š§ Long-Range vs Short-Range Quantum Attacks on Bitcoin
Quantum computers will change the security assumptions of Bitcoin. But how exactly?
Letās break it down.š
Bitcoin relies on ECC to protect your private keys.
But quantum computers break ECC.
But quantum computers break ECC.
Quantum computers open two attack windows:
- Short-range: pubkey is revealed before confirmation
- Long-range: pubkey was exposed long ago and still sits on-chain
š 1- Short-Range Attacks (a.k.a. Transaction Hijacking)
Letās start with a P2PKH transaction.
It looks secure⦠until you broadcast it.
It looks secure⦠until you broadcast it.
š When Does the Public Key Appear?
In P2PKH, your public key stays hidden until you spend.
The moment you sign a transaction, your pubkey becomes visible.
The moment you sign a transaction, your pubkey becomes visible.
A Window for Attack
From that moment, thereās a race:
Can a quantum attacker compute your private key before your transaction gets mined?
Can a quantum attacker compute your private key before your transaction gets mined?
ā³ Mempool = Danger Zone
Hereās how it plays out:
- You sign and broadcast your tx
- It enters the mempool
- Miner hasnāt mined it yet
ā Thatās the attack window
Next step: they broadcast a conflicting transaction that spends the same coins.
Miner Chooses the Higher Fee
šµļø 10. Transaction Hijacking
Also known as a front-running attack.
Itās specific to the time window between broadcast and mining.
Itās specific to the time window between broadcast and mining.
š§± 2- Long-Range Attacks
These are scarier.
They target coins that already have public keys exposed ā like old
They target coins that already have public keys exposed ā like old
P2PK
outputs.These UTXOs are permanently vulnerable.
A quantum attacker can sweep them at any time.
A quantum attacker can sweep them at any time.
Once a public key is on-chain, the attacker doesnāt need perfect timing.
They can break it at any moment in the future.
They can break it at any moment in the future.
Examples of script types vulnerable to long-range attacks:
- P2PK
- P2MS
- P2TR (script-path)
All reveal the pubkey before spend.
š P2PK Holds 8.68% of All BTC
Thatās ~1.72 million BTC sitting in publicly-exposed outputs.
Mostly Satoshi-era coins.
Mostly Satoshi-era coins.
(Source Chaincode last report on "Bitcoin and Quantum Computing")
Even P2PKH isn't totally safe.
If a user reuses the address, their public key becomes exposed and vulnerable to future long-range attacks.
If a user reuses the address, their public key becomes exposed and vulnerable to future long-range attacks.
š Whatās Next?
In upcoming posts, weāll cover:
- Bitcoin Mining and Groverās Algorithm
- The āBurn vs Stealā Dilemma
- Post-Quantum Proposals: Lamport, OP_CAT, P2QRH...
Stay tuned.
š Make sure to follow @Bitcoin_Devs
so you donāt miss whatās coming next!
so you donāt miss whatās coming next!