Summary
Bitcoin’s Quantum Risk Is Closer Than You Think argues that much of today’s coverage gets the benchmark wrong. Many articles cite RSA‑2048 qubit estimates to reassure readers that Bitcoin is safe, but Bitcoin does not use RSA at all. It relies on ECDSA over the secp256k1 elliptic curve. Shor’s algorithm targets elliptic curve discrete log with far fewer quantum resources than required to factor RSA‑2048, so using RSA timelines systematically understates Bitcoin’s exposure.
The piece highlights the security inversion between RSA and ECC. Classically, a 256‑bit curve gives roughly 128‑bit security, comparable to 3,072‑bit RSA, because ECC’s best classical attack is much costlier per bit than RSA’s. In the quantum setting that advantage disappears. A machine capable of breaking 256‑bit ECC is expected well before one that can factor RSA‑2048, which places Bitcoin’s ECDSA ahead of RSA on the quantum risk timeline.
For CISOs and crypto risk owners, the takeaway is to recalibrate models to the primitive Bitcoin actually uses. Base timelines on ECC‑specific resource estimates, not RSA. Start assessing exposure where public keys are revealed, tighten key hygiene and rotation, and track post‑quantum signature options and their on‑chain costs. Using the right benchmark is the difference between a planned migration and a scramble.
Read more
See the original article at: https://postquantum.com/post-quantum/bitcoin-quantum-risk-closer-ecc/