BlackRock Warns Investors of Quantum Threat to Bitcoin Security

On May 27, investment management giant BlackRock issued a warning to investors about the potential vulnerability of the Bitcoin network to quantum computers. This warning came on the same day that researchers from Google made a similar statement, highlighting the growing concern within the industry about the threat posed by quantum computing to cryptocurrency security. David Carvalho, the CEO of decentralized post-quantum infrastructure Naoris Protocol, provided insights into the risks and potential solutions.

Speculations about the risk of the Bitcoin network being compromised by quantum computers have been circulating for some time. While modern-day processors cannot brute force the RSA and ECC encryption used in Bitcoin, quantum computers are believed to have the capability to retrieve private keys if the public key is available. The date when quantum computers will achieve sufficient power to break Bitcoin wallets is referred to as Q Day.

It is important to note that while the threat of quantum computers to cryptography is real, the timeline for this threat is crucial. Current quantum computers are not yet capable of breaking Bitcoin's cryptography. The industry is already working on developing quantum-resistant solutions to mitigate this risk. Unlike regular processors, quantum processors can perform multiple calculations simultaneously, significantly increasing computing speed. Several companies are seeking solutions to avoid the potential risks, and some wallet producers already claim their products are quantum-proof.

In the updated version of BlackRock’s prospectus for IBIT (BlackRock’s iShares Bitcoin Trust ETF), the company warns investors about potential security risks associated with Bitcoin. BlackRock highlights the issue that developers of decentralized networks often lack a financial incentive to respond in a timely manner to security threats. One of the outlined threats is quantum computers, which, in a few years, will become powerful enough to crack the encryption used in Bitcoin. BlackRock’s warning garnered attention as the issue of quantum computers had never been publicly acknowledged at such a high level before. If such a large and respected company sees the problem in quantum computers, it is a signal that the threat is considerable.

A new study by Google suggests that the amount of resources needed to reach the Q Day is 20 times less than previously estimated. The author of the paper, Craig Gidney, writes that the expected number of qubits needed to break RSA2048 has been reduced from 20 million to 1 million. Gidney hopes that this provides a signpost for the current state of the art in quantum factoring and informs how quickly quantum-safe cryptosystems should be deployed. Vulnerable systems should be deprecated after 2030 and disallowed after 2035, not because sufficiently large quantum computers are expected by 2030, but because security should not be contingent on progress being slow.

To better understand what will happen when Q Day arrives and how much time is left, several questions were addressed to David Carvalho, founder and CEO of the decentralized post-quantum infrastructure, Naoris Protocol. Carvalho stated that there is a lot less time than people seem to think before the first Bitcoin wallet gets ‘hacked’ via a quantum computer. He believes that within five years or even less, quantum computers will have enough qubits and sufficient error correction to be a real threat to ECDSA encryption. Carvalho emphasized that any protocol that doesn’t implement quantum security now won’t be able to retrofit it once quantum computers do catch up. Therefore, now is the time to focus all efforts on this before it’s too late.

Carvalho also highlighted that the most frightening thing about quantum is that when we get to “Q-Day,” the attacks will be swift, quite possibly simultaneous, and certainly devastating. Most importantly, these attacks will be retroactive, meaning that even transactions that have been signed and executed could be at risk. This implies that wallets and blockchains can’t secure themselves against quantum attacks retroactively; they have to do it preemptively. Carvalho also noted that it’s unlikely there will be such a coordinated effort by bad actors. Instead, they will likely target the biggest and most vulnerable wallets first and then move on to smaller targets. This is incredibly worrying, since the biggest targets are the likes of BlackRock, the second-largest holder of Bitcoin, which is also responsible for trillions of dollars in pension assets. It’s a real risk to financial stability.

Regarding the fate of “lost bitcoins” and Satoshi Nakamoto’s holdings, Carvalho stated that all of those “dormant” assets would be ripe for the picking, unless the blockchain is secured at the infrastructure level, because Satoshi will have almost certainly made transactions from vulnerable addresses. Given Satoshi’s substantial holdings, they would likely be a major target for bad actors. In the event that non-quantum-proof BTC wallets are successfully hacked, Carvalho believes that a quantum hack on Bitcoin would lead to a real loss of trust, so it wouldn’t be good news for the price. Like any black swan event, it could be the catalyst for a crypto winter. However, the fact that major institutions, and even governments, are now holding Bitcoin is encouraging. Because they are actually acutely aware of the risks from quantum computing – in fact, BlackRock recently highlighted it in its updated spot Bitcoin ETF filing. If anyone can push the blockchain sector to prepare for Q Day, it’s BlackRock and the US government. But they better do it quickly.

In conclusion, the fall of Bitcoin’s protection is only a matter of time, and time is running out, considering how many elements of the puzzle need to be switched to quantum-proof solutions – from mining infrastructure to exchanges and wallets. Transitioning to quantum-proof services may take time, so it’s better to start early.