May 26, 2026 ChainGPT

Dan Boneh: Don’t Panic About Quantum, But Don’t Rush Bitcoin’s Post‑Quantum Fix

Dan Boneh: Don’t Panic About Quantum, But Don’t Rush Bitcoin’s Post‑Quantum Fix
Stanford cryptographer Dan Boneh: don’t panic about quantum, but don’t rush Bitcoin’s fix A fresh push in the debate over Bitcoin’s quantum-proofing is sharpening after a new interview with Stanford cryptographer Dan Boneh — coauthor of a recent Google Quantum AI whitepaper that recalculated the resources needed to run Shor’s algorithm against Bitcoin’s secp256k1 elliptic-curve keys. Boneh’s message is blunt and practical: treat quantum as a real long‑term engineering challenge, but beware the greater near‑term risk of a buggy, rushed migration. “Don’t panic, but don’t ignore,” Boneh told Isabel Foxen Duke. He warned that an aggressive timetable — for example, trying to complete a post‑quantum migration by 2029 — could do more harm than good. “A hasty transition to post quantum, in my mind, is more likely to cause a catastrophic bug than we’ll be attacked by a quantum computer,” he said. Why the alarm bell? The March 30 Google Quantum AI paper (which lists Boneh as a coauthor) presents updated resource estimates for running Shor’s algorithm on the 256‑bit elliptic curve discrete logarithm problem used by secp256k1. The paper finds that an attack could be performed with roughly 1,200–1,450 logical qubits and tens of millions of Toffoli gates. On superconducting hardware with physical error rates around 10^-3 and planar connectivity, those circuits could run in minutes using fewer than half a million physical qubits — a resource footprint that, while still large, is smaller than many had expected. Even so, Boneh told Foxen Duke he views a cryptographically relevant quantum computer before 2035 as possible but unlikely under current investment levels. Anything by the end of this decade, he said, “seems very aggressive” unless quantum computing becomes a national‑scale priority. The debate is already part of Bitcoin governance. BIP 361 — “Post Quantum Migration and Legacy Signature Sunset” — notes that more than 34% of bitcoin UTXOs had revealed a public key on‑chain as of March 1, 2026, making those outputs theoretically vulnerable if a sufficiently powerful quantum attacker appeared. That statistic drives the urgency behind migration proposals, but Boneh cautions against compressed timelines and half‑baked designs. Boneh supports preparation and a measured engineering path. He said Bitcoin “will survive” quantum risk and called claims to the contrary “insane,” pointing to a clear technical roadmap: move users toward post‑quantum addresses and signatures, then phase out vulnerable legacy paths over time. Rather than a binary flip to a single post‑quantum primitive, he advocates hybrid signatures that pair existing elliptic‑curve cryptography with post‑quantum schemes to preserve security during the transition. On the choice of post‑quantum primitives, Boneh prefers lattice‑based signatures to purely hash‑based schemes because lattices better support threshold signing and leave room for future cryptographic innovation. That preference matters for wallet designers, custodians, and protocol engineers planning upgrades and compatibility strategies. The wider industry echoes a similar stance: Coinbase advisers and others have warned that while the quantum threat is not immediate, preparation should not be delayed. Current consensus among researchers remains that no existing machine can break Bitcoin today — but the estimated resource threshold for such an attack is falling as modelling improves. What this means for Bitcoin users and builders - Don’t panic: existing keys are not being cracked today. - Do plan: wallets, exchanges, and protocol developers should design long, well‑tested migration paths (e.g., hybrid schemes and staged sunsetting of legacy paths). - Don’t rush to a hard deadline: aggressive migration windows could introduce critical bugs or degrade security in other ways. - Prioritize engineering, testing, and standards work now so the ecosystem can switch safely if and when quantum hardware actually reaches the necessary scale. Boneh’s view frames the issue as an engineering problem that needs cautious, collaborative work now — not a crisis requiring immediate, wholesale changes that risk introducing new vulnerabilities. Read more AI-generated news on: undefined/news