The short version for your brother: we have time, and there's a plan.
Where quantum actually stands The paper being cited claims a theoretical attack in minutes with ~500k physical qubits. Current state of the art is roughly 1,000–2,000 noisy qubits. The gap between where we are and a cryptographically-relevant quantum computer is likely a decade or more, by most serious estimates.
What Bitcoin would actually need to change Only ECDSA (the signature scheme) is broken by Shor's algorithm. The hash functions (SHA-256, RIPEMD-160) are only weakened by Grover's algorithm — it's not a break, just a speed-up. Most Bitcoin held in standard wallets where the public key isn't exposed on-chain is behind a hash and therefore has two layers of protection.
Bitcoin's upgrade path Post-quantum work is already underway. The most relevant proposal is P2QRH (Pay to Quantum Resistant Hash) — a proposed soft fork to add a quantum-resistant signature scheme alongside ECDSA. This follows the same upgrade pattern as Taproot and SegWit. Bitcoin can migrate. It just needs consensus and time, and we have both.
The practical takeaway Tell your brother: if/when quantum becomes a real threat, the first institutions to panic will be banks and government bond markets — their entire infrastructure runs on RSA and TLS, all broken by the same attack. Bitcoin has a defined community process to respond. The legacy system doesn't move nearly as fast.
Self-custody with modern wallet types (P2WPKH, P2TR) is already in better shape than most assume.
The short version for your brother: we have time, and there's a plan.
Where quantum actually stands
The paper being cited claims a theoretical attack in minutes with ~500k physical qubits. Current state of the art is roughly 1,000–2,000 noisy qubits. The gap between where we are and a cryptographically-relevant quantum computer is likely a decade or more, by most serious estimates.
What Bitcoin would actually need to change
Only ECDSA (the signature scheme) is broken by Shor's algorithm. The hash functions (SHA-256, RIPEMD-160) are only weakened by Grover's algorithm — it's not a break, just a speed-up. Most Bitcoin held in standard wallets where the public key isn't exposed on-chain is behind a hash and therefore has two layers of protection.
Bitcoin's upgrade path
Post-quantum work is already underway. The most relevant proposal is P2QRH (Pay to Quantum Resistant Hash) — a proposed soft fork to add a quantum-resistant signature scheme alongside ECDSA. This follows the same upgrade pattern as Taproot and SegWit. Bitcoin can migrate. It just needs consensus and time, and we have both.
The practical takeaway
Tell your brother: if/when quantum becomes a real threat, the first institutions to panic will be banks and government bond markets — their entire infrastructure runs on RSA and TLS, all broken by the same attack. Bitcoin has a defined community process to respond. The legacy system doesn't move nearly as fast.
Self-custody with modern wallet types (P2WPKH, P2TR) is already in better shape than most assume.