Bitcoin’s cryptography will one day face a serious challenge from quantum computers-but that day is not around the corner, according to a new research report from Cathie Wood’s Ark Invest in collaboration with Bitcoin-focused firm Unchained.
The study takes aim at a question that has hovered over the crypto market for years: could a sufficiently powerful quantum computer run Shor’s algorithm and break the elliptic curve cryptography (ECC) that protects Bitcoin private keys and transactions? The authors’ conclusion is nuanced. They argue that the risk is real in a long-term, theoretical sense, but current hardware is nowhere near capable of mounting such an attack.
Quantum computers vs. Bitcoin’s cryptography
Bitcoin relies on elliptic curve digital signature algorithms to prove that a transaction was authorized by the holder of a private key, without ever revealing that key. In classical computing, reversing this process-deriving the private key from the public key or from signatures-is computationally infeasible.
Quantum computing changes the assumptions. Shor’s algorithm, in theory, can factor large numbers and solve discrete logarithm problems exponentially faster than classical algorithms. Since ECC’s security rests on the difficulty of these discrete logarithm problems, a fault-tolerant quantum computer with enough stable qubits could eventually break the cryptography underpinning Bitcoin addresses and wallets.
Ark Invest and Unchained focus on this point: how close are today’s quantum machines to that threshold? Their answer is clear: not close at all.
Why the threat is not imminent
The report explains that practical attacks on Bitcoin would require a large-scale, error-corrected quantum computer with millions of reliable logical qubits, operating long enough to run Shor’s algorithm on Bitcoin’s specific elliptic curve parameters. Today’s devices are “noisy intermediate-scale quantum” (NISQ) machines, with relatively few qubits and high error rates.
These systems are useful for research and experimentation, but they are orders of magnitude too weak to crack modern public-key cryptography, let alone do so within the time windows required to steal funds from the Bitcoin network in real-world conditions.
The authors emphasize that any genuine leap in quantum capability sufficient to threaten Bitcoin would show up across the broader digital ecosystem first. The same cryptographic primitives protect online banking, messaging apps, VPNs, and much of the global internet infrastructure. A quantum machine powerful enough to break Bitcoin signatures would already be catastrophic for general internet security.
In other words, Bitcoin will not be the canary in the coal mine. The world would almost certainly see internet-wide disruption, broken TLS connections, and compromised conventional financial systems before a direct assault on Bitcoin wallets became feasible.
How Bitcoin could be attacked in a quantum future
Even though the danger is distant, the researchers outline the main theoretical attack vectors.
The most discussed scenario involves so-called “non-pay-to-public-key-hash” outputs-Bitcoin addresses where the public key is already exposed on-chain. For most modern transactions, users send funds to a hashed public key, revealing the actual public key only when they spend those coins. This offers some additional protection because an attacker must break the hash and then the public key, all within the short window between a transaction being broadcast and confirmed.
However, older addresses and some specific transaction types have public keys visible long before spending. If a quantum computer could rapidly derive the corresponding private key from a known public key, it could sign a competing transaction and redirect funds before the legitimate owner moves them.
A second, more dramatic risk emerges if quantum power becomes so great that even hashed public keys and widely used hash algorithms themselves are weakened or broken. At that point, almost every aspect of blockchain security-not just Bitcoin’s ECC-would require redesign.
Ark and Unchained stress that both scenarios remain hypothetical and far beyond the capabilities of today’s quantum hardware.
Timeline: years or decades, not months
The report does not attempt to fix an exact date for when quantum threats could become practical, but it leans heavily toward a long horizon. Based on current research trajectories, engineering challenges, and the immense overhead required for error correction, the authors suggest that the world is likely years-if not decades-away from a machine that can reliably run Shor’s algorithm at the scale needed to endanger Bitcoin.
They point out that quantum advantages achieved so far are narrow and problem-specific, often in carefully controlled experiments. Scaling from “quantum supremacy” demonstrations on contrived tasks to a general-purpose, fault-tolerant system capable of breaking 256-bit elliptic curve keys is a far harder problem.
Moreover, engineering plateaus, funding cycles, and technical obstacles could delay progress further. While unexpected breakthroughs are always possible, the base case remains a gradual evolution, not an overnight revolution.
The internet will move to post-quantum cryptography first
A central message in the report is that Bitcoin will not face the quantum transition alone. Governments, industry consortia, and standards bodies are already working on post-quantum cryptography-new algorithms designed to resist attacks from both classical and quantum computers.
Large-scale migration efforts are underway or being planned across key sectors. From web browsers and operating systems to banking infrastructure and secure communications, the move toward quantum-resistant primitives has already begun. When truly threatening quantum hardware appears, most critical internet protocols are expected to have at least a migration path in place.
Because Bitcoin’s security model depends on many of the same cryptographic assumptions used across the wider internet, Bitcoin development can draw from the same pool of research, algorithms, and standards. The authors argue that this shared timeline further reduces the odds of Bitcoin being uniquely vulnerable at the moment quantum computing becomes truly dangerous.
Bitcoin’s ability to adapt
Contrary to the narrative that Bitcoin is rigid and unable to change, the report highlights that the protocol has successfully undergone multiple upgrades over the years, including complex ones such as SegWit and Taproot. These changes required broad social consensus, careful engineering, and incremental rollout-all of which set a precedent for a future cryptographic transition.
In a quantum-threat scenario, Bitcoin could introduce new address types secured by post-quantum algorithms. Users would be encouraged-or eventually required-to move funds from legacy addresses to quantum-safe ones. Over time, miners and nodes could deprecate old script types or treat them as insecure, nudging the remaining capital into upgraded formats.
This process would not be trivial. It would involve community debate, extensive testing, and careful backward compatibility planning. Yet the authors maintain that it is technically and socially achievable, especially if the quantum threat emerges gradually and visibly rather than as a sudden shock.
What investors should actually worry about today
For market participants, the report implicitly warns against both complacency and panic. Ignoring quantum computing entirely would be shortsighted, because long-term institutional capital and infrastructure planning often extends decades ahead. On the other hand, trading on near-term quantum “fear, uncertainty, and doubt” is likely misguided.
From an investment standpoint, the more immediate drivers of Bitcoin’s price and adoption remain macroeconomic conditions, regulatory developments, network effects, and technological improvements that are already in progress. Quantum risk, while real in theory, sits in a different category: a strategic, long-range concern that informs research roadmaps more than day-to-day valuations.
Ark and Unchained suggest that the right posture is preparedness rather than alarmism. Monitoring advances in quantum hardware, supporting post-quantum research, and designing upgrade paths are rational responses. Selling or shunning Bitcoin solely out of fear of a technology that is not yet remotely capable of breaking its defenses is not.
The role of post-quantum research in the Bitcoin ecosystem
The report underscores that the most constructive response to the quantum question is continued research. Cryptographers are actively developing and analyzing post-quantum signature schemes that could be deployed in systems like Bitcoin, such as lattice-based, hash-based, or multivariate polynomial schemes.
Each approach involves trade-offs in key size, signature size, verification speed, and implementation complexity. For a global, decentralized network like Bitcoin, these details matter: bandwidth, storage, and validation times are all part of the security and decentralization equation.
By exploring and benchmarking candidate algorithms early, the Bitcoin community can narrow in on options that strike an acceptable balance between quantum resistance and practical performance. This preparatory work reduces the risk that the ecosystem will be forced into rushed or suboptimal choices if quantum progress accelerates unexpectedly.
Why the “quantum doom” narrative persists
Despite the technical nuances, the idea that “quantum will kill Bitcoin” remains popular in headlines and online debates. The report implicitly critiques this narrative, describing it as an oversimplification that conflates theoretical vulnerabilities with real-world capabilities.
Quantum computing, like many emerging technologies, attracts both hype and fear. The mere existence of algorithms that could, in principle, break current cryptography leads some observers to assume that their practical deployment is imminent. Ark and Unchained push back against this assumption, emphasizing the gulf between equations on a whiteboard and industrial-scale hardware capable of executing them at speed and scale.
They also highlight that almost all digital systems, not just cryptocurrencies, rest on cryptographic assumptions that quantum computing eventually threatens. Singling out Bitcoin as uniquely doomed misrepresents the broader picture.
Long-term resilience depends on early, gradual action
The overarching conclusion of the report is that Bitcoin’s quantum threat is both genuine and manageable. It is genuine because the underlying mathematics of elliptic curve cryptography is vulnerable to Shor’s algorithm in a world with powerful, fault-tolerant quantum computers. It is manageable because the development, standardization, and deployment of quantum-safe alternatives is already underway-and because Bitcoin has the technical and social mechanisms required to adopt them over time.
Meaningful quantum breakthroughs, the authors note, would not silently appear in the background. They would reshape the entire cybersecurity landscape, disrupt conventional internet protocols first, and ignite a wave of upgrades across the digital economy. In that environment, Bitcoin has every opportunity to transition alongside other critical systems, rather than standing alone as an isolated target.
For now, the report concludes, quantum computing is a strategic horizon issue for Bitcoin, not an immediate existential risk. The time to prepare is now-but the time to panic has not yet arrived.