The recent flurry of conversation around room temperature semiconductors has sparked a renewed look at quantum computing.
There is a lot of confusing information on the effect quantum computers could have on Bitcoin. This is mainly due to the fact that a deep understanding of advanced physics is required to understand what a quantum computer is; and an even deeper understanding of advanced mathematics is absolutely essential if one even wants to begin to understand the methods proposed to attack Bitcoin should a sufficiently powerful quantum computer ever become available.
Even if you spent a few years investigating and familiarizing yourself with these methods, such as Shor’s algorithm and Grover’s algorithm, there is no guarantee—no mathematical proof—that another algorithm may not be invented which can crack certain parts of Bitcoin’s security more efficiently.
But although, as with everything in life, there is some uncertainty involved, we can still take action to better protect our wealth from potential quantum attacks.
Before we explore the best practices that will dramatically decrease the chances of losing your bitcoin to a future quantum attack, let’s take a brief look at where the technology stands at the moment: Currently the best quantum computers contain a few hundred qubits, a unit that essentially measures a quantum computer’s power. In order to perform the most feasible attack on Bitcoin, it is estimated a quantum computer would need hundreds of millions to billions of qubits, so we are likely many years away from that juncture.
Since the rate of development of quantum computers is outside the average Bitcoiner’s control, let’s focus instead on the other side of the equation: The proposed attack in question relies on a quantum computer’s ability to derive any private key from the corresponding public key. This is the part that we can actually do something about! Modern Bitcoin addresses actually do not contain public keys. Rather than your public key, your address contains the RIPEMD-160 hash of the SHA-256 hash of your public key. This distinction is crucial, as quantum computers would be much, much worse at cracking either SHA-256 or RIPEMD-160 than they would be at cracking the elliptic-curve cryptography underlying the relationship between your public and private keys.
What does all this mean for the average user of Bitcoin? In one sentence: Do not reuse Bitcoin addresses! The reasoning for this essential piece of advice is as follows: When you receive bitcoin, your receiving address is published on chain for the whole world to see. But this address contains merely a hash of a hash of your public key. An attacker with a quantum computer a million times more powerful than any quantum computer that currently exists, may have a chance of calculating your private key within about an hour of learning your public key, but would still have no realistic chance of guessing your private key knowing only your address. Now here’s the rub: As soon as you attempt to spend bitcoin from your address, the spending transaction is published to the mempool, and the transaction does contain your public key. As long as it gets mined before any attacker’s quantum computer has had enough time to calculate your private key from the public key you just published, you will be safe. However, if you have more bitcoin on the same address from which you just sent some, this additional bitcoin will now be at risk because its public key is already known. So now someone with a powerful quantum computer could spend days, even years, computing your private key and spend your funds whenever that calculation finishes. Any other addresses you may have, which have never spent any bitcoin, are still safe, though, because their public keys have never been published.
So how do you ensure you don’t reuse addresses? One big step you can take is to use a good non-custodial Bitcoin wallet and a secure hardware device for long term storage. And there is more good news: If you have already sent some bitcoin from an address and you currently still have more bitcoin sitting on that same address, you can simply transfer that bitcoin to yourself, using a new address that has never before been seen on chain. As long as you do this before a quantum attacker strikes, you would eliminate the potential of the quantum attack we described here. There would still be a privacy concern, but that’s a topic for a different article.
Eventually there may very well be quantum computers powerful enough to crack the technology currently used in Bitcoin, but we expect quantum-resistant technology to be deployed into Bitcoin via a soft fork years before that happens, and research already exists on how to safely transition your bitcoin to such a new address standard once it comes out.