Nic Carter says quantum computing is the biggest long-term risk to bitcoin’s core cryptography and urges developers to treat it with urgency, not as science fiction.
In an essay published Monday, the co-founder of Coin Metrics explains in plain language how bitcoin keys work and why quantum matters. Carter writes that users start with a secret number (a private key) and derive a public key with elliptic curve mathematics on the secp256k1 curve, the basis for ECDSA and Schnorr signatures.
He describes that transformation as deliberately unidirectional: easy to calculate forward, infeasible to reverse under classical assumptions. “Bitcoin’s entire cryptographic premise is ‘there exists a one-way function that is easy to compute in one direction and not feasible to invert,'” he writes.
To develop intuition, Carter compares the system to a giant number scrambler. Going from private to public is efficient for honest users, he says, because they can use a shortcut known as “duplicate and add” to arrive at a result quickly. He adds that there is no comparable shortcut in the opposite direction.
For non-specialists, it offers an analogy to the shuffled deck: the same sequence of decks can be repeated to arrive at an identical final order, but an observer cannot look at the shuffled deck and infer how many decks were used.
The concern, Carter argues, is that a sufficiently powerful quantum computer could erode that asymmetry by advancing the discrete logarithm problem underlying bitcoin signatures. According to his account, routine network behavior also increases exposure: when coins are spent, a public key is revealed on the chain.
He says it’s secure today because converting a revealed public key to a private key isn’t practical, but quantum advances could change that calculus, especially if addresses are reused and more keys remain visible for longer.
It doesn’t call for panic. Carter says the point is planning.
In the short term, it highlights basic hygiene measures such as avoiding the reuse of addresses so that public keys are not exposed for longer than necessary. Longer term, he urges the community to prioritize post-quantum signature schemes and realistic migration paths, framing them as engineering work rather than a distant thought experiment.
The essay is the first in a short series; Carter said on X that parts II and III will arrive in the coming weeks and will cover “post-quantum breakup scenarios.”
