Quantum computing threatens to break Bitcoin’s elliptic curve cryptography

A July 15 report by global consulting firm Capgemini warns that public-key cryptographic systems, including RSA and elliptic curve cryptography (ECC), may be rendered obsolete by quantum machines in the near future. These are the algorithms that Bitcoin and other blockchains use to secure wallet addresses and authenticate transactions.

Capgemini’s analysis does not specifically mention Bitcoin, but it talks about how ECC, the technology behind the blockchain’s private key, is vulnerable to quantum computing.

ECC, like RSA, is susceptible to Shor’s algorithm because it is capable of solving the discrete logarithm problem, the mathematical principle that hides visibility of blockchain keys.

‘Post-quantum safety is a priority,’ says Capgemini

The Capgemini report is based on a survey of 1,000 large organizations across 13 countries. It found that 70% of enterprises are either preparing for or already deploying post-quantum cryptography (PQC) solutions, a new generation of encryption meant to protect them from quantum attacks.

The survey found that only 15% of companies were “quantum-safe,” and just 2% of global cybersecurity budgets are allocated towards quantum risk solutions.

The report also spoke about the principle of “harvest now, decrypt later,” in which attackers stockpile encrypted data with the hope of unlocking it once quantum computing becomes powerful enough to break today’s cryptographic methods.

Blockchain networks that expose public keys, including Bitcoin, could become exposed if bad actors decide to use this kind of breach.

Over 25% of Bitcoins at risk

More than a quarter of all Bitcoin in circulation has at some point revealed its public key on-chain. This places a target on their current holders in the event cryptographically relevant quantum computer (CRQC) becomes operational. That includes nearly 4 million BTC, among them the estimated 1 million coins linked to Bitcoin’s pseudonymous creator, Satoshi Nakamoto.

A July 15 draft Bitcoin Improvement Proposal (BIP), co-authored by Bitcoin developer Jameson Lopp, proposed a phased mitigation plan to counter a possible pipeline to hackers.

The plan was revealed at the invitation-only Quantum Bitcoin Summit of cybersecurity sleuths and blockchain developers, held in San Francisco last Monday.

“Never before has Bitcoin faced an existential threat to its cryptographic primitives,” Lopp and his co-authors wrote in their BIP draft. “A successful quantum attack on Bitcoin would result in significant economic disruption and damage across the entire ecosystem.”

Lopp and five fellow developers listed three steps to safeguard the network. In the first phase, Bitcoin users would be prohibited from sending funds to quantum-vulnerable addresses. They would be directed to use a “quantum safe” new address format called P2QRH.

Two years after the initial phase, the second step would freeze any coins still held in insecure addresses. The third and final phase, still under discussion, could allow users to recover frozen funds by using their BIP-39 seed phrases.

“This proposal is radically different from any in Bitcoin’s history, just as the threat posed by quantum computing is radically different from any other threat in Bitcoin’s history,” the authors wrote.

A past study by UK-based accounting services firm Deloitte investigated the aftermath of a quantum-based attack on the Bitcoin network. The company found that it could lead to mass liquidation of compromised coins.

The result would likely be a collapse in price and market confidence, where hodlers will move for exit positions en masse, and in Lopp’s words, a “liquidation event” will ensue.

“People don’t believe it will happen until it happens,” Julio Padilha, Chief Information Security Officer of Volkswagen and Audi South America noted in Capgemini’s report.