Many people believe that after the appearance of quantum computers, Bitcoin's mining difficulty will collapse. In fact, this completely misses the point. Even with the emergence of quantum computers, mining remains relatively secure (just change the hashing algorithm), the real danger lies in your signature.
Recently, the English community has been buzzing about Bitcoin Quantum, with a core focus on one thing: Shor's algorithm's dimensionality reduction impact on the ECDSA signature system.
In simple terms, as long as your public key is exposed on the blockchain, in front of a quantum computer, your private key is equivalent to being written on your forehead. To understand how significant this threat is, I have compiled the 5 most critical viewpoints, especially the 3rd point regarding the ethical debate of 'destruction or theft', which is very fascinating:
1. What does Bitcoin quantum attack mean?
Core Threat: Not through quantum computing 'mining' (Grover's algorithm only weakens hash cracking to square root level, upgrading hash algorithms suffices), but through reversing the private key from the public key (Shor's algorithm's devastating blow to the ECDSA signature system).
Consequences: Once a computer with sufficient quantum bits appears, any public key exposed on the chain can have its corresponding private key calculated instantly. This means attackers can transfer funds directly without signature authorization.
2. Which addresses will be at risk?
High-Risk Groups (Naked Zone): Addresses where public keys are directly exposed in blockchain data.
P2PK (Pay to Public Key): Early mining reward addresses from the Satoshi era of 2009-2010.
Address Reuse: P2PKH addresses that have previously sent funds (even if only partially). In Bitcoin, public keys are only exposed when initiating transactions; once exposed, the remaining UTXO of that address is at risk.
Data Scale: Estimated that around 4 million - 9 million BTC are in this 'immediately stealable' state (including Satoshi's dormant coins).
Relatively Safe: P2PKH (and more modern P2SH, SegWit, Taproot) addresses that have never sent transactions externally, as their public keys are still under hash protection (quantum computers find it hard to reverse hashes). However, once a transaction is initiated, the public key will be exposed, and if quantum computing power is monitoring at that time, funds may be intercepted before confirmation.
3. Community Debate Focus and Core Team Attitudes
Focus of Debate:
Time Urgency: Should we hard fork now (leading to larger block sizes and reduced efficiency), or wait until the quantum threat becomes more imminent?
Burn vs Steal: For those old coins (like Satoshi's coins) that have not migrated before the upgrade deadline, should hackers be allowed to steal (market crash), or should they be forcibly frozen/destroyed by consensus (violating decentralization and private property principles)?
Core Team Views (such as Jameson Lopp, Pieter Wuille):
Pragmatists: Reject FUD (Fear, Uncertainty, Doubt). They believe quantum computing is a 'slow-moving disaster' with ample warning time.
Waiting for Standards: Unwilling to introduce immature cryptographic schemes too early, preferring to wait for the maturity of NIST's post-quantum cryptography standards (PQC) and their validation in other fields before introducing Bitcoin.
4. Timing of Attacks
Prediction: Generally believed to be between 2030 and 2040.
Current Situation: Currently, the strongest quantum computers have only a few hundred quantum bits, while breaking Bitcoin ECDSA requires thousands of logical quantum bits (corresponding to millions of physical quantum bits).
Risk: Non-linear breakthroughs in technology. If an engineering leap suddenly occurs, the 'migration window' for Bitcoin may be less than 5 years.
5. Coping Methods
Soft Fork Upgrade: Introduce new transaction types (such as the quantum-safe scripts being discussed), supporting quantum-resistant signature algorithms (like Lamport signatures or hash-based signatures).
Asset Migration: Users need to manually transfer Bitcoin from old addresses to new quantum-resistant addresses.
