Aksel CichockiQuantum Security Lab
Bitcoin & Digital Assets
Lab Tool

Bitcoin Quantum Exposure Tester

Check whether a Bitcoin address may have public-key exposure patterns relevant to post-quantum risk analysis.

Paste a Bitcoin address below. This tool queries public blockchain data to assess whether the address has spending patterns that may indicate public key exposure — the primary vector for future quantum attacks on Bitcoin.

Why
Understand your address-level quantum exposure
Who
Bitcoin holders, custodians, security researchers
What
Educational heuristic assessment, not a security audit
Supports Legacy (P2PKH), Nested SegWit (P2SH), Native SegWit (P2WPKH), and Taproot (P2TR) addresses.
Querying public blockchain data...
Address Type
Total Transactions
Received (funded)
Spent Outputs
Current Balance
Public Key Exposure

Address type detection: The tool identifies the address format from the prefix. Legacy (1...) uses P2PKH where public keys are revealed on spend. Nested SegWit (3...) wraps P2WPKH in P2SH. Native SegWit (bc1q...) uses P2WPKH where the public key appears in the witness data on spend. Taproot (bc1p...) uses P2TR where the output itself contains a public key; key-path spends reveal the internal key directly.

Spending history check: When Bitcoin is spent from an address, the spending transaction reveals cryptographic material on the blockchain. For P2PKH/P2WPKH, the full public key appears in the input or witness. For Taproot, the output public key is visible in the scriptPubKey from creation, and key-path spends expose the internal key. This tool checks spending history via the Blockstream public API.

Exposure assessment: If an address has spent outputs, public key material is visible on-chain. A sufficiently powerful quantum computer running Shor's Algorithm could theoretically derive the private key from exposed public key material. The exposure model varies by address type.

Limitations: This is an introductory heuristic analysis based on publicly visible blockchain data. It does not analyze transaction graphs, detect multisig configurations, distinguish key-path from script-path Taproot spends, identify change addresses, or provide a complete security audit. Results indicate likely exposure patterns but should not be treated as definitive risk assessment.

Privacy: Addresses are queried against the public Blockstream API. This tool does not store, log, or transmit your address to any other service.

Methodology v1.1 · Updated April 2026

Approach: Heuristic public-key exposure analysis based on address format detection and on-chain spending history.

Data source: Blockstream public API (blockstream.info). No authentication required. Queries are made directly from your browser.

Scope: Address-format identification (P2PKH, P2SH, P2WPKH, P2TR) and visible spending-output patterns.

Does not cover: Multisig detection, change-address clustering, full transaction graph analysis, script-path vs. key-path Taproot spend distinction, or custody architecture review.

This tool provides educational exposure analysis based on publicly available blockchain data and basic address heuristics. It is not a security audit, financial advisory tool, or definitive risk assessment. Results should be considered introductory and supplemented with professional security review for high-value holdings. No addresses are stored or logged by this tool.

Understand Your Results

Learn more about quantum threats to Bitcoin and practical steps you can take today to reduce your exposure.

Bitcoin & Digital Assets Defense Checklist