The Quantum Threat to Blockchains

Executive Summary

Quantum computers represent a new era of computation, and the end of an era for classical cryptography. While current quantum computers are still relatively nascent in terms of capability, they are advancing rapidly. In light of current progress, they could make widely-deployed asymmetric cryptography obsolete within a decade, potentially even before this decade is out.

A quantum computer that breaks classical cryptography is called a “cryptographically relevant quantum computer” or CRQC. The moment a CRQC is realized is what we call “Q-Day”, and on that day, trillions of dollars currently secured under existing classical cryptographic schemes will be vulnerable. Only by migrating to cryptography that is secure against quantum attack can blockchains have any guarantee of being secure into the future.

The threat is accelerating as progress compounds across three dimensions: hardware improvements in physical qubit quality and scale, advances in quantum error correction efficiency, and algorithmic optimizations that reduce resource requirements. Recent developments over the last two years show this acceleration:

  • → Google’s 105-qubit Willow processor experimentally demonstrated quantum error correction below-threshold; a key milestone for scaling quantum computers. [1]
  • → Resource estimates for breaking the elliptic curve cryptography securing Bitcoin and the wider digital asset ecosystem have collapsed in parallel: a recent paper from Google Quantum AI and Stanford concludes that roughly 1,200 logical qubits and a runtime on the order of nine minutes on superconducting hardware would suffice, a runtime shorter than Bitcoin’s ten-minute average block settlement. [2]
  • → A 2026 neutral-atom proposal from researchers at Caltech and Oratomic, including John Preskill (Caltech) and Dolev Bluvstein (Oratomic), shows that Shor’s algorithm can be executed at cryptographically relevant scales using as few as 10,000 reconfigurable atomic qubits, orders of magnitude below 2021 baseline estimates. [3]

This progress profile means quantum computing advancement may potentially follow a “nothing-and-then-all-at-once” exponential trajectory not unlike other emerging technologies such as AI. Our analysis suggests that, based on current trends, Q-Day is more likely to occur than not by 2033, and potentially even as soon as 2030.

This timeline is a consequence of the fact that small improvements in error correction efficiency, higher qubit connectivity, or better code design create potential feedback loops leading to order-of-magnitude reductions in the resources needed for cryptanalysis. What appears as incremental hardware progress today might rapidly converge to a CRQC with little warning. Waiting until that point is clearly on the horizon risks insufficient time for post-quantum cryptography to be selected, tested, and deployed.

Blockchain systems are especially vulnerable. Unlike traditional systems with ephemeral keys and regular rotation schedules, blockchain addresses often hold funds on static public keys for years or decades. Once compromised, these keys provide direct access to financial assets with no recovery mechanism. And the public key cryptography used in signature schemes is the primary mechanism for determining “ownership” of digital assets. “Not your keys, not your crypto” evaporates in a post-quantum world.

The window for the world to migrate to post-quantum cryptography is narrowing. The distributed nature of blockchain networks means that migration to post-quantum cryptography may take the better part of a decade, longer than other centralized systems. The risk that the migration timeline is not complete by Q-Day motivates the urgency to proactively add post-quantum cryptography to blockchains.

This report covers:

  • What a quantum computer is, why it represents a threat, and where we stand on building a CRQC
  • How existing cryptography in blockchains is vulnerable to a CRQC
  • The state of post-quantum cryptography and how it needs to be applied to secure blockchains

“Migration to quantum-resistant cryptography is no longer optional but imperative for any blockchain system expected to be trusted and secure value into the future.”

Estimated Physical Qubits to Run Shor's Algorithm

Estimated number of physical qubits to run Shor's algorithm versus year of publication
Figure 1: Estimated number of physical qubits to run Shor's algorithm versus year of publication for prior resource estimates and the current work.