A new brief from the Bitcoin Policy Institute claims that recent breakthroughs in quantum computing are accelerating the timeline for when Bitcoin’s cryptography could face credible threats, while stressing that developers are already preparing solutions.
In its report, Status: Quantum Computing and Bitcoin’s Way Forwardthe Bitcoin Policy Institute points to two research papers released March 31 by Google and the California Institute of Technology that reshape long-held assumptions about the computing power required to break Bitcoin’s encryption.
For years, estimates suggested that an attacker would need about 10 million qubits to exploit Shor’s algorithm and compromise Bitcoin’s security model. According to the Bitcoin Policy Institute’s analysis of Google’s results, this threshold can be reduced to less than 500,000 qubits. A separate paper involving Caltech and the University of California, Berkeley, indicates that specialized quantum systems could further lower this requirement to a range between 10,000 and 26,000 qubits.
The Bitcoin Policy Institute notes that the two papers take different approaches — one emphasizing software efficiency and the other hardware design — but reach the same conclusion: the resource requirements for a quantum attack are decreasing.
Despite that shift, the organization stresses that Bitcoin is not under immediate threat. Current quantum machines remain far below the levels outlined in the research. Google’s most advanced processor, Willow, operates with just over 100 qubits, leaving a large gap between theory and practical possibilities.
Still, the Bitcoin Policy Institute frames the results as a signal that preparation must continue apace. The report highlights ongoing efforts within the Bitcoin developer community to address long-term risks associated with quantum computing.
Central to that work is BIP-360, a proposal that the Bitcoin Policy Institute describes as one of the most active areas of development in the history of the protocol. The proposal introduces a new address format that prevents public keys from being revealed during transactions, removing a key vulnerability that quantum attackers could exploit.
The Bitcoin Policy Institute points to a testnet launched in March that has already attracted more than 50 miners and over 100 cryptographers. The level of participation, the group argues, reflects strong alignment across technical contributors.
The report also emphasizes that Bitcoin’s existing architecture provides flexibility. The Taproot upgrade, enabled in 2021, includes features that can support quantum-resistant verification methods through alternative spending conditions.
Beyond the Bitcoin ecosystem, the Bitcoin Policy Institute places the issue in a broader political context. The National Institute of Standards and Technology finalized post-quantum cryptographic standards in 2024 and offers tools that can be adapted to Bitcoin. Federal agencies have been given a 2035 deadline for transitioning to quantum-resistant systems, while Google has set an internal goal of 2029.
Bitcoin’s decentralized structure is a challenge
The Bitcoin Policy Institute emphasizes that Bitcoin’s decentralized structure introduces a distinct challenge. Unlike governments or corporations, the network cannot order upgrades. Any changes must be made through consensus among the participants.
Still, the report points to past upgrades as evidence that coordination is possible. With quantum security, the Bitcoin Policy Institute argues, incentives are aligned across the network as all stakeholders are dependent on maintaining the integrity of the system.
The report concludes that the quantum threat is not imminent, but the timeline is tightening. In the view of the Bitcoin Policy Institute, the technical solutions are already taking shape, and the focus is now shifting to how the network reaches agreement on rollout.
Yesterday, a new research proposal from StarkWare’s Avihu Levy introduced “Quantum Safe Bitcoin” (QSB), a scheme designed to protect Bitcoin transactions from future quantum attacks without requiring changes to the network’s core protocol.
The approach shifts security away from vulnerable ECDSA signatures towards hash-based assumptions aimed at protecting against threats like Shor’s algorithm, while remaining compatible with Bitcoin’s existing system.