Gonzalo Faura retweetledi
Hey Willy, appreciate you bringing quantum threats to your audience's attention. Your guide has the right instincts about protecting public keys, but there's a comprehensive migration plan already in motion that changes the whole picture.
For anyone who needs the basics, Bitcoin's security relies on the fact that while everyone can see your public key, like your username, only you know your private key, your password. The mathematical relationship between them would take regular computers millions of years to crack. But quantum computers change this game entirely. They use something called Shor's algorithm to solve this math problem in seconds instead of millions of years. Suddenly, knowing someone's public key means you can calculate their private key and steal their Bitcoin. This isn't sci-fi anymore since IBM has a published roadmap showing 100,000 qubit quantum systems by 2033, and Google just demonstrated 20x improvements in quantum algorithms this year. We're talking late 2020s, early 2030s for computers capable of breaking Bitcoin's cryptography.
You're absolutely right that bc1p Taproot addresses expose public keys directly while bc1q SegWit addresses hide them behind two layers of hashing. In theory, this makes bc1q safer until you spend. But here's the critical issue, the moment you broadcast ANY Bitcoin transaction, your public key becomes visible in the mempool. A quantum computer that can break keys in seconds doesn't care about network congestion. They could watch the mempool, instantly derive your private key, and broadcast a competing transaction to steal your funds before yours confirms. Your step 6 about timing the network assumes quantum computers need hours when they'll actually need seconds.
The good news is Bitcoin developers have a structured migration plan. There's BIP-360 (github.com/bitcoin/bips/p…) implementing P2QRH addresses using ML-DSA signatures that NIST approved in 2024, these are quantum-resistant signatures that remain secure even against quantum computers. The migration proposal (github.com/bitcoin/bips/b…) by Jameson Lopp and team lays out a clear timeline. Phase A begins 160,000 blocks, about 3 years, after BIP-360 launches. The network stops accepting transactions TO legacy addresses, ensuring all services upgrade to receive payments. Phase B follows 110,000 blocks later, making all non-quantum signatures invalid. This prevents quantum computers from stealing vulnerable coins by making them unspendable before quantum computers can access them. It's a proactive defense, not a punishment.
About 5 million Bitcoin has exposed public keys from old P2PK outputs or address reuse, that's 25% of supply at risk. The migration gives everyone 5+ years to move their coins. They're also exploring Phase C with zero-knowledge proofs to potentially recover funds for those who miss the deadline but can prove seed phrase ownership. Your "never send" strategy creates unusable wealth. Eventually everyone needs to transact, and when you do, you're exposed. The migration ensures a smooth transition rather than waiting for crisis mode.
Here's where things get genuinely catastrophic for other chains. Bitcoin can migrate because UTXOs are independent, but Ethereum and smart contract platforms face an unsolvable challenge. Every Ethereum contract is immutable code that verifies ownership using ECDSA. Uniswap's bytecode at 0x7a250d5630B4cF539739dF2C5dAcb4c659F2488D permanently checks msg.sender for token ownership. This can never be changed. When quantum computers break ECDSA, these contracts become vulnerable, Uniswap with $4B locked, AAVE with $12B, Compound with $2B, every NFT collection, USDT and USDC contracts controlling hundreds of billions. You can't migrate because moving funds requires the signatures quantum computers can forge. Every integrated contract has these addresses hardcoded. The composability that makes DeFi powerful becomes its weakness.
Vitalik's emergency hard fork plan sounds impressive until you examine it closely. The plan involves reverting the blockchain before quantum theft, disabling all EOA transactions, and forcing everyone to prove ownership through STARKs to migrate to quantum-safe wallets. But this only saves ETH in regular accounts. Every smart contract deployed before the fork remains vulnerable forever. Users would prove knowledge of their seed phrase via a STARK and get a new quantum-resistant key, but this doesn't help the hundreds of billions locked in immutable contracts that verify ownership through msg.sender coming from ECDSA signatures hardcoded into bytecode.
Ethereum's "Splurge" roadmap includes lattice-based cryptography and account abstraction, but only for NEW contracts. The millions already deployed are permanent quantum honeypots. Vitalik admitted account abstraction lets users switch to quantum-resistant signatures "on their own schedule" but this is meaningless for existing contracts that expect ECDSA forever. Ethereum's entire stack relies on ECDSA, BLS, and KZG, all vulnerable to quantum attacks. Even if they hard fork to save EOA accounts, every DeFi protocol, every token contract, every piece of composable infrastructure remains capturable because they all check ECDSA signatures at the contract level, not the protocol level.
Solana's situation is even worse despite their "quantum vault" PR stunt. The Solana Winternitz Vault is an optional add-on that generates new keys for each transaction, but this doesn't fix the core problem. Every Solana program directly calls ed25519 signature verification in its code. Solana programs must include Ed25519 signature verification instructions in transactions, with the native Ed25519Program handling this verification. This means signature verification is baked into every single program's logic. The offset-based design means programs themselves still require ed25519 signatures to function.
When ed25519 breaks, every Solana program becomes exploitable because programs check signatures using the native Ed25519Program which verifies ed25519 curves. The SPL token program, every DEX, every NFT standard, they all directly verify ed25519 signatures. You can't upgrade deployed programs to use different signature schemes. The recent paper claiming EdDSA chains are "inherently more prepared" admits that if an Ed25519 public key is exposed, quantum computers crack it just like any other elliptic curve. The Winternitz Vault generates new keys with "about a 50% chance of being compromised for future transactions," which is absurd security theater. Plus it's optional, meaning 99.9% of Solana value remains in standard programs vulnerable to quantum attacks.
Bitcoin survives through this migration. Yes, maybe 20-30% of supply gets frozen forever, but the network continues and remaining coins gain value from scarcity. It's challenging but it works. Ethereum and every smart contract platform have coded themselves into extinction through immutable contracts requiring ECDSA forever. Every new DeFi protocol deployed today is another permanent vulnerability that can never be fixed. When quantum computers arrive, whoever gets there first doesn't just steal coins, they inherit the entire decentralized web.
Your bc1q strategy is like fireproofing your furniture while your foundation is gasoline. Bitcoin's migration plan works whether we like it or not. Smart contract platforms built everything on architecture that becomes instantly capturable when quantum computers go online.
The absolutely insane part is while this existential threat approaches, the Bitcoin community is busy throwing shoes at each other about OP_RETURN limits arguing whether 80 bytes constitutes spam on a data field that barely anyone uses. They're having meltdowns about inscriptions taking up precious block space while completely ignoring that post-quantum ML-DSA signatures will make blocks absolutely massive, we're talking 4-8KB per signature versus today's 64 bytes. That's over 100x larger. The same people crying about JPEGs will have to accept blocks that dwarf anything ordinals ever did just to keep their Bitcoin from being stolen by quantum computers. But instead of preparing for that reality, they're fighting Twitter wars about NFTs on Bitcoin while the cryptographic foundation of the entire industry has an expiration date.
Both Ethereum and Solana are architecturally doomed because they built immutable code that depends on specific signature schemes. Ethereum's hard fork saves EOA accounts but abandons all smart contracts worth hundreds of billions. Solana's vault is an optional bandaid while every program remains permanently vulnerable. When quantum computers arrive, they don't just steal some coins, they inherit everything built on these platforms.
Most people have no idea their DeFi positions and smart contract tokens are architecturally doomed. They think developers will figure it out eventually. They don't realize that for immutable contracts, there is no eventually. The code is permanent, the addresses are fixed, and the signatures are ECDSA or ed25519 forever. People need to wake the fuck up. This isn't some distant theoretical threat, it's consensus developers acting on concrete timelines from IBM and Google. Would really value your perspective on getting your audience to understand this before it's too late.
English
