quantum computer
A quantum computer uses quantum mechanical effects to perform certain calculations far faster than classical computers, raising theoretical concerns about long-term cryptographic security.
A quantum computer harnesses quantum mechanical phenomena, including superposition and entanglement, to process information in fundamentally different ways from classical computers. Where a classical computer processes bits that are either zero or one, a quantum computer operates on qubits that can represent both states simultaneously. For certain problem types, this allows quantum computers to explore many possible solutions at once rather than checking them sequentially, producing dramatic speedups. This capability is highly relevant to cryptography because some of the mathematical problems that underpin modern encryption are exactly the kind that quantum algorithms could solve far faster than classical ones.
The cryptographic concern for Bitcoin operates on two levels. First, elliptic curve cryptography (ECDSA), which Bitcoin uses to produce digital signatures for transactions, is theoretically vulnerable to a quantum algorithm called Shor's algorithm. A sufficiently powerful quantum computer running Shor's algorithm could derive a private key from a public key, which would allow an attacker to forge signatures and spend bitcoin from any address whose public key is exposed. Second, SHA-256, used in Bitcoin's proof-of-work mining, could theoretically be weakened by Grover's algorithm, though the speedup is more modest (square root rather than exponential) and could be counteracted by doubling the hash output length.
The practical threat is currently distant. As of 2025, the most powerful quantum computers have a few hundred to a few thousand noisy qubits. Breaking Bitcoin's elliptic curve cryptography would require millions of error-corrected logical qubits, a scale many experts believe is decades away. The Bitcoin development community is aware of the long-term risk and monitors post-quantum cryptography research, including standards being developed by organizations such as the U.S. National Institute of Standards and Technology (NIST). A protocol upgrade to quantum-resistant signature schemes is a plausible future development, though the timeline and implementation would require broad community consensus.