What is the Risk that Digital Assets Face from Quantum Computing?
Quantum computing presents a potential long-term risk to digital assets because many cryptocurrencies rely on cryptographic algorithms that could be weakened or broken by sufficiently powerful quantum machines. Most blockchains, including Bitcoin and Ethereum, use elliptic curve digital signature algorithms ( ECDSA) to secure transaction signatures. A large-scale quantum computer capable of running Shor’s algorithm could theoretically derive a private key from its corresponding public key, enabling an attacker to impersonate a user and spend their funds. Similarly, hash-based security assumptions used in mining or addressing could be challenged through Grover’s algorithm, which can speed up brute-force searches. However, such attacks require quantum computers far beyond today’s very limited prototypes in terms of qubit count, error correction, and reliability.
Current estimates suggest that quantum computing will not pose a critical threat to major cryptocurrencies for at least a decade, and possibly much longer. Reliable forecasts vary widely, with some experts expecting meaningful cryptographic threat levels around the mid-2030s, while others believe it may take several decades before fault-tolerant quantum machines reach the scale needed to break elliptic curve keys in real time. The challenge is not just building more qubits, but achieving a low-error, stable system where millions of physical qubits can be combined to form thousands of “logical” qubits capable of sustained computation. At present, quantum hardware remains in a noisy intermediate stage, suited to research but not capable of executing attacks against global financial networks.
Different types of digital assets face different levels of exposure. Funds held at blockchain addresses that have never broadcast their public keys, such as most modern Bitcoin wallets, are less immediately vulnerable, because only hashed public keys are visible on-chain. The greater risk lies in reused or exposed public keys, older accounts, and legacy multisignature setups. Smart contract platforms and DeFi applications also rely on signature verification across large numbers of keys, creating a broader attack surface if quantum capabilities advance rapidly. Tokens whose core infrastructure depends on upgradeable governance may be better positioned to transition, whereas immutable networks with slow coordination processes could face challenges adapting in time.
Several mitigation strategies are already in progress. Post-quantum cryptographic algorithms, many based on lattice-based or hash-based schemes, are being standardized through global bodies such as the US Commerce Department’s National Institute of Standards and Technology (NIST). Some blockchain projects have integrated or tested post-quantum signature schemes, and developers across Bitcoin, Ethereum, and other networks are evaluating migration paths that could preserve security without disrupting users. Certain assets, particularly those using hash-based signature schemes or systems designed for quantum resilience from inception, are already better insulated. The transition is expected to be gradual, with layered migration options such as optional quantum-safe addresses enabling users to move funds before large-scale quantum threats materialize. In summary, while quantum computing is a legitimate long-term risk, it is not an imminent one, and active research and planning reduce the likelihood of a sudden or unmanageable disruption.
What Criteria Makes a Digital Asset “Quantum Resistant”?
A digital asset is considered “quantum resistant” if the cryptographic primitives that secure it remain secure even in the presence of large-scale, fault-tolerant quantum computers. Most blockchain systems today rely on elliptic curve or RSA-based public key cryptography, which can be broken by Shor’s algorithm once quantum machines become powerful enough. To be resistant, a digital asset must instead use signature schemes and key exchange mechanisms that rely on mathematical problems believed to be hard for both classical and quantum computation. This typically means moving away from number-theoretic assumptions and toward alternatives like lattice-based, hash-based, multivariate, or code-based cryptography. In other words, quantum resistance depends not on how the asset is used, but on the cryptographic algorithms implemented under the hood.
A second key criterion relates to how the public keys and signatures are exposed. On many blockchains, including Bitcoin and Ethereum, a user’s public key is revealed only when they spend funds; until then, only a hash of the key is visible. This provides a form of delayed protection, since Grover’s algorithm still requires brute-force effort to reverse the hash, though quantum speedups may reduce safety margins. True quantum-resistant assets avoid exposing public keys in vulnerable formats or rely on signature schemes where knowledge of a public key does not provide a feasible attack vector, even with quantum resources. In practice, this means evaluating not only the signature primitive, but also how keys are broadcast, stored, and reused in transaction flows.
A digital asset’s governance and upgrade pathway also determine whether it can become quantum resistant in time. Even if an asset currently relies on cryptography that would be vulnerable to quantum attacks, it may still be considered “future secure” if the network has a clear, coordinated mechanism to rotate keys, migrate addresses, or transition to post-quantum signature schemes before practical quantum attacks emerge. Networks with flexible scripting environments or robust community-led governance (like a Decentralised Autonomous Organization) have a clearer route to migration. Conversely, networks that are highly rigid, lack upgrade frameworks, or depend on user coordination across millions of wallets (like Bitcoin’s consensus model) may find it more difficult to adapt before risks materialise.
Genuine quantum resistance also requires consideration of performance, decentralisation, and operational trade-offs. Some post-quantum schemes produce very large signatures or require heavy computation, which may not be workable for high-throughput blockchains or low-power devices. A quantum-resistant digital asset must therefore balance strong theoretical security with practical usability and network efficiency. The goal is to adopt cryptography that remains safe against quantum adversaries without sacrificing decentralisation, accessibility, or transaction scalability. Quantum resistance is not a single feature but a combination of mathematically robust primitives, careful protocol design, flexible upgrade capacity, and real-world performance compatibility.
How Can Digital Assets Mitigate Potential Quantum Attacks?
Mitigating the risk of future quantum attacks begins with planning for cryptographic transition well before large-scale quantum computers become practical. The first step is therefore to assess where and how cryptographic assumptions are used across a protocol, namely, key generation, signature schemes, hashing, address formats, and network messaging. Conducting this type of mapping allows developers and ecosystem contributors to identify the most vulnerable components and to prioritise which cryptographic primitives will require migration to post-quantum alternatives such as lattice-based or hash-based schemes.
A second pathway for mitigation involves reducing exposure of public keys whenever possible. In many existing systems, public keys remain concealed behind hashed addresses until a user spends funds. Encouraging best practices such as “one-time spend” addresses, discouraging address reuse, and designing wallets to automate key rotation can create a buffer period in which even quantum attackers cannot easily retrieve a private key from a revealed public key. While this does not make a network quantum-proof, it extends the safety window and reduces the number of immediately vulnerable assets during a transition period.
Another important component is the development and testing of hybrid cryptographic schemes that combine classical and post-quantum signatures. Hybrid signatures allow transactions to be validated using both traditional elliptic curve systems and quantum-resistant algorithms simultaneously. This ensures backward compatibility, preserves interoperability with existing infrastructure, and allows networks to phase in new cryptography without requiring immediate consensus-level forks. Research into hybrid approaches, as well as standardisation efforts led by organisations such as NIST, can help establish common frameworks that digital asset networks can adopt in a coordinated and orderly manner.
Meaningful mitigation requires social and governance readiness in addition to technical solutions. Digital assets should establish upgrade pathways, via governance mechanisms, protocol improvement proposals, and wallet-level migration plans, to support coordinated shifts to new cryptographic standards when needed. This includes educating users, exchanges, custody providers, and node operators about the risks and the steps required for secure key migration. The timeline for quantum threat maturity is uncertain, but proactive preparation reduces the likelihood of rushed emergency changes. By combining early cryptographic research, cautious key exposure practices, hybrid signature adoption, and strong upgrade governance, digital asset ecosystems can position themselves to transition safely in a post-quantum future.
The post appeared first on Bitfinex blog.
