Quantum vulnerabilities

The implications for bitcoin are the following¹:

Reusing addresses #

To spend bitcoin from an address the public key associated with that address must be revealed. Once the public key is revealed in the presence of a quantum computer the address is no longer safe and thus should never be used again. While always using fresh addresses is already the suggested practice in Bitcoin, in practice this is not always followed. Any address that has bitcoin and for which the public key has been revealed is completely insecure.

Processed transactions #

If a transaction is made from an address which has not been spent from before, and this transaction is placed on the blockchain with several blocks following it, then this transaction is reasonably secure against quantum attacks. The private key could be derived from the published public key, but as the address has already been spent this would have to be combined with out-hashing the network to perform a double spending attack. Even with a quantum computer a double spending attack is unlikely once the transaction has many blocks following it.

Unprocessed transactions #

After a transaction has been broadcast to the network, but before it is placed on the blockchain it is at risk from a quantum attack. If the secret key can be derived from the broadcast public key before the transaction is placed on the blockchain, then an attacker could use this secret key to broadcast a new transaction from the same address to his own address. If the attacker then ensures that this new transaction is placed on the blockchain first, then he can effectively steal all the bitcoin behind the original address.

Quantum computer mining (unlikely to pose as a threat) #

We can almost certainly say that quantum computers wont pose a risk to the Bitcoin’s Proof-Of-Work system, even with optimistic estimates. Even if it did (for e.g. economical reasons), it would mean that quantum computers would be likely competing with each other.