Bitcoin Faces Quantum Threat: BIP 360 Offers First Defense

Bitcoin Faces Quantum Threat: BIP 360 Offers First Defense

The digital currency world is abuzz with talk of a future threat that could undermine Bitcoin’s security: quantum computing. While the exact timeline remains uncertain, a new Bitcoin Improvement Proposal, known as BIP 360, represents the first official step towards making Bitcoin resistant to these powerful future machines.

Understanding the Quantum Computing Challenge

Quantum computers are a new type of computer that can perform calculations far beyond the abilities of today’s standard computers. This immense power could allow them to break the complex encryption that protects digital assets like Bitcoin. The hypothetical moment when this threat becomes a reality is even known as “Q-day.” However, many in the crypto community have dismissed this risk, believing such advanced quantum computers are still decades away.

The truth is, no one knows for sure when Q-day might arrive. This uncertainty is precisely why proactive measures are needed now. Fortunately, BIP 360 has been drafted to specifically address Bitcoin’s vulnerability to quantum attacks. Its recent addition to Bitcoin’s technical roadmap signals a significant move towards ensuring the long-term safety of the network.

How Quantum Computers Threaten Bitcoin

Quantum computers are not inherently bad; they hold the potential to revolutionize fields like medicine, climate science, and logistics. But their power also means they could crack the encryption securing Bitcoin. Bitcoin’s security relies on two main types of encryption: SHA-256, used for mining, and Elliptic Curve Cryptography (ECC), used for wallets.

Mining, which uses SHA-256, is already considered relatively safe from quantum attacks. The real concern lies with ECC, which protects user wallets. A powerful enough quantum computer could potentially guess the private keys, or secret codes, for a Bitcoin wallet using only the public address. This would allow an attacker to steal the Bitcoin stored in that wallet.

Taproot and Unintended Vulnerabilities

Bitcoin underwent a major upgrade called Taproot in 2021. Taproot aimed to improve privacy, efficiency, and flexibility. While beneficial, it unintentionally made older Bitcoin wallet types more exposed to a potential quantum attack. Before Taproot, public keys were hidden within a cryptographic hash until a transaction was made, acting as an extra layer of security.

Taproot changed this by making public keys the default for interacting with addresses. This means public keys can be visible on the blockchain as soon as funds are received. If quantum computers become capable of deriving private keys from public keys, Bitcoin held in these Taproot-enabled addresses could be at risk, even without being spent.

Estimates and Expert Opinions on Q-day

The exact amount of Bitcoin at risk and the timing of Q-day are subjects of much debate. Some experts, like those at the National Institute for Standards and Technology (NIST), suggest migrating to new cryptographic standards by 2035. Others, like IBM, predict thousands of quantum bits (qubits) – the building blocks of quantum computers – by 2033.

Prominent figures in the crypto space offer varied perspectives. Michael Saylor believes Q-day is more than a decade away, while Adam Back, a figure credited in the Bitcoin white paper, suggests it might not happen for another 20 to 40 years. However, some, like Vitalik Buterin, co-founder of Ethereum, have warned that quantum computers could crack Bitcoin’s encryption as early as 2028. Others, like David Chaum, CEO of a post-quantum infrastructure firm, believe the threat is much more immediate.

How Much Bitcoin is at Risk?

Estimates of the Bitcoin supply potentially at risk vary widely. Some analyses suggest that roughly 1.7 million Bitcoin, considered lost or inactive, could be vulnerable. Other researchers propose much smaller figures, around 10,000 BTC, while some, like the founder of CryptoQuant, estimate that up to 7 million BTC, or one-third of the total supply, could be at risk. More extreme predictions suggest all 21 million Bitcoin could eventually be exposed.

A project called “Project 11” tracks Bitcoin addresses with exposed public keys, which are considered most vulnerable. According to their data, approximately 6.8 million BTC, valued at around $470 billion, are currently in such addresses. This highlights the significant potential exposure.

BIP 360: The Proposed Solution

BIP 360, proposed in June 2024 and added to the Bitcoin Improvement Proposal repository in February 2024, aims to create new, quantum-resistant address types. The proposal was developed by a pseudonymous developer known as Hunter Beast.

Bitcoin currently has several types of addresses with different levels of quantum vulnerability. The most vulnerable are legacy “pay-to-public-key” (P2PK) outputs, used in early Bitcoin mining. Next are Taproot’s “pay-to-taproot” (P2TR) addresses, which can theoretically be reverse-engineered. More resistant are “pay-to-public-key-hash” (P2PKH) and “pay-to-witness-public-key-hash” (P2WPKH) addresses, which hash the public key, but still pose a risk when funds are spent.

Introducing P2MR Addresses

BIP 360 introduces a new address type called “pay-to-Merkle-root” (P2MR). These new addresses would start with the prefix “BC1Z.” The goal of P2MR is to maintain Taproot’s advantages while eliminating quantum vulnerabilities. Unlike Taproot’s key path spending, which exposes public keys, P2MR eliminates this exposure by committing to a Merkle root instead.

BIP 360 is described as a “simple, low-risk, that creates options for using Bitcoin in a quantum resistant way and a conservative first step.” It is intended to be the initial phase in a longer journey towards full quantum resistance, laying the groundwork for future upgrades. However, it’s important to note that BIP 360 does not fully solve the problem. It primarily addresses long-term exposure of public keys and does not fully mitigate the risk from short-exposure attacks, which would require further protocol upgrades.

The Road to Quantum Readiness

Implementing BIP 360 is not a quick process. Bitcoin upgrades are known for their slow pace due to the need for consensus among network participants. Experts estimate that it could take up to seven years for full quantum resistance, with BIP 360 itself potentially taking three years to activate. This timeframe includes development, testing, activation, and the subsequent adaptation by the broader Bitcoin ecosystem, including wallets, exchanges, and payment processors.

While BIP 360 is a crucial first step, it won’t be an automatic upgrade for all users. Moving funds to P2MR addresses will be a voluntary choice. Unspent transaction outputs (UTXOs) in older, vulnerable formats will remain at risk until users actively move their funds. Fully quantum-resistant signatures would require much more significant protocol changes in the future.

Other Solutions and User Precautions

Beyond BIP 360, other proposals are being explored. “Hourglass” aims to limit the impact of quantum attacks by restricting the use of vulnerable P2PK coins. Another concept involves freezing or even burning Bitcoin deemed lost, though this approach is controversial as it could set a precedent for modifying the protocol and confiscating coins.

More advanced solutions include hash-based signature schemes like Sphinx Plus and lattice-based schemes like Dilithium. These are considered strong candidates for future quantum resistance but require significant development and integration into the Bitcoin protocol. For now, users can take simple precautions: never reuse a Bitcoin wallet address and always keep wallet software updated. Staying informed about future BIP 360 features and other protocol upgrades is also essential.

The Long Game for Bitcoin Security

The development of quantum resistance for Bitcoin is a long-term effort. While BIP 360 is a significant milestone, it’s unlikely to be the final solution. The slow pace of Bitcoin upgrades means that quantum resistance will likely become a greater focus in the coming years, especially during market downturns when developers often concentrate on building foundational improvements.

The most sensible approach appears to be layered security, combining BIP 360 with other safety nets like Hourglass. Actions like freezing or burning Bitcoin are generally seen as detrimental, as they could undermine Bitcoin’s core principles and damage its reputation as a secure, decentralized asset. Protecting Bitcoin’s future involves not only defending against quantum attacks but also upholding the values that make it unique.

Source: Is Your Bitcoin Safe? The Urgent Quantum Computing Risk (YouTube)