May 26, 2026 ChainGPT

Boneh: Prepare Bitcoin for Quantum — Don’t Rush Post‑Quantum Migration

Boneh: Prepare Bitcoin for Quantum — Don’t Rush Post‑Quantum Migration
Stanford cryptographer Dan Boneh is urging Bitcoin stakeholders to prepare seriously for a quantum future — but warns that rushing the switch to post‑quantum cryptography could create bigger risks than the quantum threat itself. In a widely shared interview highlighted by Isabel Foxen Duke, Boneh framed quantum as a long‑range engineering challenge: “Don’t panic, but don’t ignore.” He stressed that an aggressive timetable — for example attempting a full post‑quantum migration by 2029 — would be “a mistake for the blockchain.” “A hasty transition to post quantum, in my mind, is more likely to cause a catastrophic bug than we’ll be attacked by a quantum computer,” he said. Boneh’s caution comes in the wake of a March 30 whitepaper from Google Quantum AI, which he co‑authored. The paper estimates that Shor’s algorithm could solve the 256‑bit elliptic curve discrete logarithm problem used by Bitcoin’s secp256k1 signatures with on the order of 1,200–1,450 logical qubits and tens of millions of Toffoli gates. On certain superconducting hardware assumptions (physical error rates ~10^-3 and planar connectivity), those circuits could reportedly run in minutes with under half a million physical qubits. In plain terms: the technical threshold for a cryptographically relevant quantum computer appears to be lower than earlier, more pessimistic projections. Still, Boneh argues that a machine capable of breaking Bitcoin’s signatures before 2035 is possible but unlikely given current funding and incentives. Anything by the end of this decade, he says, “seems very aggressive” unless quantum computing is turned into a national‑level priority. That tension has already influenced Bitcoin governance. BIP 361 — “Post Quantum Migration and Legacy Signature Sunset” — notes that as of March 1, 2026 more than 34% of bitcoin UTXOs had revealed a public key on‑chain, leaving those outputs theoretically exposed to a powerful future quantum attacker. Boneh is not dismissive of the problem: he says Bitcoin “will survive” quantum risk, calling claims of imminent doom “insane,” and outlines the clear path forward — migrate users to post‑quantum addresses and signatures, then deprecate vulnerable legacy paths over time. Where Boneh parts ways with some proposals is on pace and design. He criticized compressed migration windows and said proposals like BIP 361 need more design work and time. Rather than a binary swap, he favors hybrid signatures that combine today’s elliptic‑curve cryptography with post‑quantum schemes to retain backward compatibility and reduce systemic risk. He also voiced a preference for lattice‑based post‑quantum signatures over purely hash‑based alternatives because lattices better support threshold signatures and future cryptographic innovation. The debate isn’t limited to Boneh. Coinbase advisers and other industry voices have similarly warned that while no existing quantum computer can break Bitcoin today, preparation can’t wait. Consensus in the community remains that an immediate existential attack is not happening now — but the estimated resource requirements for a future attack are shrinking, and the clock is ticking on careful, well‑tested migration planning. Bottom line: the crypto ecosystem needs to keep moving on post‑quantum readiness — but Boneh’s message is clear: plan deliberately, favor hybrid and extensible designs, and avoid rushed rollouts that could introduce catastrophic bugs. Read more AI-generated news on: undefined/news