Progress in quantum computing is creating new security risks for blockchain networks. This section examines the technologies designed to counter quantum threats and reviews how Bitcoin and Ethereum are preparing for the shift.
Key Takeaways
A Q-Day scenario, where quantum computers can break blockchain cryptography, is estimated to arrive within 5 to 7 years. BlackRock has also noted this risk in its Bitcoin ETF filing.
Post-quantum cryptography protects against quantum attacks across three security layers: communication encryption, transaction signatures, and data preservation.
Companies like Google and AWS have already begun adopting post-quantum cryptography, but Bitcoin and Ethereum remain in the early discussion phase.
1. A New Technology Raises Unfamiliar Questions
If a quantum computer could crack a Bitcoin wallet in minutes, would blockchain security still hold?
The core of blockchain security is private key protection. To steal someone’s Bitcoin, an attacker must obtain the private key, which is effectively impossible with current computing methods. Only the public key is visible on-chain, and deriving a private key from it would take even a supercomputer hundreds of years.
Quantum computers change this risk profile. Classical machines evaluate 0 or 1 sequentially, while quantum systems can evaluate both states at once. This capability makes it theoretically possible to derive a private key from a public key.
Experts estimate that quantum computers capable of breaking modern cryptography may emerge around 2030. This projected moment, known as Q-Day, suggests a five to seven year window before practical attacks become viable.
Regulators and major institutions have already acknowledged the risk. In 2024, the U.S. National Institute of Standards and Technology introduced post-quantum cryptography (PQC) standards. BlackRock also noted in its Bitcoin ETF filing that advances in quantum computing could threaten Bitcoin’s security.
Quantum computing is no longer a distant theoretical concern. It has become a technical issue that requires practical preparation rather than hopeful assumptions.
2. Quantum Computing Challenges Blockchain Security
To see how blockchain transactions work, consider a simple example where Ekko sends 1 BTC to Ryan.
When Ekko creates a transaction stating “I send my 1 BTC to Ryan,” he must attach a unique signature. This signature can only be produced with his private key.
Ryan and other nodes in the network then use Ekko’s public key to verify that the signature is valid. The public key works like a tool that can authenticate the signature but cannot recreate it. As long as Ekko’s private key remains secret, no one can forge his signature.
This forms the basis of blockchain transaction security.
A private key can generate a public key, but a public key cannot reveal the private key. This is achieved through the Elliptic Curve Digital Signature Algorithm (ECDSA), which is based on elliptic curve cryptography. ECDSA relies on a mathematical asymmetry in which one direction of computation is simple, while the reverse is computationally infeasible.
This barrier weakens as quantum computing progresses. The key element is the qubit.
Classical computers process either 0 or 1 in sequence. Qubits can represent both states at once, enabling massive parallel computation. with a sufficient number of qubits quantum computers could complete calculations in seconds that would take classical machines decades.
Two quantum algorithms create direct risk for blockchain security.
Shor’s algorithm provides a path to derive private keys from public keys, weakening public key cryptography. Grover’s algorithm reduces the effective strength of hash functions by accelerating brute force search.
2.1. Shor’s Algorithm: Direct Asset Theft
Most internet security today relies on two public key cryptography systems: RSA and ECC.
Most internet security today relies on two public key cryptography systems: RSA and ECC. They defend against external attacks by leveraging hard mathematical problems such as integer factorization and discrete logarithms. Blockchains use the same principle through the Elliptic Curve Digital Signature Algorithm (ECDSA), which is based on ECC.
With current computing power, breaking these systems would take decades, so they are considered effectively secure.
Shor’s algorithm changes this. A quantum computer running Shor’s algorithm can perform large integer factorization and discrete logarithm calculations at high speed. This capability can break both RSA and ECC.
With Shor’s algorithm, a quantum attacker could derive a private key from a public key and move assets from the corresponding address at will. Any address that has ever sent a transaction is exposed because its public key becomes visible on-chain. This creates a scenario where millions of addresses could be at risk at the same time.
2.2. Grover’s Algorithm: Intercepting Transactions
Blockchain security also relies on symmetric-key encryption (AES) and hash functions such as SHA-256.
AES encrypts wallet files and transaction data, and finding the correct key requires trying all possible combinations. SHA-256 supports proof-of-work difficulty adjustments, where miners repeatedly search for a hash value that meets defined conditions.
These systems assume that while a transaction waits in the mempool, other users do not have enough time to analyze or forge it before it is included in a block.
Grover’s algorithm weakens this assumption. By leveraging quantum superposition, it accelerates search processes and reduces the effective security level of AES and SHA-256. A quantum attacker could analyze a mempool transaction in real time and generate a forged version that uses the same input (UTXO) but redirects the output to a different address.
This creates the risk of transactions being intercepted by an attacker equipped with a quantum computer, causing funds to be rerouted to unintended destinations. Withdrawals from exchanges and routine transfers could become frequent targets for such interception.
3. Post-Quantum Cryptography (PQC)
How can blockchain security be maintained in the era of quantum computing?
Future blockchain systems require cryptographic algorithms that remain secure even against quantum attacks. These are known as post-quantum cryptography (PQC) techniques.
The U.S. National Institute of Standards and Technology has proposed three main PQC standards, and both the Bitcoin and Ethereum communities are discussing their adoption as the foundation for long-term security.
3.1. Kyber: Securing Communication Between Nodes
Kyber is an algorithm designed to allow two parties on a network to exchange a symmetric key securely.
Traditional methods such as RSA and ECDH, which have long supported internet infrastructure, are vulnerable to Shor’s algorithm and risk exposure in a quantum environment. Kyber addresses this by using a lattice-based mathematical problem called Module-LWE, which is considered resistant even to quantum attacks. This structure prevents data from being intercepted or decrypted during transmission.
Kyber protects all communication paths: HTTPS connections, exchange APIs, and wallet-to-node messaging. Within a blockchain network, nodes can also use Kyber when sharing transaction data, preventing third parties from monitoring or extracting information.
In effect, Kyber rebuilds the security of the network transport layer for a quantum computing era.
3.2. Dilithium: Verifying Transaction Signatures
Dilithium is a digital signature algorithm used to verify that a transaction was created by the legitimate holder of a private key.
Blockchain ownership relies on the ECDSA model of “sign with the private key, verify with the public key.” The issue is that ECDSA is vulnerable to Shor’s algorithm. With access to a public key, a quantum attacker could derive the corresponding private key, enabling signature forgery and asset theft.
Dilithium avoids this risk by using a lattice-based structure that combines Module-SIS and LWE. Even if an attacker analyzes the public key and signature, the private key cannot be inferred, and the design remains secure against quantum attacks. Applying Dilithium prevents signature forgery, private key extraction, and large-scale asset compromise.
It protects both asset ownership and the authenticity of each transaction.
3.3. SPHINCS+: Preserving Long-Term Records
SPHINCS+ uses a multi layer hash based tree structure. Each signature is verified through a specific path in this tree, and because a single hash value cannot be reversed to reveal its input, the system remains secure even against quantum attacks.
When Ekko and Ryan’s transaction is added to a block, the record becomes permanent. This can be compared to a document fingerprint.
SPHINCS+ converts every part of the transaction into hashes, creating a unique pattern. If even one character in a document changes, its fingerprint shifts completely. Likewise, altering any part of a transaction changes the entire signature.
Even decades later, any attempt to modify Ekko and Ryan’s transaction would be detected immediately. Although SPHINCS+ produces relatively large signatures, it is well suited for financial data or government records that must remain verifiable far into the future. Quantum computers would struggle to forge or replicate this fingerprint.
Together, PQC technologies build three layers of protection against quantum attacks in a standard 1 BTC transfer: Kyber for communication encryption, Dilithium for signature verification, and SPHINCS+ for record integrity.
4. Bitcoin and Ethereum: Different Paths Toward the Same Goal
Bitcoin emphasizes immutability, while Ethereum prioritizes adaptability. These design philosophies were shaped by past events and now influence how each network approaches its response to quantum computing threats.
4.1. Bitcoin: Protecting the Existing Chain Through Minimal Change
Bitcoin’s emphasis on immutability traces back to the 2010 value overflow incident. A hacker exploited a bug to create 184 billion BTC, and the community responded with a soft fork that invalidated the transaction within five hours. After this emergency action, the principle that “a confirmed transaction must never be altered” became central to Bitcoin’s identity. This immutability safeguards trust but makes rapid structural changes difficult.
This philosophy carries into Bitcoin’s approach to quantum security. Developers agree that upgrades are necessary, but a full chain replacement through a hard fork is viewed as too risky for network consensus. As a result, Bitcoin is exploring a gradual transition through a hybrid migration model.
This philosophy carries into Bitcoin’s approach to quantum security. Developers agree that upgrades are necessary, but a full chain replacement through a hard fork is viewed as too risky for network consensus. As a result, Bitcoin is exploring a gradual transition through a hybrid migration model.
If adopted, users would be able to use both legacy ECDSA addresses and new PQC addresses. For example, if Ekko holds funds in an older Bitcoin address, he could gradually migrate them to a PQC address as Q-Day approaches. Since the network recognizes both formats, security improves without forcing a disruptive transition.
The challenges remain significant. Hundreds of millions of wallets would need to migrate, and there is no clear solution for wallets with lost private keys. Divergent community opinions could also raise the risk of a chain split.
4.2. Ethereum: Rapid Transition Through Flexible Architectural Redesign
Ethereum’s principle of adaptability emerged from the 2016 DAO hack. When roughly 3.6 million ETH was stolen, Vitalik Buterin and the Ethereum Foundation executed a hard fork to reverse the theft.
This decision split the community into Ethereum (ETH) and Ethereum Classic (ETC). Since then, adaptability has become a defining characteristic of Ethereum and a key factor in its ability to implement rapid changes.
Historically, all Ethereum users relied on Externally Owned Accounts (EOAs), which could send transactions only through the ECDSA signature algorithm. Because every user depended on the same cryptographic model, changing the signature scheme required a network wide hard fork.
EIP-4337 changed this structure by enabling accounts to operate like smart contracts. Each account can define its own signature verification logic, allowing users to adopt alternative signature schemes without modifying the entire network. Signature algorithms can now be replaced at the account level rather than through a protocol wide upgrade.
Building on this foundation, several proposals have emerged to support PQC adoption:
EIP-7693: Introduces a hybrid migration path that maintains compatibility with ECDSA while enabling gradual transition to PQC signatures.
EIP-8051: Applies NIST PQC standards on-chain to test PQC signatures in real network conditions.
EIP-7932: Allows the protocol to recognize and verify multiple signature algorithms simultaneously, giving users the ability to select their preferred method.
In practice, a user operating an ECDSA based wallet could migrate to a Dilithium based PQC wallet when quantum threats become imminent. This transition occurs at the account level and does not require replacing the entire chain.
In summary, Bitcoin aims to preserve its current structure while integrating PQC in parallel, whereas Ethereum is redesigning its account model to absorb PQC directly. Both pursue the same goal of quantum resistance, but Bitcoin relies on conservative evolution while Ethereum adopts structural innovation.
5. World Already Changed While Blockchains Are Still Debating
Global internet infrastructure has already begun transitioning to new security standards.
Web2 platforms, supported by centralized decision making, have moved quickly. Google enabled post quantum key exchange by default in Chrome starting in April 2024, deploying it to billions of devices. Microsoft announced an organization-wide migration plan targeting full PQC adoption by 2033. AWS began using hybrid PQC in late 2024.
Blockchain faces a different situation. Bitcoin’s BIP-360 remains under discussion, and Ethereum’s EIP-7932 has been submitted for months without a live testnet. Vitalik Buterin has outlined a gradual migration path, but it is unclear whether the transition can be completed before quantum attacks become practical.
A Deloitte report estimates that roughly 20 to 30 percent of Bitcoin addresses have already exposed their public keys. They are safe today, but could become targets once quantum computers mature in the 2030s. If the network attempts a hard fork at that stage, the likelihood of fragmentation is high. Bitcoin’s commitment to immutability, while fundamental to its identity, also makes rapid change difficult.
In the end, quantum computing presents a governance challenge as much as a technical one. Web2 has already begun the transition. Blockchain is still debating how to start. The defining question will not be who moves first, but who can transition securely.
🐯 More from Tiger Research
Read more reports related to this research.Disclaimer
This report has been prepared based on materials believed to be reliable. However, we do not expressly or impliedly warrant the accuracy, completeness, and suitability of the information. We disclaim any liability for any losses arising from the use of this report or its contents. The conclusions and recommendations in this report are based on information available at the time of preparation and are subject to change without notice. All projects, estimates, forecasts, objectives, opinions, and views expressed in this report are subject to change without notice and may differ from or be contrary to the opinions of others or other organizations.
This document is for informational purposes only and should not be considered legal, business, investment, or tax advice. Any references to securities or digital assets are for illustrative purposes only and do not constitute an investment recommendation or an offer to provide investment advisory services. This material is not directed at investors or potential investors.
Terms of Usage
Tiger Research allows the fair use of its reports. ‘Fair use’ is a principle that broadly permits the use of specific content for public interest purposes, as long as it doesn’t harm the commercial value of the material. If the use aligns with the purpose of fair use, the reports can be utilized without prior permission. However, when citing Tiger Research’s reports, it is mandatory to 1) clearly state ‘Tiger Research’ as the source, 2) include the Tiger Research logo. If the material is to be restructured and published, separate negotiations are required. Unauthorized use of the reports may result in legal action.
