GoKawiilBitcoin’s signatures are broken if a cryptographically-relevant quantum computer (CRQC) were to appear tomorrow. Bitcoin requires changes both to its code and to everyone’s wallets (at least a soft fork and many users moving coins to different types of addresses) to be secure in the presence of a CRQC.
The remaining uncertainty is in two main areas: timeline and how to address this. I will frame these two issues in the following way:
What is the likelihood of a CRQC appearing, and on what timeframe? What are the best paths for Bitcoin successfully upgrading so that it would not be broken in the presence of a CRQC, and at what cost to Bitcoin? What is the set of tradeoffs, and how should Bitcoin navigate this space of tradeoffs?
I think the following:
The chance of (1) is non-zero for various timeframes
We do not yet know the answer to (2), we don’t know if there will be agreement on how to navigate the tradeoffs once there is a defined set of possible paths forward, and it’s not clear there is agreement to even do anything. Therefore, it is not 100% clear that Bitcoin will successfully upgrade before a CRQC appears.
An important implication if you believe the, I think, pretty reasonable previous statements is:
A CRQC is an existential threat to Bitcoin (you might believe this is very low-likehood). Your measurement of this threat should literally be:
(A) How likely you think it is a CRQC appears by a given time, multiplied by
(B) How likely it is you think Bitcoin will not successfully upgrade by that time.
... continue reading