TL;DR:
- ARK Invest and Unchained published a white paper estimating that 34.6% of the BTC supply remains exposed to quantum threats.
- Around 5 million BTC are considered migratable due to address reuse, and 1.7 million sit in P2PK addresses assumed to be lost.
- The first breach of a public key could occur in the mid-2030s, according to consensus established among Google, IBM, and Microsoft.
ARK InvestĀ and Bitcoin-focused financial services firmĀ UnchainedĀ published on Wednesday a jointĀ white paperĀ that analyzes in depth theĀ exposure of Bitcoin’s supply to a potential breakthrough in quantum computing. According to the document,Ā 65.4% of the BTC supply is no longer vulnerableĀ to this type of threat, while theĀ remaining 34.6% is still at riskĀ shouldĀ quantum computersĀ advance enough to break elliptic curve cryptography (ECC).
The breakdown of the exposed supply includes approximatelyĀ 5 million BTC, equivalent toĀ 25%Ā of the total,Ā considered migratable due to address reuse. Added to that areĀ 1.7 million BTC, orĀ 8.6%Ā of the supply, assumed to beĀ lost in P2PK addresses, the oldest transaction format on the network, which tied funds directly to public keys. An additionalĀ 200,000 BTC, roughlyĀ 1%, are exposed through theĀ P2TR or Pay To TaprootĀ address type.
For a quantum computer to breach Bitcoin’s ECC, ARK estimates thatĀ approximately 2,330 logical qubits and tens of millions to billions ofĀ quantumĀ gates would be required. The paper’s own authors acknowledge that reaching that level of performance “will take a very long time.”
ARK Sets a Countdown to 2030
ARK structures the advancement of quantum computing intoĀ five stagesĀ and argues thatĀ only the final one would allow ECC to be brokenĀ in less time than Bitcoin’s 10-minute block. The first breach of a public key could occurĀ in the mid-2030s, in line with projections from companies such asĀ Google,Ā IBM, andĀ Microsoft.
Meanwhile, Chicago-based firm PsiQuantum plans to complete by 2027Ā the first quantum computing installation with one million physical qubits, funded in part with capital linked to BlackRock.
The Possible Solutions
Faced with this outlook, ARK argues thatĀ Bitcoin will need to implement address formats secure againstĀ quantum attacksĀ and, eventually,Ā post-quantum cryptography (PQC). Among the alternatives mentioned are the lattice-based signature schemeĀ ML-DSAĀ and the hash-based schemeĀ SLH-DSA.
The document also references draftĀ BIP-360, which proposes a new output type designed to minimize quantum threats, thoughĀ without incorporating post-quantum digital signatures. Chris Tam, president and head of quantum innovation atĀ BTQ Technologies, warned that such signatures are “essential for any meaningful long-term defense against quantum attacks.”
The main challenge in implementing these solutions lies inĀ Bitcoin’s decentralized governance, which requires majority consensus among network participants to approve anyĀ soft fork.
