Adam Back: Bitcoin Quantum Computing Threat Decades Away

Is Bitcoin at Risk from Quantum Computing?

Adam Back, the cryptographer and cypherpunk cited in the Bitcoin white paper, stated that Bitcoin is unlikely to face a meaningful threat from quantum computing for at least two to four decades. Responding to an X user on November 15 who inquired whether Bitcoin (BTC) is at risk, Back wrote that “probably not for 20–40 years,” adding that there are already post-quantum encryption standards approved by the National Institute of Standards and Technology (NIST) that Bitcoin could implement “long before cryptographically relevant quantum computers arrive.” The discussion originated from a user sharing a video of Canadian-American venture capitalist and entrepreneur Chamath Palihapitiya, who predicted that the quantum threat to Bitcoin would materialize in two to five years. He noted that to break SHA-256—the encryption standard Bitcoin relies on—quantum computers would require approximately 8,000 qubits. During a mid-April interview with Cointelegraph, the cypherpunk suggested that quantum computing pressure may reveal whether the blockchain’s pseudonymous creator is still alive. Back explained that quantum computing could render the Bitcoin held by Satoshi Nakamoto vulnerable to theft, compelling him to move it to a new address to avoid losing access to his coins.

The Current State of Quantum Computing

Current quantum computers are either excessively noisy to support encryption-breaking or severely lacking in qubit count. For example, the Caltech neutral-atom array—the current qubit count record-holder—has as many as 6,100 physical qubits but cannot break RSA-2048, even though it is estimated to need only about 4,000 logical qubits. The reason is that the 4,000-qubit rough estimate is an idealized model assuming perfect local qubits, not accounting for real-world noise. Simply put, 4,000 qubits is the number required to run the encryption-breaking Beauregard's Shor circuit on RSA-2048 in an error-free environment—this type of qubit is called a logical qubit. Less error-prone trapped-ion systems, such as Quantinuum’s Helios, reached 98 physical qubits, acting as 48 error-corrected logical qubits—meaning we get one usable qubit for every two physical qubits. Universal gate-based quantum computers reached 1,180 qubits with Atom Computing—the first such system to cross 1,000 qubits back in late 2023. Current quantum computers are far from being able to threaten current cryptographic standards. However, experts debate how long it will take to close the gap. Some predict linear progress, while others expect a breakthrough as the research field continues to attract significant investment.

The Quantum Threat We Face Today

While quantum computers are unlikely to break modern encryption anytime soon, their potential future existence poses a threat today. “Harvest now, decrypt later” is a type of attack in which attackers collect data and store it until future technology enables decryption. This type of issue does not affect Bitcoin, which uses encryption to ensure that only the rightful owners can access their assets. As long as Bitcoin implements quantum-resistant systems promptly, it will remain secure. However, this type of attack affects anyone who uses encryption to ensure information remains safe from prying eyes in the long run. If a dissident in a totalitarian country is protected by encryption, the user would want assurance that the data will remain protected for 10, 15, 20, or more years into the future. Gianluca Di Bella, a smart-contract researcher specializing in zero-knowledge proofs, recently told Cointelegraph that “we should migrate now” to post-quantum encryption standards for this very reason. He said that “practical commercial quantum computing” might be 10 or 15 years away, but cautioned that “big institutions like Microsoft or Google might have a solution in a few years.”