Close Menu
Crypto Valley Journal
    Facebook X (Twitter) Instagram
    Crypto Valley Journal
    • Hot Topics
      • News
      • Minds
    • Focus
      • Background
      • Blockchain
      • Legal & Compliance
      • Non-Fungible Token (NFTs)
    • Investing
      • Markets
      • Financial Products
      • Decentralized Finance (DeFi)
      • Exchange overview
    • Education
      • Basics
      • Glossary
      • Politicians on crypto
    • Statistics
      • Bitcoin-ETF-Flows
      • Ethereum-ETF-Flows
      • Crypto market data
      • On-chain data
    • Academy
      • Overview
      • Part 1: Blockchain
      • Part 2: Money
      • Part 3: Bitcoin
      • Part 4: Cryptocurrencies
      • Part 5: Decentralized Finance
      • Part 6: Investing
    • English
      • Deutsch
    Crypto Valley Journal
    You are at:Home » Focus » Background » Quantum computers and Bitcoin security: what investors need to know
    Quantum computers: a threat to Bitcoin and blockchain?

    Quantum computers and Bitcoin security: what investors need to know

    By Editorial Office CVJ.CH on 1. April 2026 Background

    From one billion to 10,000: over two decades, the estimated qubit requirements to attack Bitcoin’s cryptography have dropped by five orders of magnitude. Two papers released yesterday significantly accelerate this trend.

    Two research papers released on Tuesday have fundamentally shifted the debate around Bitcoin’s quantum resilience. Google’s Quantum AI team lowered the estimated threshold for an attack on Bitcoin’s cryptography to below 500,000 physical qubits. A parallel paper by Oratomic and Caltech pushes that figure down to 10,000 reconfigurable atomic qubits. Previous estimates were in the millions.

    For investors, the question is no longer whether quantum computers can break Bitcoin’s encryption. Among cryptographers, that is largely undisputed. The key issue is timing and whether the network will be prepared. As hardware advances accelerate while decentralized consensus remains slow, a widening gap is emerging that institutional portfolio managers are increasingly factoring into their allocation decisions.

    Subscribe to our newsletter

    The best articles of the week, directly delivered into your mailbox.

    How quantum computers could attack Bitcoin

    Bitcoin relies on two cryptographic primitives: ECDSA (Elliptic Curve Digital Signature Algorithm) for transaction signatures and SHA-256 for mining. Shor’s algorithm can break ECDSA exponentially faster than classical computers, while SHA-256 is considered far more resilient, with a quantum attack expected to reduce mining efficiency rather than fully compromise it.

    Until Monday, the consensus estimate was that an attacker would need more than 13 million physical qubits to break ECDSA within a day. Google’s latest whitepaper revises this sharply downward. According to the new estimates, fewer than 500,000 physical qubits could be sufficient to solve ECDLP-256 within minutes. Oratomic’s neutral-atom approach lowers the threshold further to around 26,000 qubits for a computation time of 10 days, with a theoretical minimum of 10,000 qubits.

    Google’s Willow chip, introduced in December 2024, currently operates at 105 qubits. This reduces the gap to a cryptographically relevant quantum computer from a factor of 100,000 to below 5,000. Oratomic co-founder Manuel Endres has already demonstrated arrays of 6,100 neutral-atom qubits at Caltech.

    There is also a more subtle risk. During a Bitcoin transaction, the public key remains exposed in the mempool for roughly 10 minutes before block confirmation. Google’s paper models this exact attack vector: a quantum adversary could derive the private key in around nine minutes, implying a 41% success probability within a single block interval. Even more concerning is the “harvest now, decrypt later” strategy, where attackers collect exposed keys today and decrypt them once sufficient quantum capabilities become available. The US Federal Reserve analyzed this scenario in a September 2025 working paper.

    How many Bitcoin are vulnerable?

    Project Eleven estimates around 6.7 million BTC as quantum-vulnerable, roughly 33% of circulating supply. Google’s whitepaper points to a similar magnitude at 6.9 million BTC. Chaincode Labs arrives at a broader range of 20% to 50%, or 4 to 10 million BTC. All estimates apply a wide definition, including any address with an exposed public key.

    CoinShares, however, offers a more restrained view. It estimates that only around 10,200 BTC would have a meaningful market impact in a hypothetical theft scenario. The remainder is spread across more than 32,000 addresses with an average of 50 BTC each, making large-scale extraction time-intensive even with advanced quantum capabilities.

    The risk is also highly concentrated. Around 1.7 million BTC from the Satoshi era, mined between 2009 and 2011, are held in P2PK addresses with permanently exposed public keys, representing close to 9% of total supply. More modern formats such as P2WPKH only expose the key upon spending, providing a limited time buffer. Taproot addresses (P2TR) account for roughly 32.5% of all UTXO outputs but hold less than 1% of total supply. Still, Google’s research casts Taproot in a new light: by default exposing public keys, it may expand the effective quantum attack surface.

    "The migration to post-quantum standards could easily take 5 to 10 years due to the complexity of decentralized consensus." - Jameson Lopp, Bitcoin security expert

    Ray Dalio’s Bridgewater Associates Minds

    Star investor Ray Dalio considers Bitcoin inferior to gold

    Most crypto cards hide who issues them. After mapping the licensed issuers, here is why Switzerland's self-issuing model reads differently. Background

    The bank you never chose: who really issues Switzerland’s crypto cards

    Robinhood Perpetual Futures in Europe now cover commodities and currencies, and the broker plans a crypto launch in the United Kingdom. Financial Products

    Robinhood Perpetual Futures expand to commodities in Europe

    Digital finance transparency relies on Proof of Reserves, Merkle trees, MPC custody and 24/7 monitoring to verify solvency and user assets. Basics

    Transparency as the foundation of security in digital finance

    Ray Dalio’s Bridgewater Associates Minds

    Star investor Ray Dalio considers Bitcoin inferior to gold

    Most crypto cards hide who issues them. After mapping the licensed issuers, here is why Switzerland's self-issuing model reads differently. Background

    The bank you never chose: who really issues Switzerland’s crypto cards

    Hardware breakthroughs: Willow, Majorana, and the path to one million qubits

    Google’s Willow chip solved a benchmark task using the Quantum Echoes algorithm around 13,000 times faster than the most powerful classical supercomputer. Impressive, but still insufficient for cryptographic attacks. Its 105 qubits fall far short of what is required.

    Microsoft’s Majorana 1, introduced in February 2025, takes a different approach. The processor uses topological qubits based on a novel indium arsenide and aluminum material system, targeting up to one million qubits on a single chip. Built-in error correction aims to reduce overhead by a factor of ten.

    The new estimates nonetheless reshape the risk profile. The prior consensus called for 1,500 to 2,600 logical qubits, translating into 13 to 300 million error-corrected physical qubits. Google’s paper lowers this to around 1,200 logical qubits and fewer than 500,000 physical qubits. Oratomic’s architecture suggests a range of 10,000 to 26,000 physical qubits. Over two decades, estimated requirements have thus dropped by five orders of magnitude, from roughly one billion to below 10,000.

    Google has set March 25, 2029 as an internal deadline for its own post-quantum migration, significantly ahead of the previous industry consensus of 2030 to 2035.

    BIP-360 and the post-quantum upgrade path

    BIP-360, proposed in 2025, introduces a new Bitcoin address type supporting post-quantum signatures such as Dilithium. It leverages Pay-to-Merkle-Root (P2MR) with SegWit version 2 and bech32m addresses in the bc1z format, enabling a gradual migration without forcing a network-wide change.

    On March 20, 2026, BTQ Technologies deployed the first functional implementation on a Bitcoin testnet. More than 50 miners participated in version 0.3.0, mining over 100,000 blocks. However, the gap between testnet and mainnet remains significant. Chaincode Labs described Bitcoin’s post-quantum efforts in May 2025 as being in an “early, exploratory phase.” BIP-360 co-author Ethan Heilman estimates a full migration would take at least seven years, even if initiated immediately.

    A key technical constraint remains unresolved. Post-quantum keys are substantially larger than current ones, often several kilobytes in size. This increases transaction fees, storage requirements and bandwidth usage. Under Bitcoin’s 1 MB block limit, this presents a material scaling challenge.

    Crucially, BIP-360 is only a first step. It removes Taproot’s quantum-vulnerable key path but does not replace ECDSA or Schnorr signatures with quantum-resistant schemes. Achieving full security would require additional BIPs. For context, SegWit took around 8.5 years to reach broad adoption, Taproot 7.5 years, while Google is targeting its own migration by 2029.

    Regulatory standards are outpacing Bitcoin

    While Bitcoin is still debating, regulators are already setting the pace. The National Institute of Standards and Technology finalized three post-quantum standards in August 2024 (FIPS 203, 204, 205), based on CRYSTALS-Kyber, CRYSTALS-Dilithium and SPHINCS+. In March 2025, HQC was selected as a fifth algorithm. NIST mathematician Dustin Moody stated that HQC is intended as a backup standard built on a different mathematical foundation than ML-KEM.

    The US government has set clear timelines. Federal agencies must submit post-quantum transition plans by April 2026. The EU is targeting quantum resilience for critical infrastructure by 2030. Google is already integrating quantum-resistant signatures into Android 17, Chrome and its cloud services.

    Bitcoin, by contrast, faces structural constraints. Protocol changes require broad consensus across thousands of independent actors, with no central authority to mandate upgrades. The same decentralization that underpins Bitcoin’s resilience also slows adaptation. For investors, this implies a shift in perspective: quantum risk is not a reason for panic, but it has become materially more tangible. Monitoring Taproot adoption, progress around BIP-360 and custodian-level address hygiene is increasingly relevant for long-term allocations.

    Share. Facebook Twitter LinkedIn Email Telegram WhatsApp

    About the author

    Editorial Office CVJ.CH
    • Website
    • Twitter
    • LinkedIn

    Since 2018, the editorial team at Crypto Valley Journal has been reporting from Zug - the heart of Switzerland’s Crypto Valley - on Bitcoin, cryptocurrency, blockchain, and regulatory developments in digital assets. Behind the publication’s collective editorial voice is a team of writers with backgrounds in financial markets, law, and technology.

    Related Articles

    JPMorgan ranks Strategy's sales below the bigger Bitcoin risk and names tokenization beyond public chains as the real threat.

    JPMorgan sees biggest Bitcoin risk beyond Strategy

    Germany's federal cabinet plans to scrap the one-year Bitcoin holding period and tax private crypto gains at 26.375% regardless of duration.

    Germany plans to scrap its one-year Bitcoin holding period

    Most crypto cards hide who issues them. After mapping the licensed issuers, here is why Switzerland's self-issuing model reads differently.

    The bank you never chose: who really issues Switzerland’s crypto cards

    A field hearing in New York aims to push the CLARITY Act through the US Senate before the summer recess. Here is what is at stake.
    13. July 2026

    July 17: House hearing aims to push the CLARITY Act through the Senate

    The DOJ dropped its USD 722 million BitClub Ponzi case against Goettsche just before trial, after two Trump-linked lawyers intervened.
    13. July 2026

    DOJ drops charges against BitClub founder Goettsche

    CVJ Weekly review
    11. July 2026

    Weekly review: 80mn bank customers in Germany gain access to crypto

    twitter image button instagram image button linkedin image button youtube image button

    About Crypto Valley Journal
    About Crypto Valley Journal

    On the pulse of the movement

    • Academy
    • Contact
    • Advertising
    • About us
    • Partner
    • Imprint
    • Privacy
    • Disclaimer
    Search

    Type above and press Enter to search. Press Esc to cancel.