A new position paper from Coinbase’s Independent Advisory Board on Quantum Computing and Blockchain makes a clear, practical case: quantum computers capable of breaking today’s crypto are not around the corner, but the industry can no longer treat migration as a far-off problem. Published April 21 and authored by a group including Scott Aaronson, Dan Boneh, Justin Drake, Sreeram Kannan, Yehuda Lindell and Dahlia Malkhi, the report says it has “high confidence” a large-scale fault-tolerant quantum computer will eventually be built — and urges blockchains to start planning now.
The authors frame the threat as a foreseeable engineering challenge rather than an immediate market shock. They point to NIST’s guidance that post-quantum migrations should be complete by 2035, while acknowledging they are “not confident” that cryptographically relevant quantum machines won’t exist by then. Still, they reject complacency: “Waiting for it to be urgent is not a good idea,” the paper warns. The timeline debate matters less than the simple fact that migrations are complex and require long lead times.
The report divides the problem into consensus-layer and execution-layer risks. Consensus-layer risks involve validators’ block signatures; execution-layer risks concern user transaction signatures. Replacing elliptic-curve schemes isn’t trivial because the clean post-quantum alternatives tend to be heavier — larger signatures, higher verification costs and trickier aggregation — which complicates on-chain economics and performance.
Bitcoin’s section treats the issue pragmatically. Breaking standard public-key signatures needs machines far beyond current devices, and Grover’s algorithm is unlikely to give quantum miners an advantage over ASICs in the near term. But the board highlights a pressing vulnerability: not all BTC addresses hide public keys behind hashes. Citing Project 11, it estimates roughly 6.9 million BTC are in UTXOs where the public key is already exposed, including about 1.7 million BTC in older pay-to-public-key (P2PK) outputs — among them early Satoshi-era coins. Those outputs could be targeted by a “harvest-now, break-later” attack once powerful quantum hardware appears. Practical mitigations proposed include a commit-reveal spending pattern for legacy UTXOs and an “Hourglass” cap that would limit spending from exposed P2PK outputs to 1 BTC per block, effectively turning dormant coins into a slow-release canary rather than an instant jackpot.
Ethereum faces a broader surface area, the paper says, identifying four quantum-sensitive vectors: externally owned account (EOA) transaction signing at the execution layer, BLS validator signatures at consensus, pairing-based proof systems in the EVM, and KZG commitments in the data layer. The board outlines a likely path forward: move to hash-based signatures for both consensus and execution — leanXMSS for validators and leanSPHINCS for user-level signing — and then compress the heavier post-quantum signature load with SNARK-based aggregation. The resulting on-chain aggregate signature in that design would be on the order of 128 KB.
Operationally, the advisory board favors staged, carefully engineered migration rather than a hard cutover. Suggestions include periodic post-quantum checkpoints at the consensus layer to anchor history ahead of a full switchover, and a “1-out-of-2” execution-layer approach that lets users sign with either today’s elliptic-curve keys or a post-quantum alternative. That preserves low costs for current users while giving networks the option to disable legacy signatures later.
Bottom line: the threat isn’t immediate, but the work is long and the stakes are high. “We firmly believe that a large-scale fault-tolerant quantum computer will eventually be built,” the authors write. “This doesn’t mean that the threat is imminent… However, we believe that the time to begin preparing for it is now.”
At press time, Bitcoin traded at $77,974.
Read more AI-generated news on: undefined/news
