A Bernstein research note argues that advances in quantum computing could eventually threaten Bitcoin’s cryptography, but the danger is manageable and unlikely to cause an existential collapse. The report, authored by Gautam Chhugani, Mahika Sapra, Sanskar Chindalia and Harsh Misra, frames the situation as a foreseeable upgrade cycle rather than an abrupt crisis.
Recent experimental results — including work from Google indicating fewer resources may be needed to break modern encryption — have tightened the timeline, prompting greater urgency. Still, building cryptographically relevant quantum computers (CRQCs) capable of undermining Bitcoin will require overcoming substantial technical and cost barriers, so Bernstein estimates the crypto ecosystem has roughly three to five years to prepare for post-quantum transitions.
Responsibility for any protocol-level response would fall to Bitcoin’s open-source developer community and core contributors, who approve and implement consensus changes. Many quantum specialists have previously cited a longer, roughly 10-year horizon for CRQCs; recent progress has shortened that window enough to merit proactive planning.
The exposure is not uniform across the network. The greatest risks are concentrated in older wallets and address types that reveal public keys or that reuse addresses. Bernstein highlights pay-to-public-key (P2PK), pay-to-multisig (P2MS) and pay-to-Taproot (P2TR) formats as comparatively vulnerable. Legacy addresses hold meaningful sums — about 1.7 million BTC in early P2PK addresses by Bernstein’s estimate, including roughly 1.1 million BTC associated with Satoshi Nakamoto — where public keys remain exposed indefinitely.
Bitcoin mining, which depends on SHA-256 hashing, is not seen as meaningfully at risk from near-term quantum attacks. Practical mitigation steps include avoiding address reuse, adopting newer wallet formats, identifying at-risk address sets, migrating funds to quantum-resistant schemes, and coordinating any necessary protocol upgrades.
Bernstein’s bottom line: the quantum threat is real but manageable if the industry uses the available multi-year window to plan and execute community-driven post-quantum cryptographic upgrades.