Can Quantum Computing Break BTC? A Clear Guide to Post-Quantum Security

The debate around “whether quantum computers can eventually crack Bitcoin” has been heating up again.

Today’s cryptographic mechanisms are still extremely secure for classical computers — even for GPUs and supercomputers. But quantum computing introduces algorithms that can dramatically speed up certain types of attacks in the future.

This is exactly why post-quantum cryptography (PQC) exists: to upgrade cryptographic systems before quantum computers reach practical scale, ensuring they remain secure even if brute-force capabilities improve by several orders of magnitude.

In this article, we’ll walk through four key topics: • how quantum computing works and where the risks come from, • what PQC is and why it matters, • how NIST defines PQC security levels, • and how wallets can start preparing today.

How Quantum Computing Works — And Where the Risk Appears

Most modern cryptographic systems (including blockchains) rely on four foundational types of algorithms:

• Symmetric encryption (AES, ChaCha20, etc.)
• Asymmetric encryption (RSA, ECDH, ML-KEM, etc.)
• Hash algorithms (SHA, HMAC, etc.)
• Digital signatures (ECDSA, ML-DSA, etc.)

Their confidentiality is based on mathematical problems that are extremely expensive for classical computers to reverse. For example:

• guessing the original input from encrypted output,
• or deriving a private key from a public key.

Even with today’s supercomputers, many of these tasks would take decades — or thousands of years.

Quantum computers, however, enable two powerful new algorithms:

• Shor’s algorithm

Provides super-polynomial speedups in factoring and discrete logarithms. → This directly threatens RSA, ECDH, and all ECC-based signature schemes including ECDSA.

• Grover’s algorithm

Provides a quadratic speedup for brute-force search. → This affects symmetric encryption and hash functions by effectively cutting their bit-strength in half.

In other words:

• Asymmetric cryptography is the most vulnerable,
• Hashing and symmetric algorithms remain safer, but require higher bit-strength to stay robust.

Because of this, the wider industry is now shifting into a PQC-Ready phase — preserve existing infrastructure where secure, and introduce new lattice-based schemes where classical algorithms can no longer hold up.

NIST selected:

• ML-KEM → next-generation key agreement (replacing ECDH)
• ML-DSA → next-generation digital signatures (replacing ECDSA)
• SLH-DSA → hash-based fallback signature scheme

These are specifically designed to resist Shor-class quantum attacks.

NIST PQC Security Levels: Why They Matter

NIST defines five post-quantum security levels (Level 1–5), describing how well an algorithm resists both classical and quantum attacks.

A simplified interpretation:

If a system maintains security comparable to AES-256 even under quantum attack, it's considered Level 5 — the highest category, suitable for long-term and critical-infrastructure protection.

OneKey’s Current Cryptography

The OneKey App uses:

• AES-CBC-256 for symmetric encryption
• PBKDF2-HMAC-SHA256 for key derivation

What this means technically

• AES-CBC-256 provides strong security even with Grover-based quantum speedups.
• PBKDF2-HMAC-SHA256 remains one of the most widely trusted derivation functions, transforming variable-length inputs (such as a PIN or password) into a 256-bit key.

It’s used across major security infrastructures, including Android and iOS device-unlock systems.

Because PBKDF2’s security overlaps with symmetric cryptography, its strength under quantum conditions depends on reversing the derived key to the original password (not finding a collision). Under this model, it maintains security equivalent to PQC Level 5.

Result

Assuming the secrets remain protected and key derivation isn’t compromised, OneKey’s current scheme provides NIST PQC Level 5 strength.

We are already preparing the next phase of upgrades:

• adopting ML-KEM for key agreement,
• migrating signatures to ML-DSA,
• increasing hash strength across the stack, to ensure the entire product ecosystem transitions smoothly into the post-quantum era.

Bitcoin’s Post-Quantum Situation

Let’s take Bitcoin as a concrete example.

Where BTC is Vulnerable

Bitcoin uses ECDSA over secp256k1. If a quantum computer with sufficient qubits and controllable circuit depth becomes available, Shor’s algorithm could derive a private key from its public key — potentially within 24 hours on high-performance quantum hardware.

But there’s an important detail:

• Unused BTC addresses are safer because only the hash of the public key is revealed (hash reversal ≈ PQC Level 5 difficulty).
• Addresses that have signed transactions are exposed because the public key becomes visible on-chain, making them theoretical targets.

How OneKey mitigates this

The OneKey App supports BTC Multi-Address Mode. After every transaction, the app automatically generates a fresh change address, meaning:

• its public key remains unrevealed,
• privacy increases,
• long-term quantum exposure decreases.

Good news & challenges

No quantum computer today can break Bitcoin’s signature scheme. However, upgrading Bitcoin’s signing algorithm to a PQC variant in the future will be extremely complex and require broad consensus across the ecosystem.

What BTC users should do today

• Prefer addresses with unrevealed public keys
• Avoid address reuse
• Periodically migrate away from older addresses
• Consider post-quantum safety as part of long-term asset planning

Not panic — but preparation.