2026比特币与量子计算白皮书

Published: March 11, 2026 Author:Tom Honzik,Director of Custody Researchat Unchained Author:Dhruv Bansal,Co-Founder and CSOat Unchained Author:David Puell,Research Trading Analyst/Associate Portfolio Manager,Digital Assets at ARK Invest Table Of Contents IntroductionThe BasicsQuantum ComputingBitcoin CryptographyQuantum Computing Capability Is A JourneyImportant Questions For InvestorsPQC Is Widely DeployedImplementing PQC In Bitcoin WillRequire Consensus ChangesNo Consensus Exists About Protecting CoinsThat Remain Vulnerable To QuantumThree ScenariosThe Road Ahead35668141718192023 Introduction This paper assesses whether and how advances in quantum computing (QC) pose a riskto Bitcoin. Our two central arguments are as follows: 1.Quantum is a long-term risk but not an imminent threat. The community mustcontinue to research and make plans for protecting the network as quantumcomputers improve.2.If quantum computing were to affect Bitcoin’s cryptography, the process would beprotracted and undertaken at meaningful cost to the attacker. Today’s quantum systems lack the capabilities required to compromise Bitcoin.Meaningful breakthroughs would disrupt internet security first, triggering coordinatedresponses well beyond Bitcoin. In our view, quantum development will be a gradualtechnological progression—not a sudden “Q-day” event—giving markets and the Bitcoinnetwork time to adapt. Quantum computers use qubits that can exist in superposition, enabling quantumalgorithms to scale more quickly than classical algorithms. Their performance ismeasured by parameters like the number of logical qubits and the degree of logicaldepth, both of which must be high and error-corrected to have an impact on Bitcoin.Today’s systems operate in the so-called “NISQ era”—roughly 100 logical qubits andcircuit depths in the hundreds—both well below the thresholds necessary to breakBitcoin’s elliptic curve cryptography (ECC). To do so would require at least 2,330 logicalqubits and tens of millions to billions of quantum gates. Of the Bitcoin supply currently exposed to the quantum threat, ~1.7 million bitcoin (BTC)lie in vulnerable P2PK address types and are believed to be lost, and ~5.2 million BTC liein migratable re-used or P2TR addresses—adding to ~35% of total outstanding supply.1 That said, quantum risk is unlikely to surface as an event but as a protracted sequenceof observable milestones, as follows: •Stage 0:Quantum computers exist but are not commercially useful. Today’squantum computers operate with limited logical qubits and high error rates,presenting no threat to Bitcoin.•Stage 1:Quantum computers become commercially useful in fields like chemistryand materials simulation, well before cryptographic applications manifest.•Stage 2:Quantum computing becomes powerful enough to break weak keys ordeprecated cryptosystems.•Stage 3:Quantum computers can break elliptic curve cryptography of the kind usedfor bitcoin keys, but they take a long time to do so. Quantum-vulnerable bitcoin isnow at risk.•Stage 4:Key-breaking occurs more quickly than Bitcoin’s 10-minute block time,network viability requiring protocol-level, post-quantum cryptography upgrades. Against that backdrop, the most important investment-related questions are: •When will quantum computing break an elliptic curve key for the first time, andwhen will the subsequent break take place?•Who will control early quantum capability, and what will be their incentives?•What will quantum attacks cost relative to other more profitable or rewardingefforts?•How effectively will the Bitcoin community coordinate governance decisions andimplement post-quantum cryptography? This paper argues that quantum risk will evolve over an extended period of time, withmany intermediate warning signals and decision points. An abrupt single point of failureis unlikely. The Basics In 2010, Satoshi Nakamoto addressed early concerns about the quantum computingthreat, as shown below. Source: Nakamoto Institute 2026.2For informational purposes only and should not be considered investmentadvice or a recommendation to buy, sell, or hold any particular security or cryptocurrency. Today, industry participants continue to debate the threat. While perspectives differ withrespect to timeline and likelihood, recent commentary appears to be coalescing arounda neutral view: quantum computing represents an actionable long-term issue—not animmediate security emergency—and requires preparation. Many have sprung into action. Coinbase has established its Independent AdvisoryBoard on Quantum Computing,3for example, offering guidance on quantum threats tothe broader digital asset community. The Ethereum Foundation has its Post Quantum(PQ) team,4tasked to prepare the Ethereum network for quantum computing viability.Strategy (formerly MicroStrategy) will initiate its Bitcoin Security Program5to “coordinatewith the global cyber, crypto, and Bitcoin security communities” and tackle the quantumcomputing t