比特币的量子风险可能是真实的，但网络正在准备：报告

比特币的量子风险可能是真实的，但网络正在准备：报告
Bitcoin's Quantum Risk May Be Real, But the Network Is Preparing: Report

原始链接: https://www.zerohedge.com/crypto/bitcoins-quantum-risk-may-be-real-network-preparing-report

## 量子计算与比特币：长期挑战一份最近的银河数字报告强调了量子计算对比特币安全性的真实威胁，但并非*迫在眉睫*。目前，比特币依赖于易受未来量子计算机攻击的密码学，攻击者可能通过从公钥推导出私钥来盗取资金——这种情形被称为“Q日”。虽然能够破解密码学的量子计算机的时间表尚不确定（从几年到几十年不等），但比特币缓慢的升级过程是核心问题。数百万比特币，特别是早期钱包中的或已在区块链上可见的比特币，风险最高。这些资金的突然解锁可能会破坏市场稳定。然而，开发者正在积极寻找解决方案。像Pay-to-Merkle-Root (BIP 360) 这样的提案旨在消除可见的公钥，而“Hourglass”则试图限制易受攻击的代币的消费速度。对SPHINCS+等后量子密码学的探索也在进行中，但它存在效率权衡。最大的挑战不是技术问题，而是协调去中心化网络以实施这些更改。尽管可能存在争议，但量子计算的共同威胁可能会促进合作，最终决定比特币的准备程度。

原文

Authored by Micah Zimmerman via BitcoinMagazine.com,

Galaxy Digital’s latest report says the risk that quantum computing could compromise Bitcoin is real, but so is the work underway to protect the network.

The firm’s research frames the issue as a long-term engineering and governance challenge rather than an imminent crisis, with developers already building tools that could reshape how the network secures trillions in value.

At the center of the concern is a simple premise. Bitcoin relies on cryptographic signatures to prove ownership of coins. Those signatures, based on elliptic curve cryptography, are considered secure against classical computers.

How Quantum Computing could break Bitcoin

A sufficiently advanced quantum machine could break that assumption, allowing an attacker to derive a private key from a public one and spend funds without authorization.

The scenario has a name within the industry: “Q-day,” the moment a cryptographically relevant quantum computer becomes viable.

The timeline remains uncertain. Estimates range from years to decades, and no consensus exists among experts. The report stresses that uncertainty itself is the problem. Bitcoin’s decentralized structure means upgrades take time, often measured in years, not months.

Still, the risk is uneven. Most Bitcoin is not exposed today.

Wallets only reveal their public keys when funds are spent, meaning coins sitting untouched behind hashed addresses remain shielded.

Vulnerability emerges in two main cases: coins whose public keys are already visible onchain, and coins in transit during a transaction.

Which Bitcoin is actually at risk

Galaxy cites estimates suggesting that millions of bitcoin could fall into the first category, including funds tied to early network activity and long-dormant wallets.

These coins, often associated with early adopters and even the pseudonymous creator Satoshi Nakamoto, present a unique challenge. If quantum capabilities arrive before protective measures are deployed, such holdings could become prime targets.

The implications extend beyond individual losses. A sudden unlocking of dormant supply could ripple through markets, placing pressure on price and, by extension, on mining incentives that underpin Bitcoin’s security. The report frames this as a systemic risk, not just a technical flaw.

Yet the tone of the research is measured.

Rather than signaling alarm, it points to a growing body of work aimed at preparing the network.

Among the most prominent proposals is a new transaction structure known as Pay-to-Merkle-Root, outlined in Bitcoin Improvement Proposal 360.

The design removes a key exposure point by eliminating always-visible public keys, reducing the attack surface for long-term threats.

Other ideas take a broader approach. One proposal, known as “Hourglass,” attempts to manage the fallout from vulnerable coins by limiting how quickly they can be spent in a worst-case scenario. The goal is not to prevent access, but to slow it, giving markets time to absorb potential shocks.

There is also movement toward new forms of cryptography. Hash-based signature schemes, such as SPHINCS+, have emerged as candidates for a post-quantum future. These systems rely on mathematical assumptions different from those used today and are viewed by some researchers as a more conservative foundation.

Post-Quantum cryptography brings tradeoffs

The tradeoff is efficiency. Larger signatures could increase transaction sizes and strain network resources.

In parallel, developers are exploring contingency plans. One proposal introduces a commit-and-reveal process that could protect transactions even if a quantum breakthrough occurs before new cryptography is deployed. Another line of research looks at zero-knowledge proofs to allow users to verify ownership of funds without exposing sensitive data.

Taken together, these efforts suggest a layered defense. No single fix solves the problem. Instead, the strategy resembles a toolkit, with protections aimed at different stages of exposure and different levels of urgency.

The harder question may not be technical. Bitcoin has no central authority to mandate changes. Every upgrade requires coordination among developers, miners, exchanges, and users. Past changes, including major upgrades like SegWit and Taproot, took years to activate and often sparked intense debate.

Quantum preparedness could prove even more complex. Some proposals touch on sensitive issues, including whether coins that fail to migrate to safer formats should lose spendability. Such ideas raise philosophical questions about property rights and the social contract embedded in the network.

Even so, the report points to a key difference from past conflicts. Quantum risk is external. It does not divide the community along economic lines or competing visions for Bitcoin’s future. Instead, it presents a shared threat.

Every participant, from long-term holders to infrastructure providers, has an incentive to maintain the network’s security.

In the end, the report suggests that the outcome will hinge less on whether quantum computers arrive and more on whether a decentralized network can coordinate in time.

The answer, as with much of Bitcoin’s history, will emerge through slow consensus rather than sudden change.