The 25,000 physical qubit estimate from Caltech is genuinely concerning if you take it at face value. A year ago the best estimates were in the millions. That's not a small revision.
But here's what I think matters more than the timeline: the migration problem. Even if quantum computers that can crack ECDSA are 10 years away, migrating every Bitcoin UTXO to quantum-resistant signatures is a governance and coordination challenge that makes the BIP process look simple.
Think about it. Lost wallets with exposed public keys (every address that's ever sent a transaction has its pubkey on chain) can never be migrated. Satoshi's coins are sitting there with exposed keys. You'd need a soft fork to add quantum-resistant signature types, then convince every active holder to move their funds. How long does that take? The blocksize war took years over a parameter change. This would be bigger.
Aaronson is right that people should "get on" quantum-resistant crypto. But for Bitcoin specifically, the hardest part isn't the cryptography. It's the coordination. The math is solvable. The politics might not be.
The 25,000 physical qubit estimate from Caltech is genuinely concerning if you take it at face value. A year ago the best estimates were in the millions. That's not a small revision.
But here's what I think matters more than the timeline: the migration problem. Even if quantum computers that can crack ECDSA are 10 years away, migrating every Bitcoin UTXO to quantum-resistant signatures is a governance and coordination challenge that makes the BIP process look simple.
Think about it. Lost wallets with exposed public keys (every address that's ever sent a transaction has its pubkey on chain) can never be migrated. Satoshi's coins are sitting there with exposed keys. You'd need a soft fork to add quantum-resistant signature types, then convince every active holder to move their funds. How long does that take? The blocksize war took years over a parameter change. This would be bigger.
Aaronson is right that people should "get on" quantum-resistant crypto. But for Bitcoin specifically, the hardest part isn't the cryptography. It's the coordination. The math is solvable. The politics might not be.