The transition to post-quantum cryptography poses an unprecedented challenge for Bitcoin and Ethereum, as it involves implementing a defensive downgrade that imposes immediate, severe costs with no tangible benefits. While quantum computers capable of breaking secp256k1 require between 523–2,500 logical qubits, with the author deriving 523 logical qubits as an algorithmic lower bound (not inclusive of arithmetic and ancilla qubits) for a canonical Shor/phase-estimation circuit using the formula QL = 2⌈log2(n)⌉ + 2 + ⌈log2(2 + 1/(2ε))⌉ for ε = 0.001, and conservative estimates ranging up to 2,500 logical qubits based on comprehensive resource models—significantly less than the 2,100–2,400 logical qubits es- timated for general elliptic curves—current systems achieve only ∼100 logical qubits. IBM’s quantum roadmap projects 500–1,000 logical qubits by 2029, placing the critical threshold within 4–10 years depending on which estimate proves accurate. This timeline collides with the reality that convincing decentralized communities to accept 50% capacity loss and 2– 3× fee increases may take 10–15 years in themselves, based on historical governance patterns where even beneficial upgrades required 2–5+ years. Current testnet implementations on per- missioned systems show measurable performance degradation. Critically, this data comes from fundamentally different architectures than permissionless networks, which will likely experience 30–50% additional performance degradation due to global verification requirements, heterogeneous hardware, and compounding propagation delays. This methodological limitation—extrapolating from permissioned to permissionless systems—represents a critical infrastructure failure that introduces massive uncertainty into migration planning. Com- pounding this challenge, secp256k1 is not officially approved by NIST under FIPS 186-5 or SP 800-186, creating additional regulatory vulnerabilities. Beyond transient impacts, PQC creates permanent state bloat, with quantum-resistant accounts requiring 59 times more storage (1,952 bytes / 33 bytes = 59.2× for ML-DSA-65), thereby accelerating centralization- tion. This paper presents a comprehensive framework acknowledging these harsh realities. While we propose specific BIP/EIP implementations and optimization strategies that might achieve 50–60% capacity retention, we recognize that the quantum threat timeline may now be shorter than even the minimum viable migration period. Unlike beneficial upgrades like SegWit (which took 20 months for activation and 5+ years for 50% adoption despite offering improvements), PQC migration is a purely defensive measure imposing only costs. The stark reality: blockchain communities must choose between accepting immediate emergency action or facing quantum vulnerability by 2029.
Robert D. Campbell (Thu,) studied this question.
Synapse has enriched 5 closely related papers on similar clinical questions. Consider them for comparative context: