Unchained Podcast Episode Summary
Episode: Why Bitcoin Developers Are Not Incentivized to Talk About the Quantum Threat
Host: Laura Shin
Date: February 12, 2026
Guests: Justin (Ethereum Foundation), Chris (Algorand Technologies / Lattice-Based Cryptography Expert)
Overview
This episode delves deeply into the looming threat that quantum computing poses to the cryptography underpinning blockchains, especially Bitcoin. Laura Shin guides experts Justin and Chris through a discussion of what quantum computing is, its timelines, practical risks for crypto, technical and social challenges of migrating to post-quantum cryptography, and why the Bitcoin developer community seems slow to prioritize the threat. The conversation is technical yet engaging, with notable attention to the game theory, social dynamics, and possible solutions around the “quantum threat.”
Key Discussion Points & Insights
1. What is Quantum Computing and Its Threat to Crypto?
- [03:34] Justin:
- Quantum computing leverages quantum physics to process certain algorithms far faster than classical computers, including those required to break current cryptography (especially elliptic curve cryptography—ECC).
- Threatens three main cryptographic layers: user transactions (ECDSA), consensus (BLS signatures), and data blobs (KZG).
- [04:48] Chris:
- Current cryptography would become obsolete if scalable quantum computers emerge.
- Billions have been invested in quantum hardware, but the technology is still emerging.
2. Timeline: When Will Quantum Computers Become a Real Threat?
- [05:52] Chris:
- Transition likely not within next 3–5 years, but 10–15 years out becomes more probable.
- No one can predict timelines precisely; even 20 years out is speculative.
- [07:08] Justin:
- Estimates cryptographically relevant quantum computers could appear around 2032.
- Major leaps have occurred: algorithmic improvements dropped requirements from 10 million to potentially 100,000 qubits within a few years.
- Accelerated preparation is crucial due to the long migration required.
3. How Would Quantum Break Crypto in Practice?
- [11:47] Justin:
- “With a cryptographically relevant quantum computer, you can take a public key and recompute the private key from that… It’s systemically bad for the whole industry where the notion of property rights starts to crumble.”
- [12:19] Chris:
- Blockchain’s foundational reliance on cryptography means its collapse is total when that cryptography fails.
4. The Doomsday Scenario
- [13:23] Chris:
- Anyone with a quantum computer could empty any account by deriving private keys from public keys.
- Systemic risks include both theft (“stealing all the coins”) and disruption of consensus (possible network-wide forks).
Mitigations:
- [14:38] Justin:
- Some blockchains don’t reveal public keys until coins are spent—those coins are safer.
- Estimate: ~30% of Bitcoin’s addresses have exposed public keys.
5. Who’s Racing to Build Quantum Computers?
- [19:15] Chris & Justin:
- Major players: Google, IBM, Microsoft, numerous startups (Psiquantum, Quantinuum, Rigetti).
- Governments (especially China and the US) likely have secretive programs as well.
- Motivation to attack crypto could be higher in some governments, e.g., China.
6. Which Chains Are More or Less Vulnerable?
-
[22:21] Justin:
- Two migration challenges: technical (signature size increases significantly with post-quantum cryptography, putting pressure on block size and throughput) and social (speed and willingness to coordinate upgrades).
- Bitcoin and Ethereum copied signature standards (“de facto standard”)—coordinated migration is crucial for industry stability.
- Bitcoin’s reluctance to upgrade, slow development pace, and internal skepticism (notably Adam Back) identified as risks. Only one out of ten “bitcoin high priests” is seriously worried about quantum threat.
-
[28:42] Chris:
- Advocates for broad industry standards for post-quantum cryptography (e.g., Falcon signature scheme standardized by NIST).
- Algorand has already integrated post-quantum “state proofs” and post-quantum wallets using Falcon.
7. “Store Now, Decrypt Later” Attacks and Privacy Coins
-
[35:19] Chris:
- Another risk is that attackers can hoard encrypted data today and decrypt it once quantum computers are available.
- All privacy coins (Zcash, privacy layers on Ethereum, etc.) are affected: hackers could eventually decrypt and steal funds from “private” pools.
-
[37:16] Justin:
- “Quantum computers will break the soundness of these privacy schemes like Zcash, but they will not break privacy. Someone can spend coins that are not theirs, but at least the whole history of past transactions will not be magically decrypted.”
- Privacy pools could be drained stealthily.
Migrating Privacy Pools:
- [38:44] Justin:
- Need policies to force migration out of vulnerable pools (with deadlines, possible coin burning).
- Ethereum has minimal “lost” or exposed coins (0.1%), reducing systemic risk compared to Bitcoin.
8. Technical and Social Migration Challenges
-
[45:28] Chris:
- Post-quantum cryptographic primitives perform differently (larger sizes, faster verification).
- Upgrades must be iterative: test on chain features one by one, learn, adapt, avoid implementation bugs.
- Early action is essential; “it's a marathon, not a sprint.”
-
[48:47] Justin:
- Ethereum Foundation aims for absolute security with hash-based cryptography (signatures, SNARKs aggregation); solutions that also appeal to Bitcoiners.
- Hash-based signatures are older and larger than lattice-based, but hash-based SNARKs can aggregate efficiently, possibly increasing throughput.
-
[55:09] Chris:
- Lattice-based cryptography is another pillar for post-quantum security; offers flexibility and enables advanced features like fully homomorphic encryption.
9. Why Aren't Bitcoin Developers Speaking Out?
- [59:53] Justin:
- “Weird game theory” — Bitcoin devs may recognize risks privately but see little incentive to discuss them openly (similar dynamics around discussions of Bitcoin's long-term security budget).
- Small group of technically astute devs (e.g., Michal, Jonas at Blockstream) are working on the problem.
- Migration could take up to a year; scalability must be solved elegantly (increasing Bitcoin block size 20x not politically viable).
Notable Quote:
- Justin [59:53]:
"Maybe the bitcoin developers don't have an incentive to talk about the risk, even though they themselves kind of personally, privately appreciate the risk. ...I know with very high confidence that bitcoin is not going to stand the test of time because of the security budget and the happenings."
10. The Satoshi Coins Issue & Game Theory
-
[65:02] Justin:
- Satoshi’s coins (about 5% of supply) are especially exposed; Ethereum’s analogous “lost coins” amount to only 0.1%.
- This makes Bitcoin more vulnerable to shock losses and contentious chain splits.
-
[67:46] Justin:
- Disagrees with reports (e.g., from 21Shares) minimizing the threat—if the fastest quantum modalities are realized, an adversary could drain Satoshi's coins in a couple years, especially if they scale up the number of quantum units in secret before striking.
-
[69:08] Chris:
- “When a technology achieves liftoff, it grows very quickly… it’s sort of a zero to one situation.”
Notable Quotes
-
Chris [71:33]:
"Really that action, that... to upgrade things is a long slow one that's going to take a matter of years."
-
Justin [71:45]:
"Migration to post quantum cryptography is also a migration to post AI cryptography... We should be going with maximally unstructured things like hash based cryptography."
-
Chris [74:22]:
"Cryptographers seldom sleep well at night because there's always this prospect that your baseline mathematical assumptions ... turn out to be wrong."
-
Justin [74:47]:
"Historically, we've been thinking about post quantum cryptography as a defensive technology against quantum computers. But in recent weeks and months... we now think of post quantum cryptography as being an aggressive strategy in order to attract institutional capital..."
Important Timestamps by Topic
- 03:34 — Quantum computing explained and crypto’s vulnerable cryptography layers
- 07:08 — Timeline estimates, progress in quantum algorithms/qubit requirements
- 11:47/12:19 — Nature of the quantum threat; property rights risk
- 13:23-14:38 — Potential for massive theft and network collapse; mitigation via public key privacy
- 19:15-21:30 — Who is building quantum computers? Governments and tech giants
- 22:21-28:00 — Technical (signature size) and social (coordination) challenges of migration; Bitcoin’s inertia/risk profile
- 35:19-38:44 — Store-now-decrypt-later; privacy coins as high-risk targets
- 45:28-48:47 — Strategies for gradual/iterative migration; Ethereum's hash-based “gambit”
- 55:09-58:30 — Comparing hash-based and lattice-based cryptography; future-proofing infrastructure
- 59:53-63:22 — Why Bitcoin devs may not discuss the issue openly; game theory & migration bottlenecks
- 65:02-69:56 — Satoshi’s coins as ‘quantum canary’; dispute over “threat minimization” by industry reports
Memorable Moments & Quotes
- Justin [11:47]: “...if we have a cryptographically relevant computer, it’s basically game over. It’s systemically bad for the whole industry where the notion of property rights starts to crumble.”
- Chris [13:23]: “If you can take any public key off of the blockchain, you could empty its account. ...That would be a systemic destruction of maybe all the value in that blockchain.”
- Justin [22:21]: “Signature size goes up by 10x—if you don’t solve this, Bitcoin goes from 3 TPS to 0.3 TPS. Commercially, a non-starter.”
- Chris [28:42]: “It’s very good if the industry can all agree on one [post-quantum] standard so that things are interoperable… you get many fewer cryptographic disasters.”
- Chris [45:28]: “All of these things are slow and deliberative and one needs to start early because… it’s a marathon, not a sprint.”
- Justin [74:47]: “[Post-quantum cryptography is] now being seen as an aggressive strategy in order to attract institutional capital...”
Conclusion
The future of blockchain security hangs in the balance of unpredictable quantum progress, social coordination, and technical innovation. Chains that procrastinate—especially Bitcoin with its exposed coins and conservative upgrade cycle—risk catastrophic theft and loss of trust. The race is on to develop, standardize, and coordinate post-quantum cryptography solutions before the “Q-Day” arrives, with Ethereum and Algorand proactively leading the charge. The threat is not just about defense—Justin suggests post-quantum cryptography may become an “aggressive” market differentiator to attract institutional capital as much as to ward off quantum threats.
Bottom Line (from [71:33])
Chris: “Really, that action… to upgrade things is a long slow one that’s going to take a matter of years.”
Updating cryptography before quantum computers reach liftoff is not just prudent—it is essential.
For full technical detail, practical migration strategies, and further updates, follow ongoing coverage and post-quantum workshops by guests and their teams.
