In March 2026, discussions around quantum computing and cryptographic security are heating up once again. After Google launched its 105-qubit Willow chip at the end of 2024, anxiety over "when will quantum computers break Bitcoin" has lingered in the market. Recently, ARK Invest and Unchained jointly released a white paper that systematically addresses these concerns. Unlike the prevailing "Q-Day" panic narrative, the report introduces a five-stage evolution framework, arguing that the threat quantum computing poses to Bitcoin will be gradual, traceable, and defensible.
Why Is the Threat of Quantum Computing to Bitcoin Overestimated?
Much of the current market panic about quantum computing stems from misunderstandings about the state of the technology. ARK Invest’s report makes it clear: we are at stage 0 of the five-stage framework, where "quantum computers exist, but have no commercial value yet." This phase is known in academia as the NISQ era—the Noisy Intermediate-Scale Quantum computer era.
From a quantitative perspective, breaking Bitcoin’s Elliptic Curve Digital Signature Algorithm (ECDSA) requires at least 2,330 logical qubits and tens of millions to billions of quantum gate operations. The most advanced quantum processors today, like Willow, are still at about 100 physical qubits, with error rates far from the threshold needed for fault-tolerant computation. The gap between current technology and the threshold for breaking Bitcoin is aptly compared to the distance "from transistor radios to smartphones."
How Does the Five-Stage Framework Define the Path of Quantum Risk Evolution?
ARK Invest’s five-stage framework provides the market with a common language for tracking risk progression. These stages aren’t arbitrary—they’re grounded in the engineering trajectory of quantum computing and the symmetric evolution of cryptographic offense and defense.
Stage 0 (current): Quantum computers exist but lack commercial value and are far from posing a cryptographic threat. Stage 1: Quantum systems achieve commercial breakthroughs in verticals like chemistry and materials science, but remain unrelated to cryptographic systems. Stage 2: Quantum computers become capable of breaking weak keys or outdated cryptographic systems—this marks the debut of "cryptographically relevant quantum computers" (CRQC), but targets only vulnerable systems, not Bitcoin’s 256-bit ECC. Stage 3: Quantum computers are theoretically able to break ECC, though slowly; at this point, early P2PK addresses (with long-exposed public keys) become the primary risk. Stage 4: The critical threshold arrives—quantum computers break private keys faster than Bitcoin’s 10-minute block interval. If the protocol isn’t upgraded, Bitcoin faces existential risk.
Which Addresses Are Exposed to "Harvest Now, Decrypt Later" Attacks?
When discussing quantum threats, it’s essential to distinguish between "passive risk" and "active risk." The vast majority of Bitcoin addresses—those starting with 1, 3, or bc1 (P2PKH, P2SH, P2WPKH formats)—only expose their public keys briefly during transaction broadcasts. For attackers to break, sign, and broadcast within 10 minutes, the required computational power far exceeds current technological boundaries.
The real risk lies in early P2PK addresses from 2009 to 2010. The public keys for these addresses are directly recorded on the blockchain and permanently exposed. This enables attackers to employ a "Harvest Now, Decrypt Later" strategy: download these public keys in bulk now, and wait for future quantum computers to mature before cracking them. Estimates suggest these high-risk addresses hold between 2 and 4 million bitcoins, including about 1.1 million in Satoshi Nakamoto’s wallets.
Can Post-Quantum Cryptography Outpace Quantum Computing Advances?
This is a pivotal race for the fate of cryptographic networks. ARK Invest’s report offers a relatively optimistic outlook: the development of post-quantum cryptography (PQC) is currently ahead of the construction of quantum computers powerful enough to break Bitcoin’s encryption.
Between 2025 and early 2026, the PQC field has seen a burst of substantial progress. In 2024, NIST officially released the FIPS 203 and FIPS 204 standards, based on the ML-KEM and ML-DSA algorithms, respectively. At the Real World Crypto Symposium in March 2026, academia and industry showcased further PQC migration capabilities: Threshold ML-DSA implementations now achieve usable performance in multiparty computation environments, with cross-continental signing latency under 750 milliseconds. The Signal protocol is advancing XHMQV improvements to balance post-quantum algorithm computational loads. These developments indicate that, by the time quantum threats reach stage 3, PQC standardization and engineering may already be in place.
How Long Would It Take to Upgrade Bitcoin’s Protocol for Quantum Resistance?
The upgrade timeline is a core variable in risk assessment. Co-authors of BIP-360 previously estimated that a full post-quantum upgrade could take about seven years, including solution design, community consensus, soft fork deployment, and network-wide node updates.
Combining this timeline with ARK Invest’s scenario analysis: in a balanced scenario, quantum computers reach stage 3 in 10 to 20 years; in a pessimistic scenario, a breakthrough could occur suddenly; in an optimistic scenario, quantum computing may stall for a long time due to engineering challenges. Even in the most urgent pessimistic scenario, the Bitcoin community has room for emergency deployment—multiple PQC proposals can be accelerated under pressure. The seven-year upgrade cycle and the ten-plus-year threat window provide a relatively comfortable buffer, as long as developers and the community start research and testing now, rather than waiting for stage 2 signals.
Why Is Quantum Computing a More Immediate Threat to Encrypted Communications Than to Bitcoin?
A commonly overlooked fact: encrypted instant messaging apps face a more direct quantum risk than Bitcoin. IBM experts recently pointed out that end-to-end encrypted tools like Signal and Threema are confronting the urgent challenge of "Harvest Now, Decrypt Later."
The reason lies in differences in key exchange mechanisms. Signal upgraded its PQXDH protocol in 2023 to address future quantum threats to session keys; Threema is collaborating with IBM to integrate NIST’s ML-KEM algorithm. In contrast, Bitcoin’s upgrade pressure is focused on transaction signature algorithms and can be mitigated by gradual migration of address formats. If messaging apps are bulk-decrypted for historical messages, privacy damage is irreversible, making PQC migration in communications more urgent.
How Should the Market Interpret Quantum Risk Pricing in 2026?
From an asset pricing perspective, quantum risk will not be a dominant factor affecting crypto asset valuations in 2026. Grayscale’s "2026 Digital Asset Outlook" makes it clear: quantum computing threats are unlikely to impact crypto prices in 2026, and quantum benchmarking by agencies like DARPA shows that quantum computers capable of breaking cryptography are still a distant prospect.
However, "no price impact" does not mean "no need for attention." Risk pricing in markets is often anticipatory—when quantum computing reaches stage 1 (commercial applications), crypto markets may begin adjusting risk premiums; at stage 2 (breaking weak cryptosystems), the market enters a "visible threat" phase. The rational strategy: during this risk vacuum in 2026, establish a framework for tracking PQC progress, rather than waiting for stage 3 signals to react hastily.
Summary
The impact of quantum computing on cryptographic networks is essentially a generational upgrade of cryptographic infrastructure. Redefining the threat as a "traceable, gradual process" isn’t about easing anxiety, but about enabling evidence-based defensive action.
The core tasks for the current stage are clear: first, proactively migrate high-risk addresses (P2PK), as holders must awaken these dormant bitcoins themselves; second, continue advancing PQC standardization at the protocol layer—proposals like BIP-360 need broader community discussion and testnet validation; third, build cross-industry collaboration mechanisms, leveraging engineering experience from messaging apps like Signal and Threema in PQC migration.
"Q-Day" won’t arrive suddenly, but it also won’t be absent forever. Every step from stage 0 to stage 4 is a symmetric game between the technical community and attackers. Whether the crypto industry wins this marathon depends on today’s choices: will quantum threats be shelved as distant science fiction, or integrated into the next decade’s technical roadmap, steadily building defensive infrastructure?
FAQ
Q: What is "Q-Day"? Will it really happen?
A: "Q-Day" refers to the hypothetical moment when quantum computing becomes powerful enough to break current public-key cryptographic systems. ARK Invest’s analysis suggests this event won’t happen suddenly, but will approach gradually through observable technological milestones, giving the community ample time for defensive upgrades.
Q: Is my Bitcoin safe now? Should I move it?
A: The vast majority of Bitcoin using modern address formats (such as P2WPKH, P2TR) is safe now and for the foreseeable future (at least 10–20 years). If you hold Bitcoin in pre-2011 P2PK addresses, it’s recommended to proactively migrate to a modern address.
Q: How will the Bitcoin network upgrade for quantum resistance?
A: Mainly through soft forks introducing post-quantum signature algorithms, as proposed in BIP-360. These upgrades are compatible with the existing UTXO model. Users don’t need to act immediately, but will eventually need to migrate assets to new address formats.
Q: What will quantum computing attack first?
A: Technically, breaking weak cryptosystems (stage 2) will come before breaking Bitcoin’s ECC (stage 3). In terms of urgency, "Harvest Now, Decrypt Later" risks for encrypted messaging apps are more direct than for Bitcoin, since protocols like Signal may have historical messages stored and decrypted in bulk in the future.
Data note: All quantum qubit thresholds, address classifications, and technical timelines referenced are based on industry research and technical standards publicly available as of March 13, 2026. For crypto asset price data, please refer to Gate’s real-time market quotes.
