Aksel CichockiQuantum Security Lab
QSL
Downloadable Brief

Bitcoin Quantum Defense Brief

A practical guide to understanding and reducing post-quantum exposure for Bitcoin and digital asset holders.

For
Individual holders & hardware wallet users
Also
Custody teams & security leaders
Format
Print-ready · Shareable · v1.0
Problem
Bitcoin's security relies on elliptic curve cryptography (ECDSA). Quantum computers running Shor's Algorithm will eventually be able to derive private keys from exposed public keys, threatening billions of dollars in holdings.
Risk
Over 5 million BTC sit in addresses with exposed public keys (Aggarwal et al., 2017). Any address that has been spent from has its public key permanently visible on-chain and is vulnerable to a future quantum attack.
Action
Stop reusing addresses, sweep exposed UTXOs to fresh SegWit addresses, adopt native SegWit (bc1q) as default, evaluate multisig for high-value holdings, and secure seed phrases offline.
Section 1

The Quantum Threat to Bitcoin

How Quantum Computing Breaks Bitcoin Cryptography

  • ECDSA relies on elliptic curve discrete log — Bitcoin uses the secp256k1 curve. The security assumption is that deriving a private key from a public key is computationally infeasible for classical computers.
  • Shor's Algorithm breaks this in polynomial time — a cryptographically relevant quantum computer (CRQC) can solve the elliptic curve discrete logarithm problem efficiently, making private key extraction from a public key feasible.
  • Exposed public keys are the primary attack surface — Bitcoin addresses are hashed versions of public keys. The actual public key is only revealed when you spend from an address. Once revealed, it is permanently visible on-chain.
Section 2

What Is Exposed

Understanding Public Key Exposure

  • Spent-from addresses reveal public keys — every time a transaction is broadcast from an address, the public key is included in the transaction data and becomes permanently visible on the blockchain.
  • Over 5 million BTC estimated in exposed addresses — researchers estimate that a significant portion of all Bitcoin, worth hundreds of billions of dollars, sits in addresses where the public key has already been revealed (Aggarwal et al., 2017).
  • Legacy address formats are most commonly affected — addresses beginning with "1" (P2PKH) and early Pay-to-Public-Key (P2PK) outputs, including Satoshi's original coins and early miner rewards, carry the highest exposure risk.
Section 3

Immediate Actions

Steps You Can Take Today

These steps cost almost nothing and dramatically reduce your quantum attack surface:

  • Stop address reuse — use a fresh receiving address for every transaction. Most modern wallets do this by default. Verify your wallet settings.
  • Sweep exposed UTXOs to fresh SegWit addresses — if you have funds in addresses you have previously spent from, move them to a new address where the public key has never been revealed.
  • Use native SegWit (bc1q) as default — native SegWit addresses keep the public key hidden in the witness data until spending occurs. Avoid legacy address formats where possible.
  • Evaluate multisig for high-value holdings — 2-of-3 or 3-of-5 multisig setups require an attacker to break multiple keys simultaneously, significantly raising the bar for any quantum attack.
  • Secure seed phrases offline — use metal backup plates, never digital storage. This protects against both classical and quantum-adjacent threats.
Section 4

For Institutions

Enterprise Quantum Readiness

Organizations holding or custodying digital assets should begin quantum preparedness planning now:

  • Cryptographic inventory of key material — catalog all private keys, public keys, and address types in use across wallets, custody solutions, and cold storage. Identify which keys have been exposed on-chain.
  • Key lifecycle documentation — document key generation methods, rotation schedules, and retirement procedures. Ensure all key material has clear ownership and expiration policies.
  • HSM and custody architecture evaluation — assess whether your hardware security modules and custody providers support firmware upgrades for post-quantum algorithms. Plan for PQC-capable hardware procurement.
  • Migration planning — develop a phased plan for moving exposed holdings to quantum-safer configurations. Prioritize high-value UTXOs and addresses with known public key exposure.
Section 5

Tools Available

01

Bitcoin Quantum Exposure Tester

Check whether a Bitcoin address has public-key exposure on-chain. Enter any address and get an instant risk assessment.

Live now →

02

Defense Checklist

Step-by-step guide to reducing your quantum exposure. Covers address hygiene, wallet configuration, and key management best practices.

Live now →

03

Bitcoin & Digital Assets Guide

In-depth research on Bitcoin's quantum vulnerability, threat scenarios, hardware wallet security, and the protocol's path to post-quantum resilience.

Read the research →

Sources
  • NIST FIPS 203/204/205 — post-quantum cryptographic standards (finalized August 2024)
  • BIP 141 — Segregated Witness, public key witness structure
  • BIP 341 — Taproot, P2TR output key construction
  • Aggarwal et al. (2017) — Quantum Attacks on Bitcoin, and How to Protect Against Them
  • NSA CNSA 2.0 — migration guidance (target dates for national security systems)

Take Action

The quantum threat to Bitcoin is not immediate, but the cost of preparation is near zero. Start with these tools.

Test Your Addresses Run the Checklist Contact

This brief is an educational resource provided for informational purposes only. It does not constitute financial, legal, or investment advice. Readers should conduct their own research and consult qualified professionals before making decisions about digital asset security.

v1.0 · April 2026