scenarios.
Instead, the risk is concentrated on addresses to which the public key has been exposed, either through reuse or because it belongs to an older format. According to estimates cited in the Project Eleven report. Up to 7 million BTC can fall into this categorywhich represents the relevant portion of the supply, but not the total.
another risk exists at the address revealed by mempool; that is, when a transaction is signed but not yet included in the blockchain. In this scenario, the public key is exposed when you try to spend the funds, but the quantum computer only has the time it takes to decrypt the private key and steal the funds (the time it takes for the transaction to be mined into the next block).
With this approach, Galaxy Digital classifies threats as “selective.” This varies depending on the state and purpose of each address. This is not due to a structural flaw in the protocol.. Therefore, not all users are exposed to the same level of risk.
The report also details possible mechanisms to reduce the risk of public key disclosure.
- BIP-360– Use a new address format, Pay-to-Merkle-Root (P2MR). This does not reveal the public key when sending transactions.
- hourglass– Acts as a timer to delay public key disclosure, preventing a quantum attacker from gaining immediate access to the public key. You can stagger times when your funds may be vulnerable.
- Sphinx+ / SLH-DSA: son Quantum Computer-Resistant Digital Signaturesan alternative to the current Bitcoin cryptocurrency. This means that even if someone had an advanced quantum computer, they would not be able to derive the private key from these signatures.
- Commit/Publish function: This technique allows you to “lock” your funds and release them only under safe conditions. Even if your key is exposed, your funds will not be lost as the system requires additional steps to access it.
- Zero-knowledge proof using seed phrases– Allows users to prove ownership of funds without presenting the private key. Therefore, sensitive information is not exposed on the network and is less likely to be exploited by quantum attacks.
In this report, quantum computing There is still no practical ability to exploit these vulnerabilities at scale. Although a scenario in which a quantum machine could break Bitcoin encryption is considered possible, its development remains uncertain and could take years or decades.
This point is consistent with previous analysis. As reported by CriptoNoticias, both companies, including Ark Invest, have suggested that quantum risks are real but long-term, while figures such as Michael Saylor have downplayed the urgency of this scenario when compared to other more pressing technological threats.
In parallel, the Galaxy Digital document highlights that the Bitcoin developer community is already working on possible solutions, including the adoption of post-quantum cryptography and security mechanisms such as BIP-360. Transferring funds from vulnerable addresses to more secure addresses.
In doing so, the report frames this challenge as a long-term engineering and coordination problem rather than an immediate crisis. As a result, according to the company, Depends on the ability of the ecosystem to implement the changes before the threat materializes.
(Tag translation) Bitcoin (BTC)
