Jan3 founder Samson Mow warns a rushed quantum fix could endanger Bitcoin more than the threat it aims to solve, sparking a debate over the network's future.
The debate over securing Bitcoin's $1.3 trillion network from quantum computers is intensifying, with competing proposals facing criticism for potentially introducing new risks and higher fees. The discussion was reignited by recent Google research suggesting a sufficiently powerful quantum machine could crack Bitcoin's core cryptography in under nine minutes, faster than the network's 10-minute average block settlement time.
“Simply put: make Bitcoin safe against quantum computers just to get pwned by normal computers,” Jan3 founder Samson Mow said on X, pushing back against calls from Coinbase executives for faster action on quantum-resistant upgrades.
At the heart of the debate are post-quantum signatures, which are estimated to be 10 to 125 times larger than Bitcoin's current 64-byte signatures. According to Mow, this massive increase in data size would severely reduce network throughput, increase transaction fees, and could spark a "Blocksize Wars 2.0," referencing the contentious 2017 debate over network scaling.
With some analysts projecting a viable quantum threat as early as 2029, the stakes are immense. Roughly 6.5 million bitcoin are in addresses a quantum computer could directly target, including about 1.7 million BTC in early P2PK addresses, some of which belong to Bitcoin’s creator, Satoshi Nakamoto. A successful attack would not only be financially catastrophic but would also shatter Bitcoin's fundamental premise as "sound money" secured by code.
A quantum computer threatens Bitcoin by reversing its core security assumption: that it's computationally impossible to derive a private key from a public key. The public key is exposed in two primary scenarios.
The first is a "long-exposure" attack, which targets coins sitting idle in addresses where the public key is permanently visible on the blockchain. This includes the 1.7 million BTC in legacy Pay-to-Public-Key (P2PK) addresses and the modern Taproot (P2TR) format, which also embeds the public key on-chain.
The second is a "short-exposure" attack targeting transactions in motion. When a transaction is broadcast, it sits in the mempool waiting for a miner to include it in a block. During this brief window, the public key is visible, giving a quantum attacker a chance to derive the private key and broadcast a competing transaction to steal the funds before the original is confirmed.
In response to these threats, developers have been working on several Bitcoin Improvement Proposals (BIPs), each with its own set of tradeoffs.
BIP 360 (Pay-to-Merkle-Root): This proposal aims to shield new coins from the long-exposure attack by removing the public key from the on-chain record. It introduces a new output type that hides the key, giving a quantum computer nothing to attack. However, it would not protect the millions of bitcoins already in exposed addresses.
SPHINCS+ Signatures: Standardized by the U.S. National Institute of Standards and Technology (NIST), this hash-based signature scheme is considered resistant to quantum attacks. The major drawback is size. SPHINCS+ signatures can be over 8 kilobytes, the source of Mow's concern about network efficiency and higher fees.
Commit/Reveal Scheme: Proposed by Lightning Network co-creator Tadge Dryja, this soft fork would protect against the short-exposure mempool attack. It involves a two-step process where a user first "commits" a hash of their transaction to the blockchain and only later "reveals" the full transaction details, but this increases transaction costs.
Hourglass V2: This controversial proposal addresses the 1.7 million BTC in already-exposed P2PK addresses. It accepts that these coins could be stolen and seeks to prevent a market-cratering sell-off by limiting the rate at which they can be spent to one bitcoin per block.
While the debate continues, the steady flow of research and proposals indicates that developers are taking the long-term threat seriously. However, given Bitcoin's decentralized governance model, any consensus on a path forward is expected to be a slow and deliberate process.
This article is for informational purposes only and does not constitute investment advice.
