Bernstein: Bitcoin has 3-5 years to counter quantum risk

Bernstein analysts say Bitcoin has roughly three to five years to upgrade its cryptographic protections against attacks from powerful quantum computers. In a research note, they identified the elliptic-curve signature scheme (secp256k1) used by Bitcoin as vulnerable once quantum hardware reaches sufficient scale and error correction.

The analysts highlighted Shor's algorithm, which can derive private keys from public keys on a large, error-corrected quantum computer. Bitcoin transactions reveal public keys when funds are spent and those keys are permanently recorded on the blockchain. That allows attackers to collect public keys today and attempt key recovery later when quantum machines are capable.

Bernstein based the three- to five-year window on observed advances in quantum hardware and the time required to design, test and deploy post-quantum cryptography at scale. The note recommends that custodians, exchanges, wallet developers and node operators plan now and prepare migration paths to quantum-resistant signature and key-exchange schemes.

Practical risk varies by address type and behavior. Funds tied to addresses that have already published a public key on-chain face higher near-term risk because their public keys can be gathered now. Addresses that have shown only a hashed public key remain safer until the underlying key is revealed by a spend. The analysts noted that key reuse, long-lived custodial addresses and widely distributed public-key records increase exposure.

Changing Bitcoin's cryptography will require protocol work and broad agreement among developers, miners and users. The note described technical options including adding post-quantum signatures alongside existing signatures, introducing new address formats that use quantum-resistant algorithms, and building migration tools for custodians to rotate keys into quantum-safe storage.

Standards bodies have advanced several post-quantum candidates in recent years, providing algorithms for testing. Bernstein recommended a staged rollout to allow testing of wallet software, hardware security modules and exchange custody systems before any large-scale switch. Immediate operational steps the report outlined include limiting key reuse, moving funds from addresses that have revealed public keys where practical, and auditing third-party custody arrangements.

The analysts framed the timeline as a planning horizon rather than an immediate crisis. Current quantum devices have not reached the scale and error-correction levels required to run Shor's algorithm on Bitcoin key sizes in practice. The note added that blockchain records are public and permanent, and that cryptographic upgrades and coordinated operational changes can take years to complete.