{"id":18354,"date":"2025-12-19T12:06:06","date_gmt":"2025-12-19T12:06:06","guid":{"rendered":"https:\/\/bitunikey.com\/news\/bitcoin-bulls-face-quantum-signature-theft-risk-on-6-7m-exposed-btc\/"},"modified":"2025-12-19T12:06:18","modified_gmt":"2025-12-19T12:06:18","slug":"bitcoin-bulls-face-quantum-signature-theft-risk-on-6-7m-exposed-btc","status":"publish","type":"post","link":"https:\/\/bitunikey.com\/news\/bitcoin-bulls-face-quantum-signature-theft-risk-on-6-7m-exposed-btc\/","title":{"rendered":"Bitcoin bulls face quantum signature\u2011theft risk on 6.7m exposed BTC"},"content":{"rendered":"<div class=\"post-detail__content blocks\">\n<p>Quantum computers can\u2019t decrypt Bitcoin but could forge signatures from exposed public keys, putting ~6.7m BTC at risk unless wallets migrate to post\u2011quantum paths before large fault\u2011tolerant machines arrive.<\/p>\n<div id=\"cn-block-summary-block_8b886be945b162071227eba851194612\" class=\"cn-block-summary\">\n<div class=\"cn-block-summary__nav tabs\">\n        <span class=\"tabs__item is-selected\">Summary<\/span>\n    <\/div>\n<div class=\"cn-block-summary__content\">\n<ul class=\"wp-block-list\">\n<li>Bitcoin stores no encrypted secrets on\u2011chain; the critical quantum threat is Shor\u2011enabled key recovery from exposed public keys, allowing\u00a0<strong>authorization forgery<\/strong>\u00a0on vulnerable UTXOs.\u200b<\/li>\n<li>Project Eleven\u2019s Bitcoin Risq List estimates about 6.7m BTC in addresses meeting its public\u2011key exposure criteria, with Taproot changing but not eliminating the risk if quantum machines scale.\u200b<\/li>\n<li>Current estimates suggest ~2,330 logical qubits and millions of physical qubits are needed to break 256\u2011bit ECC, giving time for BIP\u2011level post\u2011quantum outputs (e.g., P2QRH) and NIST\u2011standard schemes to be integrated despite larger, fee\u2011heavier signatures.<\/li>\n<\/ul><\/div>\n<\/div>\n<p><!-- .cn-block-summary --><\/p>\n<p>Quantum computers pose a threat to Bitcoin (BTC) through potential exploitation of digital signatures rather than decryption of encrypted data, according to cryptocurrency security researchers and developers.<\/p>\n<h2 class=\"wp-block-heading\">Quantum and Bitcoin, technology proof?<\/h2>\n<p>Bitcoin stores no encrypted secrets on its blockchain, making the widespread narrative of \u201cquantum computers cracking Bitcoin encryption\u201d technically inaccurate, according to Adam Back, a longtime Bitcoin developer and inventor of Hashcash. The cryptocurrency\u2019s security relies on digital signatures and hash-based commitments rather than ciphertext.<\/p>\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\">\n<div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"Is Bitcoin Ready for a Quantum Attack? \" width=\"500\" height=\"281\" src=\"https:\/\/www.youtube.com\/embed\/0VRbIcCuhOA?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div>\n<\/figure>\n<p>\u201cBitcoin does not use encryption,\u201d Back stated on social media platform X, adding that the terminology error serves as an indicator of misunderstanding the technology\u2019s fundamentals.<\/p>\n<p>The actual quantum risk involves authorization forgery, where a sufficiently powerful quantum computer running Shor\u2019s algorithm could derive a private key from an on-chain public key and produce a valid signature for a competing transaction spend, according to technical documentation.<\/p>\n<p>    <!-- .cn-block-related-link --><\/p>\n<p>Bitcoin\u2019s signature systems, ECDSA and Schnorr, prove control over a keypair. Public-key exposure represents the primary security concern, with vulnerability depending on what information appears on-chain. Many address formats commit to a hash of a public key, keeping the raw public key hidden until a transaction is spent.<\/p>\n<figure class=\"wp-block-image size-large\"><\/figure>\n<p>Project Eleven, a cryptocurrency security research organization, maintains an open-source \u201cBitcoin Risq List\u201d that tracks public key exposure at the script and address reuse level. The organization\u2019s public tracker shows approximately 6.7 million BTC meeting its exposure criteria, according to its published methodology.<\/p>\n<p>Taproot outputs, known as P2TR, include a 32-byte tweaked public key in the output program rather than a pubkey hash, as outlined in Bitcoin Improvement Proposal 341. This changes the exposure pattern in ways that would only matter if large fault-tolerant quantum machines become operational, according to Project Eleven\u2019s documentation.<\/p>\n<p>Research published in \u201cQuantum resource estimates for computing elliptic curve discrete logarithms\u201d by Roetteler and co-authors establishes an upper bound of at most 9n + 2\u2308log2(n)\u2309 + 10 logical qubits needed to compute an elliptic-curve discrete logarithm over an n-bit prime field. For n = 256, this equates to approximately 2,330 logical qubits.<\/p>\n<p>A 2023 estimate by Litinski places a 256-bit elliptic-curve private-key computation at approximately 50 million Toffoli gates. Under those assumptions, a modular approach could compute one key in roughly 10 minutes using about 6.9 million physical qubits. A summary on Schneier on Security cited estimates clustering around 13 million physical qubits to break encryption within one day, with approximately 317 million physical qubits needed to target a one-hour window.<\/p>\n<p>Grover\u2019s algorithm, which provides a square-root speedup for brute-force search, represents the quantum threat to hashing functions. NIST research indicates that for SHA-256 preimages, the target remains on the order of 2^128 work after applying Grover\u2019s algorithm, which does not compare to an elliptic-curve cryptography discrete-log break.<\/p>\n<p>Post-quantum signatures typically measure in kilobytes rather than tens of bytes, affecting transaction weight economics and wallet user experience, according to technical specifications.<\/p>\n<p>NIST has standardized post-quantum primitives including ML-KEM (FIPS 203) as part of broader migration planning. Within the Bitcoin ecosystem, BIP 360 proposes a \u201cPay to Quantum Resistant Hash\u201d output type, while qbip.org advocates for a legacy-signature sunset to force migration incentives.<\/p>\n<p>IBM discussed progress on error-correction components in a recent statement to Reuters, reiterating a development path toward a fault-tolerant quantum system around 2029. The company also reported that a key quantum error-correction algorithm can run on conventional AMD chips, according to a separate Reuters report.<\/p>\n<p>The measurable factors include the proportion of the UTXO set with exposed public keys, changes in wallet behavior responding to that exposure, and the network\u2019s adoption speed for quantum-resistant spending paths while maintaining validation and fee-market constraints, according to Project Eleven\u2019s analysis.<\/p>\n<p>    <!-- .cn-block-related-link --><\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Quantum computers can\u2019t decrypt Bitcoin but could forge signatures from exposed public keys, putting ~6.7m BTC at risk unless wallets migrate to post\u2011quantum paths before large fault\u2011tolerant machines arrive. Summary&hellip;<\/p>\n","protected":false},"author":1,"featured_media":14967,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-18354","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cryptocurrency"],"_links":{"self":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/18354","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/comments?post=18354"}],"version-history":[{"count":1,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/18354\/revisions"}],"predecessor-version":[{"id":18355,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/18354\/revisions\/18355"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media\/14967"}],"wp:attachment":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media?parent=18354"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/categories?post=18354"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/tags?post=18354"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}