Quantum canaries are three methods the community employs to verify quantum risk.
“Bitcoin will have to add post-quantum signatures to its chain on faith alone,” Carter warns.
Nic Carter, a Bitcoin investor and analyst, published an analysis in which he concluded that the three early warning mechanisms proposed to anticipate a quantum attack on Bitcoin are ineffective.
The mechanisms that Carter describes, in his publication on his In the context of Bitcoin, a quantum canary is any sign that warns in advance the moment when a quantum computer is close enough to being able to break the cryptography that protects funds on the network.
The three methods (“quantum canaries”) proposed and discussed in the Bitcoin community to detect in time the risk of quantum computing questioned by the investor are:
- Crypto Challenge Ladder: Create a series of keys or addresses with increasingly larger keys (for example, from 10 bits to 256 bits). The idea is that as increasingly difficult instances are resolved publicly, the community is gradually alerted before the entire Bitcoin curve can be broken.
- Canary funds or trap funds (canary fundsin English): Create Bitcoin addresses with a reward (bounty) that can only be spent by proving you have a cryptographically relevant quantum computer (CRQC). Whoever spends those funds would publicly reveal that they already have the ability to attack Bitcoin.
- Satoshi coins as a warning sign (“Satoshi’s shield”): The approximately 1.7 million BTC in old addresses (mainly P2PK) that are attributed to Satoshi Nakamoto or early miners. The idea is that a quantum attacker would spend them first (as they are the most valuable and obvious), giving the rest of the network time to react and migrate to post-quantum signatures.
Nic Carter argued in his article shared on April 30 that none of these three methods offer a reliable or timely warning, so Bitcoin should now begin the transition to post-quantum cryptography according to his vision: “Bitcoin will have to add post-quantum signatures to its chain by faith alone.”
Why don’t any canaries arrive on time, according to Carter?
The central problem, according to Carter, stems from a limit of classical computers. These can break instances of up to 117 bits of the cryptography that Bitcoin uses, explains the analyst, so any quantum result below that threshold can be questioned and a skeptic can always argue that the result was obtained with classical methods disguised as quantum.
According to Carter, this was precisely what happened with the recent winner of the ‘Q-day Prize’, who claimed to break a 15-bit instance, although Google researcher Craig Gidney later refuted that experiment: “You build a correct circuit, you get the expected result, you celebrate… but you got the right answer for the wrong reason.”
Therefore, the first quantum result that no one can question It will be one that exceeds 117 bits. And at that point, given Shor scaling, a quantum computer capable of breaking 120 bits would be very close to being able to break 256.
According to Carter, based on the paper From Google, “if a quantum processor can overcome error correction problems to solve an intermediate-sized circuit, it is close to one that can empty a Bitcoin address.”
The other two canary methods have their own flaws, warns the investor. Regarding trap funds, Carter points out that they assume that the first owner of a quantum computer will want to reveal themselves.
If I had to guess, I imagine the first owner of a quantum computer would keep it a secret for as long as possible, given the enormous strategic value of your geopolitical adversaries being in the dark about your ability to decrypt their traffic.
Nic Carter, Bitcoin investor and analyst.
Regarding Satoshi coins as an alert, Carter warns that an attacker could recover all the private keys of those addresses without transmitting any transactionsilently accumulating access and revealing everything at once when he deemed it convenient.
Carter’s conclusion is that Bitcoin will have to begin its transition to post-quantum cryptography without waiting for a readable signal. To support it, he quotes Scott Aaronson:
If quantum computers start breaking cryptography in the next few years, don’t come to this blog and tell me I didn’t warn you. This post is your warning. Please start migrating to quantum-resistant encryption.
Scott Aaronson, mathematician and quantum computing expert.
In contrast to Carter’s considerations, experts such as Adam Back and other analysts such as Samson Mow believe that the quantum risk for Bitcoin will materialize in 1 or 2 decades, so the network would have enough time to migrate towards post-quantum cryptography.
Carter and Bitcoin governance in the face of the quantum threat
As reported by CriptoNoticias, Carter had stated in an interview that Bitcoin governance is “spectacularly inadequate for a threat that has an uncertain timeline and requires total mobilization,” and that the network would need centralized leadership to coordinate the response. “These times require a dictator,” he said.
In that same interview, Carter estimated that ‘Q-Day’ would arrive “between 2030 and 2035,” and that Bitcoin’s post-quantum transition would take between two and seven years once it begins. That would imply that, if your estimate is correct, Bitcoin should begin the migration before 2028.
Finally, Carter also anticipated that the decision on what to do with Satoshi coins could end up being forced by institutional actors external to the protocol. “My guess is that the top 10, 15 or 20 custodians will sign a letter saying: we will only honor a fork where Satoshi coins are burned.”