I believe it is not a matter of if, but when ECDSA is broken by a quantum computer running Shor's algorithm.
When this happens, all P2PK and all P2TR (including "script only" addresses) will become immediately compromised. Any hash-obfuscated addresses (like P2PKH or P2SH) will be safe, however any attempts to spend them will be vulnerable to attack once a spend tx hits the mempool.
One option is to do nothing, while joking about how IBM can't build a qbit processor that reliably factors beyond double-digits. Indeed, there is skepticism whether quantum computers can ever scale. However I think betting against IBM (and every nation-state interested in breaking ECDSA) is a stupid move, and we should maybe start thinking about what a post-quantum bitcoin future would look like.
There are proposals for a quantum-resistant signature scheme to replace ECDSA, and the current front-runner (that I am aware of) is lattice-based cryptography. This form of cryptography goes well over my head, and is still in an experimental stage.
I am curious what other people think about this subject.
- How worried are you about ECDSA being broken in the next 30 years?
- How close are we to building a quantum processor that can actually scale?
- What are some promising or cool solutions that could replace ECDSA?
For me personally, I am worried that we currently do not have any experimental alternatives in place, just in case some radical development happens to accelerate things. Also, lattices make my brain melt. 🫠