A quantum attacker with 10% of the global hashrate could break the BTC consensus, according to Lopp.
BIP-361 proposes freezing 2.6 million lost or ownerless BTC in the face of quantum risk.
The emergence of a quantum computer with the capacity to compromise the Bitcoin network will produce consequences that exceed the temporary volatility of the markets, according to developer and cypherpunk Jameson Lopp in an extensive analysis article published today, May 21.
The report by the co-founder of Casa responds to the criticism received after the presentation of the Bitcoin 361 improvement proposal (BIP-361), which was formally incorporated into the official Bitcoin repository on April 14 under the scheme of a technical contingency plan, as reported by CriptoNoticias.
Lopp refuted the position of those who assume that a quantum attacker simply would liquidate the exposed coins in a single eventnoting that “unfortunately, it’s not that simple.”
The developer estimated that, under an optimistic scenario where active users migrate to post-quantum schemes, some 2,600,000 coins (13% of the total bitcoin supply, equivalent to more than USD 200,000 million) would be permanently inactive or lostbecoming the attacker’s main target.
Most of that value would be concentrated in just 35,000 public keys corresponding to old addresses of the Payment to Public Key (P2PK) format that have been inactive for approximately 15 years. According to the data presented by Loppcrack them would take between 24 days and 96 years depending on the speed of the quantum systemwhich determines whether the attack can be executed before the ecosystem reacts.
Additionally, Jameson Lopp argued that “6.9 million BTC (equivalent to 34.6% of the total existing supply) have their public keys exposed and are therefore theoretically vulnerable to a cryptographically relevant quantum computer (CRQC) that may one day be built.”
Sell fast, the worst strategy of the quantum attacker
According to Lopp’s analysis, if a quantum attacker obtained the 2.6 million BTC that were not migrated, they would try to sell that volume massively and immediately. would generate a loss of 95% of the value due to lack of liquidity. For this reason, the developer warned that a rational quantum entity would opt for more sophisticated strategies.
The most sustainable, Lopp continued, would be a gradual sales strategy, since with 2,000,000 BTC in his possession, the attacker could maintain a selling pressure of 4,000 BTC per week for an entire decade, artificially suppressing the price without depleting its reserves.
Mempool and mining: the double front of the quantum attack
According to Lopp, the real technical danger for the network would materialize if technological advances allow reduce the time needed to decrypt a private key to less than 10 minutes (threshold that Google Quantum AI researchers have estimated as a reference to evaluate the cryptographic relevance of a quantum system). Crossing that barrier, the developer warned, would disable short-term defenses, allowing valid transactions to be intercepted in the mempool before they were confirmed.
Finally, and according to Lopp’s essay, a quantum attacker in control of these transactions “in-flight” (which are still waiting to be confirmed) could sabotage the economic incentive of mining by deliberately injecting abnormally high commissions. This dynamic, known as “fee sniping” or commission hunting, would make it more difficult for mining pools more profitable to dispute and rearrange blocks already confirmed instead of honestly extending the chain.
The developer’s calculations indicate that a reward of 100 BTC would be enough to incentivize miners with just 10% of the global hashrate to attempt these reorganizations, a risk of fragmentation that would be exacerbated due to the centralization of the current infrastructure, where more than 30% of the global computing power operates under block templates controlled by AntPool and its partners, according to Lopp, drastically reducing the number of actors needed to break the consensus.
Thus, while the main dispute about quantum and Bitcoin circulates around the digital signatures that protect funds, Lopp, creator of the post-quantum BIP-361 proposal, presented different scenarios that, in his view, expand the potential risk of an attack using a quantum computer towards other Bitcoin structures.