Quantum Revision
We are accelerating towards Y2Q.
Dateline: Toronto, 21st May 2026.
The Trump administration has just announced that it is awarding $2 billion in grants to nine quantum-computing companies in deals that include U.S. government equity stakes, with $1 billion going to IBM. In other news, nearly one-third of all Bitcoin in circulation (worth over $469 billion at the time of writing) is vulnerable to theft if quantum computers become a reality, according to research from blockchain analytics firm Glassnode.
Quantum 101
I’m sure everyone knows this by now, but here is a quick recap: the computer that I am using, and for that matter, that you are using, works using binary digits (aka “bits”) that can be either 1 or 0. A quantum computer, on the other hand, uses quantum bits, or “qubits” that can exist in the weird quantum physics “superposition” of 0 and 1 simultaneously.
Now, a qubit is a physically a tiny superconducting circuit, a trapped ion or an electron spin (or a variety of other things). These physical qubits are fragile and all sorts of effects ranging from vibration to material defects can induce errors. So one way to build a practical quantum computer is to use logical qubits that are more stable. A logical qubit is built from many physical qubits in such a way that if any one of those physical qubits suffers a glitch, an error correcting algorithm can spot it and the logical state can be preserved.
So far, so good. Now, quantum computers can solve problems that conventional computers find difficult and, as I am sure everyone also knows by now, one of kind of problem that they can solve rather well is how to break certain kinds of cryptography. Unfortunately, these kinds of cryptography includes those use to protect web sites, banks and… Bitcoin.
Start the Steal
A quantum computer can steal bitcoin. In order to do this, it needs the public key. At the risk of over-simplifying, it is sufficient to note that broadly speaking older Bitcoin outputs reveal that key (so that quantum computers can sweep them up and start cracking them) and newer Bitcoin outputs keep the key hidden until the coins are spent.
A working quantum computer capable of making off with other people’s coins may not be that far off. Banks and others are already planning for “Y2Q”, the year when quantum computers will break the currently deployed cryptography, and working out how and when to migrate to post-quantum cryptography (PQC).
Google think we are getting ever nearer to Y2Q. Given the progress they see in quantum computing hardware development, quantum error correction (which means you need vastly fewer physical qubits to sustain a logical qubit) and quantum factoring resource estimates, they have adjusted their quantum era timeline to 2029 and are taking action. They are prioritising PQC migration for authentication services and recommend that others do the same. Android 17 is integrating PQC digital signature protection using ML-DSA in alignment with the National Institute of Standards and Technology (NIST), building on Google Chrome support for PQC.
With Y2Q an existential threat to Bitcoin, and getting a closer, which is why a group of Bitcoin core developers have put forward BIP-361, a quite radical proposal to deal with the threat with a fix that would rewrite Bitcoin’s property rights guarantees. The proposal is, in essence, a plan to invalidate transactions from quantum-vulnerable wallets, effectively freezing the coins of wallets that fail to upgrade. These coins, incidentally, include Mr. Satoshi Nakamoto’s stash of more than a million bitcoins.
BIP-361 sets out three phases. In the first phase, about three years after activation, the network stops allowing new funds to be sent to legacy, quantum-vulnerable addresses, but users can still move coins out of them. In the second phase, two years further on, old coins are frozen. In a final recovery phase (still being defined), holders of old coins would be give some other mechanism (probably using zero-knowledge proofs) to prove recover frozen funds.
(The proposal would pressure holders to migrate to quantum-resistant wallets and like a great many other people, I would be fascinated to see whether the coins in the Satoshi wallets are moved to quantum-resistant wallets thus proving that whatever Mr. Nakamoto is, he/she/it is still around).
Trouble and Tradeoff
The proposal has ruffled some feathers in the Bitcoin community, because an essential tenet at the cultural core of the Nakamoto disciples is “your keys, your coins”: that is, coins should stay spendable by whoever controls the keys and the consensus mechanism should not be used to override ownership. They see BIP-361 as the thin end of a big wedge. If the network can invalidate transactions in order to provide for quantum safety, then it may lead to future changes that lead to other forms of censorship or confiscation. To the crypto hard core, freezing any coins for any reason at all invalidates the core blockchain promise of immutable ownership, introducing a precedent of intervention that could (as they see it) be more dangerous than the quantum threat itself.
On that, I have to say that I agree with them, but they are wrong to oppose it. This is a fundamental debate about property rights and survivability. It is all very well sticking to the principles of censor-resistant anonymous currency, supporters would say, but what good are principles around a network that fails?
That fact is that in order live in a society, rather than a digital Wild West, we must build better governance, disclosure and enforcement institutions around decentralised money. Bitcoin maximalism is a narrow property-rights principle not a complete social theory. That maximalism has some very negative outcomes, ranging from assassination markets to political corruption that I think deserve serious attention. Will Thomas and Jeffery Zhang say plainly that if these issues remain unaddressed, the United States risks entrenching a form of “crypto kleptocracy“, one in which the boundary between public power and private wealth becomes increasingly difficult to discern.
Worse Case Scenario
The debate about BIP-361 is worth paying attention to because it is about more than the specific issue of quantum resistance. While on the one hand it doesn’t really matter if a third of all bitcoins are stolen by quantum computers and it ends up going to zero (the corn will still ripen), on the other hand if a third of all the bitcoins are stolen by quantum computers that are not under the control of Silicon Valley oligarchs the outcomes could be rather unpleasant: I’m sure North Korea’s long-range nuclear weapon platforms or Iran’s plutonium-in-water-supply delivery drones could make good use of half a trillion dollars give or take.
By the way, that’s not my worst nightmare. My worst nightmare is that AI uses quantum computers to get hold of the Satoshi stash. If coins from the Satoshi wallets move, we have no way of knowing whether it is Adam Back, a CIA research group or an AI that has control of them. A really intelligent AI would move the coins, then claim to be Satoshi himself and set about changing the laser-eyed masses into a new religion, Scientology for Gen Z, QAnon for the next election cycle.
Qdoomsday prepping required!