A new position paper from the Coinbase Independent Advisory Board on Quantum Computing and Blockchain argues that crypto’s quantum threat is not immediate, but the migration work can no longer be treated as a distant problem. The report’s core message is straightforward: Bitcoin, Ethereum and the broader blockchain sector should be building post-quantum roadmaps now, not waiting for a fault-tolerant quantum computer to arrive.
The paper, published April 21 and authored by a group that includes Scott Aaronson, Dan Boneh, Justin Drake, Sreeram Kannan, Yehuda Lindell and Dahlia Malkhi, says it has “high confidence” that a large-scale fault-tolerant quantum computer will eventually be built.
Coinbase Puts Bitcoin And Ethereum Devs On Notice
At the same time, it stresses that breaking current public-key cryptography still requires a machine far beyond today’s devices, and that the threat remains an engineering challenge rather than an imminent market event. NIST’s recommendation that post-quantum migrations should be completed by 2035 features prominently in that framing, though the authors add that they are “not confident” cryptographically relevant quantum computers will not exist by then or later.
Still, the report pushes hard against complacency. “Waiting for it to be urgent is not a good idea,” the authors write. “The discussion regarding quantum computing often revolves around the timeline. However, we believe that this debate on timelines is largely irrelevant (beyond that it is not imminent) since migrations should be planned for and prepared now.”
The advisory board argues that post-quantum protection is needed at both the consensus layer, where validators sign blocks, and the execution layer, where users sign transactions. The catch is that the cleanest cryptographic replacements are often much heavier than the elliptic-curve systems chains use today, especially once signature size, verification cost and aggregation are taken into account.
For Bitcoin, the report draws a distinction between UTXOs whose public keys remain hidden behind hashes and outputs where the cleartext public key is already exposed on-chain. It cites an estimate from Project 11 that about 6.9 million BTC sit in UTXOs for which the cleartext public key is known, including roughly 1.7 million BTC in older pay-to-public-key outputs, among them the so-called Satoshi coins. Those are the coins that would be most vulnerable to a harvest-now, break-later style attack once a sufficiently capable quantum machine exists.
The Bitcoin section does not read like a call for panic. It notes that Grover’s algorithm is unlikely to hand quantum miners an edge over classical ASICs anytime soon, because the overhead of running the quantum search remains too high. But it does outline practical mitigation ideas, including a commit-reveal approach for spending pre-quantum UTXOs more safely and an “Hourglass” proposal that would cap spending of exposed P2PK outputs at 1 BTC per block, effectively turning dormant coins into a canary rather than an instant jackpot.
Ethereum’s path in the paper is more expansive. The authors say the network faces four quantum-sensitive surfaces: EOA transaction signing at the execution layer, BLS validator signatures at the consensus layer, pairing-based proof systems in the EVM, and KZG commitments in the data layer. The report says Ethereum’s current direction is to move to hash-based signatures for both consensus and execution, using leanXMSS for validators and leanSPHINCS for user-level execution, then compressing the resulting signature load through SNARK-based aggregation. In that design, the on-chain aggregate signature would be on the order of 128KB.
More broadly, the paper recommends staged migration rather than abrupt replacement. At the consensus layer, it proposes periodic post-quantum checkpoints that can anchor prior history even before a full switchover.
At the execution layer, it favors a “1-out-of-2” approach, where users can sign with either the current elliptic-curve scheme or a post-quantum scheme, allowing chains to keep today’s costs low while preserving the option to disable legacy signatures later. “We firmly believe that a large-scale fault-tolerant quantum computer will eventually be built,” the authors write. “This doesn’t mean that the threat is imminent… However, we believe that the time to begin preparing for it is now.”
At press time, Bitcoin traded at $77,974.
Featured image created with DALL.E, chart from TradingView.com
Editorial Process for bitcoinist is centered on delivering thoroughly researched, accurate, and unbiased content. We uphold strict sourcing standards, and each page undergoes diligent review by our team of top technology experts and seasoned editors. This process ensures the integrity, relevance, and value of our content for our readers.
Cryptocurrency Market Dynamics:#Bitcoin #Ethereum #PostQuantum #Plan #Coinbase
