QRI Research Note
When Quantum Can Target Exposed Bitcoin Public Keys
Quantum Threat Level 90
The level where Bitcoin-specific risk becomes operational
Bitcoin risk is not just whether a quantum computer can solve an elliptic-curve key eventually. It is whether it can solve a secp256k1 public key fast enough to steal funds from public-key-exposed outputs or to race transactions before defenses are in place.
This is the first scale milestone that directly references Bitcoin users, wallet behavior, and transaction exposure.
What this level means
A Bitcoin public key is usually hidden behind a hash until coins are spent, depending on address type and wallet behavior. Once a public key is exposed on-chain, a sufficiently capable quantum attacker could try to derive the private key and sign a competing transaction.
Risk depends on speed. A machine that can solve one public key in months is dangerous for already-exposed keys but less useful for racing new transactions. A machine that can solve keys in minutes or hours changes the threat model dramatically.
What technology needs to be developed to get here
This level requires not only a modern ECC-capable quantum computer, but an operational attack pipeline aimed at Bitcoin secp256k1 and the live network.
P-256 progress is not enough by itself. Attackers need efficient circuits for the exact curve Bitcoin uses, including field arithmetic over secp256k1 parameters.
Bitcoin risk changes when solving a key is fast enough to exploit exposed public keys. Minutes, hours, days, and months imply very different attacker models.
Attackers would scan the chain for reused addresses, old pay-to-public-key outputs, and high-value exposed keys. Software would prioritize targets by value and feasibility.
A real attack requires generating signatures, constructing transactions, setting fees, and broadcasting at the right time. Quantum output must be integrated into classical Bitcoin tooling.
Wallets, exchanges, custodians, and node software would need quantum-aware policies: avoid key reuse, move exposed funds, and support quantum-safe script paths if available.
The Bitcoin community would need governance, soft-fork or hard-fork discussions, exchange policies, and monitoring to distinguish panic from real exploitation.
Expected timeline and development path
This milestone follows modern ECC capability but depends strongly on runtime. A slow ECC break and a fast Bitcoin theft tool are not the same event.
A modern ECC demonstration occurs, and secp256k1 resource estimates become credible enough for Bitcoin-specific risk scoring.
High-value exposed keys become the first concern. Wallets and custodians should already have moved funds away from exposed public keys by this point.
If key recovery reaches hours or minutes, transaction racing and mempool exposure become realistic attack paths unless Bitcoin has migrated.
What this means in real life
For the average person, this level is easiest to understand through wallet habits and custody.
People who reuse addresses expose public keys more often and create unnecessary risk.
Very old wallet formats and old pay-to-public-key outputs may require special attention.
Custodians would need to move funds, rotate infrastructure, and prove quantum-safe readiness.
Users may hear warnings about confirmation windows, public-key exposure, and not leaving coins in vulnerable outputs.
Device vendors would need firmware and address-format migration support.
Risk tools would track exposed public-key value and migration progress across the chain.
Bitcoin relevance
This is a direct Bitcoin milestone. It does not imply every Bitcoin is instantly stolen, but it means some coins may be materially vulnerable depending on address type, key exposure, and attacker speed.
The best defense is not panic. It is a planned migration to quantum-safe spending paths, careful wallet behavior, and broad ecosystem coordination well before the machine exists.
Signals QRI would look for
- Credible secp256k1 discrete-log resource estimates
- A modern ECC break with runtime short enough to extrapolate to Bitcoin risk
- Rising value of exposed public-key outputs tracked by public dashboards
- Wallet vendors shipping quantum-migration features
- Bitcoin improvement proposals for quantum-safe signatures or migration paths
Sources and framing
QRI treats these dates as planning ranges, not predictions. The references below inform the article series: NIST has finalized practical PQC standards, NIST NCCoE emphasizes inventory and migration planning, NSA/CNSA guidance says planning and budgeting should happen now, and Google has published both an accelerated PQC migration target and updated factoring-resource estimates.