Will Quantum Computing Destroy Bitcoin?

The question of whether quantum computing will destroy Bitcoin is a recurring topic, often sparking widespread discussion or FUD every now and then.

Will Google’s newly unveiled Willow change the game this time?

We conducted a survey.

Willow Marks Significant Progress, But Bitcoin Users Need Not Worry Yet
The Bitcoin protocol, when distilled into its core elements, can be divided into two parts:

Mining (based on hash functions)
Transactions (based on elliptic curve signatures).
Both components are theoretically vulnerable to quantum computing due to Grover's Algorithm and Shor's Algorithm.

However, Willow’s current computational power is still far from sufficient to threaten either component.

To effectively attack Bitcoin’s hash and signature systems within a reasonable time frame, several thousand logical qubits are required.

Depending on the technology, several (potentially thousands of) physical qubits are needed to encode one logical qubit.
This means millions of physical qubits would be necessary to attack Bitcoin.
By comparison, Willow has only 105 physical qubits, leaving a significant gap.

What If Quantum Computing Power Becomes Sufficient?
Mining
The impact on mining would be relatively limited.

Grover’s Algorithm only accelerates computation rather than reversing the hashing process.
Substantial computational resources would still be required to find the necessary hash value for mining.
In simpler terms, it would be akin to introducing a more powerful mining machine to the market.
Address Signatures
Certain types of addresses, such as the oldest P2PK and the newest P2TR, which are based on public keys, could be at risk.

However, P2PKH, P2SH, P2WPKH, and P2WSH remain relatively safe as they rely on hash-based forms.

That said, reusing addresses can expose the public key, introducing risks.

Mitigating the Risks
Bitcoin is continually evolving and can incorporate quantum-resistant solutions in the future, such as:

Hash-based Lamport Signatures, already discussed within the community (e.g., Blockstream's blog, although focused on state applications).
Lattice-based cryptography or other quantum-resistant cryptographic methods, which can be activated via soft forks.
Beyond development efforts, good user practices can effectively mitigate quantum risks, including:

Using a new receiving address for each transaction (one-time keys), rather than reusing addresses.
Transferring assets to more secure SegWit addresses before quantum computing poses a significant threat.
Other networks, such as Ethereum, are also exploring post-quantum cryptographic options, which could be implemented through hard forks.

A Broader Perspective
The emergence of quantum computing impacts far more than Bitcoin or other cryptocurrencies. Critical areas such as traditional financial systems, defense systems, and secure communication channels would also be affected.

Conclusion
In the short term, we don’t need to worry about quantum computers threatening Bitcoin. However, it’s strongly recommended to adopt good usage habits and stay informed about developments in quantum computing.