qday

Experts warn quantum computers could someday forge Bitcoin’s digital signatures, allowing unauthorized transactions.
In brief
Today’s quantum computers are far too small and unstable to threaten real-world cryptography.Early Bitcoin wallets with exposed public keys are most at risk in the long term.Developers are exploring post-quantum signatures and potential migration paths.
Quantum computers can’t break Bitcoin’s encryption today, but new advances from Google and IBM suggest the gap is closing faster than expected. Their progress toward fault-tolerant quantum systems raises the stakes for “Q-Day,” the moment when a sufficiently powerful machine could crack older Bitcoin addresses and expose more than $711 billion in vulnerable wallets.
Upgrading Bitcoin to a post-quantum state will take years, which means the work has to begin long before the threat arrives. The challenge, experts say, is that no one knows when that will be, and the community has struggled to agree on how best to move forward with a plan.
This uncertainty has led to a lingering dread that a quantum computer that can attack Bitcoin may come online before the network is ready.
In this article, we will look at the quantum threat to Bitcoin and what needs to change to make the number one blockchain ready.
A successful attack would not look dramatic. A quantum-enabled thief would start by scanning the blockchain for any address that has ever revealed a public key. Old wallets, reused addresses, early miner outputs, and many dormant accounts fall into that category.
The attacker copies a public key and runs it through a quantum computer using Shor’s algorithm. Developed in 1994 by mathematician Peter Shor, the algorithm gives a quantum machine the ability to factor large numbers and solve the discrete logarithm problem far more efficiently than any classical computer. Bitcoin’s elliptic-curve signatures rely on the difficulty of those problems. With enough error-corrected qubits, a quantum computer could use Shor’s method to calculate the private key tied to the exposed public key.
As Justin Thaler, research partner at Andreessen Horowitz and associate professor at Georgetown University, told Decrypt, once the private key is recovered, the attacker can move the coins.
“What a quantum computer could do, and this is what’s relevant to Bitcoin, is forge the digital signatures Bitcoin uses today,” Thaler said. “Someone with a quantum computer could authorize a transaction taking all the Bitcoin out of your accounts, or however you want to think of it, when you did not authorize it. That’s the worry.”
The forged signature would look real to the Bitcoin network. Nodes would accept it, miners would include it in a block, and nothing on-chain would mark the transaction as suspicious. If an attacker hit a large group of exposed addresses at once, then billions of dollars could move within minutes. Markets would start reacting before anyone ever confirmed that a quantum attack was happening.
Where quantum computing stands in 2025
In 2025, quantum computing finally started to feel less theoretical and more practical.
January 2025: Google’s 105-qubit Willow chip showed steep error reduction and a benchmark beyond classical supercomputers.February 2025: Microsoft rolled out its Majorana 1 platform and reported record logical-qubit entanglement with Atom Computing.April 2025: NIST extended superconducting qubit coherence to 0.6 milliseconds.June 2025: IBM set targets of 200 logical qubits by 2029 and more than 1,000 in the early 2030s.October 2025: IBM entangled 120 qubits; Google confiNovember 2025: IBM announced new chips and software aimed at quantum advantage in 2026 and fault-tolerant systems by 2029.rmed a verified quantum speed-up.Why Bitcoin has become vulnerable
Bitcoin’s signatures use elliptic-curve cryptography. Spending from an address reveals the public key behind it, and that exposure is permanent. In Bitcoin’s early pay-to-public-key format, many addresses published their public keys on-chain even before the first spend. Later pay-to-public-key-hash formats kept the key hidden until the first use.
Because their public keys were never hidden, these oldest coins, including roughly 1 million Satoshi-era Bitcoin, are exposed to future quantum attacks. Switching to post-quantum digital signatures, Thaler said, takes active involvement.
“For Satoshi to protect their coins, they’d have to move them into new post-quantum-secure wallets,” he said. “The biggest concern is abandoned coins, about $180 billion worth, including roughly $100 billion believed to be Satoshi’s. Those are huge sums, but they’re abandoned, and that’s the real risk.”
Adding to the risk are coins tied to lost private keys. Many have sat untouched for more than a decade, and without those keys, they can never be moved into quantum-resistant wallets, making them viable targets for a future quantum computer.
No one can freeze Bitcoin directly on-chain. Practical defenses against future quantum threats focus on migrating vulnerable funds, adopting post-quantum addresses, or managing existing risks.
However, Thaler noted that post-quantum encryption and digital signature schemes come with steep performance costs, since they’re far larger and more resource-intensive than today’s lightweight 64-byte signatures.
“Today’s digital signatures are about 64 bytes. Post-quantum versions can be 10 to 100 times larger,” he said. “In a blockchain, that size increase is a much bigger issue because every node must store those signatures forever. Managing that cost, the literal size of the data, is far harder here than in other systems.”
Paths to protection
Developers have floated several Bitcoin Improvement Proposals to prepare for future quantum attacks. They take different paths, from light optional protections to full network migrations.
BIP-360 (P2QRH): Creates new “bc1r…” addresses that combine today’s elliptic-curve signatures with post-quantum schemes like ML-DSA or SLH-DSA. It offers hybrid security without a hard fork, but the bigger signatures mean higher fees.Quantum-Safe Taproot: Adds a hidden post-quantum branch to Taproot. If quantum attacks become realistic, miners could soft-fork to require the post-quantum branch, while users operate normally until then.Quantum‑Resistant Address Migration Protocol (QRAMP): A mandatory migration plan that moves vulnerable UTXOs to quantum-safe addresses, likely through a hard fork.Pay to Taproot Hash (P2TRH): Replaces visible Taproot keys with double-hashed versions, limiting the exposure window without new cryptography or breaking compatibility.Non-Interactive Transaction Compression (NTC) via STARKs: Uses zero-knowledge proofs to compress large post-quantum signatures into a single proof per block, lowering storage and fee costs.Commit-Reveal Schemes: Rely on hashed commitments published before any quantum threat.Helper UTXOs attach small post-quantum outputs to protect spends.“Poison pill” transactions let users pre-publish recovery paths.Fawkescoin-style variants stay dormant until a real quantum computer is demonstrated.
Taken together, these proposals sketch a step-by-step path to quantum safety: quick, low-impact fixes like P2TRH now, and heavier upgrades like BIP-360 or STARK-based compression as the risk grows. All of them would need broad coordination, and many of the post-quantum address formats and signature schemes are still early in discussion.
Thaler noted that Bitcoin’s decentralization—its greatest strength—also makes major upgrades slow and difficult, since any new signature scheme would need broad agreement across miners, developers, and users.
“Two major issues stand out for Bitcoin. First, upgrades take a long time, if they happen at all. Second, there are the abandoned coins. Any migration to post-quantum signatures has to be active, and owners of those old wallets are gone,” Thaler said. “The community must decide what happens to them: either agree to remove them from circulation or do nothing and let quantum-equipped attackers take them. That second path would be legally gray, and the ones seizing the coins likely wouldn’t care.”
Most Bitcoin holders don’t need to do anything right away. A few habits go a long way in reducing long-term risk, including avoiding reusing addresses so your public key stays hidden until you spend, and sticking with modern wallet formats.
Today’s quantum computers aren’t close to breaking Bitcoin, and predictions of when they will vary wildly. Some researchers see a threat within the next five years, others push it into the 2030s, but continued investments could speed up the timeline.
​#QDay
#QuantumThreat
#ShorAlgorithm
#ForgedSignatures
#PostQuantumCryptography

🕒 The term “Q-Day” has emerged as a buzzword in tech and cybersecurity circles, sparking curiosity about its implications for the future. While not explicitly defined in recent crypto-related web sources, Q-Day is widely understood to refer to the hypothetical point when quantum computing achieves a breakthrough capable of cracking current encryption methods, including those securing blockchain and cryptocurrency networks. 🔐 This milestone, often dubbed “Quantum Day,” could render existing cryptographic algorithms—such as RSA and ECC—obsolete, posing an existential threat to digital security.

💻 Quantum computers leverage quantum bits (qubits) that exist in multiple states simultaneously, unlike classical bits (0 or 1). This allows them to perform complex calculations at unprecedented speeds, potentially breaking the elliptic curve cryptography (ECC) that underpins Bitcoin and other blockchains. 🌐 Experts suggest Q-Day could arrive when a quantum computer with sufficient qubits—estimates range from 2,000 to 4,000 logical qubits—becomes operational, a feat some predict within the next decade, though timelines vary widely. The National Institute of Standards and Technology (NIST) has been working on post-quantum cryptography standards, with drafts released in 2022, indicating preparedness efforts are underway.

🔍 The concept gained traction as quantum computing advances, with companies like IBM and Google pushing boundaries. IBM’s 433-qubit Osprey processor (2021) and Google’s quantum supremacy claim (2019) hint at progress, though practical, large-scale quantum machines remain elusive. 📉 For crypto, Q-Day’s arrival could expose private keys, allowing hackers to steal funds or manipulate blockchain data. However, the narrative isn’t universally accepted—some argue the crypto community’s adaptability and ongoing research into quantum-resistant algorithms could mitigate risks.

🌍 Beyond crypto, Q-Day impacts global finance, government security, and data privacy. Banks and tech firms are investing in quantum-resistant solutions, while skeptics question the hype, noting current quantum computers are far from breaking real-world encryption. 📌 The lack of consensus on Q-Day’s timing—ranging from 2030 to beyond 2040—fuels debate. Is it an imminent threat or a distant concern? The answer lies in quantum computing’s evolution and the crypto industry’s response. 🔧 As research progresses, understanding Q-Day’s scope will be crucial for safeguarding digital assets.

Is Crypto Ready for Q-Day?

🤔 As the specter of Q-Day looms, the cryptocurrency industry faces a critical question: Is it prepared for the quantum computing revolution that could unravel its security? Q-Day, the hypothetical moment when quantum computers crack current encryption like ECC and RSA, threatens the cryptographic foundations of blockchains such as Bitcoin and Ethereum. 📊 With no definitive timeline—estimates range from 2030 to post-2040—the urgency to adapt is debated, but the stakes are high, potentially exposing private keys and jeopardizing billions in digital assets.

🔒 Current blockchain security relies on algorithms vulnerable to quantum attacks. Bitcoin’s SHA-256 hashing, while resistant, uses ECC for key generation, which quantum computers could break with sufficient qubits (2,000–4,000 logical qubits). 🌐 Ethereum, with its smart contract ecosystem, faces similar risks. The crypto community is not idle—research into post-quantum cryptography is accelerating, with NIST’s post-quantum standards (drafted 2022) offering hope. Projects like the Quantum Resistant Ledger (QRL) are exploring quantum-safe alternatives, but adoption remains limited.

💡 Proponents argue crypto’s decentralized nature and developer ingenuity provide resilience. Upgrading protocols, as seen with Ethereum’s past transitions, could integrate quantum-resistant algorithms. 📉 However, challenges abound: implementing changes requires network-wide consensus, a slow process for established blockchains. Smaller, newer coins might adapt faster, but their volatility and liquidity raise doubts. Critics highlight the lack of coordinated action—major players like Bitcoin Core developers have yet to prioritize quantum readiness, focusing instead on scalability and energy efficiency.

🌍 The broader tech and finance sectors are also preparing, with banks and governments investing in quantum-resistant solutions. Yet, crypto’s unregulated status complicates a unified response. 📌 Some dismiss Q-Day as overhyped, noting current quantum computers (e.g., IBM’s 433-qubit Osprey) are far from breaking real-world encryption. Others warn of a “quantum winter” if preparedness lags, leaving early adopters vulnerable. Trending discussions on X suggest mixed sentiments, with some advocating proactive upgrades and others questioning the threat’s immediacy.

🔧 Readiness hinges on education, investment, and collaboration. Developers must test quantum-resistant algorithms, while investors need awareness to demand security upgrades. The crypto market’s volatility—highlighted by Bitcoin’s 103.79% surge in late 2024 and Ethereum’s 69% drop in 2025—adds pressure, as funds could shift to quantum-safe alternatives. Is crypto ready? Not fully, but the foundation for adaptation exists. The next steps will define its quantum future.

#QDay #CryptoSecurity #QuantumComputing #Blockchain