The five key points of quantum threat

Author: David Christopher Source: Bankless Translation: Shan Ouba, Golden Finance

Nick Carter is one of the few high-profile Bitcoin insiders who is warning that quantum computing poses a threat to cryptocurrency. In the past few weeks, two major papers have been published, pulling the timeline of quantum threats from “the distant future” to “imminent,” and Carter also appeared on the Bankless show to break down its potential destructive power in detail. Taken together, both studies indicate that the hardware threshold required to crack the signature algorithms used by cryptocurrencies drops by 20 to 50 times, while the estimated attack window shrinks from months to just a few minutes.

Below are five key takeaways.

Google paper completely rewrites the Bitcoin threat model

Until not long ago, the mainstream consensus in the research community was: the first quantum attack against blockchain encryption algorithms would take weeks or even months, and would require millions of qubits (qubits being the core computing unit of a quantum computer).

These parameters had created what looked like a secure buffer for the industry.

But a Google paper jointly written by cryptographers Dan Boneh, Craig Gentry from Google’s Quantum AI team, and Justin Drake, a researcher at the Ethereum Foundation, directly tore up that “safety net.” Previously, it was estimated that executing the attack would require hundreds of thousands of physical qubits; the Google paper reduces this threshold by about 20 times and compresses the attack window to break the ECDSA algorithm to only 9 minutes. ECDSA is the cryptographic signature mechanism relied on for authorizing every transaction on both Bitcoin and Ethereum. Another paper from at least Atom Quantum and the California Institute of Technology reaches an even more aggressive conclusion: using a different hardware setup, it would take only 10k physical qubits to break the same encryption algorithm.

And the type of hardware of this category that exists today worldwide has a maximum compute power of up to 6,000 qubits.

2029 may be the true deadline

Bitcoin holders, and even some developers, generally believe that “Quantum Day” (the day when quantum computers can practically break Bitcoin’s encryption algorithms) will arrive gradually—meaning we can watch the technology iterate and have enough time to prepare, with the target nodes arriving years later.

But Carter says the Google paper points to the opposite conclusion: Quantum Day will arrive suddenly in the form of a threshold-based event. Once large-scale quantum error correction technology achieves a breakthrough, the process from low-intensity attacks to fully cracking 256-bit keys will accelerate rapidly.

Another detail worth noting: the Google team did not publish the specific quantum algorithms, only a zero-knowledge proof—verifying its validity without revealing the underlying algorithmic principles, essentially choosing to keep the ace up their sleeve. Both papers were released after consultations with the U.S. National Institute of Standards and Technology (NIST) and the National Security Agency (NSA). Carter expects that formal review and control mechanisms may be introduced afterward; at that point, the outside world will have no idea about progress in quantum technology, leaving only the division between “before” and “after.”

Google has moved up its internal quantum technology transition deadline to 2029; the U.S. government requires critical systems to complete upgrades before 2030. A paper from Chaincode Labs estimates that, under normal pace, migrating to a post-Bitcoin-quantum era would take 7 years, and even with an urgent push it would still take 2 years. Carter believes Bitcoin migration cannot be completed before 2030—one year later than Google’s own deadline.

9-minute attacks are enough to upend everything

The Google paper reveals an attack path Carter previously believed to be extremely unlikely from a probabilistic standpoint.

When you send Bitcoin, your public key is briefly exposed to the network before the transaction is confirmed. According to the calculations in the Google paper, a quantum computer can crack the private key within this confirmation window and broadcast a competing transaction to steal the funds before the original transaction completes. No matter how carefully you operate your wallet—using new addresses or other measures—the attack surface within that window will render those protections ineffective.

The entire network must complete the post-quantum upgrade 100% before hardware capable of carrying out such attacks is available; otherwise, no transaction can be considered secure.

The debate over Satoshi tokens

A total of 6.9 million Bitcoins (one-third of the total supply) are stored in addresses where the public keys have already been exposed. Of these, 2.3 million belong to Satoshi’s early blocks or are identified as lost tokens with no corresponding private-key holders, meaning they can never be actively migrated.

For this portion of assets, the Google paper proposes four solutions:

1. Do nothing

2. Permanently burn

3. Set spending rate limits

4. Move to sidechains, where holders can redeem via cryptographic proof

Carter expects institutional forces will push for the second option.

He predicts that the world’s 10 to 20 largest Bitcoin custodians (including BlackRock, Coinbase, etc.) will sign a joint statement, claiming they will only support forked chains that destroy dormant tokens. That forked chain would become the legitimate Bitcoin, while the original chain would be discarded, and Bitcoin’s total supply would be reduced from 21 million to about 19 million. Carter says that this would amount to “completely breaking our original promises,” or perhaps becoming the largest “theft” in human history.

But the deeper issue is that Bitcoin lacks a mechanism to make decisions like this. Over the past decade, the Bitcoin network has only completed two protocol upgrades—2017 SegWit and the 2021 Taproot upgrade—and the process by which consensus was reached in both cases was completely different. In addition, Carter says core developers have been forced to retreat due to legal threats and network harassment, abandoning their proactive leadership over the protocol. He describes the current situation as a power vacuum: influential groups refuse to take responsibility, and the decision-making channel they point to—“community will”—in reality has no real-world execution mechanism.

Every step of post-quantum migration—including reaching action consensus, selecting signature algorithms, migrating 50 million addresses, and handling Satoshi tokens—will get stuck in this broken governance system.

Ethereum may be even better positioned

In the podcast, Carter, who considers himself a steadfast Bitcoin supporter, also admits that even if he doesn’t want to see it, Ethereum still has a possibility of overtaking Bitcoin to top the crypto market.

To be sure, Ethereum’s engineering overhaul is larger: besides upgrading wallet signatures, it also requires changes to the consensus layer and Rollup Layer 2 networks. But the Ethereum Foundation has already published a clear roadmap; Justin Drake himself also participated in writing the Google paper. And the feature of account abstraction means that replacing signature algorithms does not require changing users’ addresses, making operations more convenient.

Carter ultimately draws the same conclusion: Ethereum has a wider quantum attack surface than Bitcoin, but stronger and more unified community leadership makes up for that shortcoming. He praises the Ethereum Foundation and contrasts Ethereum with the current state of Bitcoin—saying that today only he and a few others are worrying about quantum threats.

So far, Bitcoin has avoided several crises by refusing radical change. But the quantum threat seems likely to severely punish this conservative inertia, and the public chain that completes the transition first will come to dominate the shape of the crypto industry after the quantum era.