Ark and Unchained argue that around a third of the Bitcoin supply is still vulnerable to quantum threats in the future, although the risk is still years away.
Ark Invest, a US investment firm, says that most of the Bitcoin supply is already protected from the quantum computing breakthrough. This gives builders plenty of time to quantum-proof the balance of the supply.
Ark Invest and Unchained, a financial services business that focuses on Bitcoin, presented a white paper on Wednesday that said that roughly 65.4% of the Bitcoin (BTC $70,426) supply is not at risk of a quantum computing breakthrough. However, about 34.6% of the BTC supply is still at risk.
This includes about 5 million BTC, or 25% of the total supply, that are thought to be able to be moved because addresses are reused. It also includes 1.7 million BTC, or 8.6% of the supply, that are thought to be lost in P2PK (Pay To Public Key) addresses, which were the first type of transaction script on the Bitcoin blockchain and locked funds directly to public keys. The address type P2TR (Pay To Taproot) makes it possible to move another 200,000 BTC (around 1%).
The paper said that this supply would be open to quantum theft if quantum computers could crack Bitcoin’s elliptic curve cryptography (ECC). This would need roughly 2,330 logical qubits and tens of millions to billions of quantum gates.
The paper’s estimates are much broader than those in a CoinShares report from February, which said that only 10,200 BTC, or 0.05% of the total supply, is vulnerable to quantum attacks. This is despite the fact that legacy P2PK addresses have a much bigger theoretical risk.
Chicago-based PsiQuantum is building the first quantum computer facility with one million physical qubits, which is the same as tens of billions of regular computers. It is slated to be ready in 2027. The company raised $1 billion from BlackRock-linked funds.
Source: Ark Invest, David Puell
Quantum computing seen as a long-term risk
Ark’s white paper says that quantum dangers will change over time with “many intermediate warning signals” instead of a sudden single point of failure.
The report says that quantum breakthrough is still a “long-term risk” and not an immediate threat to the Bitcoin network. This allows the community time to “research and make plans for protecting the network” against the slow growth of quantum capabilities.
Ark Invest thinks that quantum computing would go through five stages of progress. However, they say that only the last step will make ECC break faster than Bitcoin’s 10-minute block duration.
Bitcoin stored in addresses that are vulnerable to quantum computers shouldn’t be at risk until stage 3, when a quantum computer can break the 256-bit ECC key.
The white paper predicted that the first public key might be broken in the middle of the 2030s, based on a goal set by businesses like Google, IBM, and Microsoft.
Transition to Quantum-safe cryptography could be complex
The initiative will force Bitcoin to use post-quantum cryptography (PQC), like the SLH-DSA hash-based signature and the ML-DSA lattice-based signature.
Ark Invest said that those standards make them confident in the capabilities of post-quantum cryptography. They also warned that upgrading to PQC at the consensus level would be harder because Bitcoin’s decentralised governance structure requires the majority of network participants to agree to a soft fork.
The report argued that Bitcoin will need quantum-safe address formats and, eventually, post-quantum cryptography. One of the draft paths under discussion is BIP-360. It suggests a Pay-to-Merkle-Root output type that would lower long-exposure quantum risk by getting rid of Taproot’s key-path vulnerability. However, it does not add post-quantum digital signatures.
Chris Tam, president and head of quantum innovation at BTQ Technologies, says that BIP-360 is not the definitive answer to Bitcoin’s quantum threat, though.