Bitcoin Faces Existential Quantum Threat: MIT's Neha Narula on Why the Clock Is Ticking

Neha Narula, Director of MIT's Digital Currency Initiative, has published a detailed analysis of Bitcoin's vulnerability to quantum computing. Her conclusion: the threat is real, the upgrade path is uncertain, and the probability of failure is non-zero.

The Core Vulnerability

Bitcoin's signatures (ECDSA) are broken by a cryptographically-relevant quantum computer (CRQC). Required fixes:

• Soft fork — Protocol-level change to support post-quantum cryptography
• Wallet migration — All users must move coins to new quantum-safe addresses
• Both must happen before a CRQC appears

The Math of Risk

Narula frames the risk as two probabilities multiplied:

Why (B) Is the Worrying Part

• Last soft fork (Taproot): 3 years 10 months from proposal to activation
• Wallet/exchange support: months to years after activation
• No agreement yet on which PQC algorithm to adopt
• No agreement even that action is necessary

"We do not yet know the best path for Bitcoin to successfully upgrade, we don't know if there will be agreement on how to navigate the tradeoffs, and it's not clear there is agreement to even do anything."

Google's Timeline

Google recently announced a timeline for migrating to post-quantum cryptography by 2029. A Google Quantum co-author suggested he "wouldn't bet against" a 10% chance of a CRQC existing by 2030.

Investment Implications

Narula notes this quantum risk is a floor for how much you should value Bitcoin at $0 — it combines additively with all other risks (key theft, network partition, Ethereum competition, etc.).

Key Takeaway

Some cryptographers have already stopped working on non-post-quantum cryptography. The quantum clock is ticking for Bitcoin, and the decentralized governance structure that makes Bitcoin resilient also makes coordinated upgrades exceptionally difficult.