Quantum Computers and Cryptocurrencies

Quantum Computers and Cryptocurrencies

Intermediate
Updated Jul 16, 2025
9m

Key Takeaways

  • Quantum computers use qubits and principles like superposition to solve certain problems far more efficiently than classical computers, which could eventually threaten public-key cryptography (PKC) systems used in cryptocurrencies.

  • In theory, a sufficiently powerful quantum computer running Shor's algorithm could compromise the elliptic-curve cryptography (ECC) and RSA used to protect crypto wallets and digital signatures.

  • Current quantum computers are not powerful enough to break Bitcoin's cryptographic protections, and experts suggest large-scale threats are likely still years or decades away.

  • In August 2024, NIST finalized three post-quantum cryptography standards (ML-KEM, ML-DSA, SLH-DSA), marking a major step toward quantum-resistant security for digital systems.

  • The crypto community is actively researching quantum-resistant algorithms to prepare for potential future threats before they become real.

Binance Academy courses banner

Introduction

Quantum computers are machines that use the principles of quantum mechanics to solve certain problems far more efficiently than conventional computers. While these machines remain mostly experimental, their potential development could present new challenges to current digital security, including the cryptography used by Bitcoin and other cryptocurrencies.

This article explains how quantum computers differ from classical computers, the risks they may pose to cryptocurrencies and digital infrastructure, and ongoing efforts to mitigate these future threats.

Asymmetric Cryptography and Internet Security

Asymmetric cryptography, also called public-key cryptography, is a critical component of the cryptocurrency ecosystem and much of the internet. For a comparison of the two main encryption approaches, see our guide to Symmetric vs. Asymmetric Encryption.

PKC uses a pair of keys: a private key, which must be kept secret, and a public key, which can be shared with others. In cryptocurrencies, users sign transactions with private keys, and anyone can verify the authenticity using the associated public key and digital signatures.

A PKC system relies on algorithms for generating key pairs. A good algorithm makes it extremely difficult to calculate the private key from the public key, but straightforward to calculate the public key from the private key. The PKC system depends on mathematical functions known as "trapdoor functions." These are easy to perform in one direction, but computationally infeasible to reverse.

Can Quantum Computers Break Crypto Wallets?

In theory, yes. In practice, not yet. Modern algorithms used in crypto and internet security have robust trapdoor functions that are not "solvable" in a timeframe feasible for any existing computer. It would take immense amounts of time even for the most powerful classical machines to perform these computations.

However, this could change in the future with the development of sufficiently powerful quantum computers. To understand why, it helps to first look at how regular computers work.

Classical Computers

Classical computers process information using binary digits, or bits, which can be either 0 or 1. Complex computations are performed by breaking large problems into smaller tasks. While modern systems can run certain operations in parallel, each bit still exists only in a state of 0 or 1.

For example, guessing a cryptographic key: for a 4-bit key, there are 16 possible combinations. A classical computer tries each combination one by one. As the key length grows, the number of possible combinations grows exponentially. A 256-bit key produces a number of combinations close to the estimated number of atoms in the observable universe.

The speed of classical computers increases roughly linearly, so exponential growth in keyspace far outpaces hardware improvements. The minimum recommended size for a seed used in Bitcoin is 128 bits, with many wallet implementations using 256 bits, making brute-force attacks by classical computers practically impossible.

Quantum Computers

Quantum computers use quantum bits, or qubits, which can exist in a superposition of 0 and 1 simultaneously. This property, combined with quantum entanglement, allows quantum computers to process certain kinds of problems much more efficiently than classical machines.

Two of the most relevant quantum algorithms for cryptography are:

  • Shor's Algorithm: enables efficient factorization of large numbers and calculation of discrete logarithms. This could eventually compromise public-key cryptosystems like RSA and elliptic-curve cryptography (ECC), which are widely used in blockchain technology.

  • Grover's Algorithm: provides a quadratic speedup for searching and brute-forcing symmetric keys or hash values. This is less of a risk because its effects can be mitigated by simply doubling key sizes.

It is important to correct a common misconception: quantum computers do not "try every combination at once." Instead, they use interference and superposition to solve certain structured problems faster.

Not all types of problems benefit equally from quantum speedups. Large-scale, fault-tolerant quantum computers capable of threatening blockchain cryptography do not currently exist and are likely years or even decades away, according to most experts.

Quantum-Resistant Cryptography

The potential for quantum computers to break modern cryptography has driven significant research into "post-quantum" cryptographic methods, which are believed to remain secure even against capable quantum adversaries. For broader context on how cryptographic methods have evolved, see our history of cryptography.

In August 2024, NIST finalized three post-quantum cryptography standards: ML-KEM (FIPS 203), ML-DSA (FIPS 204), and SLH-DSA (FIPS 205). This marked a milestone in transitioning global digital security infrastructure toward quantum resilience. The algorithms cover digital signature schemes and key encapsulation mechanisms.

A major concern motivating early migration is the "harvest now, decrypt later" threat model. In this scenario, adversaries intercept and store encrypted data today, with the intention of decrypting it once sufficiently powerful quantum computers become available.

This means that data requiring long-term confidentiality may already be at risk, even though practical quantum computers do not yet exist.

Mosca's theorem provides a framework for assessing migration urgency. It compares three time horizons: the time required to transition systems (X), the time during which data must remain secure (Y), and the estimated arrival of cryptographically relevant quantum computers (Z). If X + Y > Z, migration is considered urgent.

Several broad families of post-quantum cryptography are under investigation:

  • Lattice-based cryptography

  • Hash-based cryptography

  • Multivariate polynomial cryptography

  • Code-based cryptography

For symmetric cryptography, Grover's algorithm halves the effective strength of keys. AES-256 would provide 128 bits of security against a quantum attacker, which is still considered strong. Simply using longer symmetric keys can maintain adequate security.

Quantum key distribution (QKD) is a separate research area using quantum properties to detect eavesdropping on key exchanges, though it faces its own practical deployment challenges.

Quantum Computers and Bitcoin Mining

Bitcoin mining relies on solving cryptographic hash puzzles using functions like SHA-256. For more on this concept, see our guide to hashing. Quantum computers can apply Grover's algorithm for a quadratic speedup in searching for valid hashes, which is much less powerful than the exponential speedup Shor's algorithm provides against public-key systems. Simply increasing the difficulty or length of hashing functions could counteract quantum improvements in mining.

Most researchers agree that quantum computing does not pose an imminent existential threat to Bitcoin mining. In practice, applying quantum computers to mining faces many real-world engineering challenges, and the economic incentive structure of Bitcoin mining remains tilted toward specialized classical hardware for the foreseeable future.

Transitioning to Quantum-Resistant Blockchains

Moving crypto networks to quantum-resistant algorithms will require substantial effort. Updating protocols, wallets, and infrastructure will require global coordination. Ensuring a smooth migration, possibly including hard or soft forks, will be technically and logistically complex but is considered essential for long-term security.

Public keys on the Bitcoin blockchain are only exposed after coins are spent from an address. Unspent addresses are therefore less immediately vulnerable to quantum attacks. Ethereum's development roadmap includes early-stage research into quantum resistance as part of longer-term protocol planning, though concrete implementation timelines remain undefined.

FAQ

What makes quantum computers a potential threat to cryptocurrencies?

Quantum computers running Shor's algorithm could theoretically factor large numbers or compute discrete logarithms efficiently. This is the mathematical basis for breaking public-key cryptosystems like RSA and elliptic-curve cryptography, which protect crypto wallet addresses and transaction signatures.

Are Bitcoin wallets at risk from quantum computers today?

No. Current quantum computers are far too limited in scale and error correction to threaten Bitcoin's 256-bit cryptographic keys. Experts generally estimate that cryptographically relevant quantum computers are at least a decade away, though exact timelines are uncertain.

What are post-quantum cryptography standards?

Post-quantum cryptography refers to cryptographic algorithms designed to remain secure against quantum attacks. In August 2024, NIST published three finalized standards: ML-KEM, ML-DSA, and SLH-DSA. These cover key encapsulation and digital signatures and are intended for gradual adoption across digital infrastructure.

How does Grover's algorithm affect Bitcoin mining?

Grover's algorithm provides a quadratic speedup for brute-force search problems, including searching for valid Bitcoin hashes. However, this speedup is much less severe than Shor's algorithm's threat to public-key cryptography. Increasing hash difficulty or key sizes can counteract Grover's advantage. Mining is generally considered less at risk than wallet security.

Will Bitcoin need a hard fork to become quantum-resistant?

Possibly, though no timeline has been set. Transitioning to quantum-resistant cryptography would likely require significant protocol upgrades, which could involve hard or soft forks. This would require community consensus, wallet software updates, and a migration period for all active addresses. The crypto community regards this as a long-term planning issue rather than an immediate emergency.

Closing Thoughts

Quantum computing is an active area of research with the potential to disrupt public-key cryptography, including the systems that protect cryptocurrencies. Practical quantum computers capable of breaking modern blockchains do not yet exist and are likely still years, if not decades, away. The finalization of NIST's post-quantum standards in 2024 represents a meaningful step toward preparing global digital security for this future scenario.

The cryptocurrency industry and broader digital security communities are actively researching and standardizing quantum-resistant algorithms. Although quantum computers do not currently pose an urgent risk to assets like Bitcoin, it is worth tracking developments in the field as the technology matures.

Further Reading

Disclaimer: This content is presented to you on an "as is" basis for general information and educational purposes only, without representation or warranty of any kind. It should not be construed as financial, legal, or other professional advice, nor is it intended to recommend the purchase of any specific product or service. You should seek your own advice from appropriate professional advisors. Where the content is contributed by a third-party contributor, please note that those views expressed belong to the third-party contributor, and do not necessarily reflect those of Binance Academy. Digital asset prices can be volatile. The value of your investment may go down or up and you may not get back the amount invested. You are solely responsible for your investment decisions and Binance Academy is not liable for any losses you may incur. For more information, see our Terms of Use, Risk Warning, and Binance Academy Terms.