Bitcoin Quantum risk: from Theory to commercial reality

A Comprehensive Technical Assessment of 2025 Industry Developments

By December 2025, the risk of quantum computing to Bitcoin has decisively moved from theory to practice. This evaluation summarizes the latest discoveries, industry news, and standardization news to determine the present situation in terms of technical expertise and commercial preparedness.

Key Findings:

1. Google October 2025 Breakthrough: Quantum advantage was demonstrated with the Willow quantum chip, which implemented the Quantum Echoes algorithm in 2 hours, and it should take classical supercomputers 13000 times longer than this time. This presents a very important turnaround point in error tolerance and hardware maturity.
   
2. Commercial Quantum-Safe Bitcoin Ready: BTQ Technologies (Nasdaq: BTQ) has successfully demonstrated Bitcoin Quantum Core Release 0.2 in October 2025, where ECDSA was replaced with NIST standardized ML-DSA to complete the full wallet to mining lifecycle with production-ready post-quantum signatures.
   
3. Quantified Exposure: Approximately $718 billion to $745 billion worth of Bitcoin is at immediate risk of quantum extraction because of exposed public keys in legacy addresses (P2PK, reused P2PKH formats). This accounts for 25% of the amount of Bitcoin in circulation and is still vulnerable to “harvest now, decrypt later” attacks.
   
4. Regulatory Acceleration: The EU and UK have agreed on binding quantum-safe migration deadlines (2030 and 2035, respectively). The U.S. GENIUS Act indicates a new push for the U.S. to focus on regulatory attention on quantum-resistant cryptography for the financial infrastructure.
   
5. Timeline Compression: Industry expert consensus has moved to a 5 – 15 year planning horizon prior to cryptographically relevant quantum computers (CRQCs) being able to threaten Bitcoin. Leading quantum companies are projecting that they will get to 1 million qubits by 2030, which is close to the point of feasibility for attack under optimized circuit designs.
   
6. Resource Requirement Reductions: Recent research estimates compression of quantum resource requirements for RSA-2048 breaking to fewer than one million qubits under specific engineering assumptions, a 20-fold reduction from 2019 estimates.
   
7. Bitcoin Core Protocol Advancement Enables PQC Path: Ongoing Bitcoin Core development, particularly OP_CAT (BIP 347), CTV (BIP 119), OP_VAULT (BIP 345), and Taproot Annex (BIP 341), is creating the script flexibility necessary for future post-quantum migration. These upgrades establish the foundation upon which the PQC transition becomes technically feasible without requiring fundamental protocol redesign.
   

Part 1: The Current Quantum Computing Landscape in 2025

Google October 2025 Willow Breakthrough

On October 21-22, 2025, Google announced a verifiable quantum computing breakthrough with its Willow chip,published in Nature.

Technical Achievement:

• Executed the “Quantum Echoes” algorithm, a verifiable, repeatable calculation demonstrating quantum advantage
• Completed the calculation in 2 hours; classical supercomputers would require 13,000 times longer.
• Successfully reduced quantum error rates and demonstrated error correction improvements.
• Showed progress in Out-of-Time-Order Correlators (OTOC), a benchmark for tracking quantum particle behavior

Significance for Cryptography:
This is not an immediate threat to Bitcoin ECDSA. However, it demonstrates:

• Steady progress in quantum gate fidelity and error correction
• Movement toward practical applications beyond benchmark demonstrations
• Alignment with Google’s forecast that useful quantum applications could emerge within 5 years

Industry Response:
The response diverged. Some quantum experts suggested we remain at least 10 years away from quantum computers that could break modern cryptography. Others noted that Google’s progress aligns with forecasts suggesting quantum-resistant-breaking capabilities could emerge within 4-5 years.

The divergence reflects genuine uncertainty; Willow represents measurable progress, not a CRQC, but it does compress the preparation window.

Current Quantum Hardware Status

Operational Systems (December 2025):

• Largest quantum processors contain approximately 1,000-2,000 noisy qubits
• Error rates remain substantial (typical 0.1%-1% per gate operation)
• Decoherence times measured in microseconds
• None currently poses a cryptographic threat.

Industry Roadmaps:

• Leading quantum companies (IBM, Google, IonQ) project reaching 1 million qubits by 2028-2030
• This represents a 1,000x increase in physical qubit count within 5 years.
• Error correction and fault tolerance remain the critical engineering bottleneck.

Attack Resource Estimates:

• Breaking RSA-2048 / ECDSA-256: Previously estimated at 20 million qubits (2019), now estimated at fewer than 1 million qubits under optimized circuit designs (2025)
• Researchers estimate a quantum computer with 4,000-10,000 stable qubits could break Bitcoin ECDSA in under an hour if error rates are sufficiently reduced.

Semantic Distinction – Critical for Understanding:
The difference between “physical qubits” and “stable qubits” after error correction is enormous:

• Physical qubits: noisy, error-prone, exist in current systems
• Logical qubits (stable, error-corrected): protected against environmental noise, required for cryptographic attacks
• Current estimates suggest 1,000-2,000 physical qubits might produce 1 stable qubit for protected computation.

This means a cryptographically relevant attack still requires infrastructure orders of magnitude beyond current systems.

Part 2: Bitcoin Quantum Exposure | Quantified and Categorized

The Public Key Exposure Architecture

Bitcoin vulnerability to quantum extraction depends entirely on public key exposure timing:

Address Type	Public Keys Exposed	Exposure Trigger	Risk Duration
P2PK (Pay-to-Public-Key)	Immediate	At creation	Permanent
P2PKH (Pay-to-Public-Key-Hash)	On spend	First transaction	Permanent after spend
P2WPKH (Segwit v0)	On spend	First spend	Permanent after spend
P2TR (Taproot)	Minimal	Key path spends only	Minimal if script path used

Quantified Exposure (November 2025 Chainalysis Report):

• Total Bitcoin in quantum-vulnerable address formats: 4-6.65 million BTC
• Current USD value (at $90k/BTC December 2025): $360 billion to $745 billion
• Percentage of circulating supply: 20-25%

Particularly At-Risk Categories:

1. P2PK Era Coins (2009-2013): Public keys are publicly visible in the blockchain from the moment they are created. An estimated 1-2 million BTC were affected. Some of these addresses are likely to be abandoned due to age, making recovery strategies more difficult.
2. Reused P2PKH Addresses: Early Bitcoin users used the same addresses occasionally for several transactions. Once the public key was revealed in a first coin spend, all coins sent to that address would be permanently vulnerable.
3. Known Large Holdings with Exposed Keys: Satoshi Nakamoto’s estimated 1 million BTC in P2PK format represents the single largest concentration of quantum-vulnerable coins.

The “Harvest Now, Decrypt Later” Attack Model

Adversaries could:

1. Download the entire Bitcoin blockchain today (data size 600-800 GB)
2. Store all historical transactions indefinitely with recorded public key data.
3. Wait until quantum computers mature (estimated 2030-2040 window)
4. Retroactively extract private keys from stored transaction data using quantum algorithms.
5. Steal coins that were spent years or decades in the past.

Why This Matters for Bitcoin Specifically:

• The Bitcoin blockchain is permanently public and globally distributed
• All historical transaction data is cryptographically immutable (cannot be altered or deleted)
• The attack surface grows over time as more transactions reveal public keys.
• Legacy coins cannot be “cleaned up” retroactively.
  

Part 3: 2025 Commercial Breakthroughs | BTQ Quantum-Safe Bitcoin Implementation

BTQ Technologies October 2025 Demonstration

On October 15-16, 2025, BTQ Technologies (Nasdaq: BTQ) announced the first commercial demonstration of a fully quantum-resistant Bitcoin implementation.

Technical Architecture: Bitcoin Quantum Core Release 0.2

Signature Algorithm Replacement:

• Replaces vulnerable ECDSA (secp256k1) with NIST-standardized ML-DSA (Module-Lattice Digital Signature Algorithm, FIPS 204)
• ML-DSA provides 128-bit post-quantum security equivalent
• Uses Module-LWE (Module Learning With Errors) mathematical foundation, proven resistant to both classical and quantum attacks

Complete Lifecycle Support:

• Wallet creation with post-quantum key generation
• Transaction signing using ML-DSA instead of ECDSA
• Signature verification against post-quantum public keys
• Mining with consensus modifications supporting larger signatures

Consensus-Level Modifications Required:

• Block size increased to 64 MiB (from ~4 MiB) to accommodate larger post-quantum signatures
• Script limits expanded to process ML-DSA verification operations.
• New genesis blocks for both mainnet and testnet with production parameters

Commercial Roadmap: Staged Deployment Through 2026-2027

• Q4 2025: Testnet launch of Bitcoin Quantum network
• Q1 2026: Enterprise pilot programs with institutional digital asset managers
• Q2 2026: Mainnet launch of quantum-safe Bitcoin network with migration tools
• 2026-2027: Integration with major exchanges and wallet providers
  

Part 4: Bitcoin Core Protocol Development | Enabling Infrastructure for PQC Migration

The Bitcoin Core development community has been advancing protocol capabilities that establish the technical foundation for future quantum-resistant migration. These discussions are active in Bitcoin Core mailing lists and GitHub repositories during 2024-2025.

OP_CAT: Restoring Byte Concatenation Capability

Current Status (December 2025):

• BIP 347 proposes restoring OP_CAT with controlled limits
• Active discussion in the Bitcoin Core development community

Significance for PQC Migration:
OP_CAT enables complex script constructions necessary for:

• Building cryptographic commitments without relying on a single signature algorithm
• Constructing composite verification schemes combining multiple signature types
• Creating proof systems that can aggregate or layer signatures (classical + post-quantum)

CTV (CheckTemplateVerify): Template-Based Transaction Commitments

Current Status (December 2025):

• BIP 119 (CTV) was actively discussed for future soft fork inclusion

Significance for PQC Migration:
CTV enables:

• Pre-commitment to the transaction structure before spending
• Covenant systems that control how UTXOs can be spent
• Batch migration mechanisms: users can pre-commit to quantum-safe migration without an immediate transaction

OP_VAULT: Explicit Covenant for Spending Controls

Current Status (December 2025):

• BIP 345 (OP_VAULT) was actively discussed for enhanced withdrawal controls

Significance for PQC Migration:
OP_VAULT provides:

• Explicit separation of the “authorization phase” from the “execution phase” of spending
• Delay mechanisms that can enforce quantum-safe spending pathways
• Recoverability features allowing users to cancel quantum-unsafe transactions

Taproot Annex: Extensible Witness Data

Current Status (December 2025):

• Taproot (BIP 341/342) activated in November 2021
• The Annex field is explicitly reserved for future use without consensus change.

Significance for PQC Migration:
The Taproot Annex provides:

• Space for new signature algorithms without modifying the core transaction structure
• Ability to introduce post-quantum signatures in witness data without affecting the existing script format
• Forward compatibility: future consensus upgrades can extend Annex without breaking current transactions
  

Part 5: Regulatory Acceleration and Government Mandates

European Union | Binding 2030/2035 Deadlines

In June 2025, the European Commission issued formal directives establishing quantum-safe migration as a compliance requirement.

Phase 1 (By the End of 2026):

• All EU Member States must establish national post-quantum cryptography roadmaps
• Launch pilot projects for high and medium-risk use cases.
• Publish transition strategies

Phase 2 (By the End of 2030):

• High-risk use cases (financial services, healthcare) must complete migration
• Critical infrastructure (energy, telecommunications) must be quantum-safe
• Binding compliance requirement

Phase 3 (By 2035):

• Substantially complete transition across the EU digital infrastructure
• Legacy classical cryptography is largely phased out.

United Kingdom | NCSC Post-Quantum Roadmap

The UK National Cyber Security Centre published comparable guidance with phases:

• 2028 — Discovery Phase: Organizations identify systems requiring migration
• 2031 — High-Priority Migration: Systems handling sensitive data transition to PQC
• 2035 — Full Transition: Substantially complete across critical sectors
  

Part 6: Expert Timeline Assessment and Uncertainty

Consensus Among Security Experts

Chainalysis 2025 Assessment:

• 5-15 year planning horizon to cryptographically relevant quantum computers
• Most experts estimate CRQC emergence between 2028-2030 or 2030-2035
• No expert consensus on exact arrival date; range reflects genuine uncertainty

Global Risk Institute Survey:

• 27% expect CRQC within 10 years
• 50% expect CRQC within 15 years
• Nearly universal consensus CRQC exists within 30 years

Conclusion: The Upgrade Race Has Already Started

The facts of December 2025:

1. Standards are finalized: NIST post-quantum cryptography standards (FIPS 203, 204, 205) are published and validated
2. Commercial implementations exist: BTQ demonstrated full-stack quantum-safe Bitcoin.
3. Google breakthrough shows steady hardware progress.
4. Governments have mandated timelines: EU, UK, and U.S. regulatory frameworks increasingly require PQC migration.
5. Bitcoin Core protocol development is laying the groundwork: OP_CAT, CTV, OP_VAULT, and covenant discussions create a technical foundation for future post-quantum migration.

For Bitcoin specifically, the question is no longer whether post-quantum migration is necessary, it is whether that migration will be orderly and planned, or panicked and reactive.

The upgrade race hasn’t ended. It’s accelerating.

About Author

Netanel Siboni is a technology leader specializing in AI, cloud, and virtualization. As the founder of Voxfor, he has guided hundreds of projects in hosting, SaaS, and e-commerce with proven results. Connect with Netanel Siboni on LinkedIn to learn more or collaborate on future projects