(Deloitte.com.nl) The goal of this discussion by Deloitte is to present a balanced view regarding the risks that quantum computers pose to Bitcoin. One finding by the authors is that “About 25% of the Bitcoins in circulation are vulnerable to a quantum attack. At the current price this is over 40 billion USD.
The authors of this study answered the following questions to arrive at the conclusion:
1) How many Bitcoins could be stolen now if a sufficiently large quantum computer was available?
2) What can one do to mitigate the risk of Bitcoins being stolen by an adversary with a quantum computer?
3) Is the Bitcoin blockchain inherently resilient to quantum attacks now and in the future?
1) Imagine that someone manages to build a quantum computer today and is therefore able to derive private keys. How many Bitcoins will be in danger?
To answer this question, authors analyzed the entire Bitcoin blockchain to identify which coins are vulnerable to an attack from a quantum computer. All coins in p2pk addresses and reused p2pkh addresses are vulnerable to a quantum attack. The number of coins in p2pk addresses has stayed practically constant (circa 2M Bitcoins). A reasonable assumption is these coins have never been moved from their original address.
As p2pkh was introduced 2010, it quickly became dominant. Most of the coins created since then are stored in this type of address. The number of Bitcoins stored in reused p2pkh increases from 2010 to 2014, and since then is decreasing slowly to reach the current amount of 2.5M Bitcoins. This suggests that people are generally following the best practice of not using p2pk address as well as not reusing p2pkh addresses. Nevertheless, there are still over 4 million BTC (about 25% of all Bitcoins) which are potentially vulnerable to a quantum attack. At the current price this is over 40 billion USD.
The authors write: “If you have Bitcoins in a vulnerable address and believe that progress in quantum computing is more advanced than publicly known, then you should probably transfer your coins to a new p2pkh address (don’t forget to make a secure backup of your private key).”
2) What can one do to mitigate the risk of Bitcoins being stolen by an adversary with a quantum computer?
p2pk and reused p2pkh addresses are vulnerable to quantum attacks. However, p2pkh addresses that have never been used to spend Bitcoins are safe, as their public keys are not yet public. If you transfer your Bitcoins to a new p2pkh address, then they should not be vulnerable to a quantum attack.
Many owners of vulnerable Bitcoins have lost their private keys. These coins cannot be transferred and are waiting to be taken by the first person who manages to build a sufficiently large quantum computer. A way to address this issue is to come to a consensus within the Bitcoin community and provide an ultimatum for people to move their coins to a safe address. After a predefined period, coins in unsafe addresses would become unusable.
3) Is the Bitcoin blockchain inherently resilient to quantum attacks now and in the future?
Assume that all owners of vulnerable Bitcoins transfer their funds to safe addresses (everyone who lost their private key ‘magically’ finds them). The prerequisite of being “quantum safe” is that the public key associated with this address is not public. The moment you want to transfer coins from such a “safe” address, you also reveal the public key, making the address vulnerable.
From that moment until your transaction is “mined”, an attacker who possesses a quantum computer gets a window of opportunity to steal your coins. In the Bitcoin blockchain it currently takes about 10 minutes for transactions to be mined. As long as it takes a quantum computer longer to derive the private key of a specific public key then the network should be safe against a quantum attack. Current scientific estimations predict that a quantum computer will take about 8 hours to derive a typical Bitcoin private key, which means that Bitcoin should be, in principle, resistant to quantum attacks.
Authors: Itan Barnes is a member of the cryptography team at Deloitte’s cyber risk services department. He has broad experience in both academia and industry and holds a Ph.D in experimental physics.
Bran Basch is a consultant within the Risk Advisory’s blockchain team. He performs research on the inner workings of blockchain but also help out with software development in client projects