In June 2024, Hunter Beast introduced a Bitcoin Improvement Proposal (BIP360)—proposing the induction of quantum resistant address types into Bitcoin Core.
At present, Bitcoin addresses—especially, but not limited to, Taproot addresses—are NOT quantum resistant, and are vulnerable to attack in the event of sufficient advancement in quantum computing. The development of Google’s “Willow” quantum chip has shed light on this vulnerability in recent news.
HOW DOES QUANTUM COMPUTING THREATEN BITCOIN?
Given enough “qubits,” which stack exponential processing power to solve certain types of problems, a quantum computer will be able to derive Bitcoin private keys from public keys—through a process known as ”quantum key decryption,” using Shor’s algorithm.
At the moment, all Taproot addresses include public key information—making them vulnerable to quantum attack at any time (aka “long exposure attacks”).
Additionally, public keys of all existing address types are revealed whenever Bitcoin is spent—making Bitcoin from all address types vulnerable when transactions are in the mempool (aka “short exposure attacks”).
IMPLICATIONS OF INSECURE TAPROOT ADDRESSES
As taproot addresses are most vulnerable to attack in the nearer term—it’s important we assess the significance of an attack on Taproot addresses.
First off, almost all Bitcoin “Layer 2s” use Taproot addresses in some way or another. This includes Lightning, which uses Taproot in its MUSIG signature schemes, as well as newer L2 bridges, e.g. those using FROST signature schemes for bridge security.
Additionally, most infrastructure built to support the Bitcoin-native assets ecosystems—including, Ordinals, BRC20, Taproot Assets and others—is additionally at risk in the event of quantum attack.
HOW BIP-360 FIXES THIS + SUPPORT FROM ANDURO
BIP360 proposes the induction of quantum resistant address types (specifically, address types referred to as “pay-to-quantum-resistant-hash” or P2QRH) into Bitcoin Core. These address types use post-quantum cryptography—specifically FALCON and CRYSTALS-Dilithium signatures—which can not be broken by known quantum algorithms.
The Anduro team strongly supports the induction of these address types into Bitcoin Core and is actively researching technical developments that may provide quantum resistant support while Bitcoin Core remains insecure.
BIP360 author Hunter Beast has recently joined the Anduro team to support this effort.
HOW MUCH TIME DO WE HAVE?
While many believe that the threat of quantum computing to Bitcoin is ‘eons away,’ the reality is that we don’t know the exact pace of these advancements—and we are clear this is a “when” not “if” challenge-scenario to address.
Given the potentially catastrophic implications of quantum computing for Bitcoin—and the infamously slow process of making changes to decentralized protocols—it seems reasonable to address this sooner rather than later.
If we don’t go through the motions of discussing potential solutions now, we risk a rushed and unilaterally-implemented “emergency activation” by Bitcoin Core maintainers at best, and a potentially fatal security breach at worst.
“The potential for quantum attack is too serious a threat not to take seriously,” says BIP360 author, Hunter Beast. “Waiting until emergency strikes will not yield optimal results.”
We implore the community to take this threat seriously and support BIP360 or similar solutions to introduce quantum resistant address types into Bitcoin Core.
