Quantum Risk Institute
Bitcoin Quantum Risk
Bitcoin's realistic quantum risk is not that SHA-256 suddenly collapses. The primary issue is future attacks against exposed elliptic-curve public keys used in signatures.
The short answer
At today's public capability level, Bitcoin signatures are not practically threatened by quantum computers. The Quantum Threat Level is 12 / 100 and the Bitcoin Status is SAFE.
The risk becomes meaningful only when a machine can run a large, reliable version of Shor's algorithm against elliptic-curve public keys in practical time.
What parts of Bitcoin matter
- ECDSA signatures used by legacy and SegWit spends.
- Schnorr signatures introduced through Taproot.
- Public keys that have already been revealed on-chain.
- Address reuse, which can expose public keys earlier than necessary.
- Future migration paths to quantum-resistant signatures.
Why SHA-256 is not the first concern
Grover's algorithm can reduce the effective security of symmetric search problems, but it does not break SHA-256 in the same direct way that Shor's algorithm threatens RSA and elliptic-curve systems.
For Bitcoin holders, the practical monitoring question is therefore: are quantum computers approaching Bitcoin-class elliptic-curve key recovery? Today, the public answer is no.
Related QRI pages
Early wallet risk
Why old exposed public keys matter.
0-100 roadmap
How the index maps cryptographic milestones.
Methodology
How QRI evaluates evidence.
Sources and further reading
- Bitcoin BIP 340 - Schnorr signatures over secp256k1
- Bitcoin Core - Taproot activation release notes
- Global Risk Institute - Quantum Threat Timeline Report 2025
QRI content is educational research commentary, not financial advice, legal advice, or a prediction.
QRI analysis notes
Bitcoin Quantum Risk should be read as part of a broader risk model, not as an isolated prediction. QRI separates three questions: what has been publicly demonstrated, what would be required for cryptographic relevance, and how long migration would take for systems that depend on vulnerable public-key cryptography.
The current public evidence still supports a low near-term Bitcoin threat level. At the same time, the 2025 expert timeline discussion, post-quantum standards activity, and harvest-now-decrypt-later risk all point to the same planning lesson: organizations should use the quiet period to inventory cryptography, understand data shelf life, and reduce future migration pressure.
How QRI reviews this topic
For this page, QRI looks for primary-source support, clear language, internal consistency with the 0-100 Quantum Threat Level, and explicit separation between Bitcoin-specific risk and broader public-key infrastructure risk. A page does not earn trust by sounding certain. It earns trust by explaining what is known, what is unknown, and what evidence would change the conclusion.
Readers should treat this page as educational research commentary. It is not financial advice, legal advice, or a prediction that a specific quantum computer will arrive by a specific date. The right operational response is proportional readiness: monitor credible evidence, follow standards, and prepare migration paths before urgency becomes expensive.