Bitcoin Safe from Quantum Threat for 20–40 Years, Says Cryptographer Adam Back

Adam Back's Quantum Computing Timeline Assessment

Adam Back's assertion that Bitcoin remains secure from quantum computing threats for the next two to four decades is grounded in a comprehensive analysis of current quantum technology capabilities and cryptographic standards. The renowned cypherpunk and Blockstream CEO, whose work was notably cited in Satoshi Nakamoto's original Bitcoin white paper, has addressed growing concerns within the cryptocurrency community about the potential vulnerability of Bitcoin's SHA-256 encryption to quantum attacks.

Back's assessment directly challenges the heightened anxiety circulating on social media platforms regarding an imminent quantum computing breakthrough that could compromise Bitcoin's security infrastructure. His position is supported by the current state of quantum computing technology, which remains far from achieving the computational power necessary to break Bitcoin's cryptographic foundations. The cryptographer emphasizes that existing quantum machines lack both the qubit count and the error-correction capabilities required to pose a realistic threat to SHA-256 encryption.

In a recent response to community concerns, Back explained that Bitcoin is "probably not" vulnerable for approximately 20 to 40 years. This timeline is based on several key factors, including the current limitations of quantum hardware and the availability of post-quantum encryption standards already approved by the National Institute of Standards and Technology (NIST). These standards provide a clear pathway for Bitcoin to implement quantum-resistant cryptography well before quantum computers reach a level where breaking SHA-256 becomes practically feasible.

Despite Viral Predictions, Practical Quantum Attacks Remain Far From Reality

The discussion around quantum threats to Bitcoin has been amplified by predictions from prominent figures in the technology and investment sectors. Venture capitalist Chamath Palihapitiya recently gained widespread attention with a prediction suggesting that quantum computers capable of threatening Bitcoin could emerge within two to five years. Palihapitiya's analysis focused on the theoretical requirement of approximately 8,000 qubits to break SHA-256 encryption, a figure that has sparked intense debate within both the quantum computing and cryptocurrency communities.

However, Back's technical rebuttal highlights the significant gap between theoretical qubit counts and practical quantum computing capabilities. Current quantum machines face two critical limitations: excessive noise levels and insufficient scale. The most advanced neutral-atom quantum system, developed at the California Institute of Technology (Caltech), has achieved approximately 6,100 physical qubits. While this represents a significant milestone in quantum computing development, these physical qubits remain far from usable for cryptographic attacks due to the substantial error correction requirements inherent in quantum systems.

The distinction between physical qubits and logical qubits is crucial to understanding the realistic timeline for quantum threats. Systems with more stable qubits, such as Quantinuum's Helios platform, currently deliver only about 48 logical qubits—the error-corrected qubits that can actually perform reliable computations. Gate-based quantum systems have recently achieved the milestone of surpassing 1,000 physical qubits, as demonstrated by Atom Computing's latest developments. However, this achievement remains orders of magnitude away from the thousands of logical qubits required to execute Shor's algorithm against current cryptographic standards like RSA-2048 or Bitcoin's elliptic curve digital signature algorithm (ECDSA).

While the consensus among quantum computing experts confirms that practical quantum attacks on Bitcoin are not achievable with current technology, the long-term threat trajectory remains a subject of serious consideration. The cybersecurity concept of "harvest now, decrypt later" has emerged as a particular concern in traditional data security contexts. This strategy involves adversaries collecting encrypted data in the present with the intention of decrypting it once quantum computers become sufficiently powerful. Although this approach does not directly threaten Bitcoin's ownership model due to the blockchain's transparent and immediate nature, it underscores the broader need for proactive quantum-resistant upgrades across all digital infrastructure as quantum capabilities continue to evolve.

Is Bitcoin Really Ready for the Quantum Era?

The question of Bitcoin's preparedness for the quantum computing era has become increasingly prominent within the cryptocurrency community over the past year. In recent months, on-chain analyst Willy Woo issued a recommendation urging Bitcoin users to migrate their holdings away from Taproot addresses. Woo's concern centers on the fact that certain address formats expose public keys directly, potentially making them the first targets vulnerable to quantum attacks once sufficiently powerful quantum computers become available.

Former Bitcoin Core developer Jonas Schnelli has provided additional perspective on this issue, noting that older Bitcoin address formats may offer more short-term protection against quantum threats compared to newer implementations. However, Schnelli has also cautioned that no user-initiated migration strategy can be considered fully secure once quantum machines reach the capability to attack transactions in the mempool—the temporary storage area for unconfirmed transactions. This vulnerability window, during which transactions are broadcast but not yet confirmed on the blockchain, represents a critical attack surface that must be addressed through protocol-level solutions.

The Bitcoin development community is actively examining Bitcoin Improvement Proposal 360 (BIP-360), which introduces quantum-resistant ML-DSA (Module-Lattice-Based Digital Signature Algorithm) signatures. These signatures were selected by NIST in its post-quantum cryptography standardization process and represent one of the most promising approaches to quantum-resistant digital signatures. The proposal, drafted by prominent Bitcoin security expert Jameson Lopp, outlines a comprehensive multi-year transition plan designed to phase out older signature schemes before quantum computers become relevant threats.

Supporters of BIP-360 argue that it provides essential structure to what would otherwise be a complex and potentially chaotic upgrade process. The proposal establishes clear timelines, technical specifications, and implementation guidelines that can help coordinate the Bitcoin network's transition to quantum-resistant cryptography. However, critics contend that only a comprehensive protocol-level overhaul can provide users with truly reliable protection against quantum threats, suggesting that individual address migrations or partial implementations may leave vulnerabilities in the system.

Industry perspectives on quantum threat timelines remain notably divided. Solana co-founder Anatoly Yakovenko has warned that a quantum computing breakthrough within five years cannot be definitively ruled out, particularly as artificial intelligence accelerates quantum research and development. This more aggressive timeline reflects concerns that the combination of AI-driven optimization and rapid hardware improvements could compress the development timeline more than traditional projections suggest.

Current estimates indicate that approximately 6 to 7 million BTC—representing a substantial portion of Bitcoin's total supply—currently reside in older address formats that would be prioritized targets in any quantum attack scenario. This concentration of potentially vulnerable holdings has prompted various stakeholders to take preemptive measures. El Salvador, which maintains more than 6,000 BTC in its national Bitcoin reserve, recently implemented a strategic redistribution of its treasury across 14 separate addresses. This decision came in response to criticism regarding the security risks associated with single-address storage, particularly in the context of emerging quantum threats.

Multiple quantum computing researchers have revised their projections in recent years, with many now estimating that practical quantum attacks on Bitcoin could become feasible in the late 2020s or early 2030s. These updated timelines reflect the observation that required machine sizes for cryptographic attacks have consistently decreased as hardware technologies improve and new algorithmic approaches are developed. Some quantum computing startups have made bold claims about specialized quantum computer designs incorporating hundreds of thousands of qubits that could potentially threaten 256-bit elliptic curve signatures within the next decade.

Simultaneously, blockchain engineers and developers recognize that upgrading decentralized networks presents far more significant coordination challenges than updating traditional centralized systems. Post-quantum signature schemes typically involve substantially larger cryptographic keys and higher computational requirements, creating practical challenges for wallet developers, miners, and node operators. These technical constraints must be carefully balanced against security requirements to ensure that quantum-resistant solutions remain practical for everyday use.

Several blockchain projects have begun pioneering work on post-quantum infrastructure implementations. Rootstock, a Bitcoin sidechain platform, and Naoris Protocol have initiated experimental deployments of quantum-resistant cryptographic systems. In the hardware wallet sector, manufacturers are also taking proactive steps—Trezor's Safe 7 device now ships with built-in quantum-secure update paths, allowing the device to transition to post-quantum algorithms through firmware updates as standards mature and threats evolve. These early implementations serve as important testing grounds for the broader cryptocurrency ecosystem's eventual transition to quantum-resistant security.

FAQ

Will Bitcoin be threatened by quantum computing?

Bitcoin is relatively safe from quantum threats for 20-40 years. Its ECDSA signature scheme remains secure in the near term, and the network can upgrade to quantum-resistant algorithms before any practical threat emerges.

How long before quantum computing impacts Bitcoin's security?

According to cryptographer Adam Back, Bitcoin remains safe from quantum threats for 20–40 years. This timeline provides sufficient opportunity for the network to implement quantum-resistant upgrades before any practical threat materializes.

What measures has Bitcoin currently taken to defend against quantum computing threats?

Bitcoin currently uses elliptic curve cryptography for security. While quantum threats aren't imminent（experts estimate 20-40 years），the community is researching post-quantum cryptography solutions and potential protocol upgrades to ensure long-term resilience against quantum computing advancements.

What is post-quantum cryptography? How will Bitcoin upgrade to address quantum threats?

Post-quantum cryptography uses algorithms resistant to quantum computing attacks. Bitcoin can upgrade through soft forks implementing quantum-resistant signatures, protecting long-term security without disrupting existing transactions or network functionality.

Do other cryptocurrencies have advantages over Bitcoin in terms of quantum safety?

No. Bitcoin's quantum resistance timeline is comparable to other cryptocurrencies. Most major digital assets face similar quantum threats within 20-40 years. Bitcoin's established security protocols and network robustness actually provide stronger long-term protection than newer alternatives.