US investment manager Ark Invest claims that the bulk of Bitcoin’s supply is already immune to quantum computing advances, leaving plenty of warning signals for developers to quantize the rest of the supply.
About 65.4% of the Bitcoin (BTC) supply is not vulnerable to the threat of quantum computing advances, but about 34.6% of the BTC supply remains at risk, according to a white paper published Wednesday by Ark Invest and Bitcoin-focused financial services firm Unchained.
This includes approximately 5 million BTC or 25% of the total supply that is expected to be transferred due to the reuse of addresses and 1.7 million BTC or 8.6% of the supply that is lost in P2PK (Pay To Public Key) addresses, the first form of transaction script on the Bitcoin blockchain that directly ties funds to public keys. Another 200,000 BTC (about 1%) is considered transferable due to the P2TR (Pay To Taproot) address type.
The supply would be vulnerable to quantum theft if quantum computers could crack Bitcoin’s elliptic curve cryptography (ECC), which requires about 2,330 logic cubes and tens of millions to billions of quantum gates, the report said.
“However, their practical feasibility requires quantum systems, which will take a long time to reach the level of performance that our research suggests.”
The paper’s estimates are much broader than a February analysis by CoinShares, which said that the actual market share of quantum vulnerable Bitcoin is about 10,200 BTC, or about 0.05% of the supply, although legacy P2PK addresses represent a much larger theoretical exposure.
Separately, the first quantum computing facility with one million physical cubes (equivalent to tens of billions of conventional computers) will be completed in 2027 by Chicago-based PsiQuantum, which has raised $1 billion from BlackRock-related funds.
Quantum breakthrough remains a “long-term risk” for Bitcoin
Ark’s white paper argues that quantum risks will evolve over a long period of time with “many intermittent warning signals,” rather than a sudden tipping point.
related to: Cathy Wood Says ARK’s $1.5M Bitcoin Bull Price Hasn’t Changed As Markets Eyeballed
Quantum development remains not an imminent threat to the Bitcoin network, but a “long-term risk” that will give the community time to “research and develop plans to protect the network” from the long-term development of quantum capabilities, the article says.
Ark Invest envisions five stages for quantum computing advancements, but said only the final stage of advancements will break ECC faster than Bitcoin’s 10-minute block time.
Bitcoin, which is stored in quantum-vulnerable addresses, should not be compromised until phase 3, when a quantum computer breaks the 256-bit ECC key.
The white paper says the first public key could be cracked in the mid-2030s, citing a consensus goal by companies including Google, IBM and Microsoft.
Bitcoin should implement quantum address formats despite governance issues
Quantum computers will inevitably reach stage 4 and threaten the Bitcoin network, which means that Bitcoin will have to implement a quantum address format, the paper says.
This measure requires the integration of post-quantum cryptography (PQC) into Bitcoin, such as the lattice-based ML-DSA signature scheme and SLH-DSA-based hash signature.
“Those standards give us confidence in the capabilities of post-quantum cryptography,” wrote Ark Invest, warning that the upgrade to PQC at the consensus level will be more difficult due to the decentralized governance structure of Bitcoin, which requires the majority of network participants to agree on a soft forest.
The paper says Bitcoin will eventually need quantum address formats and eventually post-quantum cryptography. One design under consideration, the BIP-360, offers a type of Pay-to-Merkle-Root output designed to reduce long-term quantum risk by eliminating the Taproot keypath vulnerability, although it does not itself add post-quantum digital signatures.
related to: Whale’s $9B Bitcoin Sale Wasn’t Due to Quantum Concerns: Galaxy Digital
However, according to Chris Tam, president and head of quantum innovation at BTQ Technologies, BIP-360 is not the ultimate solution to Bitcoin’s quantum threat.
“The proposal introduces a new address format, but critically does not include post-quantum digital signatures, which are essential for any long-term defense against quantum attacks,” he told Cointelegraph.
Magazine: Wikipedia may take 7 years to upgrade to post-quantum: BIP-360 co-author
