Bitcoin Core — Post-Quantum Cryptography Analysis
Bitcoin's security model depends entirely on secp256k1 ECDSA for transaction signing and Schnorr signatures (Taproot). Both are broken by Shor's algorithm. A quantum computer with ~4000 logical qubits could derive a private key from a public key, enabling theft of any exposed address. ~4 million BTC in p2pk outputs expose public keys directly. SHA-256 (mining) reduces to 128-bit security under Grover's but remains viable longer.
Findings
secp256k1 ECDSAsrc/secp256k1/src/secp256k1.cUsed for ALL transaction signatures. Shor's algorithm derives private key from exposed public key. P2PK and P2PKH outputs that have been spent expose public keys.
Schnorr / Taproot (secp256k1)src/script/interpreter.cppSchnorr signatures on secp256k1 are equally quantum-vulnerable to ECDSA — same underlying discrete-log assumption.
ECDH (BIP-32 HD wallets)src/key.cppBIP-32 child key derivation uses ECDH. Quantum attacker can derive all HD wallet keys from xpub.
SHA-256 (Proof of Work)src/crypto/sha256.cppGrover's algorithm provides quadratic speedup: effectively 128-bit security post-quantum. Mining advantage exists but doesn't break consensus.
Compliance note
Bitcoin's quantum risk is the most extensively studied in cryptography. The IETF, NIST, and BIS have all flagged secp256k1-based systems as requiring migration. The Bitcoin network would require a hard fork to adopt PQC — the lead time for consensus is measured in years, not months.
Is your codebase using any of these algorithms?
QuantumScan checks your repo in ~90 seconds. Free. No account needed. Supports GitHub, GitLab, Bitbucket, and ZIP uploads.
Run a free scan →