What is a Q day? Explaining the quantum threat to Bitcoin

Quantum computers cannot break Bitcoin Encryption Today, however, new developments in this area indicate that the gap is closing faster than expected.

Progress toward fault-tolerant quantum systems raises the stakes for “Q day“, the moment when a sufficiently powerful machine can crack old Bitcoin addresses and reveal more than… $711 billion In the weak governor.

Q-Day has long been seen as a far-reaching threat on the horizon, and has been brought into sharp focus on March 2026, with several events. Research papers Which suggests quantum computers can Encryption systems were broken sooner than expected.

Upgrade Bitcoin Reaching a post-quantum state will take years, meaning work must begin long before the threat arrives. The challenge, experts say, is that no one knows when that will happen, and the community has struggled to agree on how best to move forward with the plan.

This uncertainty has led to a long-standing fear that A As much as a computer Those that can attack Bitcoin may become online before the network is ready.

In this article, we’ll take a look at the quantum threat Bitcoin faces and what needs to change to make it number one blockchain ready.

How would a quantum attack work?

A successful attack will not seem so dramatic. A thief equipped with quantum technology will begin by scanning a file blockchain For any address ever disclosed Public key. Old wallets, reused addresses, early miner output, and many dormant accounts fall into this category.

The attacker copies the public key and runs it through a quantum computer using… Shor’s algorithm. Developed in 1994 by mathematician Peter Shor, the algorithm gives a quantum machine the ability to factor large numbers and solve the discrete logarithm problem much more efficiently than any classical computer. Bitcoin Elliptic curve Signatures depend on the difficulty of those problems. With enough error-correcting qubits, a quantum computer could use Shor’s method to calculate Private key Associated with the exposed public key.

said Justin Thaler, a research partner at Andreessen Horowitz and an associate professor at Georgetown University DecryptionOnce the private key is recovered, the attacker can transfer the coins.

“What a quantum computer can do, and this is what is relevant to Bitcoin, is formulate the digital signatures that Bitcoin uses today,” Thaler said. “Someone with a quantum computer could authorize a transaction that takes all the bitcoins out of your accounts, or however you want to think about it, when you wouldn’t allow it. That’s the concern.”

The forged signature will look real to the Bitcoin network. Contract It will accept it, the miners will include it in a block, and nothing on the chain will indicate that the transaction is suspicious. If an attacker hits a large group of exposed addresses at once, billions of dollars could move in a matter of minutes. Markets will start to react before anyone can confirm a quantum attack.

In March 2026, research papers written by California Institute of Technology and Google He suggested that future quantum computers could break elliptic curve cryptography using fewer qubits and computational steps than previously expected.

The papers sparked panic among the cryptocurrency community, along with Bitcoin security researcher Justin Drake twitter That “there is at least a 10% chance that by 2032 a quantum computer will recover the secp256k1 ECDSA private key from an exposed public key” by that date.

Where does quantum computing stand in 2026?

As of 2025, quantum computing is starting to look less theoretical and more practical.

• November 2025: IBM announced the new chips Software that aims to achieve quantum advantage in 2026 and fault-tolerant systems by 2029.
• January 2025: Google 105 qubits Willow The chip showed a sharp reduction in errors and a benchmark exceeding that of classical supercomputers.
• February 2025: Microsoft launched its product Majorana 1 Platform and Log Log for Qubit Entanglement Using Atom Computing.
• April 2025: Nest Extending the coherence of a superconducting qubit to 0.6 ms.
• June 2025: IBM Group Objectives From 200 logical qubits by 2029 and more than 1000 in the early 2030s.
• September 2025: California Institute of Technology unveil A neutral-atom quantum computer that runs on 6,100 qubits with 99.98% accuracy.
• October 2025: IBM Entangled 120 qubits; Google certain Verified quantum acceleration.
• March 2026: Research papers from California Institute of Technology and Google Suggesting that quantum computers could threaten Bitcoin’s encryption sooner than expected, Bitcoin security researchers have put together a… 10% chance On a quantum computer that recovers Bitcoin’s private key by 2032.
• April 2026: the Proposal BIP-361 It aims to address the risks of quantum attacks through Freeze weak quantum coinsThis sparked a division in the Bitcoin community.

Why has Bitcoin become weak?

Bitcoin signatures use elliptic curve cryptography. Spending from an address exposes the public key behind it, and this exposure is permanent. In Bitcoin’s early public key payment formula, many addresses published their public keys on the chain even before the first spend. Subsequent public paid key hash formats kept the key hidden until first use.

Because their public keys were never hidden, these oldest coins, including nearly 1 million Satoshi-era Bitcoin, is vulnerable to quantum attacks in the future. The shift to post-quantum digital signatures requires active participation, Thaler said.

“In order for Satoshi to be able to protect his coins, he will have to transfer them to new wallets after quantum security,” he said. “The biggest concern is abandoned coins, worth about $180 billion, including nearly $100 billion believed to belong to Satoshi. These are huge sums of money, but they are abandoned, and that is the real danger.”

Adding to the risk are the coins associated with lost private keys. Many of them have remained untouched for more than a decade, and without those keys, they could never be transferred to quantum-resistant wallets, making them viable targets for a future quantum computer.

No one can freeze Bitcoin directly on-chain. Practical defenses against future quantum threats focus on migrating vulnerable funds, adopting post-quantum addresses, or managing existing risks.

However, Thaler noted that post-quantum cryptographic and digital signature systems come with significant performance costs, since they are much larger and more resource-intensive than current lightweight 64-bit signatures.

“Today’s digital signatures are about 64 bytes in size. Post-quantum versions can be 10 to 100 times larger,” he said. “In blockchain, scaling is a much bigger problem because every node has to store those signatures forever. And managing that cost, the literal size of the data, is much harder here than in other systems.”

Protection paths

Developers have put forward several Bitcoin improvement proposals to prepare for future quantum attacks. They take different paths, from light optional protections to full network migrations.

• Pep-360 (P2QRH): Creates new “bc1r…” addresses that combine existing elliptic curve signatures with post-quantum systems such as ML-DSA or SLH-DSA. It offers hybrid security without a hard fork, but larger signatures mean higher fees.
• Quantitative safe radical: Adds a hidden post-quantum branch to Taproot. If quantum attacks become realistic, miners may be able to conduct a soft fork to claim a post-quantum branch, while users operate normally until then.
• Quantum-resistant address relay protocol (Grump): A mandatory migration plan moves vulnerable UTXOs to quantum-safe addresses, likely through a hard fork.
• Pay to Taproot Hash (P2TRH): Replaces visible Taproot keys with double-hashed versions, limiting the viewing window without new encryption or breaking compatibility.
• Non-interactive transaction compression (NTC) via STARKs: It uses zero-knowledge proofs to compress large post-quantum signatures into a single proof per block, reducing storage costs and fees.
• Commitment detection schemes: Rely on fragmented commitments published in advance of any quantum threat.
• Auxiliary UTXOs attach small post-quantum outputs to protect spending.
• “Poison pill” transactions allow users to pre-publish recovery paths.
• Fawkescoin-style variables remain dormant until a real quantum computer is demonstrated.
• Pep-361: The “Post-Quantum Migration and Legacy Signature Sunset” proposal would phase out the network’s current signature schemes, implementing a protocol-enforced freeze on quantum-risk legacy coins.
• Canary box: Proposed by BitMEX Research as an alternative to BIP-361, this would generate a “canary” address vulnerable to quantum vulnerabilities whose public key would be published; A valid spend from the address will activate a soft fork that blocks weak quantum spends.
• QSB: Suggested by StarkWare researcher Avihu Mordechai Levy “Quantum Safe Bitcoin” The transaction system will see elliptic curve signatures replaced by hash-based cryptography and Lamport signatures, an early signature scheme considered resistant to quantum attacks.

Combined, these proposals chart a step-by-step path toward quantum security: quick, low-impact fixes like P2TRH now, and heavier upgrades like BIP-360 or STARK-based compression as the risks grow. They will all need widespread coordination, and many post-quantum address formats and signature systems are still at an early stage of discussion.

Community alignment

One of the key issues facing efforts to implement quantum resistance on Bitcoin is aligning the community around a single solution.

Thaler noted that Bitcoin’s decentralization — its greatest strength — also makes major upgrades slow and difficult, since any new signing scheme would need broad agreement among miners, developers, and users.

“There are two main issues for Bitcoin. First, upgrades take a long time, if they happen at all. Second, there are abandoned coins. Any migration to post-quantum signatures has to be active, and the owners of those old wallets are gone,” Thaler said. “The community must decide what happens to them: either agree to remove them from circulation or do nothing and let coin-equipped attackers take them. This second path would be legally gray, and those who seize the coins will likely not care.”

This was brought into sharp focus following the BIP-361 proposal, with its mandatory freeze on quantum-risk cryptocurrencies which proved controversial among the Bitcoin community. Bitcoin OG Adam Buck called for Alternative approach Includes optional upgrades, while Cardano founder Charles Hoskinson Argue About 1.7 million BTC would remain at risk under the proposal.

What should I do?

Most Bitcoin holders don’t need to do anything right away. A few habits go a long way to reducing long-term risk, including avoiding reusing addresses so your public key remains hidden until you spend, and sticking to modern wallet formats.

Today’s quantum computers are nowhere close to beating Bitcoin, and predictions about when they will do so vary widely. Some researchers see a future threat Five yearsAnd others push him to 1930sBut he continued Investments It can speed up the timeline.