The FAQQ (Frequently asked Quantum Questions)

But if you don’t reuse addresses, you’re safe because BTC only exposes the hash of your public key if you have never transferred BTC from that address

This is not correct. In the transaction you send, you include your public key. The public key is needed to check the signature. As soon as you send your transaction from your device, your public key is exposed on the internet.

Local vs Global quantum security is also an important distinction. Even before a QC can derive a private key from a public key in under 10 minutes, many wallets already have exposed public keys (such as Satoshi’s). If Satoshi’s coins are stolen and the market price crashes, your safe BTC will still be worth less because the network as a whole will not be sufficiently quantum-resistant to retain confidence.

There are 3 distinct stages that a transaction passes through on its journey to confirmation:

During this entire process after tx submission, a public key is published and can be obtained. A hijack can be done during all 3 periods, given a QC of sufficient power. A hijack during the last part, the blocktime, is explained in this paper For hijacks during blocktime, there is a time-limit of 10 minutes (the blocktime) where a transaction is vulnerable. According to the paper, quantum computers could be powerful enough to do this as early as 2027. But MITM attackers, in general, have a much bigger window of time to launch attacks when you consider that some transactions spend hours “pending” in the mempool, especially when the BTC network is congested / operating at max capacity. This, and the reality of already-exposed public keys, creates a significant risk even before 2027.

Transactions from both unused wallets and re-used wallets are the same and can be hijacked during the stages described above.

“Okay, but if you don’t reuse your address, you don’t have to worry until there is a sufficiently powerful quantum computer that can derive the private key from the public key within the 10 minute blocktime.”

There are many addresses (see oxt.me “address reuse” chart) out there that already have an exposed public key. These addresses don’t have the 10 minute time limit protecting them. Even if it takes a quantum computer half a year to hack such an address, there could be negative effects on the BTC price if detected.

This is especially true if Satoshi’s 1M BTC are the subject of such an attack. Before 2012, block rewards were paid to an ECC public key, even though they are now paid to the hash of a public key. This means that any coins generated by early miners (including Satoshi) which remain unmoved are vulnerable, even if the wallet in question has not sent any transactions.

Other Assertions

Common Misconceptions

Have a question that's not addressed?

Alternatively, don't agree with something?

While we aim to address many of the questions people may have about quantum computing and how it relates to blockchain, it's possible things are missed or is incorrect.

If you feel something is missed or is otherwise incorrect, we would love for you to open an issue on our github repository.