Quantum Computing: A Looming Challenge for Bitcoin Security
Quantum Computing Threat to Bitcoin
Understanding the Risk
Nic Carter, cofounder of Coin Metrics, identifies quantum computing as a significant long-term threat to Bitcoin's cryptographic foundation. He emphasizes the urgency for developers to address this issue seriously.
In a recent essay, Carter elucidates the workings of Bitcoin's keys and the implications of quantum advancements. He explains that users generate a public key from a private key using elliptic-curve mathematics on the secp256k1 curve, forming the basis for ECDSA and Schnorr signatures.
This transformation is intentionally one-directional, making it computationally feasible to derive a public key from a private key but not vice versa under classical assumptions. Carter describes this as Bitcoin's core cryptographic principle: the existence of a one-way function that is easy to compute forward but nearly impossible to reverse.
Analogies and Exposures
To simplify, Carter compares the system to a number scrambler, where moving from a private to a public key is efficient for legitimate users via a "double and add" shortcut. There is no equivalent shortcut in reverse. For clarity, he uses a deck-shuffle analogy: replicating a sequence of shuffles yields the same order, yet it's infeasible for an observer to deduce the number of shuffles used.
Carter warns that a powerful quantum computer might disrupt this asymmetry by addressing the discrete logarithm problem, the backbone of Bitcoin's signature scheme. Routine network actions also increase vulnerability, as spending coins reveals a public key on the blockchain.
Currently, deriving a private key from a public key is impractical, but quantum computing could alter this, especially if addresses are reused, leaving keys exposed longer.
Proactive Measures
Carter advises against panic, advocating for proactive planning instead. In the near term, he recommends basic practices like avoiding address reuse to minimize public key exposure. For the long term, he encourages the community to focus on developing post-quantum signature schemes and feasible migration strategies, viewing them as engineering challenges rather than speculative scenarios.
This essay is the first in a series, with Carter indicating on X that the following parts will explore "post-quantum break scenarios."