A Galaxy Digital report analyzes the threat posed by quantum computers to Bitcoin’s cryptography and the countermeasures already under development.
A Galaxy Digital report published on March 19 examines in detail the risk that quantum computing poses to Bitcoin, concluding that the threat is real but not imminent, and that the developer community is already working on solutions. The research frames the issue as a long-term engineering and governance challenge, not an immediate crisis.
At the core of the problem is the elliptic curve cryptography on which Bitcoin relies to verify ownership of funds. A sufficiently advanced quantum computer could derive a private key from a public key, allowing an attacker to spend funds without authorization. This scenario is known in the industry as “Q-day.” Time estimates range from a few years to several decades, with no consensus among experts. The report emphasizes that this very uncertainty constitutes the central problem, since Bitcoin’s decentralized structure requires years, not months, to implement upgrades.
According to Galaxy Digital, exposure to risk is not uniform. Most bitcoins are not vulnerable today: wallets reveal public keys only at the moment of spending, so funds held behind hashed addresses remain protected. Vulnerability arises in two main cases: coins whose public keys are already visible on-chain, and coins in transit during a transaction. Galaxy cites estimates suggesting that millions of bitcoins could fall into the first category, including funds tied to early network activity and long-dormant wallets, among them those associated with pseudonymous creator Satoshi Nakamoto. Should quantum capabilities arrive before protective measures are implemented, these funds would become the primary targets. The report frames this scenario as a systemic risk: a sudden unlocking of dormant supply could have ripple effects on markets and on the mining incentives that underpin network security.
Among the most notable proposals already under discussion is a new transaction structure called Pay-to-Merkle-Root, outlined in Bitcoin Improvement Proposal 360, which eliminates the persistent exposure of public keys. Another proposal, dubbed “Hourglass,” aims to limit the rate at which vulnerable coins could be spent in a worst-case scenario – not to prevent access but to slow it down and give markets time to absorb potential shocks. On the cryptographic front, hash-based signature schemes such as SPHINCS+ are emerging as candidates for a post-quantum future, grounded in mathematical assumptions different from those currently in use. According to Galaxy, the trade-off is efficiency: larger signatures would increase transaction sizes and could strain network resources.
Other lines of research are exploring a commit-and-reveal process to protect transactions even in the event of a quantum breakthrough before new cryptography is deployed, and the use of zero-knowledge proofs to allow users to verify ownership of funds without exposing sensitive data. Taken together, these initiatives form a layered defense: no single solution resolves the problem, but a toolkit of measures targeting different phases of exposure.
The report acknowledges that the hardest challenge may not be technical. Bitcoin has no central authority capable of mandating changes: every upgrade requires coordination among developers, miners, exchanges, and users. Previous upgrades such as SegWit and Taproot took years to activate and generated intense debate. Some proposals touch on sensitive issues, including whether coins that fail to migrate to more secure formats should lose spendability – raising questions about property rights.
