A new brief from the Bitcoin Policy Institute argues that recent advances in quantum computing have accelerated the time when Bitcoin cryptography faces a credible threat, while stressing that developers are already preparing solutions.
In its report, State of Play: Quantum Computing and Bitcoin’s Path Forward, the Bitcoin Policy Institute points to two research papers published on March 31 by Google and the California Institute of Technology that reshape long-held assumptions about the computing power needed to crack Bitcoin’s encryption.
For years, estimates have shown that an attacker would need about 10 million qubits to exploit Scholl’s algorithm and compromise Bitcoin’s security model. According to a Bitcoin Policy Institute analysis of Google’s findings, that threshold could be reduced to less than 500,000 qubits. Another paper involving the California Institute of Technology and the University of California, Berkeley, shows that specialized quantum systems could lower that requirement further to the range of 10,000 to 26,000 qubits.
The Bitcoin Policy Institute notes that although the two papers take different approaches (one emphasizes software efficiency, the other emphasizes hardware design), they reach the same conclusion: the resources required for quantum attacks are decreasing.
Despite this change, the organization emphasizes that Bitcoin is not under any immediate threat. Current quantum machines remain far below the levels outlined in the research. Google’s most advanced processor, Willow, runs on just over 100 qubits, leaving a huge gap between theory and real-world capabilities.
Still, the Bitcoin Policy Research Institute views this finding as a signal that preparations need to continue at a rapid pace. This report highlights ongoing efforts within the Bitcoin developer community to address the long-term risks associated with quantum computing.
BIP-360 is central to this work. It’s a proposal that the Bitcoin Policy Institute describes as one of the most active areas of development in the protocol’s history. The proposal introduces a new address format that prevents public keys from being exposed during transactions, removing a key vulnerability that could be exploited by quantum attackers.
The Bitcoin Policy Institute points out that the testnet, which was launched in March, already has over 50 miners and 100 cryptographers participating. The group claims that the level of participation reflects strong collaboration among technology contributors.
The report also highlights that Bitcoin’s existing architecture provides flexibility. Taproot upgrades enabled in 2021 include the ability to support quantum-resistant verification methods through alternative spending terms.
Beyond the Bitcoin ecosystem, the Bitcoin Policy Institute places this issue in a broader policy context. The National Institute of Standards and Technology completed a post-quantum cryptography standard in 2024, providing tools that can be adapted to Bitcoin. Federal agencies have a 2035 deadline to transition to quantum-proof systems, while Google has set an internal goal of 2029.
Bitcoin’s decentralized structure is a challenge
The Bitcoin Policy Research Institute emphasizes that Bitcoin’s decentralized structure poses distinct challenges. Unlike governments and businesses, networks cannot force upgrades. Any changes must emerge through agreement between the participants.
Still, the report points to past upgrades as evidence that adjustments are possible. The Bitcoin Policy Institute argues that with quantum security, incentives are aligned across the network because all stakeholders rely on maintaining the integrity of the system.
The report concludes that while the quantum threat is not imminent, the timeline is tight. In the Bitcoin Policy Institute’s view, technical solutions are already taking shape, and the focus now shifts to how the network reaches consensus on deployment.
Yesterday, a new research proposal from StarkWare’s Avihu Levy introduced “Quantum Secure Bitcoin” (QSB), a scheme designed to protect Bitcoin transactions from future quantum attacks without changing the network’s core protocols.
This approach aims to move security away from weak ECDSA signatures to hash-based assumptions, protecting against threats like Shor’s algorithm while remaining compatible with Bitcoin’s existing system.
