Countdown to Q-Day: Will Quantum Computing End Cryptocurrencies?

链捕手Pubblicato 2026-07-06Pubblicato ultima volta 2026-07-06

Introduzione

The article explores the existential threat quantum computing poses to cryptocurrencies and the urgent need for "post-quantum" migration. It outlines that quantum computers, through Shor's algorithm, could break the elliptic-curve cryptography (ECC) underlying blockchain security, potentially allowing private keys to be derived from public keys. The core challenge is not a lack of post-quantum cryptography (PQC) standards—like NIST's ML-KEM and ML-DSA—but the immense complexity of upgrading entire ecosystems before "Q-Day" (when quantum computers become capable of such attacks, estimated around 2035-2045). Key points include: * **Bitcoin's** risk is concentrated in legacy UTXOs with exposed public keys (e.g., early P2PK outputs). Migration faces massive hurdles: PQC signatures are much larger, increasing transaction size and cost, and the governance dilemma of handling un-migrated assets threatens its "code is law" ethos. * **Ethereum's** strategy focuses on "cryptographic agility," using Account Abstraction for user accounts and developing compressed hash-based signatures (like leanXMSS with SNARK aggregation) for consensus. Its migration is a complex, full-stack overhaul of execution, consensus, and data layers. * The "security debt" is enormous. The comfortable engineering window for a coordinated, ecosystem-wide upgrade is only 5-8 years. High-value infrastructure (exchanges, bridges) may face pressure before mainnet protocols. In conclusion, quantum computing is...

Author|0xjacobzhao @ IOSG

Imagine a quiet morning in 203X, when on-chain monitoring alarms suddenly shatter the peace: a batch of long-dormant early Bitcoin addresses begin to move assets like ghosts. There is no hacker intrusion, no private key leak—only the sudden generation of “legitimate” signatures. As high-value dormant UTXOs are cleared out one after another, the market finally awakens to reality: some unknown entity with quantum computing power can now directly reverse-engineer private keys from historically exposed public keys. Panic instantly grips the market, while in the dark web, a hoard of “harvest now, decrypt later” public keys—accumulated over a decade—is being auctioned off frantically, waiting for the computational power to unlock their wealth. Meanwhile, the Bitcoin community is plunged into an unprecedented ideological rift: faced with coins looted by quantum power, should they stick to the unbreakable principle that “code is law,” or enforce a soft fork to freeze legacy assets? The collision between property rights and survival logic completely detonates a governance deadlock. On that day, blocks continued to be mined, and the network did not stop for a second. Quantum computing was not an apocalyptic magic that erased everything, but it pushed the entire Web3 ecosystem into a prolonged struggle of cryptographic restructuring and a crisis of consensus.

Quantum computing is often portrayed as the “Damocles’ Sword” hanging over blockchain. Let’s re-examine the biggest “security debt” the Web3 world is about to face. The threat from quantum computing to blockchain is, in essence, an extreme stress test of its three foundational pillars: public ledger, irreversible asset transfer, and self-custody of private keys. As the dawn of fault-tolerant quantum computers (CRQC) appears, the industry faces the daunting task of navigating extremely complex social consensus and governance battles within the remaining “engineering comfort window” of just 5 to 8 years before Q-Day arrives.

Quantum Computing: Technical Principles, Value, and Threats

Quantum computing is a new computational paradigm based on quantum mechanics principles. It uses quantum bits (qubits) as information carriers, breaking through the binary limitation of classical bits that can only represent 0 or 1, and leverages quantum properties such as superposition, entanglement, interference, and measurement to achieve computational efficiencies difficult for classical computing:

  • Superposition — Expanding the state space: A qubit can exist in a linear combination of 0 and 1.

  • Quantum Entanglement — Establishing global correlation: The strong non-local correlation formed between multiple qubits.

  • Quantum Interference — Manipulating probability amplitudes: The core mechanism for quantum algorithm speedup, where the probability amplitudes of wrong answers cancel each other out (destructive interference), while the probability amplitudes of correct answers are amplified (constructive interference).

  • Quantum Measurement — Collapsing the quantum state into a single classical result. The core of quantum algorithms is not to “read out all answers,” but to make the correct answer appear with a high probability during measurement.

Figure 1: Four Pillars of Quantum Computing

(①) Superposition expands the state space — A qubit exists as a continuous mixture of |0⟩ and |1⟩ on the Bloch sphere.

(②) Entanglement creates non-local correlations; measuring one qubit instantly determines its partner.

(③) Interference is the engine of speedup: Wrong answers' amplitudes cancel, correct answers' amplitudes reinforce.

(④) Measurement collapses the quantum state into a single classical result — the algorithm's task is to make the correct result appear with an overwhelming probability beforehand.

Two Core Quantum Algorithms: Shor's "Dimensionality Reduction Strike" and Grover's "Brute-Force Accelerator"

  • Shor's Algorithm (1994): The "Dimensionality Reduction Strike" Against Public-Key Cryptography : Shor's algorithm leverages quantum properties to directly "see through" the mathematical patterns of integer factorization and discrete logarithms, thereby completely destroying the trust foundations of modern internet and blockchain, such as RSA and Elliptic Curve Cryptography (ECC). However, limited by real-world quantum error correction overhead, cracking mainstream cryptography still requires millions of physical qubits, though this threshold could be significantly lowered with more aggressive algorithm optimization.

  • Grover's Algorithm (1996): The "Brute-Force Accelerator" for Symmetric Encryption: Grover's algorithm cannot directly break cryptographic structures, but it boosts the speed of "guessing passwords" by a square root factor (e.g., directly halving the security strength of 128-bit encryption to 64-bit). Its threat is far less fatal than Shor's, and countermeasures are straightforward—typically restoring security margins by using longer keys, longer hash outputs, or higher security parameters (such as upgrading to AES-256 or SHA-512).

Figure 2: Two Core Quantum Algorithms: Shor's Algorithm and Grover's Algorithm

Quantum Computing Commercialization Roadmap: The "Clash of the Titans" Among Five Technical Factions

No single qubit technology has established a clear engineering lead. Currently, five routes are being commercially pursued, each with its own advantages and disadvantages.

Positive Value and Negative Threat of Quantum Computing

The core value of quantum computing lies in breaking through the capability boundaries of classical computing for specific complex problems, driving paradigm-level leaps in fundamental science and engineering. Its positive value is concentrated in two main directions: first, the simulation of complex quantum systems, including quantum chemistry, drug development, new materials, and energy technologies; second, solving high-complexity optimization problems, including logistics, finance, supply chains, chip design, and industrial scheduling. Among these, quantum simulation is widely considered a more deterministic long-term application scenario, while complex optimization is still in the exploration and validation stage. Currently, quantum computing is at a critical stage moving from laboratory prototypes toward engineering applications. Decoherence, physical noise, error correction overhead, and system scalability remain the core barriers to crossing the industrialization chasm.

The quantum threat essentially targets the foundations of modern public-key cryptography systems and spreads layer by layer according to the logic of “data lifetime × migration difficulty × attack benefit.” National security, military, and intelligence systems are the first to bear the brunt, facing strategic-level “Harvest Now, Decrypt Later” (HNDL) risks. Financial and payment infrastructures, deeply reliant on TLS, HSMs, and identity authentication systems, will be the first to enter compliance migration tracks. Internet trust roots and blockchain/Web3 ecosystems face multiple systemic risks including code signing, cloud key management (KMS), irreversible on-chain asset transfers, and governance migration. Meanwhile, sectors like healthcare, energy, industrial control, and IoT will form long-term, difficult-to-eliminate tail risks due to long device lifecycles and narrow upgrade windows.

Time Window and Planning Rule: Q-Day and the Mosca Inequality

Q-Day refers to the point in time when a quantum computer first possesses the practical capability to break mainstream public-key cryptography. It is not a fixed date, but a probability interval influenced by hardware progress, error correction capabilities, algorithm optimization, and the secrecy of national projects. Current mainstream expectations are roughly concentrated between 2035 and 2045. Fast scenarios could advance it to 2030–2035, while a pre-2030 timeline is considered a low-probability tail risk.

Mosca Inequality X + Y > Z explains why even if Q-Day is not yet imminent, post-quantum migration still has real urgency. Here, X is the time data needs to remain confidential, Y is the time required to complete cryptographic migration, and Z is the remaining time until Q-Day. As long as the sum of the data's lifetime and the migration period exceeds the remaining time until Q-Day, the system is already in a migration lag zone: data collected today may be decrypted by quantum computing in the future. Therefore, post-quantum security is not an emergency engineering task after Q-Day arrives, but a long-term infrastructure migration that must be started in advance.

Figure 3: Expert Q-Day Forecast Distribution in 2026. Each bar shows a single source's reasonable window; dots mark central estimates.

Color coding represents speaker categories: Red = Aggressive industry; Orange = Benchmark survey/consensus; Blue = Hardware roadmap; Green = Skeptics.

Post-Quantum Cryptography (PQC): Technology Roadmap, Standardization, and Industry Migration Overview

Post-Quantum Cryptography (PQC), also known as quantum-resistant cryptography or quantum-safe cryptography, is a new generation of cryptographic algorithm systems designed to resist future attacks by quantum computers. Their core characteristic is that they still run on existing classical computing architectures, but their security is based on mathematical problems that are also difficult for quantum computers to solve efficiently. PQC has become the most realistic and scalable mainstream pathway for the global digital infrastructure's quantum migration.

Main Technical Routes: The Duel of Lattice-Based and Hash-Based Signatures

Current PQC research and implementation primarily focus on several major mathematical families:

  • Lattice-Based Cryptography: Security is based on hard problems in high-dimensional lattices (e.g., Module-LWE). It balances efficiency and security, making it the core direction for current standardization and engineering implementation. Representative algorithms are ML-KEM and ML-DSA.

  • Hash-Based Signatures: Relies solely on the collision resistance of hash functions, with extremely simple and conservative mathematical assumptions. The representative standard is SLH-DSA.

  • Other Routes: Code-based cryptography (HQC) was selected by NIST as the fifth PQC algorithm in March 2025, serving as a non-lattice backup to ML-KEM. The draft standard is expected in 2026, with the final standard in 2027. Meanwhile, Multivariate and Isogeny-based cryptography have not yet entered NIST's first batch of standardization due to security or efficiency concerns. Notably, the isogeny route suffered a major setback when the SIKE algorithm was broken.

Standardization Milestone: NIST Establishes the "One KEM, Two Signatures" Pattern

The FIPS standardization process led by the U.S. National Institute of Standards and Technology (NIST) is a key turning point in moving PQC from theory to practice. In August 2024, NIST officially released three core standards, establishing the basic division of labor for PQC migration:

  • FIPS 203 (ML-KEM): A Lattice-based Key Encapsulation Mechanism (KEM) for key exchange.

  • FIPS 204 (ML-DSA): A Lattice-based Digital Signature Algorithm for general-purpose digital signatures.

  • FIPS 205 (SLH-DSA): A Stateless Hash-Based Digital Signature Algorithm, serving as a backup option for high-security-level signatures.

Industry Implementation Ecosystem: A Three-Tier Architecture of Mainstream, Transition, and Auxiliary

Beyond core algorithms, building a quantum-resistant security system relies on multi-layered engineering strategies:

  • Hybrid Deployment: Uses a "traditional algorithm (e.g., ECC/RSA) + PQC" parallel signing/encryption mode as a risk-hedging measure in the early migration stages, ensuring baseline security remains intact via the traditional algorithm even if unknown vulnerabilities exist in the new one.

  • Cryptographic Agility: Architectural design that enables systems to quickly replace, upgrade, or roll back algorithms to respond to future potential algorithm breakage risks.

  • Auxiliary Enhancement Technologies: Including Quantum Key Distribution (QKD) (suitable for government/military private networks but cannot replace internet signature verification), Quantum Random Number Generation (QRNG), and Hardware Security Modules (HSM/Secure Enclave), used to enhance random number quality and key storage security.

Figure 4: Post-Quantum Roadmap Panorama

Quantum Risk and Quantum-Resistant Practices in the Blockchain Industry

Blockchain is not the primary target of the quantum threat, but it is a highly valuable “stress test” scenario. Compared to traditional Web2, which relies on centralized mechanisms (like certificate rotation, account freezing) to buffer data breach risks, blockchain directly and instantly transforms underlying cryptographic crises into asset loss and governance deadlock. The “triple irreversibility” at its architectural core—permanently public ledger, irreversible asset transfers, and self-custody of private keys—means that assets with exposed public keys may face private key recovery and signature forgery, with no centralized safety net. More critically, the Elliptic Curve and BLS signature systems heavily relied upon by mainstream public chains face structural breakdown under Shor’s algorithm. Once a fault-tolerant quantum computer (CRQC) emerges, attackers can derive private keys from exposed public keys on-chain and forge signatures, fundamentally shaking blockchain's trust foundation.

Threat Map of Cryptographic Components in Blockchain Systems

For the blockchain industry, the core proposition is not to fight immediate hackers but to initiate a “migration countdown” race against time. Quantum computing will not instantly destroy blockchain, but it will force the industry through a much more difficult underlying cryptographic reconstruction than Web2. The real risk is not the lack of standardized post-quantum algorithms, but whether the entire ecosystem can complete full-chain coordinated migration—from underlying protocols to existing assets—before Q-Day (the critical time point when fault-tolerant quantum computers possess practical cracking capabilities).

In this process, the quantum threat does not arrive uniformly but propagates level by level across a five-layer architecture: “Assets, Protocols, Infrastructure, Applications, Governance.” The most crucial insight is that the high-value Infrastructure layer (exchanges, custodians, cross-chain bridges) will bear the pressure before the L1 mainnet protocols. The ultimate bottleneck determining the success of this full-chain migration is not the replacement of cryptographic technology, but the extremely complex social consensus and governance negotiations.

Bitcoin and Ethereum's Quantum-Resistant Practices

Bitcoin's Quantum Risk: Public Key Exposure, Signature Inflation, and Governance Friction

Bitcoin's quantum risk is not evenly distributed across all BTC; it depends highly on whether the public key has already been exposed on-chain. The true high risk is not all UTXOs network-wide, but concentrated in early legacy outputs, addresses with exposed public keys that still hold balances, and long-dormant, high-value UTXOs. Bitcoin's hash components (SHA-256, SHA256d, and RIPEMD-160) primarily face a reduction in security margin from Grover's algorithm, not the structural breakdown that ECDSA/Schnorr faces from Shor's algorithm.

  • High Risk: UTXOs with Public Keys Statically Exposed: Early P2PK, Taproot (P2TR) outputs, and spent/reused P2PKH/P2WPKH addresses that still hold balances. Their full public keys are permanently on-chain and will be the first to be directly broken by Shor's algorithm once CRQC arrives.

  • Medium Risk: UTXOs with Public Keys Not Yet Exposed but Will Be in the Future: Unspent and unused P2PKH/P2WPKH addresses. Only the public key hash is exposed on-chain; risk exists only during the brief “quantum preemption window” between transaction broadcast and confirmation.

  • Low Risk: Assets Migrated to Quantum-Safe Addresses: Assets that have migrated in the future to post-quantum (PQ) addresses via soft forks will see significantly reduced risk, but this heavily relies on long-term coordinated upgrades across the entire ecosystem.

Engineering Challenges: Signature Inflation and the “Soft Fork First” Path

Under Bitcoin's governance structure, the political cost of a one-time hard fork to retire ECDSA/Schnorr is extremely high. Introducing new quantum-safe output types via soft fork is one of the more realistic incremental paths. Current related discussions include draft directions like BIP-360 / P2MR (Pay-to-Merkle-Root), but there is still a long way to go before achieving network-wide consensus and activation.

This move necessitates paying a heavy “engineering tax.” Current ECDSA/Schnorr signatures are only about 64–72 bytes, while candidate algorithms like ML-DSA (2.4–4.6 KB) and SLH-DSA (7–49 KB) see volume surges of tens to hundreds of times. This magnitude of inflation will trigger systemic chain reactions: directly increasing block weight and transaction fees, worsening node storage and bandwidth burdens, significantly deteriorating the UTXO set and wallet UX, ultimately forming negative feedback that further increases network-wide resistance to quantum migration.

More importantly, Bitcoin lacks rapid algorithm switching capability. Unlike centralized systems where a single entity can upgrade certificates or replace algorithms, it requires simultaneous adaptation of consensus rules, address formats, wallets, mining pools, exchanges, custodians, and hardware wallets. Therefore, quantum migration is not a single-point technical upgrade, but a long-term coordinated engineering effort across the entire ecosystem.

Governance Dilemma: The “Values Conflict” of Legacy UTXOs

Even if PQ addresses are successfully launched, how to handle long-term un-migrated legacy UTXOs—including early long-dormant BTC often believed to belong to the Satoshi era—remains an ultimate challenge. Two extreme approaches both conflict with Bitcoin's core values:

  • Do Nothing: Legacy coins will become “free lunch” for the first attacker with CRQC capability, triggering market panic.

  • Force Freeze/Invalidation: Directly violates the property rights principle of “Not your keys, not your coins” and the immutable narrative, easily tearing community consensus apart and potentially causing chain forks.

A practical middle path is implementing a multi-year “Legacy Sunset” mechanism: issuing long-term deprecation warnings, gradually increasing relay policy friction for spending old outputs, and finally, after multi-party coordination, imposing constraints through a soft fork. Discussions like BIP-361 “legacy signature sunset” essentially explore this path.

Therefore, Bitcoin's migration is fundamentally not a cryptography problem. PQ algorithms already exist and can be integrated. The real bottleneck lies in the social consensus around issues like immutability, property rights, and the legitimacy of “declaring assets quantum-unsafe.” In other words, Bitcoin's quantum risk is not an apocalyptic scenario where everything goes to zero one day, but a gradual process from theoretical feasibility, economic expensiveness, to practical executability. What the industry truly needs to achieve is completing migration coordination before the attack becomes economically viable.

Figure 5: Bitcoin's Quantum-Resistant Migration: A Long-Term Governance Process

Ethereum's Quantum Migration — Full-Stack Refactoring and the “Lean” Roadmap

Ethereum is proactively addressing the quantum threat. Led by the Ethereum Foundation (EF) Post-Quantum team (https://pq.ethereum.org/) and steadily advanced through open governance processes like All Core Devs, its core strategy is not a “one-time bet on a single post-quantum algorithm,” but comprehensively improving the network's Cryptographic Agility—ensuring long-term replaceability, upgradability, and verifiability for account authentication, consensus signatures, proof systems, and data layer commitments.

Ethereum's quantum risk is highly concentrated in four cryptographic components: EOA accounts (ECDSA/secp256k1), validator consensus (BLS signatures), data availability (KZG commitments), and some ZK proof systems. Accordingly, the EF has designed a “Lean” roadmap advancing on three parallel tracks: execution, consensus, and data.

  • Execution Layer (User Accounts): Account Abstraction as Buffer and L2 as Testbed

    Facing a massive number of EOAs, direct hard fork resistance is extremely high. Ethereum leverages Account Abstraction (e.g., ERC-4337 and EIP-7702) to grant smart contract wallets “signature agility,” supporting hybrid signatures and gradual migration, avoiding network-wide forced coordination. Meanwhile, L2s, with their flexible governance, become natural testbeds for PQ deployment.

  • Consensus Layer (Validator Signatures): The "One-Two Punch" of leanXMSS and leanVM

    Aims to completely replace BLS signatures that rely on elliptic curve pairings. The core strategy is adopting hash-based leanXMSS, combined with a minimalist zkVM (leanVM) for SNARK aggregation. Key engineering breakthrough: leanVM is expected to compress the large hash signature data by about 250 times, counteracting PQ signature volume inflation, and preserving the scaling advantage of “many signatures aggregated into one” while entering the post-quantum era.

  • Data Layer (Blobs, DA, and KZG): Long-Term Refactoring of Underlying Commitments

    Under CRQC conditions, the underlying security assumptions of KZG need to be re-evaluated, with a long-term migration toward more PQ-friendly commitment or proof systems. The endgame direction is evolving towards hash-based STARKs or lattice-based commitment schemes. This is a multi-year protocol-level refactoring, not an immediate failure.

Furthermore, Ethereum's quantum risk is not evenly distributed. EOAs constitute the largest pool of value; exchange/bridge/custody hot wallets, governance/upgrade keys, L2 sequencer, and admin keys are high-value operational keys that may bear pressure before the protocol itself. Overall, Ethereum's quantum migration is not a single-point signature replacement, but a multi-year, full-stack engineering effort involving accounts, consensus, DA, ZK, L2s, bridges, custody, and formal verification.

Figure 6: Ethereum Post-Quantum Migration: Execution (User Accounts), Consensus (Validator Signatures), and Data (Commitments and Proofs).

Panoramic Comparison of Post-Quantum Migration Profiles for Bitcoin and Ethereum

Theoretically, all public chains relying on traditional public-key cryptography face quantum risk. However, those truly constituting a systemic quantum migration proposition are still primarily Bitcoin and Ethereum: the former involves legacy UTXOs, immutability, and property rights governance, while the latter involves full-stack refactoring of accounts, consensus, DA, ZK, and L2s. Other public chains are better suited as supplementary references for technical paths and risk scenarios.

  • Solana represents high-throughput chains exploring the engineering cost of PQ signature verification; its community has discussed Falcon-512 / FN-DSA verification syscalls, but this solution remains exploratory and complementary, not replacing existing Ed25519, nor does it mean Solana has an official migration roadmap.

  • Starknet / STARKs represent the more PQ-friendly ZK route of hash-based proof systems. Compared to SNARK systems relying on pairings/KZG, STARK's underlying proving mechanism is more suitable as a post-quantum ZK direction. However, this does not mean the entire Starknet network is quantum-safe; wallet signatures, hash parameters, bridging mechanisms, and Ethereum L1 settlement still require synchronized migration.

  • QRL, Quantus, Abelian and other native or quasi-native PQ chains provide technical references for clean-slate post-quantum design: QRL represents the early hash-based signature route, Quantus represents the new-generation narrative of native PQ L1 based on NIST PQC, and Abelian leans towards lattice-based privacy-preserving L1. They demonstrate viable paths of “building quantum-resistant chains from day one,” but their network effects, liquidity, and application ecosystems are still far weaker than BTC/ETH, making them better suited as technical samples.

Conclusion: Security Debt Maturity and the "Q-Day" Countdown for the Entire Ecosystem

Quantum computing is not an “apocalyptic weapon” that will end blockchain but represents a systemic reset of modern public-key cryptography. The core threat lies in future large-scale fault-tolerant quantum computers (CRQC) with strategic-level cracking capabilities. The industry's real risk is not the lack of post-quantum algorithms (PQC), but whether the entire Web3 ecosystem can complete full-chain coordinated migration before Q-Day (the critical point of quantum cracking capability). In the short to medium term, the risk of failure in existing signature systems combined with the high cost of full-stack upgrades constitutes a heavy “security debt.” In the long run, survival pressure will transform into an industrial catalyst, directly spawning entirely new security infrastructure sectors like PQ hybrid wallets, quantum-resistant institutional custody, quantum risk radars, and PQ signature aggregation.

Although the macro preparation period may be as long as 5–15 years, the truly comfortable “engineering comfort window” is only 5–8 years remaining. This demands high coordination across the entire chain (from BIP/EIP proposals, node implementations, wallet adaptations, to compliance upgrades for exchanges and custodians). More importantly, market re-pricing may occur before Q-Day itself: once quantum resource estimates continue to be revised downward, hardware roadmaps significantly accelerate, or regulators and large custodians begin demanding PQC compliance, the market may start scrutinizing blockchain assets' cryptographic security models earlier. Within this window, the two core ecosystems will face fundamentally different ultimate tests:

  • Bitcoin: The core challenge is not cryptography, but global social consensus and property rights governance. How to handle long-dormant Legacy UTXOs with exposed public keys is a political battle concerning the narrative foundation of “immutability.”

  • Ethereum: The core challenge lies in the engineering complexity of multi-layer protocols and the full-stack ecosystem. How to complete cryptographic replacement across account, consensus, DA, and ZK layers without causing network paralysis, while counteracting signature volume inflation.

In long-term asset allocation, post-quantum governance friction constitutes a “structural tail risk” for BTC, but it is by no means a reason for bearishness today. Its “difficult to change” ultra-conservative governance presents a double-edged sword effect: it is both the greatest resistance to quantum migration and the core moat maintaining its store-of-value narrative and resisting centralized intervention, requiring investors to abandon the static belief that “BTC never needs major upgrades.” In the future, if any of the following scenarios occur—the Q-Day timeline is substantively accelerated, the community refuses to advance PQ migration while the peripheral ecosystem has already taken action, high-value exposed public key UTXOs trigger panic selling, or legacy asset disposal falls into complete fragmentation—the market will reprice BTC's security model and underlying consensus.

Domande pertinenti

QWhat is the primary risk quantum computing poses to blockchain, and which algorithm specifically threatens the foundation of public-key cryptography used in major blockchains like Bitcoin and Ethereum?

AThe primary risk quantum computing poses to blockchain is the potential to break the underlying public-key cryptography that secures assets and identities. The Shor algorithm specifically threatens the foundations of cryptography like Elliptic Curve Cryptography (ECC) and RSA, which are used in Bitcoin and Ethereum. If a sufficiently powerful fault-tolerant quantum computer (CRQC) exists, Shor's algorithm could derive private keys from exposed public keys, allowing for signature forgery and asset theft.

QWhat is the key difference between the threats posed by Shor's algorithm and Grover's algorithm to cryptography?

AThe key difference is their impact on cryptography. Shor's algorithm performs an 'exponential speedup' attack, fundamentally breaking the mathematical problems (like integer factorization and discrete logarithms) underlying modern public-key cryptography (ECC, RSA). Grover's algorithm, however, only provides a 'quadratic speedup' for brute-force searches, effectively halving the security strength of symmetric encryption (like AES) or hash functions. The threat from Shor's is structural and catastrophic, while Grover's can be mitigated by doubling key lengths or using larger hash outputs.

QWhat does 'Q-Day' refer to, and what is the 'Mosca inequality' that explains the urgency of post-quantum migration even before Q-Day arrives?

A'Q-Day' refers to the hypothetical future point in time when a quantum computer first becomes capable of practically breaking widely-used public-key cryptographic systems. The 'Mosca inequality' (X + Y > Z) explains the urgency: X is the time data needs to remain confidential, Y is the time required to migrate systems to post-quantum cryptography (PQC), and Z is the time until Q-Day. If the sum of data lifespan and migration time exceeds the time until Q-Day, the system is already behind in its migration. This highlights that data encrypted today could be decrypted in the future, making proactive migration necessary.

QWhat are the main technical and governance challenges for Bitcoin's migration to post-quantum security?

ABitcoin's migration faces significant technical and governance challenges. Technically, post-quantum signature schemes (like ML-DSA or SLH-DSA) are much larger (kilobytes vs. ~70 bytes for ECDSA), leading to severe blockchain bloat, higher fees, and increased node resource demands. Governance-wise, the core challenge is social consensus. Deciding how to handle legacy UTXOs (especially high-value, dormant ones with exposed public keys) creates a 'values dilemma' between adhering to the 'code is law' immutability principle and taking action to prevent mass theft. Achieving coordinated, global consensus for a soft-fork upgrade across miners, nodes, wallets, and exchanges is extremely difficult.

QHow does Ethereum's approach to post-quantum migration differ from Bitcoin's, particularly in handling user accounts (EOAs)?

AEthereum's approach differs by leveraging its smart contract capabilities and a more active development roadmap. For user accounts (Externally Owned Accounts - EOAs), Ethereum does not plan a forced, coordinated hard-fork. Instead, it uses Account Abstraction (e.g., ERC-4337, EIP-7702) to enable smart contract wallets with 'signature agility.' This allows users to gradually migrate to post-quantum signatures (or use hybrid signatures) at their own pace within their smart contract wallet, without requiring a global protocol upgrade. This provides a buffer and reduces governance friction compared to Bitcoin's need for a network-wide soft-fork to introduce new transaction/output types.

Letture associate

MSTR Discloses Sale of 3,588 Bitcoins, Stock Price Drops Over 5% at One Point During Trading

MicroStrategy, the world's largest corporate holder of Bitcoin, has significantly shifted its business model. Between June 29 and July 5, the company sold 3,588 bitcoins for approximately $216 million to fund quarterly dividends for its preferred stock. This marks its largest-ever Bitcoin sale and signals a strategic pivot: Bitcoin is transitioning from a "buy-and-hold" reserve asset to a liquidity management tool for the company. This move follows a recent authorization allowing Bitcoin sales when equity fundraising is less attractive. The announcement contributed to a more than 5% intraday drop in MicroStrategy's stock price, while Bitcoin fell to around $61,800—below the company's average holding cost of roughly $75,700. The sale represents a major departure from MicroStrategy's long-standing "never sell" commitment, which saw its first minor breach in May with a $2.5 million sale. The latest, hundred-times-larger transaction underscores growing financial pressures. Analysts note the company faces about $1.5 billion in annual preferred dividend obligations, far exceeding cash flow from its software business. As of July 5, MicroStrategy holds 843,775 bitcoins. Its current operational logic involves buying Bitcoin during favorable financing conditions and selling portions to cover dividends when needed, creating a flexible capital management cycle amidst a challenging market environment.

华尔街日报18 min fa

MSTR Discloses Sale of 3,588 Bitcoins, Stock Price Drops Over 5% at One Point During Trading

华尔街日报18 min fa

Q-Day Countdown: Will Quantum Computing End Cryptocurrencies?

Quantum Computing's Threat to Cryptocurrency: A Countdown to Q-Day Quantum computing, specifically Shor's algorithm, poses a fundamental threat to the public-key cryptography (e.g., ECDSA, RSA) that secures blockchain networks like Bitcoin and Ethereum. This critical juncture, known as Q-Day, is estimated to occur potentially within the next 5-15 years. The core vulnerability stems from the public and immutable nature of blockchains. Assets in addresses where the public key is already exposed on-chain (e.g., spent outputs) are at direct risk, as a sufficiently powerful quantum computer could derive the private key. This threatens the very trust model of cryptocurrencies. The response lies in Post-Quantum Cryptography (PQC)—algorithms like lattice-based ML-DSA and hash-based SLH-DSA, which are resistant to quantum attacks. NIST has standardized key PQC algorithms (FIPS 203, 204, 205), providing a migration path. However, the primary challenge is not technical but socio-economic and involves complex governance: * **Bitcoin's** path is constrained by its conservative ethos. Migrating requires a soft-fork to new address types, facing hurdles like significantly larger signature sizes and, most critically, the divisive governance question of how to handle at-risk legacy UTXOs without violating core principles. * **Ethereum** is pursuing a "cryptographic agility" strategy, with a multi-layered roadmap. It leverages account abstraction for user accounts and is developing compressed hash-based signatures (e.g., leanXMSS) for its consensus layer, aiming for a full-stack upgrade over time. In conclusion, quantum computing does not spell an instant end for cryptocurrency but initiates a critical countdown. The industry has a limited "engineering comfort window" to orchestrate a coordinated, ecosystem-wide migration to PQC. The ultimate bottlenecks are the immense coordination efforts and governance decisions required for this foundational transition.

marsbit1 h fa

Q-Day Countdown: Will Quantum Computing End Cryptocurrencies?

marsbit1 h fa

Trump, the President Who Knows Best How to 'Trade Stocks'

Former US President Donald Trump reported a record-breaking $2.2 billion in personal income for 2025, the highest annual income ever disclosed by a sitting president. This figure, from a 927-page government ethics filing, represented a 3.5-fold increase from his $600 million income in 2024 and boosted his net worth to $6.5 billion. The primary drivers were cryptocurrency (64% of income, approximately $1.4 billion) and real estate (26%, approximately $575 million). His crypto earnings stemmed largely from the launch of his personal meme coin, $TRUMP, generating over $600 million in licensing fees, and substantial profits from the WLFI token and its parent company. Despite a sluggish property market, his Mar-a-Lago resort and associated golf clubs saw revenue surges of 50% and 27%, respectively, attributed to their use as venues for presidential events. Trump's financial disclosure also revealed an unprecedented level of stock market activity, with over 22,000 trades executed in 2025, averaging 87 trades per market day. Media analyses noted several instances where significant trading coincided with major policy announcements, such as proposed tariffs, raising questions about potential conflicts of interest. While the White House stated these trades were handled by a family-managed trust fund and not Trump directly, critics highlighted this as a departure from the blind trusts traditionally used by presidents post-Watergate. The report has intensified debate over the commercialization of the presidency. Supporters view it as a success story of a businessman-president, while critics argue it demonstrates an unprecedented conversion of public influence into private wealth, with policy decisions potentially linked to personal financial gains. The controversy centers on whether Trump's earnings represent innovative entrepreneurship or a fundamental conflict of interest, sparking renewed calls for stricter ethics reforms in US governance.

marsbit1 h fa

Trump, the President Who Knows Best How to 'Trade Stocks'

marsbit1 h fa

Trading

Spot
活动图片