One of the world’s most respected quantum computing researchers has sharply pulled forward the perceived timeline for a cryptographically relevant quantum computer – and Bitcoin is suddenly in the crosshairs of the debate.
In a new post on his Shtetl-Optimized blog, theoretical computer scientist Scott Aaronson writes that, given the “current staggering rate of hardware progress,” he now thinks “it’s a live possibility that we’ll have a fault-tolerant quantum computer running Shor’s algorithm before the next US presidential election.” He frames the post as an attempt to process “too much happening” in quantum computing, citing a string of advances across hardware and verifiable quantum advantage experiments, and concludes: “Evidence continues to pile up that we are not living in the universe of Gil Kalai and the other quantum computing skeptics.”#
What This Means For Bitcoin
For Bitcoin, the key words are “fault-tolerant” and “Shor’s algorithm.” Bitcoin’s ECDSA signatures over the secp256k1 elliptic curve derive their security from the hardness of the discrete logarithm problem. A sufficiently large, error-corrected quantum computer running Shor’s algorithm can, in principle, solve both integer factorization and discrete logs in polynomial time – directly undermining the assumptions behind today’s public-key cryptography.
The market reaction crystallized on X. Castle Island Ventures partner Nic Carter highlighted Aaronson’s line about a pre-election Shor-capable device and stressed that the messenger matters: “this guy is one of the most notable quantum academics/researchers/educators and is known as major quantum SKEPTIC / realist.” He added that Aaronson is “specifically known for not selling out to quantum vaporware companies,” arguing that “people don’t understand the significance of HIM saying this” and remarking, “A lot changed this year.”
Crypto voices quickly connected the dots to Bitcoin and other crypto assets. “I am honestly worried for bitcoin. This is an opportunity for Ethereum,” wrote one commentator, while StarkWare co-founder Eli Ben-Sasson replied, “I’m honestly worried for both.” The message: no major chain that relies on classical public-key cryptography is immune to a sufficiently mature quantum adversary.
Others urged the industry not to jump from “live possibility” to imminent catastrophe. Haseeb Qureshi argued it is “important not to scaremonger here about quantum timelines,” drawing a line between demonstrating Shor’s algorithm and breaking real-world 256-bit elliptic-curve keys. Running Shor to factor a moderately sized number would already be a landmark, but, he noted, scaling to numbers with “hundreds of digits” would require a “huge degree of scaling and engineering.”
To anchor expectations, Qureshi pointed to prediction platform Metaculus, where forecasters currently place the first RSA challenge number being factored by Shor’s algorithm around the mid-2030s, with a wide distribution around that date. Notably, that median has moved dramatically in just a few years; in 2022, community expectations were centered a couple of decades later. Progress, in other words, is running ahead of earlier forecasts, but still not on the scale of “next cycle, everything breaks.”
“Important to take seriously. But not imminent by any means. All blockchains will need to adapt to post-quantum cryptography. An orderly transition probably needs at least 4 years, which means we have the next few years to decide on a viable upgrade path,” Qureshi concluded.
Developers Need To Get Serious Now
Alex Pruden, CEO of Project Eleven, an applied lab of builders & technologists at the intersection of quantum computing and cryptography formed in 2024, countered: “We don’t need to panic, but we need to get serious. I wish people would stop referencing Metaculus. It’s just a random survey platform without any mechanism to filter people w/ authority from randos on the internet.”
While Pruden acknowledged that it is “notoriously difficult to predict how the development of a quantum computer will play out,” he warned that technologies like quantum computing or AI “often happen not in a linear way, but as a series of breakthroughs.” He added: “Even if it’s only a 1% chance in the next five years, given that it breaks **the fundamental security guarantee which secures assets onchain**, why shouldn’t this be the top priority for every blockchain? Whenever it does happen, it will be the only thing that matters.”
For Bitcoin specifically, the risk is unevenly distributed. Pay-to-public-key (P2PK) outputs and any address that has already revealed its public key on-chain are inherently more exposed in a post-quantum world than single-use pay-to-public-key-hash (P2PKH) outputs that never reuse addresses. Long-dormant early coins and heavily reused addresses would be natural targets once a quantum attacker can derive private keys from known public keys at scale.
The harder problem is governance and timing. Aaronson’s “live possibility before the next US presidential election” does not mean a Bitcoin-breaking machine exists or is guaranteed on that schedule. It does, however, narrow the psychological distance between quantum timelines and Bitcoin’s upgrade horizon. Experts like Charles Edwards already argue that an “orderly transition” to post-quantum or hybrid signatures would require multiple years of planning and coordination across nodes, miners, wallets and exchanges, and should be completed before—not after—ECDSA is practically breakable.
At press time, BTC traded at $91,417.
Related Posts
