Bitcoin and Quantum Computing

Abstract

This paper addresses recently raised concerns that cryptocurrency protocols are not quantum computer proof. We present clear evidence that attacks on bitcoin using quantum computers are not viable in terms of economic costs. The economic argument is presented under two strong assumptions: (i) availability of well-known bitcoin addresses that are single key reused addresses with exposed public keys, and (ii) existence of universal fault-tolerant quantum computers (FTQCs) of sufficient processing power and size in qubits. If the assumptions are relaxed, existing evidence asserts that quantum computer attacks are not viable in any foreseeable future, irrespective of economic costs. The Bitcoin protocol enables individuals and organisations to move their funds to unused bitcoin addresses and to use multiple-key addresses. This prevents any scenarios implied with the first assumption, and bitcoin addresses cannot be attacked if the public keys have not been exposed. Thus, no scenario exists where a quantum computer attack is viable. Furthermore, restraints on and a slow progress in physically implementing FTQCs that are sufficiently powerful do not support claims about near-term solutions to NP-hard problems such as breaking encryption. The evidence and opposing research indicate that any scenarios under the assumption (ii) are at best a distant future. The paper concludes that while there are no attack-based use cases for quantum computers, there are viable use cases for QC recovery systems. These include scenarios where a public key associated with a hidden Bitcoin address and unknown private key is left with an escrow firm or family members and scenarios of long-term lost keys associated with early bitcoin addresses.