Bernstein: Bitcoin has 3-5 years to counter quantum risk

Bernstein analysts warned in a research note that Bitcoin has roughly three to five years to update its cryptography before quantum computers could feasibly attack the signature schemes that protect private keys. The firm pointed to Shor’s algorithm as the main threat to elliptic-curve signatures such as ECDSA and secp256k1, which secure most Bitcoin addresses.

The analysts outlined two practical attack paths. A quantum adversary that runs Shor’s algorithm against a public key could derive the corresponding private key and spend funds tied to that address; the risk is highest for addresses that reveal their public key on-chain when coins are spent. Advances in quantum search methods could also reduce the cost of collision or preimage attacks against Bitcoin’s hash functions, but Bernstein described those as a secondary concern compared with signature-breaking attacks.

Bernstein tied the limited window to projections for when quantum hardware will reach the scale and error correction needed to run Shor’s algorithm. Building a fault-tolerant machine capable of such attacks likely requires thousands to millions of physical qubits and substantial error correction, the note states. The firm warned that unexpected breakthroughs could shorten the timetable.

The research outlined practical challenges to migrating a decentralized ecosystem to post-quantum cryptography. Wallet developers must update key generation and signing libraries, custodians must change custody processes, exchanges must implement new address formats, and miners and full-node operators must coordinate any protocol-level changes. Bernstein wrote that those steps require multi-year planning.

Mitigation options available today include moving funds from addresses that have already exposed a public key into fresh addresses that do not reveal the key, and adopting post-quantum signature algorithms emerging from recent standardization efforts. The note emphasized the need for testing, standardization and production deployment in wallets and custody systems.

Bernstein recommended that custodians review address hygiene, accelerate plans to support quantum-resistant signatures and participate in industry-wide testing and upgrades. The analysts concluded that coordinated action across wallets, exchanges and infrastructure providers will be required to move large volumes of bitcoin into schemes designed to withstand a future quantum adversary.