Bitcoin’s developer community should stop waiting for certainty about quantum computing timelines and focus on getting a post-quantum signature scheme into production, Alex Pruden, CEO of Project Eleven, told CoinDesk’s Consensus Miami conference on Wednesday.
Pruden said the asymmetry between acting now and waiting favors action.
“We added some new cryptography, we kind of built in this option, it turns out we didn’t need it yet, but at least we have it,” he said, describing the worst-case scenario of moving early.
The worst case of moving too late is far worse: a sufficiently capable quantum computer could derive private keys from any exposed public key using Shor’s algorithm, the 1994 algorithm that remains the canonical example of what a quantum machine can do that a classical one cannot.
Pruden valued the active asset at about $2.3 trillion.
“In a very real sense, someone with a sufficiently large and capable quantum computer sort of owns everyone’s digital assets or bitcoin to the public key that they can see,” Pruden said.
The way forward, Pruden said, is to introduce a new signature scheme in Bitcoin that doesn’t rely on the classical mathematics underlying the Elliptic Curve Digital Signature Algorithm, or ECDSA, it uses today.
The National Institute of Standards and Technology has standardized post-quantum schemes based on hash functions and grids, he said, and the Bitcoin community discussion has moved toward the hash-based option. BIP-360, proposed last year, laid the groundwork for adding a quantum-resistant Taproot output type, and Blockstream has implemented a hash-based signature scheme on its Liquid Network.
“Moving things out of just research into production is, I think, actually what we need to focus on,” Pruden said. “Let’s focus on the development of R&D.”
The migration will be significantly more difficult than the Taproot upgrade, Pruden warned.
“Taproot took five years, but that’s not even the whole challenge it will take.” Where Taproot was opt-in and most users never bothered to migrate, every bitcoin holder and every wallet, exchange and institution that touches the asset will have to participate in a post-quantum migration.
Pruden said the timing risk is serious: If a quantum computer arrives before users are migrated, an attacker could run pending transactions at the front within a single block time and pay a higher fee to capture funds whose private keys it has just derived.
Pressed on the unresolved debate over what to do with bitcoin sitting in dormant, quantum-vulnerable addresses, Pruden urged the community to postpone this fight and focus on the migration itself. Harper framed this debate to involve up to 5 million dormant coins, including coins attributed to Satoshi Nakamoto via the so-called “Patoshi” pattern of early miner blocks.
“The question of the Satoshi coins in particular is a difficult one,” Pruden said, because it puts two philosophical commitments in tension: Bitcoin’s fixed supply ethos and its commitment to digital property rights. Asked about his personal lean, Pruden said the dormant coins could potentially be “recycled[d] back at the end of the supply curve” to extend Bitcoin’s mining incentive trajectory after the block grant runs out.
“If you put me on the hot seat, that’s probably what I’d say,” Pruden said. “So I guess generally it would be the confiscation side. But again, I think ultimately society is going to decide. The institutions and the market is going to decide.”
On whether Bitcoin Core developers are taking the threat seriously, Pruden said the response is mixed. “Core is not a monolithic entity. So I think there definitely is [some] i Core that takes it seriously. I think there are some people who are of the view” that quantum computers will never arrive. He pointed to the broader scientific community as a counterweight: “The majority of physicists out there, if you ask them about this, they’ll say, yes, it will be a thing. And by the way, many of them believe that the timelines are accelerating.”
The same physics that make quantum computers a threat to existing cryptography could also form the basis of the next generation of cryptographic primitives, he said, citing key exchange protocols based on quantum entanglement and certified randomness that won the Turing Award last year.
