QRI Research Note
Current Level 12: Today's Quantum Threat Level Explained
Today's Level: 12 / 100
Visible answer: No. Based on public evidence available on June 28, 2026, today's quantum computers cannot crack Bitcoin.
Level 12 sits just above the Level 10 early logical-qubit milestone. It reflects meaningful public progress in quantum error correction and logical-qubit research, while remaining far below the reliable logical qubits, low error rates, and long circuit depths needed to threaten Bitcoin signatures.
- Quantum Threat Level: 12 / 100
- Status: Low
- Bitcoin Status: Safe
- Main risk being monitored: future attacks against exposed ECDSA or Schnorr public keys, not SHA-256 suddenly failing.
Executive Summary
The Quantum Threat Level is designed to answer one public question:
Can today’s quantum computers threaten Bitcoin?
At the current public state of quantum computing, the answer is no.
However, that answer should not be based on opinion, marketing claims, or fear. It should be based on observable milestones. The purpose of the 0–100 Quantum Threat Level is to track the real-world progression from today’s experimental quantum computers to a future cryptographically relevant quantum computer capable of attacking Bitcoin signatures, internet encryption, and other public-key systems.
This paper explains the proposed 0–100 scale.
The scale does not mean that Bitcoin is “12% broken” or that each 10-point step represents equal technical distance. Quantum progress is not linear. Instead, each level represents a specific capability milestone that can be understood by both technical readers and the general public.
The most important distinction is this:
Bitcoin is not expected to be threatened first through SHA-256. Bitcoin’s more realistic quantum risk is its signature system, especially exposed ECDSA or Schnorr public keys.
A sufficiently powerful quantum computer running Shor’s algorithm could derive a private key from a revealed public key. That is the key risk the Bitcoin Quantum Index is designed to monitor.
Level 0 — No Error-Corrected Quantum Computer
Technical Milestone
There is no meaningful fault-tolerant, error-corrected quantum computer capable of sustained cryptographic computation.
Quantum processors may exist. They may contain many physical qubits. They may demonstrate impressive physics. But they do not yet have the reliable logical qubits, low error rates, and circuit depth needed for meaningful attacks on real cryptography.
What This Means Technically
At this stage, the field is still dominated by noisy intermediate-scale quantum devices. These systems can run experiments, but they cannot perform long, accurate calculations at cryptographic scale.
The key missing ingredient is not just more qubits. It is reliable, error-corrected logical qubits.
What This Means to Normal People
Nothing in your digital life is at risk from quantum computers at this level.
Your online banking, Gmail, iPhone, password manager, credit card transactions, and Bitcoin wallet are not being threatened by practical quantum attacks.
Bitcoin Risk
None.
Level 10 — Reliable Small Logical Qubits
Technical Milestone
Quantum computers can maintain a small number of logical qubits and run limited reliable operations.
A logical qubit is different from a physical qubit. A physical qubit is the raw hardware unit. A logical qubit is protected by error correction and is therefore much more useful.
What This Means Technically
This is the beginning of useful fault tolerance. It shows that quantum error correction is working in practice, but not yet at a scale relevant to cryptography.
What This Means to Normal People
This is like watching the Wright brothers fly for the first time. It proves something important is possible, but it does not mean commercial airliners exist.
Your bank, email, and Bitcoin remain safe.
Bitcoin Risk
None.
Level 20 — Shor’s Algorithm Breaks Tiny Demonstration Keys
Technical Milestone
Researchers demonstrate Shor’s algorithm against very small toy cryptographic examples.
Shor’s algorithm is the quantum algorithm that matters most for RSA, elliptic curve cryptography, Diffie-Hellman, ECDSA, and Schnorr signatures.
What This Means Technically
This proves the mathematical attack path works on real quantum hardware, but only at toy scale.
The keys being broken at this level are far smaller than anything used to secure real systems.
What This Means to Normal People
A quantum computer can now crack a toy lock built for a school science project.
It cannot crack your bank, your Gmail, your iPhone, or your Bitcoin.
Bitcoin Risk
None.
Level 30 — 64-Bit RSA or ECC Demonstrations
Technical Milestone
Quantum computers demonstrate attacks against small 64-bit RSA or elliptic curve cryptographic targets.
What This Means Technically
This would be a major engineering milestone because it shows progress beyond tiny demonstrations. But 64-bit cryptography is not modern security. Classical computers can already defeat many 64-bit security targets with enough resources.
What This Means to Normal People
This is like breaking the lock on a 1990s website or an obsolete test system.
It sounds impressive because it is quantum, but it is still nowhere near the encryption protecting modern online banking or Bitcoin.
Bitcoin Risk
None.
Level 40 — 128-Bit RSA or ECC Demonstrations
Technical Milestone
Quantum computers demonstrate attacks against 128-bit public-key style targets.
What This Means Technically
This would be a world-class scientific achievement. It would prove rapid progress in quantum hardware, error correction, and cryptographic-scale algorithms.
However, this still does not mean modern Bitcoin signatures are being broken. Bitcoin’s secp256k1 elliptic curve provides a much higher target than these early demonstrations.
What This Means to Normal People
This is the point where governments, standards bodies, and major technology companies become much more urgent about migration.
But your normal consumer accounts remain protected because modern systems use stronger cryptography, layered security, and increasing post-quantum migration planning.
Bitcoin Risk
Very low.
Bitcoin should be watching closely, but there is no practical Bitcoin attack at this level.
Level 50 — 512-Bit RSA Becomes Breakable
Technical Milestone
Quantum computers can break 512-bit RSA.
What This Means Technically
RSA-512 is obsolete and not used for serious modern security. However, breaking it with a quantum computer would be symbolically important because it would show that quantum cryptanalysis is moving beyond laboratory toys.
What This Means to Normal People
Old legacy encryption starts to become vulnerable.
This could matter for outdated systems, old devices, forgotten corporate infrastructure, or poorly maintained software.
Modern banking, Gmail, Apple, Google, Microsoft, and Bitcoin are still not directly broken at this point.
Bitcoin Risk
Low.
Bitcoin itself is not practically threatened, but this level would be a warning that the migration discussion should become more serious.
Level 60 — 1024-Bit RSA Becomes Breakable
Technical Milestone
Quantum computers can break RSA-1024.
What This Means Technically
This is a serious milestone. RSA-1024 is no longer considered sufficient for modern high-security use, but it has historically been used in real systems. A practical quantum break of RSA-1024 would prove that real-world public-key cryptography is entering the danger zone.
What This Means to Normal People
Some older VPNs, corporate systems, embedded devices, and legacy government systems could become vulnerable.
Modern consumer systems should already be using stronger cryptography, but organizations that delayed upgrades would face real pressure.
Bitcoin Risk
Still low, but rising.
Bitcoin signatures are not RSA-1024. Bitcoin uses elliptic curve signatures, primarily ECDSA today and Schnorr in Taproot. But a public RSA-1024 quantum break would be one of the clearest warnings that serious Bitcoin migration planning cannot be ignored.
Level 70 — RSA-2048 Becomes Practically Breakable
Technical Milestone
Quantum computers can practically break RSA-2048.
What This Means Technically
This is one of the biggest public milestones on the entire scale.
RSA-2048 has been widely used across internet infrastructure, enterprise systems, certificates, VPNs, and secure communications. A practical break would indicate that the world has entered the era of cryptographically relevant quantum computing.
What This Means to Normal People
This does not mean every bank account is automatically emptied or every Gmail account is instantly hacked. Consumer services use many layers of protection.
But it does mean the cryptographic foundation used by much of the modern internet would no longer be safe unless it had already migrated to post-quantum cryptography.
At this stage, banks, governments, browsers, cloud providers, certificate authorities, and large technology companies should already have moved to post-quantum systems.
Bitcoin Risk
Moderate to high warning level.
Bitcoin would not necessarily be actively broken at the exact moment RSA-2048 falls, but the warning would be unmistakable.
If RSA-2048 can be broken, then ECC systems of comparable security are likely close behind or may already be within reach depending on the architecture and algorithmic efficiency.
This is where Bitcoin should already have quantum-safe wallet infrastructure widely deployed.
Level 80 — ECC P-256 or Comparable Elliptic Curve Cryptography Becomes Breakable
Technical Milestone
Quantum computers demonstrate practical attacks against elliptic curve cryptography comparable to P-256 or Bitcoin’s secp256k1 security class.
What This Means Technically
This is the direct danger zone for Bitcoin-style signatures.
Bitcoin does not use RSA. Bitcoin uses elliptic curve digital signatures. If a quantum computer can derive private keys from public keys on a 256-bit elliptic curve, then exposed Bitcoin public keys become vulnerable.
What This Means to Normal People
This is the point where the issue is no longer “future theory.”
If you are using systems based on older elliptic curve signatures, those systems need urgent migration.
For Bitcoin, users should already be using quantum-resistant wallet types by this stage.
Bitcoin Risk
High.
Bitcoin signatures become vulnerable once public keys are exposed.
That does not necessarily mean every Bitcoin address is equally vulnerable at the same moment. The risk depends on address type, whether the public key has already been revealed, and how quickly an attacker can complete the calculation.
Level 85 — Early Bitcoin Wallet Danger Zone
Technical Milestone
Quantum attacks against elliptic curve public keys are not yet industrial-scale, but they are close enough that high-value exposed Bitcoin public keys become attractive targets.
Why This Level Matters
This is where early Bitcoin wallets should appear on the scale.
Some early Bitcoin outputs exposed public keys directly on-chain. Later common Bitcoin address types often hide the public key behind a hash until the coins are spent. Once a transaction spends from an address, the public key becomes visible.
The highest-risk Bitcoin coins are therefore those where the public key is already known and the balance remains valuable.
What This Means to Normal People
Not all Bitcoin is equally exposed.
Some old wallets may be more vulnerable than newer wallet formats if their public keys have already been revealed.
This is where public education becomes critical:
- Do not reuse Bitcoin addresses.
- Understand whether your public key has been exposed.
- Move coins to quantum-safe addresses once Bitcoin supports them.
- Follow wallet and exchange migration guidance.
Bitcoin Risk
High for exposed public keys.
Moderate for coins whose public keys remain hidden until spending.
Level 90 — Practical Attacks on Exposed Bitcoin Public Keys
Technical Milestone
Quantum computers can practically derive Bitcoin private keys from exposed Bitcoin public keys quickly enough to create a realistic theft risk.
What This Means Technically
This is the Bitcoin emergency level.
At this stage, any Bitcoin output with a revealed public key and no quantum-safe protection could be vulnerable.
Attackers may scan the blockchain for exposed high-value public keys and attempt to derive private keys.
What This Means to Normal People
Old Bitcoin wallets that did not migrate could become targets.
The risk would not be theoretical. It would be operational.
Wallet providers, exchanges, custodians, miners, and node operators would need coordinated emergency procedures if migration had not already occurred.
Bitcoin Risk
Severe for exposed public keys.
At this level, Bitcoin should already have completed a broad quantum-resistance migration.
Level 100 — Large-Scale Practical Quantum Cryptanalysis
Technical Milestone
Quantum computers can break major public-key cryptographic systems at scale.
This includes RSA, traditional elliptic curve systems, Diffie-Hellman, ECDSA, Schnorr signatures, and other systems based on integer factorization or discrete logarithms.
What This Means Technically
This is the point where classical public-key cryptography is obsolete unless replaced by post-quantum cryptography.
Systems that failed to migrate are no longer merely at risk. They are broken.
What This Means to Normal People
The internet does not end, but the old cryptographic foundation must be replaced.
Modern systems that migrated to post-quantum cryptography remain secure according to their new assumptions.
Systems that did not migrate become unsafe.
Bitcoin Risk
Critical if Bitcoin has not migrated.
Low if Bitcoin successfully migrated to quantum-resistant signatures years earlier.
Where Early Bitcoin Wallets Belong on the Scale
Early Bitcoin wallets should not be placed at Level 50 or 60 simply because old wallets are old.
Their risk is specifically tied to whether quantum computers can break elliptic curve public keys.
That places early exposed Bitcoin wallets around Level 85 to Level 90.
A useful interpretation is:
- Level 70: The world receives a major public warning because RSA-2048 is breakable.
- Level 80: Bitcoin-class elliptic curve signatures become technically vulnerable.
- Level 85: High-value exposed Bitcoin public keys become a credible target.
- Level 90: Practical theft from exposed Bitcoin public keys becomes realistic.
- Level 100: Large-scale cryptographic systems that failed to migrate are obsolete.
This distinction is important because it avoids exaggerating the current risk while still giving Bitcoin users a clear migration signal.
Why SHA-256 Is Not the Main Bitcoin Quantum Risk
Bitcoin uses SHA-256 in mining, transaction IDs, block hashes, and address hashing. Quantum computers do affect hash functions differently than elliptic curve signatures.
The main known quantum attack against hashes is Grover’s algorithm, which provides a quadratic speedup. That is meaningful, but it does not destroy SHA-256 the way Shor’s algorithm can destroy ECC.
A simplified way to explain it:
- Shor’s algorithm can break ECC and RSA completely once the machine is powerful enough.
- Grover’s algorithm weakens hashes but does not make SHA-256 suddenly collapse.
- Bitcoin’s urgent quantum risk is therefore signatures and exposed public keys, not SHA-256 instantly failing.
The Real Dashboard: What Should Be Measured
A serious quantum threat index should not focus on physical qubit headlines alone.
The most important inputs are:
1. Logical qubit count 2. Logical error rate 3. Maximum logical circuit depth 4. Largest RSA key publicly factored 5. Largest ECC key publicly broken 6. Largest implementation of Shor’s algorithm 7. Evidence of practical RSA-2048 attacks 8. Evidence of practical ECC P-256 or secp256k1-class attacks 9. Government post-quantum migration timelines 10. Browser, cloud, HSM, and blockchain post-quantum migration status
Physical qubits matter, but they are not enough.
A machine with a million noisy physical qubits may be less relevant than a much smaller number of high-quality logical qubits.
For cryptographic risk, reliable logical qubits are the central measurement.
Conclusion
The path from today’s quantum computers to a Bitcoin-threatening quantum computer is not one smooth line. It is a sequence of observable milestones.
Most early milestones will be scientifically important but irrelevant to ordinary users. Later milestones, especially RSA-2048 and ECC P-256-class breaks, would signal a real change in the world’s cryptographic risk.
Bitcoin’s most important danger zone begins when exposed elliptic curve public keys can be attacked in practical time.
That is why the Quantum Threat Level must be understandable, evidence-based, and tied to real cryptographic achievements.
The goal is not to scare Bitcoin holders.
The goal is to give them a public, transparent, technically grounded warning system long before the risk becomes urgent.