The Bitcoin developer community should stop waiting for certainty on quantum computing timelines and focus on putting a post-quantum signing scheme into production, Alex Pruden, CEO of Project Eleven, said at CoinDesk’s Consensus Miami conference on Wednesday.
Pruden said the asymmetry between acting now and waiting favors action.
“We added some new crypto, we added this option, turns out we didn’t need it yet, but at least we have it,” he said, describing the worst case of acting early.
The worst case of being late is much worse: a sufficiently capable quantum computer could derive private keys from any exposed public key using Shor’s algorithm, the 1994 algorithm that remains the canonical example of what a quantum machine can do that a classical one cannot.
Pruden valued the asset at stake at approximately $2.3 trillion.
“In a very real sense, someone with a large and capable enough quantum computer owns everyone’s digital assets or bitcoins for the public key that they can see,” Pruden said.
The way forward, Pruden said, is to introduce a new signing scheme into Bitcoin that doesn’t rely on the classical mathematics underlying the elliptic curve digital signature algorithm, or ECDSA, it uses today.
The National Institute of Standards and Technology has standardized post-quantum schemes based on hash functions and networks, he said, and the Bitcoin community discussion has trended toward the hash-based option. BIP-360, proposed last year, laid the groundwork for adding a quantum-resistant Taproot output type, and Blockstream has implemented a hash-based signing scheme on its Liquid Network.
“I think we really need to focus on moving things from research to production,” Pruden said. “Let’s focus on the D of R&D.”
The migration will be substantially more difficult than the Taproot upgrade, Pruden warned.
“Taproot took five years, but that’s not even all the challenge it will be.” Where Taproot was enabled and most users never bothered to migrate, every bitcoin holder and every wallet, exchange, and institution that touches the asset will need to participate in a post-quantum migration.
Pruden said the timing risk is serious: If a quantum computer arrives before users have migrated, an attacker could execute pending transactions within a single block of time, paying a higher fee to capture funds whose private keys they just obtained.
Pressed by the unresolved debate over what to do with bitcoins sitting at inactive addresses vulnerable to quantum vulnerability, Pruden urged the community to postpone that fight and focus on the migration itself. Harper framed that debate as involving more than 5 million dormant coins, including coins attributed to Satoshi Nakamoto through the so-called “Patoshi” pattern of early mining blocks.
“The question of Satoshi coins in particular is difficult,” Pruden said, because it puts two philosophical commitments in tension: Bitcoin’s fixed-supply ethos and its commitment to digital property rights. When asked for his personal opinion, Pruden said that dormant coins could potentially be “recycled.”[d] return to the bottom of the supply curve” to widen the track of Bitcoin mining incentives after the block subsidy runs out.
“If I was put on the spot, that’s probably what I would say,” Pruden said. “So I guess generally it would be the confiscation side. But again, I think ultimately the community is going to decide. The institutions and the market are going to decide.”
On whether Bitcoin Core developers are taking the threat seriously, Pruden said the response is mixed. “Core is not a monolithic entity. So I think there is definitely [some] at Core that they are taking it seriously. I think there are some people who have the opinion” that quantum computers will never come. He pointed to the broader scientific community as a counterweight: “Most physicists, if you ask them this, will say, yes, it will exist. And, by the way, many of them believe that the deadlines are accelerating.”
The same physics that makes quantum computers a threat to existing cryptography can also seed the next generation of cryptographic primitives, he said, citing key exchange protocols based on quantum entanglement and certified randomness work that won the Turing Award last year.
