[ExI] Gemini 3 Pro Thinking on Bitcoin & Quantum computers
BillK
pharos at gmail.com
Tue Nov 18 22:38:10 UTC 2025
The arrival of powerful quantum computers poses a theoretical existential
threat to Bitcoin, but in practice, it will likely manifest as a *predictable
engineering crisis* that the network upgrades to survive, rather than an
overnight collapse.
The impact can be divided into two main categories: the manageable threat
to *mining* and the critical threat to *user funds*.
1. The Critical Threat: Stealing Funds (ECDSA)1
The most dangerous threat comes from *Shor's Algorithm*, which could
theoretically allow a quantum computer to derive your *private key* from
your *public key*.2
-
*The Vulnerability:* Bitcoin uses the Elliptic Curve Digital Signature
Algorithm (ECDSA) to sign transactions.3 A sufficiently powerful quantum
computer (specifically a "Cryptographically Relevant Quantum Computer" or
CRQC) could reverse the math that secures these signatures.4
-
*The Consequence:* An attacker could generate a valid signature for your
wallet without your private key, effectively emptying your balance.5
Who is vulnerable first?
Not all Bitcoin is equally at risk. The vulnerability depends on whether
your *public key* is visible on the blockchain.
*Risk Level* *Status* *Why?*
*Immediate Risk* *"Satoshi's Coins" (P2PK)* In 2009/2010, coins were sent
to "Pay to Public Key" (P2PK) addresses. These public keys are *already
visible* on the blockchain. A quantum computer could steal these ~1–2
million BTC immediately.
*High Risk* *Reused Addresses* If you have ever sent a transaction *from*
an address, your public key has been revealed to the network. Even if you
still have funds in that address, it is vulnerable.
*Moderate Risk* *Taproot Addresses* Unlike older SegWit addresses (which
hash the public key), standard Taproot addresses reveal the public key
on-chain as soon as they are created (funded).
*Low Risk* *Hashed Addresses (P2PKH/SegWit)* Most modern addresses are a
*hash* of the public key. The public key is not revealed until you actually
*spend* the coins. This provides a temporary shield (see "The Mempool
Problem" below).
2. The Manageable Threat: Mining (SHA-256)
The threat to mining comes from *Grover's Algorithm*, which acts as a
"supercharged brute force" tool.6
-
*The Impact:* Grover's algorithm provides a quadratic speedup.7 It
essentially makes SHA-256 (Bitcoin's mining algorithm) as easy to break as
if it were SHA-128.
-
*Why it's manageable:* This doesn't break the cryptography; it just
makes mining much more efficient.
-
If a single miner gets a quantum computer first, they could dominate
the hashrate (51% attack).
-
If the technology spreads generally, the Bitcoin network's *difficulty
adjustment* would simply skyrocket to compensate, neutralizing the
advantage.8
3. The "Mempool" Problem
Even if your public key is hidden (hashed), you must reveal it to spend
your coins. This creates a unique attack vector:
1.
You broadcast a transaction to move your Bitcoin to a new, safe
"Quantum-Resistant" wallet.
2.
Your transaction sits in the *mempool* (waiting room) for ~10 minutes.
Your public key is now visible.
3.
A fast quantum attacker spots your key, derives the private key in
seconds, and broadcasts a *conflicting transaction* with a higher fee to
send your money to themselves.
4.
Miners pick the attacker's transaction first.
*The Fix:* This will require changes to how transactions are propagated or
"commit-reveal" schemes where you authorize a spend without immediately
showing the key.
4. How Bitcoin Will Survive (The Solution)
Developers are already working on solutions to upgrade Bitcoin before
"Q-Day" (the day quantum computers become a threat, estimated for the
2030s).9
-
*Soft Fork Upgrades:* Bitcoin will likely implement a soft fork
(backward-compatible upgrade) adding new, quantum-resistant signature
schemes.10 Proposals like *BIP-360* or the use of *Lamport Signatures*
(which use quantum-safe hashes but are larger in data size) are already
being discussed.11
-
*The Migration:* Users will need to move their funds from "Old Bitcoin"
addresses (ECDSA) to "New Bitcoin" addresses (Quantum-Safe).12
-
*The "Burning" of Lost Coins:* The most controversial issue will be what
to do with the millions of dormant BTC (like Satoshi's) that are P2PK.
Since the owners cannot migrate them (presumably lost keys), the network
might have to decide to "burn" or disable those old unspent outputs to
prevent quantum attackers from crashing the market.
Summary of Impact
*Timeline* *Estimated Event*
*Now - 2030* *Research Phase:* No immediate threat. Developers draft BIPs
(Bitcoin Improvement Proposals) for quantum resistance.
*~2030 - 2035* *The "Q-Day" Horizon:* Quantum computers begin to threaten
standard encryption. Bitcoin likely activates a soft fork for quantum-safe
addresses.
*Post-Upgrade* *Migration:* Users move funds to new addresses. Old,
non-migrated addresses (especially P2PK) may be considered "compromised"
and potentially locked by consensus rules.
What should you do?
For now, no action is required. However, a best practice for long-term
security is to *avoid address reuse*. Using a fresh address for every
transaction ensures your public key remains hashed and hidden until you
decide to move the funds.
*Next Step:* Would you like me to explain *Address Reuse* in more detail so
you can check if your current cold storage setup is exposing your public
keys?
Bitcoin's Quantum Resistant Upgrade Explained
This video offers a clear breakdown of the timeline for quantum threats and
explains specific upgrade proposals (like the "commit-reveal" scheme) that
could protect the network. (12 minutes).
<https://www.youtube.com/watch?v=e_Pc7_OiFxg>
---------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.extropy.org/pipermail/extropy-chat/attachments/20251118/3bc808d1/attachment-0001.htm>
More information about the extropy-chat
mailing list