By Dr Krzysztof Urbanowicz, Founder of QWID
If you hold cryptocurrency today, your private keys are protected by a mathematical assumption: that certain problems are too hard for any computer to solve in a reasonable time. That assumption has served us well for decades. But it has an expiration date — and that date is closer than most people think.
The Lock Everyone Trusts (That’s About to Break)
Nearly every blockchain in existence — Bitcoin, Ethereum, Solana, all of them — relies on the Elliptic Curve Digital Signature Algorithm (ECDSA) to secure wallets and sign transactions. ECDSA’s security rests on the difficulty of a specific mathematical problem: given a point on an elliptic curve, find the number that generated it. Classical computers can’t do this efficiently. A sufficiently powerful quantum computer can.
In 1994, mathematician Peter Shor published an algorithm that solves this exact class of problem — integer factorisation and discrete logarithms — in polynomial time on a quantum computer. Shor’s algorithm doesn’t just weaken ECDSA. It demolishes it entirely. With enough stable qubits, a quantum machine could derive your private key from your public key in hours or minutes, not the billions of years a classical supercomputer would need.
The Timeline Is Not Hypothetical
How many qubits would it take? Our analysis in the QWID GreenPaper puts the figure at approximately 6,147 ideal logical qubits to break the 256-bit elliptic curves that secure Bitcoin and Ethereum (equivalent in difficulty to factoring 3072-bit RSA). That sounds like a lot — until you look at the trajectory.
IBM’s quantum roadmap projects systems exceeding 100,000 qubits by the early 2030s. Google, Microsoft, and several nation-state programs are on similar tracks. Factor in error correction improvements, and the realistic window for a cryptographically relevant quantum computer falls somewhere between 2029 and 2039. That’s not a century away. That’s within a single mortgage term.
Harvest Now, Decrypt Later
Here’s what makes this genuinely urgent: you don’t need a quantum computer today to exploit quantum vulnerabilities today.
Intelligence agencies and sophisticated actors are already executing what’s known as “harvest-now, decrypt-later” attacks. They intercept and store encrypted communications and blockchain transactions now, with the intention of decrypting them once quantum hardware catches up. Your transaction data, your public keys, your on-chain identity — all of it is being archived by someone, somewhere, waiting for the right machine to read it.
For most encrypted web traffic, this is concerning. For blockchain, it’s existential. A website can rotate its TLS certificates. But a Bitcoin address with a publicly exposed key? That key is immutable, permanently on-chain, and permanently vulnerable. There’s no “rotate” button.
NIST Made It Official
The urgency isn’t just coming from academics and cryptographers anymore. In August 2024, the U.S. National Institute of Standards and Technology (NIST) finalised its first three post-quantum cryptographic standards — the culmination of an eight-year, global evaluation process. The message from the world’s leading standards body was unambiguous: migrate now.
NIST didn’t say “start thinking about it.” They published finished standards — ML-KEM, ML-DSA, and SLH-DSA — and told every organisation handling sensitive data to begin transitioning immediately. The U.S. government has mandated that federal systems complete PQC migration by 2035. Banks, defence contractors, and critical infrastructure operators are already moving.
Why Blockchain Is Especially Exposed
Traditional IT systems can patch, update, and rotate keys. Blockchains can’t — at least not easily. The properties that make blockchain powerful — immutability, transparency, decentralisation — are precisely what make it vulnerable to quantum attack.
Public keys are public. Every time you send a transaction on Bitcoin or Ethereum, your public key is exposed on-chain forever. A quantum attacker doesn’t need to intercept anything — it’s all right there in the open.
Immutability means no take-backs. If someone derives your private key and moves your funds, there’s no central authority to reverse the transaction. The “trustless” system trusts its cryptography absolutely.
Coordination is slow. Upgrading a blockchain’s signature scheme requires network-wide consensus. Bitcoin has been debating a block size change for a decade. Imagine the coordination needed to replace its entire cryptographic foundation.
The value is concentrated. Bitcoin alone holds over a trillion dollars in value, all protected by ECDSA. That’s an extraordinary honeypot for anyone with a working quantum computer.
So What Do We Do?
This is exactly why we built QWID from the ground up with post-quantum cryptography. Not as a future upgrade. Not as an optional module. As the foundation.
Every transaction on QWID is signed with two post-quantum algorithms from different mathematical families — Falcon-512 (lattice-based) and MAYO-5 (multivariate). And unlike legacy chains, QWID includes a governance mechanism that lets the community vote to swap algorithms if one is ever compromised.
The quantum clock is ticking. The question isn’t whether quantum computers will break today’s blockchain cryptography — it’s whether your assets will be on a chain that’s ready when they do.
The time to move is before the threat arrives, not after. Learn more at qwid.org.