The Q-Day Prize challenge, explained: Can quantum computers really break Bitcoin?

Quantum threat to Bitcoin: How real is the danger?

Bitcoin is vulnerable to quantum computing, but how serious is the risk?

When you create a crypto wallet, it generates two important things: a private key and a public key. The private key is a secret code, like a password, that you must keep safe. The public key is created from your private key, and your wallet address (like a bank account number) is made from the public key.

You share your wallet address with others so they can send you cryptocurrency, just like you share your email address for someone to contact you. However, you never share your private key. It’s like the password to your email — only you need it to access and spend the money in your wallet.

Your private key is like a master password that controls your crypto wallet. From this private key, your wallet can create many public keys, and each public key generates a wallet address. 

For example, if you use a hardware wallet, it has one private key but can create unlimited public keys (wallet addresses). This means you can have different addresses for each cryptocurrency supported by the wallet or even multiple addresses for the same cryptocurrency, all managed by a single private key.

While generating a public key from a private key is straightforward, figuring out a private key from a public key is extremely hard — almost impossible — which keeps your wallet secure. Every time you send cryptocurrency, your private key creates a special code called a signature. This signature proves you own the funds and want to send them. The system that uses your private key, public key and signature to secure transactions is called the Elliptic Curve Digital Signature Algorithm (ECDSA).

It is believed that quantum computing could reverse the process and generate private keys out of public ones. It is feared that this could cause many Bitcoin holders (especially whales and Satoshi-era wallets) to lose their funds. 

Bitcoin address types and quantum risks

When you send Bitcoin, you use a specific address type to direct the payment. Each address type has unique features, affecting security, privacy and vulnerability to quantum computing attacks like Shor’s algorithm.

P2PK address types

When you pay someone with Bitcoin, the transaction is typically considered a “pay-to-public-key” (P2PK). This was the most common payment method in 2009, according to a report from consulting firm Deloitte. 

Much of the original Bitcoin released at the network’s launch is held in wallets with the P2PK address type, primarily due to the fact that they’ve sent transactions since Bitcoin’s 2009 launch. These addresses are long (up to 130 characters), making them less user-friendly.

Wallets with the P2PK address type are most susceptible to Shor’s algorithm, as it can brute force the private key from a P2PK wallet address. 

P2PKH address types

There’s a second address type that’s more resistant to Shor’s algorithm: the pay-to-public-key-hash (P2PKH). P2PKH addresses are shorter and are generated from the hash (a unique, hexadecimal value) of a public key created using SHA-256 and RIPEMD-160 algorithms instead of displaying the full key itself.

These addresses are shorter (33-34 characters), start with “1,” and are encoded in Base58 format. Such addresses are widely used and include a checksum to prevent typos, making them more reliable.

P2PKH addresses are more resistant to Shor’s algorithm than P2PK because the public key is hashed. The public key is only revealed when you spend from the address (not when receiving). If a P2PKH address never sends Bitcoin, its public key stays hidden, offering better protection against quantum attacks. 

However, reusing a P2PKH address (sending from it multiple times) exposes the public key, increasing vulnerability. Also, when you spend from a P2PKH address, the public key becomes visible on the blockchain, making transactions trackable.

Taproot addresses

Taproot is the newest address type, introduced in November 2021 via the Taproot soft fork. It uses Schnorr signatures instead of the ECDSA signatures used by P2PK and P2PKH. These addresses start with “bc1p,” use Bech32m encoding, and are 62 characters long.

They offer better privacy. Multisignature (multisig) transactions look like single-signature ones, hiding complex spending conditions. However, Taproot addresses expose the public key (or a tweaked version), making them vulnerable to Shor’s algorithm, similar to P2PK. 

Did you know? Google’s “Willow” computer chip is capable of solving a complex problem in just five minutes. The same task would take a classical supercomputer 10 septillion (!) years.

The race toward quantum-proofing Bitcoin

Quantum resistance is a real challenge, but not an impossible one.

Quantum computers, still in early development, could one day use Shor’s algorithm to break Bitcoin’s cryptography by deriving private keys from public keys. This would threaten Bitcoin and other systems using SHA-256 or ECDSA (the algorithms securing Bitcoin transactions). However, this threat is not imminent, and solutions are already in progress.

While some believe that Project 11 presented the Q-Day Prize to take down Bitcoin, the company claims this initiative is aimed at “quantum-proofing” the network.

In July 2022, the US Department of Commerce’s National Institute of Standards and Technology (NIST) announced four quantum-resistant cryptographic algorithms resulting from a six-year challenge to develop such solutions.

Quantum computing won’t develop in isolation, and centralized systems like government and financial networks could be bigger targets than Bitcoin’s decentralized blockchain. These systems use outdated cryptography, like RSA, vulnerable to Shor’s algorithm, and store sensitive data (e.g., banking records). Their single points of failure make breaches easier than attacking Bitcoin’s distributed nodes. 

The International Monetary Fund warns quantum computers could disrupt mobile banking, while Dr. Michele Mosca from the Institute for Quantum Computing highlights “harvest-now, decrypt-later” risks for centralized data (where attackers store encrypted data today to decrypt with future quantum computers). In 2024, the G7 Cyber Expert Group urged financial institutions to assess quantum risks, noting that centralized systems’ data could be exposed if intercepted now and decrypted later.

Did you know? Many blockchain networks are exploring quantum-resistant algorithms, such as Quantum Resistant Ledger or Algorand. These quantum computing blockchain security methods present a few different approaches.

How to increase your security against quantum threats

While the quantum computing cryptocurrency risk is less of a threat than one might think, it’s still best to stay prepared.

Still, if you’re worried about Bitcoin quantum vulnerability, there are a few precautions you can take to secure your crypto finances.

• Avoid reusing public addresses: Most crypto wallets allow you to generate a new public address for every transaction. This practice will make it much harder to track your spending habits.
• Move funds to a private wallet: If you’ve been using the same public wallet address for some time, consider moving your funds to a new wallet with no history. This will help keep your spending habits private. 
• Use a different blockchain network: Legacy networks like Bitcoin and Ethereum are considered less quantum resistant than newer networks with more modern security algorithms. Consider alternative networks with quantum resistance in mind.
• Stay informed: Pay attention to the results of the Q-Day Prize challenge, and stay up to date with quantum computing news so you can react accordingly. The best defense is an informed one.

While quantum risk is not immediate, developers and cybersecurity experts are actively working on solutions to ensure long-term security. In the meantime, users should stay updated about Bitcoin protocol updates and best practices, such as avoiding address reuse, as the network gradually moves toward quantum resistance.