Non-profit organization Presidio Bitcoin has released a technical report examining the growing threat quantum computers pose to the Bitcoin network. The report assesses current quantum capabilities, estimates how much Bitcoin value is at risk, explores existing mitigation options, and discusses how the ecosystem could coordinate a software update and migration.
Why Upgrades Are More Difficult in a Decentralized System
The report starts with a basic observation: Bitcoin is software, which is both its strength and its weakness. As a system of code, Bitcoin is relatively easy to transfer, verify, and hold. However, it also inherits the digital risks associated with cryptography. One of the most significant risks, discussed since Bitcoin’s early days, comes from cryptographically relevant quantum computers (CRQCs).
In theory, a CRQC could break the elliptic curve cryptography that secures Bitcoin by deriving private keys from public keys. The report emphasizes this would primarily enable the quantum-powered theft of coins linked to exposed public keys.
While the report argues that Bitcoin’s technical toolkit for mitigation is broad and achievable today, the path forward is less straightforward than for centralized systems. In centralized environments, coordination can be directed more easily. With Bitcoin, coordinating upgrades across developers, users, wallets, custodians, and infrastructure is inherently more complex. There is also the risk of making changes too early, too quickly, or in a way that introduces new vulnerabilities. Presidio also notes that post-quantum cryptographic schemes come with meaningful trade-offs, both technical and practical for the ecosystem.
6.5 Million Bitcoin Could Be at Risk
The core vulnerability stems from Shor’s algorithm. Presidio explains that a sufficiently powerful quantum computer could run this algorithm to derive private keys from exposed public keys.
The report provides a stark estimate of the potential impact. If a cryptographically relevant quantum computer existed today, approximately 6.5 million BTC—about one-third of the total supply—would be immediately vulnerable to theft. More than two-thirds of this exposure, roughly 4.5 million Bitcoin, is due to address reuse. The report notes that much of this reuse is concentrated among a small group of large custodians who employ the practice for simplicity.
While this concentration increases the risk, Presidio points out that this portion can be reduced without any protocol change. The mitigation is conceptually simple: rotate funds to fresh addresses.
The remaining structural exposure is different. Presidio estimates that 1.72 million BTC resides in legacy pay-to-pubkey (P2PK) outputs, most of which are presumed lost. The report also clarifies that addresses which have never been spent, and where only a hash of the public key is visible on-chain, are not considered vulnerable under current understanding.
The Uncertain Timeline for CRQCs
A major focus of the report is the uncertainty surrounding timing. Presidio stresses that the timeline for CRQCs remains unclear, with expert surveys estimating about a 50% probability of such machines emerging between 2030 and 2035.
Nevertheless, Presidio outlines a concrete strategy for the Bitcoin network’s path forward. It involves deploying post-quantum signature schemes via a soft fork, rather than a disruptive hard fork.
Activation timing is critical. Presidio states that the Bitcoin ecosystem will likely complete the activation of post-quantum signatures well before a CRQC threat materializes. However, the Chaincode playbook—referenced in the report—suggests activation could occur around months 6–7 if it doesn’t happen sooner.Migration would follow. Featured image from OpenArt, chart from TradingView.com.
Frequently Asked Questions
Of course Here is a list of FAQs based on a report like Presidio Bitcoins Findings on Quantum Computing Assessing the Threat and Planning Ahead designed to be clear and accessible
Beginner Fundamental Questions
1 What is the main concern about quantum computing and Bitcoin
Quantum computers once sufficiently powerful could potentially break the cryptographic lock that protects your Bitcoin address allowing someone to forge a transaction and steal your funds
2 I keep my Bitcoin in a wallet Am I safe
It depends on how you use it If you have only ever received Bitcoin to an address and never sent from it your public key isnt visible on the blockchain and you are considered safe for now The risk arises when you send a transaction as that action exposes your public key
3 Is my Bitcoin going to be stolen tomorrow
No The consensus among experts including reports like Presidios is that a quantum computer powerful enough to threaten Bitcoins cryptography is still years likely a decade or more away This is not an immediate emergency but a longterm planning issue
4 What is postquantum cryptography
Its a new generation of encryption algorithms designed to be secure against both traditional and quantum computers Its the upgraded lock that will need to be installed on Bitcoin and other systems in the future
Intermediate Technical Questions
5 Does this break Bitcoins mining and the blockchain itself
The primary threat is to wallet security Bitcoins ProofofWork is also vulnerable to quantum speedup but its a lesser concern A quantum computer could mine faster but it wouldnt break the historical ledger The signature problem is more urgent for user funds
6 What does store coins in a P2PKH address mean
This is the most common legacy Bitcoin address The report likely highlights that these addresses reveal your public key when you spend making them more vulnerable in a quantum future compared to newer native SegWit addresses
7 What is a quantumresistant signature scheme and how would Bitcoin adopt it
Its a cryptographic signature that a quantum computer cannot