Quantum challenges with blockchain: Practical priorities and response strategies

“Store Now, Decrypt Later” Attack - The Most Urgent Security Concern

When mentioning quantum computers and blockchain, many people often think of a distant, uncertain future. However, the real threat does not lie there. Analysts point out that the most immediate threat is the “Harvest Now, Decrypt Later” (HNDL) attack — attackers have already begun storing encrypted communications today, waiting until quantum computing capabilities are sufficient to decrypt them.

The danger of this scenario is: current sensitive information remains secure for now, but this stored data will become valuable “assets” for attackers in the future. Especially with national security information, this risk can lead to unacceptable consequences.

From this awareness, systems that need to protect information for 10-50 years or more should immediately implement quantum-resistant encryption algorithms. However, not all components of blockchain require this urgent change.

Digital Signatures and Forging Signatures: Why They Are Not the Top Priority

A common misconception is that digital signatures will be compromised once quantum computers appear. In reality, this is not the case. Signatures do not contain “hidden personal data” that quantum attackers can recover. Even if in the future, methods to forge signatures using quantum algorithms are discovered, they would only affect future transactions, not allow “reversing” past signatures or revealing hidden information.

This means that the most common signature schemes on blockchain, such as ECDSA or EdDSA, will need upgrades later, but this is not an “urgent crisis.” They have time to upgrade in a planned manner.

zkSNARKs: Even Less Urgent

The situation with zkSNARKs (Zero-Knowledge Succinct Non-Interactive Arguments of Knowledge) is different. Although this technology currently uses elliptic curves, its “zero-knowledge” proof property still ensures security against quantum attacks.

The simple reason: proofs that do not contain private data can be recovered by quantum algorithms. Therefore, zkSNARKs are not at risk of “store now, decrypt later.” In terms of priority, upgrading them is even less urgent than upgrading digital signatures.

Bitcoin - A Special Exception

While most modern blockchains can wait, Bitcoin is an exception. The reason is not technical but due to inherent protocol limitations.

First, Bitcoin’s protocol upgrade speed is extremely slow. Any changes related to consensus or security logic risk controversy, community splits, or even hard forks. Second, Bitcoin cannot automatically upgrade all assets because the signing keys are held by users — the protocol has no authority to force anyone to upgrade.

This leads to serious consequences: wallets that are no longer operational, lost, or unowned (estimated to hold millions of BTC) will be permanently exposed to quantum computers. Worse, early Bitcoin used the P2PK structure — public keys are directly visible on the blockchain. At that point, quantum computers could use Shor’s algorithm to directly extract private keys from public keys.

Compared to modern addresses (public keys are hidden via hashing, only revealed during transactions), early Bitcoin had no “time window” to compete with attackers. Therefore, moving Bitcoin assets is not just a technical issue but also involves legal risks, social cooperation, and long-term costs. Bitcoin needs to start developing a migration roadmap now.

Beware of the Upgrade Frenzy: Actual Costs and Hidden Risks

Although quantum computers pose a real threat, rushing to a full upgrade carries greater practical risks. Many current quantum-resistant algorithms have significant performance costs, are complex to implement, and some have been broken by classical algorithms (such as Rainbow, SIKE).

For example, leading post-quantum signatures like ML-DSA and Falcon are ten to hundreds of times larger than current signatures. They are also vulnerable to side-channel attacks, real number errors, or parameter misconfigurations leading to key leaks. Rapidly switching without thorough preparation could create new vulnerabilities instead of solving existing problems.

Layered Strategy: A Practical Approach

Instead of blindly switching, blockchains should adopt a phased, multi-pronged, and replaceable response strategy:

• Hybrid encryption: Deploy hybrid (post-quantum + classical) encryption for long-term secure communications.

• Hash-based signatures: Early adoption of hash-based signature schemes for cases that do not require frequent signing (firmware, system updates).

• Public key layer: Maintain plans and research, align with global Internet PKI, and proceed cautiously.

• Modular design: Apply abstracted account or modular architecture so that future signature systems can be upgraded without disrupting identity and asset histories on the chain.

In summary, not all blockchain components face the same level of threat. Priorities should be: private information encryption > signature upgrades > zkSNARKs upgrades. Bitcoin is an exception that requires early action, but the rest of the blockchain ecosystem has time to make informed decisions.