The advent of quantum computing has sparked concerns about the potential vulnerability of Bitcoin’s cryptography. A new website, The Quantum Doom Clock, predicts that quantum computers will break widespread public-key cryptography, including Bitcoin, within a two to three-year window. However, this prediction is based on aggressive assumptions about qubit scaling and error rates, which may not be entirely accurate.
According to the website, current resource estimates suggest that a few million physical qubits would be required to break elliptic curve cryptography (ECC), a type of public-key cryptography used in Bitcoin. However, this estimate is based on exponential hardware growth and improved scaling fidelity, which may not be realistic. In contrast, state standards bodies, such as the US National Security Agency (NSA), recommend a more gradual transition to post-quantum algorithms, with a deadline of 2035 for national security systems.
The NSA’s guidelines, outlined in the CNSA 2.0 document, recommend a phased approach to migrating to post-quantum algorithms, with milestones set for 2028, 2031, and 2035. This approach is more in line with the gradual and conservative cases, which take into account the logistical challenges and material limits of scaling up quantum computing. The UK’s National Cyber Security Center has also adopted a similar approach, emphasizing the need for a multi-year migration arc rather than a sudden switch.
Recent lab progress in quantum computing has been significant, with achievements such as a 6,100-qubit neutral atom array achieving 12.6 seconds of coherence with high-fidelity transport. However, these advancements are still far from demonstrating the low-error logic gates required for breaking Bitcoin’s cryptography. Google’s Willow chip work and IBM’s real-time error correction control loop are notable examples of progress, but they do not eliminate the dominant overhead that previous resource studies have identified for classic targets such as RSA and ECC.
A widely cited 2021 analysis by Gidney and Ekerå estimated that factoring RSA-2048 in about eight hours would require about 20 million noisy physical qubits with about 10³ physical error rates. This underscores the importance of total distillation factories and code removal in achieving cryptographically relevant quantum computing. For Bitcoin, the earliest significant vector is on-chain key exposure, rather than attacks against SHA-256, which are harvested immediately, then decrypted, and decrypted later.
Proponents of post-quantum cryptography are pursuing multiple mitigation and upgrade paths, including Lamport or Winternitz one-time signatures, P2QRH address formats, and proposals to quarantine or force rotate insecure UTXOs. The economics of migration are also crucial, with NIST finalizing FIPS-203 for key encapsulation and FIPS-204 for signatures. Wallets and exchanges can implement these standards today, but the increased size of post-quantum signatures and public keys would reduce throughput and increase fees unless combined with aggregation, batch verification-friendly constructs, or commit-reveal patterns.
In conclusion, while the Quantum Doom Clock’s prediction of a two to three-year window for quantum computers to break Bitcoin’s cryptography is attention-grabbing, it is based on aggressive assumptions and should be taken with a grain of salt. The more gradual and conservative approach recommended by state standards bodies and experts in the field is a more realistic and prudent approach. As the NSA’s guidelines emphasize, a multi-year migration arc is necessary to ensure a secure transition to post-quantum algorithms. For more information, visit https://cryptoslate.com/bitcoin-will-be-hacked-in-2-years-and-other-quantum-resistant-marketing-lies/.
