Why is Bitcoin discussing quantum computing risks now?

The debate intensified after research from Google Quantum AI suggested future quantum computers may require fewer resources than previously estimated to break Bitcoin’s secp256k1 cryptography. That raised concerns about the long-term security of older Bitcoin wallets and signatures.

What did Stanford cryptographer Dan Boneh warn about?

Dan Boneh warned that rushing Bitcoin into a post-quantum migration by 2029 could create more immediate danger than quantum attacks themselves. He argued that poorly tested upgrades could introduce catastrophic bugs into the network.

Can quantum computers break Bitcoin today?

No. Current quantum computers are nowhere near powerful enough to break Bitcoin cryptography. Most researchers still believe a cryptographically relevant quantum machine is likely many years away.

What is secp256k1 and why does it matter?

Secp256k1 is the elliptic curve cryptography system used to secure Bitcoin wallets and transactions. If future quantum computers could break it, attackers might theoretically derive private keys from exposed public keys.

What is Shor’s algorithm?

Shor’s algorithm is a quantum computing method that could theoretically break certain encryption systems much faster than classical computers. It is considered one of the main long-term threats to Bitcoin’s current cryptographic design.

Why are older Bitcoin wallets considered more vulnerable?

Some older Bitcoin addresses exposed public keys directly onchain when coins were spent. Researchers estimate that a large share of dormant or legacy Bitcoin could theoretically become vulnerable if sufficiently powerful quantum computers are ever developed.

BIP 361 is a Bitcoin proposal focused on post-quantum migration and phasing out older signature systems that may eventually become vulnerable. The proposal has become a major part of Bitcoin’s governance debate around future quantum preparedness.

Image for illustrative purposes only. Not a real photo.

Stanford cryptographer warns Bitcoin against rushed quantum shift

Q: What solution does Dan Boneh support for Bitcoin?

Boneh supports a gradual migration using hybrid cryptographic signatures that combine current elliptic curve systems with post-quantum protections. He argued this would reduce the risk of destabilising the network with rushed upgrades.

Written by Isaac FrancisPublished May. 26 2026

Stanford cryptographer Dan Boneh warned that a rushed transition to quantum-resistant cryptography could create greater near-term risks for Bitcoin than quantum computers themselves.

Boneh said Bitcoin should prepare for future quantum threats but cautioned that aggressively forcing a post-quantum migration by 2029 could introduce catastrophic software bugs into the network.

“A hasty transition to post quantum, in my mind, is more likely to cause a catastrophic bug than we’ll be attacked by a quantum computer,”

Boneh said in comments amplified by crypto commentator, Isabel Foxen Duke.

The debate intensified after a March research paper from Google Quantum AI suggested that Shor’s algorithm could theoretically break Bitcoin’s secp256k1 cryptography using fewer quantum resources than previously estimated.

Boneh said a cryptographically relevant quantum computer before 2035 remains possible but still unlikely under current industry funding levels, though he acknowledged timelines could accelerate if quantum development became a major geopolitical priority.

The discussion has also expanded into Bitcoin governance debates around BIP 361, a proposal addressing post-quantum migration and the gradual phase-out of vulnerable legacy signature systems.

Boneh argued that Bitcoin should pursue a slower transition using hybrid cryptographic signatures combining current elliptic curve systems with post-quantum protections, rather than attempting a rapid replacement of the network’s security architecture.

At the time of reporting, Bitcoin price was $76,709.19.