The rise of the quantum threat: Could cryptocurrency become worthless?

Original: Odaily Planet Daily Azuma

Recently, the threat of quantum computing to cryptocurrencies has once again become a hot topic on external forums. The reason for this renewed attention is that several key figures in the quantum computing and cryptocurrency industries have consecutively made new predictions about the development process and potential capabilities of quantum computing.

First, on November 13, Scott Aaronson, a renowned expert in quantum computing and director of the Texas Quantum Information Center, mentioned in an article: “I now believe that before the next U.S. presidential election, we may have a fault-tolerant quantum computer capable of running Shor’s algorithm……”

Then, on November 19, Vitalik Buterin, co-founder of Ethereum, also spoke at the Devconnect conference in Buenos Aires, stating that elliptic curve cryptography (ECC) might be cracked by quantum computers before the 2028 U.S. presidential election, and urging Ethereum to upgrade to quantum-resistant algorithms within four years.

What is the quantum threat?

Before interpreting Scott and Vitalik’s predictions, we need to briefly explain what “quantum threat” means.

In short, the quantum threat to cryptocurrencies refers to the possibility that, in the future, sufficiently powerful quantum computers could break the cryptographic foundations that currently protect cryptocurrency security, potentially destroying its security model.

Currently, almost all cryptocurrencies (such as Bitcoin and Ethereum) rely on a technology called “asymmetric encryption,” which includes two critical components: “private key” and “public key”:

• Private key: kept secret by the user, used to sign transactions, proving ownership of assets;
• Public key: generated from the private key, can be shared publicly, used as a wallet address or part of it.

The cornerstone of cryptocurrency security is that deriving a private key from a public key is computationally infeasible today. However, quantum computing, or exploiting quantum mechanics principles, can greatly accelerate solving certain mathematical problems by running specific algorithms (like the aforementioned Shor’s algorithm), which is the weakness of asymmetric encryption.

Let’s continue by explaining what Shor’s algorithm is. Avoiding overly mathematical details, in simple terms, Shor’s algorithm can convert a mathematically “almost unsolvable” problem on classical computers into a “relatively solvable” periodicity problem on quantum computers, thus potentially threatening the existing “private key - public key” cryptosystem of cryptocurrencies.

To give a more understandable example: imagine you have a basket of strawberries (private key category) and want to turn it into jam (analogous to public key). It’s obvious you can’t reverse the jam back into strawberries. But if a hacker suddenly gets a cheat (analogous to quantum computing), they might be able to do it via a shortcut (analogous to Shor’s algorithm).

Is the foundation of cryptocurrencies being shaken?

If so, does that mean cryptocurrencies are doomed?

Don’t panic. The quantum threat objectively exists, but the problem isn’t as urgent as it seems. There are two main reasons. First, there is still time before the real threat arrives; second, cryptocurrencies can upgrade to quantum-resistant algorithms.

Regarding the first point, even if Scott’s prediction comes true before the 2028 election, it doesn’t necessarily threaten the security of cryptocurrencies; Vitalik’s statement does not imply that Bitcoin and Ethereum’s fundamentals will be shaken, but only points out a theoretical risk in the distant future.

Haseeb, managing partner at Dragonfly, explained that there’s no need to panic about the new timeline for quantum computing; running Shor’s algorithm does not mean cracking a true 256-bit elliptic curve key (ECC key). You can use Shor’s algorithm to crack a single number—that’s impressive enough—but factoring a number with hundreds of digits requires vastly larger computational scale and engineering capability. This is worth serious attention but is not imminent.

Cryptocurrency security expert MASTR provided a clearer mathematical perspective: cracking the elliptic curve digital signature algorithm (ECDSA) used by Bitcoin, Ethereum, and others requires about 2300 logical qubits, 10¹² to 10¹³ quantum operations, and after error correction, millions or even hundreds of millions of physical qubits. However, current quantum computers have only 100–400 noisy qubits, with high error rates and short coherence times—still at least four orders of magnitude away from what is needed to break these cryptosystems.

As for the second point, industry cryptographers are developing new post-quantum cryptography (PQC) algorithms capable of resisting quantum attacks, and mainstream blockchains are already preparing for this.

As early as last March, Vitalik authored an article titled “If Quantum Attacks Come Tomorrow, How Should Ethereum Respond?”, which discussed the resistance effects of Winternitz signatures, STARKs, and other quantum-resistant techniques, even imagining how Ethereum might urgently upgrade in case of emergency.

Compared to Ethereum, Bitcoin may be less flexible in upgrading, but the community has already proposed multiple potential algorithm upgrades such as Dilithium, Falcon, and SPHINCS+. Recently, with discussions intensifying, Bitcoin OG Adam Back also stated that post-quantum encryption standards could be implemented long before a substantial quantum threat materializes.

In summary, the quantum threat is like a “master key” hanging in the distance, theoretically capable of unlocking all current blockchain cryptography. But the lockmakers have already started developing new locks that this master key cannot open, and are preparing to replace all old locks before the key is ready.

This is the current objective reality of the quantum threat. We should not ignore its progress, but also do not need to panic blindly.