Why Adam Back thinks Bitcoin’s 20-year quantum runway matters more than today’s headlines
News

Why Adam Back thinks Bitcoin’s 20-year quantum runway matters more than today’s headlines

Posted on by Josh Taylor

Quantum panic vs. physics: why the timeline actually matters

Quantum computers make for great clickbait: a lab bumps its qubit count, and suddenly every headline reads “Bitcoin is DOOMED.” Adam Back cut through that noise by pointing out something refreshingly boring — timelines rooted in physics, not panic. He estimates a roughly 20–40 year window before a quantum machine could realistically break the cryptography protecting Bitcoin. That sounds long? Good. It gives the community breathing room to plan instead of hyperventilating.

Here’s the key technical bit — the mining hash (SHA‑256) is not the main worry. The real risk lies in the digital signatures (ECDSA and Schnorr) that prove ownership on the secp256k1 curve. In theory, Shor’s algorithm running on a big-enough quantum computer could recover private keys from public keys and wreck the system. In practice, though, the engineering gap is enormous.

Breaking a 256‑bit elliptic curve in the short window relevant to a Bitcoin transaction needs thousands of high‑quality logical qubits, which in turn require thousands of physical qubits each for error correction. Think less “one giant leap” and more “several supernova‑sized engineering projects stacked together.” Some conservative estimates put the physical‑qubit count in the hundreds of millions to make attacks feasible under realistic error rates. Today’s quantum gear? Tiny and noisy by comparison — tens to low hundreds of useful qubits in the more advanced systems, and some experimental platforms hitting a few thousand physical but without the error correction needed for cryptographic attacks.

Fixable problem: upgrades, migration, and the human part

The good news: this is an engineering and governance problem, not a mathematical apocalypse. Standards bodies have already defined post‑quantum (PQ) signature algorithms — hash‑based and lattice‑based schemes among them — and there are concrete proposals for how Bitcoin could adopt them. One approach calls for new output types that accept either a classical or a PQ signature, so old and new wallets can coexist while coins migrate over time.

Migration is doable but messy. Roughly a quarter of all Bitcoin is sitting in address types where the public key is already exposed on‑chain — these funds would be immediately attractive targets if Shor becomes practical. The rest of the ecosystem benefits from a timing advantage: modern best practices (fresh addresses, SegWit, Taproot, and not reusing keys) keep public keys hidden until spending, squeezing an attacker’s window down to minutes instead of years.

So the roadmap looks like this: add PQ‑capable address types via soft fork, create incentives or reserved block space for “rescue” transactions, and gradually shepherd legacy coins into quantum‑safe outputs. There are research papers and developer proposals sketching exactly this multi‑year migration, including hybrid transactions that carry both old and new signatures during the transition.

Nothing here is trivial. PQ signatures can be larger, which affects transaction sizes and fee economics. Some PQ schemes require careful implementation to avoid side‑channel or fault attacks. But these are engineering headaches with known forms — they can be tested, patched, and optimized. That’s way better than contending with an unknown, unstoppable math bomb.

In the short term, headlines about quantum computing mostly move investor sentiment, not the fundamentals. Disclosures from big funds and ETFs mentioning quantum risk are typically standard legal caution, not a signal that an attack is right around the corner. Real price drivers remain macro data, ETF flows, regulation, and liquidity — not quantum qubit counts.

Bottom line: the story isn’t “if” or even “exactly when” a cryptographically relevant quantum computer will arrive. It’s whether Bitcoin’s community can act like grownups and coordinate a decade‑long migration before the hardware gets close. Physics gives us a runway. The tricky part is governance: building consensus on upgrade paths, incentivizing migration without fracturing the network, and keeping the conversation practical instead of panicky.

In short: don’t sell your coins because of a flashy lab demo. Start planning, build the upgrades, and maybe keep a sense of humor while the engineers do their slow, nerdy work.