In the next decade, it is highly likely that Bitcoin will need to upgrade its underlying cryptographic algorithms to counter the threat of quantum computing. This conclusion is based on the following core logic:

1. The Timeline for Quantum Computers Breaking Encryption Is Accelerating

Recent research (such as Google’s paper on RSA) shows that the estimated resources quantum computers need to break existing asymmetric encryption are rapidly decreasing. While Bitcoin uses Elliptic Curve Cryptography (ECC) instead of RSA, both are vulnerable to Shor’s algorithm. Shor’s algorithm can efficiently solve the problems of integer factorization and discrete logarithms, and ECC’s security is based precisely on the hardness of the elliptic curve discrete logarithm problem. Therefore, as the number of qubits required to break RSA decreases significantly, it also indicates that the timeline for breaking ECC is accelerating.

2. Public Key Exposure Creates a “Steal Now, Decrypt Later” Risk

Bitcoin’s operational mechanism determines that its core security vulnerability lies in the timing of public key exposure.

• Before a transaction is made, the public key is hidden: When you have a Bitcoin address but haven’t yet sent any transaction with it, the corresponding full public key is not disclosed. Only the hashed address is publicly visible. Due to the one-way nature of hash functions, it’s not possible to derive the public key—let alone the private key—directly from the address. Therefore, for the majority of Bitcoin address types, if no spending has occurred, the public key (or script containing it) is not exposed, and the private key is relatively safe.
  • Pay-to-Public-Key (P2PK) addresses: Used in Bitcoin’s early days, these addresses expose the public key at creation. These are the most direct targets for quantum attacks. For example, many of Satoshi Nakamoto’s early Bitcoins are stored in such address types.
  • Pay-to-Public-Key-Hash (P2PKH) addresses (starting with ‘1’): The most common address type. They only expose the hash of the public key when receiving funds. The full public key is only revealed when funds are first spent.
  • Pay-to-Script-Hash (P2SH) addresses (starting with ‘3’): These allow users to send Bitcoin to a script hash. The actual script (called a redeem script), which may include public keys, is only revealed when the funds are spent. P2SH is widely used for multisig wallets or complex smart contracts.
  • SegWit addresses (starting with ‘bc1’, including P2WPKH and P2WSH): SegWit improves transaction structure and signature verification.
  • Taproot addresses (starting with ‘bc1p’, P2TR): Taproot is Bitcoin’s latest upgrade, using Schnorr signatures and Merkleized Abstract Syntax Trees (MAST). Taproot is designed to improve privacy, efficiency, and flexibility. However, it is also not quantum-resistant. While Schnorr signatures may offer some aggregation advantages, their underlying security still depends on elliptic curve cryptography, meaning that once the public key is exposed, it remains vulnerable to Shor’s algorithm. Some analyses even suggest that Taproot addresses may, in certain cases, be more susceptible to so-called “long exposure attacks” due to their nature.
  • P2WPKH (Pay-to-Witness-Public-Key-Hash): The SegWit version of P2PKH, where the public key hash is in the address and the full public key is revealed in witness data during spending.
  • P2WSH (Pay-to-Witness-Script-Hash): The SegWit version of P2SH, where the script hash is in the address and the full script, including public keys, is revealed in witness data during spending.

On public key exposure across address types:

• During a transaction, public keys or script details will inevitably be exposed: When you send Bitcoin from an address, to verify the legitimacy of the transaction, the corresponding full public key (for P2PKH/P2WPKH) or the redeem/witness script and internal public keys (for P2SH/P2WSH/Taproot) are included in the transaction and broadcast to the Bitcoin network. Once confirmed and recorded in the blockchain, this information becomes permanently stored on the public ledger.
• The “steal now, decrypt later” threat: Even if today’s quantum computers are not strong enough, potential attackers can now collect these exposed public keys (or scripts containing them) and associated encrypted data, then wait for quantum computing to advance—possibly within the next decade—to a point where it can break ECC. Once that happens, they can use Shor’s algorithm to derive private keys from public keys and steal the associated Bitcoins. This attack model puts even past transactions at future risk.

To mitigate this risk, users should try to use one-time-use addresses and avoid address reuse. When you reuse a Bitcoin address, the associated public key or script containing it is repeatedly exposed on the blockchain, giving future quantum attackers more opportunities to analyze and derive the private key. While one-time-use addresses can’t eliminate the risk entirely (since the public key is still exposed upon first use), they can at least limit the attacker’s ability to gather repeated exposure data and reduce the amount of funds affected by a single key’s vulnerability.

3. The Timeline of Quantum Computing Development Matches

Leading quantum computing companies have released roadmaps targeting million-qubit systems by the early 2030s. This means that within a window of less than ten years, quantum computers capable of breaking 256-bit ECC keys are very likely to move from labs to reality. At the same time, large decentralized systems like Bitcoin require years—or even longer—for protocol upgrades and global deployment.

Conclusion:

The rapid progress of quantum computing technology, the inherent characteristic of public key exposure in Bitcoin (which can be partially mitigated by avoiding address reuse), and the long lead time required to update large decentralized systems all form a strong case for Bitcoin to update its quantum-resistant algorithms within the next 10 years. If not updated in time, Bitcoin could face fundamental security threats from quantum computers.