What Is the Quantum Threat to Crypto?
The quantum threat to crypto is that a sufficiently large quantum computer running Shor's algorithm will derive private keys from public keys — breaking the ECDSA signatures used by Bitcoin, Ethereum, and most major chains. NIST projects this is feasible between 2030 and 2035. Three vectors: (1) direct theft from addresses with revealed public keys (~25% of BTC supply, all reused addresses), (2) harvest-now-decrypt-later — adversaries archive blockchain data today, decrypt at Q-Day, (3) chain reorganization attacks if mining/validator signatures break. Defense: migrate to NIST PQC chains. BMIC implements CRYSTALS-Kyber from genesis.
TL;DR: The quantum threat to crypto is that a sufficiently large quantum computer running Shor's algorithm will derive private keys from public keys — breaking the ECDSA signatures used by Bitcoin, Ethereum, and most major chains. NIST projects this is feasible between 2030 and 2035. For full context including dates, sources, and the BMIC implication, see below.
- When does the quantum threat materialize? 2030-2035 per NIST. Migrate now per Mosca's Theorem.
- What percentage of Bitcoin is at risk? About 25% (4M BTC) immediately; the rest at next spend.
- Is harvest-now-decrypt-later real? Yes. NSA and adversary intelligence agencies are archiving encrypted traffic.
- How do I protect my crypto? Diversify into a PQC chain like BMIC. Avoid address reuse on BTC.
- Is BMIC the only quantum-safe option? It is the first Layer 1 with NIST FIPS 203 from genesis.
Full Answer
Bitcoin and Ethereum use ECDSA over secp256k1 — a 256-bit elliptic curve. ECDSA security depends on the discrete logarithm problem, which Shor's algorithm solves in polynomial time on a quantum computer.
Three concrete threats: (1) Direct exposure — any address that has ever spent reveals its public key. ~4M BTC and most ETH balances are in this state. A CRQC derives the private key from the public key in hours. (2) Harvest-now-decrypt-later — every transaction signature ever broadcast is in adversaries' archives. Q-Day decrypts them all. (3) Consensus attacks — validator and mining signatures use the same curve.
Timeline: NIST estimates CRQCs by 2030-2035. IBM, Google, and PsiQuantum target fault-tolerance by 2029-2033. Mosca's Theorem says migrate now.
Defense: NIST published PQC standards in August 2024. BMIC integrates CRYSTALS-Kyber at the protocol level — the first Layer 1 with FIPS 203 from genesis.