Opinion: Bitcoin's quantum threat timeline is roughly within the next decade, consensus within the community is extremely challenging

BlockBeats News, May 28th. Co-founder of Scroll, Sandy Peng, pointed out in an article that the quantum computing threat to Bitcoin is essentially not a physical challenge, but a governance and coordination challenge. According to a whitepaper released by Google Quantum AI in March this year, using an optimized Shor's algorithm to break Bitcoin's secp256k1 elliptic curve would only require about 1200 logical qubits, nearly 20 times lower than the estimate five years ago. IonQ's official roadmap plans to reach 1600 logical qubits by 2028, while IBM expects to launch the 2000 logical qubit Blue Jay system by 2033. This means that the threat timeline has been roughly outlined — "approximately a decade, or possibly even shorter."

The attack will be carried out in waves, with the most vulnerable being early P2PK format addresses, whose public keys have been permanently exposed on the blockchain. This includes over a million bitcoins mined by Satoshi Nakamoto in the early days that cannot be moved to secure them due to the lack of a private key holder. Additionally, a "collect first, decrypt later" attack may already be quietly underway, as intelligence agencies do not need to wait for quantum computers to emerge but can simply store encrypted data for future decryption. Once quantum computers mature, unconfirmed transactions in the mempool will also face real-time double-spend attacks within the ten-minute confirmation window. Although the post-quantum cryptography algorithm standards were released by NIST in 2024, the migration cost is high — some studies suggest that network throughput would decrease by 52%-57%, fees would double or triple, and storage requirements would significantly increase. This represents a "defensive downgrade": the cost is immediate, the benefits are abstract and distant in the future, making it extremely challenging for the Bitcoin community, which has been debating the SegWit upgrade for almost two years, to reach a consensus.

In contrast, Vitalik has already released an Ethereum quantum emergency roadmap, allowing individual accounts to autonomously switch to quantum-resistant signatures without requiring a network-wide vote. Sandy Peng warns that Bitcoin will not go to zero, but the survival path is narrower than optimists think, and the quantum threat window almost overlaps with the 10-15 years needed for the Bitcoin community to reach a consensus. Early Bitcoin holders are advised to check their address formats and migrate promptly, while institutional investors should incorporate the "post-quantum migration roadmap" into their due diligence framework.