Quantum computers will not steal your bitcoins, even if they can
The quantum gravity principle
Crypto gamblers are worried. Quantum computers (QCs) could compute private keys from Bitcoin users’ public keys and then sign transactions on their behalf to send bitcoins elsewhere.
That is, if QC companies can scale from a thousand to a million qubits. They’ve been saying “five to ten years” for a decade. I’m optimistic enough to doubt I’ll ever see such a QC in my lifetime. I’m 43 and I don’t need VC money or research grants.
Regardless of what happens, whether such QCs show up next week or next millennium, no QC will ever be used to steal bitcoins. I called this the quantum gravity principle.
Let’s examine the assumptions that support it. The argument generalizes to all cryptocurrencies, except the ones already using post-quantum signatures.
Vulnerable Bitcoin
If Bitcoin migrates to post-quantum signatures, while protecting legacy addresses, then QCs couldn’t attack it.
So we’ll assume Bitcoin is still ECDSA/Schnorr-Bitcoin, not post-quantum Bitcoin.
Public QC progress
We won’t jump from a thousand to a million qubits in a week. Progress would come with visible signs: more physical and logical qubits, longer coherence times, lower error rates, demonstrations of fault-tolerance, etc.
If we get dangerously close to a QC capable of breaking Bitcoin, then the markets will react and crash. Bitcoin’s value will collapse. All the more so if the existence of such a QC is confirmed. There’s no point in stealing something worthless.
Private QC progress
“But what if the Chinese/US/Russian/Swiss/Nepalese government is building a QC in secret?”
In this case, said government has these options:
Use the QC to decrypt encrypted intelligence and compromise foreign systems, keeping the capability secret.
Steal bitcoins, making millions but
Revealing the existence of a QC, as large suspicious bitcoin transfers and swaps into fiat wouldn’t go unnoticed.
Crashing the bitcoin price, diminishing the potential profit.
Governments routinely do dumb things, but no intelligence service would pick option 2. They’d just go with option 1. The strategic edge dwarfs the monetary benefit.
“But what if they only target abandoned accounts and just move small amounts of money to fly under the radar?“
The cost-benefit situation is even worse. Trivial profit (relative to a government’s budget) and still a significant risk of detection.
“You assume a rational actor only motivated by money and intelligence, what if the adversary is a comicbook villain who just wants to see the world burn by crashing crypto?“
I don’t exclude this case. But such character wouldn’t (profitably) steal bitcoins. A lot of people would lose “value” from the price collapse, but their coins wouldn’t be stolen.
“What if you use multisigs, MPC, or HSM?”
Doesn’t change anything at all. Public keys are public.
No QC progress
This is a greater threat. No actual QC progress, but psyop:
Short Bitcoin.
Fabricate “evidence” of a QC: forged documents, faked leaks, bribed insiders, paid influencers, deepfake videos, a Joe Rogan podcast.
Watch the markets crash, and profit.
Under any variant, this scenario is far more likely than an actual QC stealing your coins.
But what if some researchers in a quantum lab find a way to unnoticeably steal a couple of billion dollars from abandoned Bitcoin addresses while the lab directors and the government are unaware of what they are doing? They have strong incentive to do that and try their best to keep it secret. The main problem arise when they get exposed.
another dazzling yet important point to make: if my balance is hidden, then no one can know how much I have, thus no one will want to steal => use Aztec