Author: Jeffrey Hu, Source: Author’s Twitter @jeffrey_hu

Will quantum computing destroy Bitcoin? This topic with its own civilist temperament will always cause extensive discussion/FUD every once in a while.

Will Google’s newly released Willow be different this time?

We conducted a survey.

Willow has indeed made great progress

But for now, Bitcoin users still don’t have to worry

If we make special efforts to streamline the Bitcoin protocol, it can be divided into two Parts: mining (based on hash), transaction (based on elliptic curve signature).

These two parts are indeed potentially affected by quantum computing: Grover’s algorithm and Shor’s algorithm.

But at present, Willow’s “computing power” is far from enough to have an impact on both parts.

To be able to attack Bitcoin hashes and signatures within a reasonable time, approximately several thousand logical qubits (qubits) are needed.

Depending on the process, several (possibly Thousands) of physical qubits are encoded into 1 logical qubit.

This means that it would take about a few million physical qubits to attack Bitcoin. Willow's physical qubit is 105, so there is still a long way to go.

But what if one day the computing power is enough?

For mining, the impact is actually relatively limited. Because the Grover algorithm only accelerates and does not reverse the hash rules, it still requires a lot of calculations to find the hash value required for mining.

It can be simply understood that there is a new powerful mining machine on the market.

For address signatures

There are some addresses that you really need to be careful about! These include the oldest P2PK and the latest P2TR, which are based on public keys.

P2PKH, P2SH, P2WPKH, and P2WSH are relatively safe because they are all in the form of hash.

But be aware that reusing these addresses will also expose your public key, leading to risks.

Of course! Bitcoin is constantly evolving, and in the future, for example, hash-based Lamport signatures can be introduced. There have been many discussions in the community, such as https://blog.blockstream.com/script-state-from-lamport-signatures/ (although it is used in state applications)

Anti-resistance can also be introduced quantumSuch as cell-based passwords, etc.

And these can be activated through soft forks.

In addition to developers, good usage habits can also effectively defend against quantum threats.

For example, change the receiving address (one-time password) every time instead of reusing the address (every time I say this, I want to complain about the many "Bitcoin ecological" wallets now).

For example, before quantum computers can pose enough threats, assets will be transferred to a relatively more secure Segregated Witness address, etc.

Other networks, such as Ethereum, also have a lot of discussion about post-quantum cryptography. These designs can also be introduced through hard forks.

But in the final analysis, the emergence of quantum computers will obviously not only affect Bitcoin or other cryptocurrencies. Many important areas such as traditional financial systems, national defense systems, and confidential channels will be affected by it.

So in short: In the short term, we don’t need to worry about the threat of quantum computers to networks such as Bitcoin - but it is also strongly recommended to develop good usage habits and keep an eye on quantum progress.