Coinbase have just posed a question Bitcoin has been dodging: what do we when wallets can be cracked by quantum computers?

Earlier today Coinbase's Independent Advisory Board on Quantum Computing published its second major report, this time, "Post-Quantum Migration and Abandoned Coins." It was a panel that included cryptographers and researchers from Stanford, UT Austin, the Ethereum Foundation, Eigen Labs and others. Their message was direct.

Today, no quantum computer would be able to break blockchain cryptography. Timelines are hard to estimate, so instead of arguing about the timing of the threat, it is now time for the crypto community to start preparing for it.

The technical threat is existential but not immediate. Cracking the elliptic curve cryptography underpinning Bitcoin wallets would take a fault-tolerant quantum computer of some 26,000 qubits running Shor's algorithm. The most powerful machines of today can have hundreds of physical qubits. The gap is enormous. However, Googles quantum research team has been shrinking the estimated resource needs faster than anyone anticipated and with it every major institution from NISTto the Quantum Safe Financial Forum has pushed that timeline out of theory and into feasibility within a decade.

The actual place where the risk really lies

The issue of who actually does pull the triggers on mining and block production? The proof-of-work system of Bitcoin uses hashing that can only be sped up slightly by quantum computer. The vulnerability is in wallets.

Each Bitcoin wallet uses a pair of keys. The private key signs transactions. The public key verifies them. So the public key itself remains hidden until you spend in almost all modern wallets. However, around 6.9 million Bitcoin remain on old wallet formats in which the public key is permanently displayed on the blockchain. Anyone can see it. If there only were a quantum computer to run Shor on, you could take that public key and chain it backwards until finding the private key, and drain the wallet.

A significant portion of this supply, roughly 1.7 million Bitcoin, currently lies within the oldest address type called P2PK (at the time the coins were created these public keys have been publicly visible). The majority of these are thought to be from BTC's first users, including wallets that have regularly been traced back to Satoshi.

Coinbase identified almost 20,000 public keys that had already leaked and were listed on their platform as exceptions.

The burden no one wants to handle.

The technical part of the solution is quite easy. From its inception, NIST has released standards for quantum resistant encryption. Ethereum has a migration roadmap. Some instances of such wallets have already been exploited on Solana and several other chains. The engineering can be taxing, if doable.

And now it turns unsurprisingly awkward: the governance question.

Q: What happens with the wallets of owners that never migrate?

Old wallets from 2010, people dying without giving away their keys, lost keys… they cannot move by themselves: just idle coins.

Two options:

The first is a burn policy. A long after, coins dependent on legacy cryptography become unspendable. And the rationale is close: if you keep these wallets open, it represents systemic risk because any future quantum assailant who drains those wallets effectively brings the entire network down.

The second is to do nothing. Support for quantum-resistant addresses while still allowing owners to maintain use of the old format at their own risk. The evil in this scenario is that it implies the ability for the network to ignore known weak points, with no time limit on how long they do so, whilst building a bigger pool of potentially-drainable coins as quantum computers become ever-more powerful.

The board made no move to take sides. This was described as a governance decision for each of the communities on these separate blockchains. What they were explicit about is that the technical migration work should kick off now, regardless of whatever governance decision gets made in an after-the-fact way.

The real-world limitation that no one has mentioned

The migration from one signature scheme to another in every single context and at all layers is not a software update. The post-quantum digital signatures are a lot bigger than the average one. Dilithium-3 signature: ~3.3 kb Currently you have a 64-ish byte ECDSA signature. One of the excerpts in the document cites that deploying quantum-resistant signatures state-wide on Bitcoin could increase block sizes to 38 times their current size. That translates to potentially higher transaction fees, slower confirmation times and larger storage requirements for every node in the network.

Bitcoin lends itself to extremely difficult discussion around scale because it has a decade of fractious arguments on how big blocks should even be, let alone the scale quantum migration requires. The advice from the board is that you start having it while there still is time for it to be done cautiously.

The question is not whether quantum computers will cross the threshold at some point or any time soon. But the board says it is highly confident that they will. The question is whether the crypto community has done the hard work in advance of then, or will they be reacting to their first serious wallet being emptied after that day arrives.

Retail jumps on SpaceX IPO

Jeff Bezos shuts down AI-induced job loss talk, predicts labor shortage instead

Jeff Bezos recently stated that artificial intelligence will result in labor scarcity and raise the global standard of living. He joins a growing number of tech leaders who are pushing back on fears that AI will lead to mass unemployment.

Join the Conversation!

We'd love to hear your thoughts and comments. Join our community and stay updated with the latest trends and discussions in crypto.

Twitter | Instagram | Telegram Channel | Linkedin | Facebook