pull down to refresh

🧠 Long-Range vs Short-Range Quantum Attacks on Bitcoin

Quantum computers will change the security assumptions of Bitcoin. But how exactly?
Let’s break it down.šŸ‘‡

Bitcoin relies on ECC to protect your private keys.
But quantum computers break ECC.

Quantum computers open two attack windows:
  • Short-range: pubkey is revealed before confirmation
  • Long-range: pubkey was exposed long ago and still sits on-chain

šŸ” 1- Short-Range Attacks (a.k.a. Transaction Hijacking)

Let’s start with a P2PKH transaction.
It looks secure… until you broadcast it.

šŸ‘€ When Does the Public Key Appear?

In P2PKH, your public key stays hidden until you spend.
The moment you sign a transaction, your pubkey becomes visible.

A Window for Attack

From that moment, there’s a race:
Can a quantum attacker compute your private key before your transaction gets mined?

ā³ Mempool = Danger Zone

Here’s how it plays out:
  1. You sign and broadcast your tx
  2. It enters the mempool
  3. Miner hasn’t mined it yet
    → That’s the attack window


Next step: they broadcast a conflicting transaction that spends the same coins.


Miner Chooses the Higher Fee


šŸ•µļø 10. Transaction Hijacking

Also known as a front-running attack.
It’s specific to the time window between broadcast and mining.

🧱 2- Long-Range Attacks

These are scarier.
They target coins that already have public keys exposed — like old P2PK outputs.

These UTXOs are permanently vulnerable.
A quantum attacker can sweep them at any time.

Once a public key is on-chain, the attacker doesn’t need perfect timing.
They can break it at any moment in the future.

Examples of script types vulnerable to long-range attacks:
  • P2PK
  • P2MS
  • P2TR (script-path)
    All reveal the pubkey before spend.

šŸ“Š P2PK Holds 8.68% of All BTC

That’s ~1.72 million BTC sitting in publicly-exposed outputs.
Mostly Satoshi-era coins.
(Source Chaincode last report on "Bitcoin and Quantum Computing")

Even P2PKH isn't totally safe.
If a user reuses the address, their public key becomes exposed and vulnerable to future long-range attacks.

šŸ”œ What’s Next?

In upcoming posts, we’ll cover:
  • Bitcoin Mining and Grover’s Algorithm
  • The ā€œBurn vs Stealā€ Dilemma
  • Post-Quantum Proposals: Lamport, OP_CAT, P2QRH...
Stay tuned.

šŸ‘‰ Make sure to follow @Bitcoin_Devs
so you don’t miss what’s coming next!

22 sats \ 0 replies \ @freetx 5 Jun
The current state of QC is some researchers with a desk full of fist sized vacuum tubes soldered together by hand telling you that the day is coming when they will be 4nm in size with billions of them on a postage stamp sized wafer.
Perhaps they are in fact right, but we are so far off from that there is no immediate need to do anything.
Quit falling for google/ibm marketing claims, its not intended for you....its aimed at fleecing wall street.
There was even a paper published last year that said that successful use of Shor may require a far lower QC noise floor than previously thought.
reply