Post-quantum cryptography and Bitcoin: how serious is the threat timeline?

[Blake_32]

This comes up periodically and the conversation tends to either dismiss it as too far away to matter or treat it as an imminent existential problem. The reality is somewhere more interesting and more nuanced.

Quantum computers capable of breaking Bitcoin's elliptic curve cryptography would require fault-tolerant machines with millions of reliable logical qubits. Current systems have hundreds of physical qubits with significant error rates. The research announcements this week, including IQM's barbell codes and various error correction developments, are meaningful but the gap between current hardware and Bitcoin-threatening capability remains very large.

NIST has finalised post-quantum cryptographic standards. Bitcoin's upgrade mechanism (soft fork process) has been used for significant protocol changes before. The question is whether the threat timeline is such that the community needs to move proactively now or can track developments and respond.

This is a genuine technical and governance question worth having seriously rather than in the usual binary of it is fine versus we are all going to lose our coins.

[Q]

The cryptographically relevant quantum computer timeline has been consistently pushed back as the difficulty of fault-tolerant operation became clearer. Ten years ago people said five years. Now people say ten to fifteen years. Maintaining scepticism about timelines seems reasonable.