Quantum security is the ability of a system to keep data protected from attacks by quantum computers. The main threat to cryptocurrencies is that a sufficiently powerful quantum computer could derive a private key from a public address. At risk are all coins on addresses where public keys are already exposed. Estimates range from 1 to 6.9 million BTC (including Satoshi’s stash). The solution exists — migrating to post‑quantum cryptography — but for most blockchains this migration will be very painful.
What is quantum security?
Quantum security means a cryptographic system remains safe even when attacked by a quantum computer. Unlike classical computers, quantum machines can solve certain math problems thousands of times faster. And those very problems are the foundation of most cryptocurrency cryptography.
Why are cryptocurrencies vulnerable?
Most blockchains (Bitcoin, Ethereum, and others) use elliptic curve cryptography (ECDSA). Its security relies on the fact that a classical computer cannot derive a private key from a public key in a reasonable time. That doesn’t hold against a quantum computer.
A powerful enough quantum computer could compute the private key from the public key, allowing attackers to forge signatures and steal funds. This can be done in real time, or “harvest now, decrypt later” by collecting vulnerable addresses today.
Which algorithms create the threat?
Two main quantum algorithms matter:
- Shor’s algorithm – factors large numbers and solves discrete logarithms, breaking ECDSA and RSA. This is the biggest threat to cryptocurrencies.
- Grover’s algorithm – could theoretically speed up hash brute‑forcing, threatening mining, but requires enormous quantum resources. BTQ Technologies researchers have shown this remains largely theoretical.
How serious is the threat right now?
In March 2026, Google Quantum AI published a white paper showing a future quantum computer could derive a private key from a public key in 9 minutes. This would let an attacker steal funds while a transaction sits in the mempool. However, such a machine does not yet exist – researchers estimate it would need over 500,000 physical qubits, while current processors have about 1,000.
| Parameter | Value |
|---|---|
| Time to crack one private key | ~9 minutes |
| Qubits required | <500,000 |
| Current quantum processors | ~1,000 qubits |
| Threat horizon (various estimates) | 2–5 to 30–40 years |
Which addresses are vulnerable first?
Not all coins are at risk. Only addresses where public keys are already exposed are vulnerable:
- Pay‑to‑public‑key (P2PK) addresses – the public key is visible on the blockchain by default. This includes early coins, including Satoshi’s wallets.
- Addresses that have been reused – when you send from an address, the public key becomes visible.
- Legacy address formats on outdated wallets.
| Address type | Status |
|---|---|
| Newer addresses (P2PKH, Bech32) | Safe (key hidden by hash) |
| Reused addresses | Vulnerable |
| P2PK addresses (early coins) | Vulnerable |
| Pay‑to‑script‑hash | Safe |
Estimates of vulnerable BTC vary:
| Source | Estimate of vulnerable BTC |
|---|---|
| Galaxy Digital / Project Eleven | up to 7 million BTC |
| Benchmark | 1–2 million BTC |
| K33 Research | 6.8 million BTC |
| ARK Invest | 6.9 million BTC |
When will Q‑day arrive?
Q‑day is the moment a quantum computer can actually break existing encryption. Expert estimates differ widely:
| Expert / Organization | Forecast |
|---|---|
| Chamath Palihapitiya (venture investor) | 2–5 years |
| Google (migrating its own systems by 2029) | ~3 years to migration |
| S&P Global Ratings | 10+ years |
| Adam Back (cryptographer) | 20–40 years |
Benchmark analysts call the threat “long‑term and manageable”, stressing that real attacks are “decades, not years” away.
What is “harvest now, decrypt later”?
Even if a quantum computer doesn’t exist yet, attackers can already scan the blockchain and store every public key that has ever been exposed. When Q‑day arrives, they will have a ready‑made database to crack. That is why many experts urge immediate migration to post‑quantum cryptography – even if the threat seems distant.
What is post‑quantum cryptography?
Post‑quantum cryptography (PQC) consists of new encryption algorithms that are resistant to attacks from both classical and quantum computers. They are based on different mathematical problems that Shor’s algorithm cannot solve.
| Algorithm type | Examples | Characteristics |
|---|---|---|
| Lattice‑based | CRYSTALS‑Dilithium, Falcon, Kyber | NIST standard, compact signatures |
| Hash‑based | SPHINCS+ | Very secure, large signature size |
| Multivariate | Rainbow | Relatively compact |
In 2024, NIST finalized post‑quantum cryptography standards, including CRYSTALS‑Dilithium (for digital signatures) and Kyber (for encryption).
How are blockchains preparing for the quantum threat?
| Project | Preparation status |
|---|---|
| Bitcoin | BIP‑360 (quantum‑safe P2MR addresses) under discussion, but migration could take years |
| Ethereum | Formed a post‑quantum security group, allocated $1M grant |
| Algorand | Already integrated Falcon (post‑quantum signatures) |
| Circle (Arc) | Plans phased PQC deployment from wallets to validators |
| Naoris Protocol | Launched L1 mainnet with post‑quantum protection (April 1, 2026) |
| Solana / XRP Ledger | Experimenting with PQC, but throughput drops by ~90% |
However, PQC adoption faces major challenges. On Solana, tests showed a 90% drop in throughput, and new signatures are 20‑40 times larger than classical ones.
How does Cellframe solve the quantum security problem?
Cellframe was designed with post‑quantum protection from day one – at the architecture stage. Key decisions:
- Post‑quantum cryptography in the core. Cellframe uses NIST‑approved lattice‑based algorithms Falcon and CRYSTALS‑Dilithium, plus SPHINCS+ for special cases.
- Upgradable cryptography without hard forks. Cellframe wallet addresses include a cryptography type identifier. When better algorithms appear, the system adds a new identifier – old and new coexist seamlessly. If an algorithm is ever broken, it can be replaced quickly.
- Efficient handling of heavy signatures. Thanks to its C‑language core and two‑layer sharding, Cellframe processes heavy post‑quantum signatures without catastrophic performance loss.
- CF‑20 – quantum‑resistant token standard. An ERC‑20 equivalent with post‑quantum protection.
- External audit. The Qverify team confirmed that Cellframe’s post‑quantum integration complies with NIST standards.
What happens if nothing changes?
The consequences could be catastrophic:
- Attackers with a quantum computer could steal millions of BTC from vulnerable addresses, including Satoshi’s coins.
- A mass dump of stolen coins would crash the market.
- Trust in cryptocurrencies as a store of value would be undermined.
- Regulators (e.g., S&P Global Ratings) might ban institutional use of blockchains that have not migrated to PQC.
What can users do right now?
| Action | Why it matters |
|---|---|
| Never reuse addresses | Reusing exposes the public key |
| Move funds from P2PK addresses | These are vulnerable first |
| Use modern address formats (Bech32) | Public key is hidden by a hash |
| Follow wallet updates | Wallet vendors will start integrating PQC |
| Consider quantum‑resistant platforms | Cellframe and similar are already protected |
Glossary
| Term | Definition |
|---|---|
| Quantum security | Ability of a system to stay secure against attacks from quantum computers. |
| Q‑day | The hypothetical day when a quantum computer breaks existing encryption. |
| Shor’s algorithm | Quantum algorithm for integer factorisation and discrete logarithms. |
| Post‑quantum cryptography (PQC) | Algorithms resistant to quantum computer attacks. |
| Harvest now, decrypt later | Strategy of storing encrypted data now to decrypt after a quantum computer exists. |
| CRYSTALS‑Dilithium | NIST‑standard lattice‑based post‑quantum signature scheme. |
| Falcon | Compact lattice‑based post‑quantum signature scheme. |
| CF‑20 | Cellframe’s quantum‑resistant token standard (similar to ERC‑20). |
Summary
The quantum threat to cryptocurrencies is real, but not immediate. Estimates suggest Q‑day could arrive in 5–20 years. Coins on addresses with exposed public keys – roughly 1 to 7 million BTC – are most vulnerable. The solution exists: migrate to post‑quantum cryptography. For most blockchains, that migration will be painful.
Cellframe offers a different approach: quantum security built into the architecture from day one. The platform uses NIST‑approved algorithms, allows cryptography upgrades without hard forks, and is optimised for heavy post‑quantum signatures.
The bottom line: the quantum threat is not a reason to panic, but a reason to prepare. The sooner the industry starts, the smoother the transition to the post‑quantum era will be.
Updated: April 7, 2026. Information is current as of publication.
Top comments (0)