Quantum Threat to Crypto Is Not Here Yet, but Coinbase Advisory Board Says the Time to Prepare Is Now

Insider BriefThe cryptocurrency industry should stop debating exactly when quantum computers will become a threat and start preparing for their eventual arrival, according to a new report commissioned by Coinbase and prepared by a group of leading experts in quantum computing, cryptography and blockchain technology.The report concludes that large-scale, fault-tolerant quantum computers capable of breaking today’s most widely used public-key cryptography are likely to be built eventually, even if significant engineering challenges remain. As a result, the analysts report that blockchains, exchanges, custodians and wallet providers should begin implementing migration plans toward post-quantum security rather than waiting for an emergency.The report, published by the Coinbase Independent Advisory Board on Quantum Computing and Blockchain, brings together perspectives from researchers including University of Texas professor Scott Aaronson, Stanford University professor Dan Boneh, Ethereum Foundation researcher Justin Drake, University of Washington professor Sreeram Kannan, Coinbase research scientist Yehuda Lindell and University of California, Santa Barbara professor Dahlia Malkhi.The advisers emphasize that the threat posed by quantum computing is not imminent, but it is credible enough that delaying preparation could create avoidable risks for digital assets.The paper distinguishes between today’s experimental quantum computers and the fault-tolerant machines that would be required to compromise cryptocurrencies secured using elliptic-curve cryptography.Current quantum devices remain noisy and limited in scale, while executing Shor’s algorithm against modern cryptographic systems would require logical qubits protected by error correction, along with millions of operations performed reliably over long periods of time.According to the report, the necessary building blocks are beginning to emerge, with two-qubit gate fidelities in several hardware platforms reaching approximately 99.9%, a level that theoretical work suggests could support fault-tolerant quantum computing if maintained as systems scale dramatically, although scaling itself remains a formidable challenge.The board cautions against relying on headline metrics such as raw qubit counts when assessing progress. Instead, it identifies several milestones that would signal meaningful movement toward cryptographically relevant quantum computing, including demonstrations of fault-tolerant logical qubits that outperform their underlying physical components, successful implementations of fault-tolerant versions of Shor’s algorithm on small problems, and practical demonstrations of quantum advantage in commercially important simulation tasks.Interestingly, the board points to quantum simulation, rather than cryptography, as one of the primary economic driver behind quantum computing investment.The board reports that applications involving chemistry, materials science and physics are the most plausible near-term sources of commercial value, and that success in those fields could create a virtuous cycle in which useful applications generate revenue, revenue funds improved hardware, and improved hardware eventually enables cryptographically relevant machines.If that commercial momentum stalls, the timeline for quantum threats to cryptography could extend considerably, but for blockchain developers, uncertainty about timing does not eliminate the need for preparation.The report indicates that post-quantum cryptography already exists. Unlike quantum key distribution, which requires specialized quantum hardware, post-quantum cryptographic algorithms run on conventional computers while resisting attacks from future quantum adversaries.The National Institute of Standards and Technology has already standardized several post-quantum algorithms, including ML-KEM for key establishment and ML-DSA and SLH-DSA for digital signatures, while additional algorithms remain under evaluation.The challenge is not the absence of candidate solutions but integrating them into blockchain systems without undermining performance, decentralization or usability.Many existing blockchain systems rely heavily on digital signatures, with validators using them to establish consensus, users relying on them to authorize transactions, and wallet providers and custodians building key-management infrastructure around them, meaning that replacing those systems will not be simple.One of the report’s recurring themes is that post-quantum signatures are substantially larger than the elliptic-curve signatures commonly used today.ML-DSA signatures, for example, can exceed 2,400 bytes compared with roughly 64 bytes for Ed25519 signatures, while hash-based approaches can be even larger.Those increases matter because blockchains are fundamentally constrained by storage, bandwidth and computational costs, and the report estimates that naive adoption of post-quantum signatures could reduce blockchain throughput dramatically, increase transaction fees and accelerate chain growth.In a hypothetical Bitcoin example, replacing conventional signatures with ML-DSA signatures could reduce transaction capacity severalfold, even after accounting for Bitcoin’s witness discount mechanisms.The implications extend beyond individual transactions, as many proof-of-stake systems rely on aggregate signature schemes such as BLS signatures, which allow thousands of validator attestations to be compressed efficiently; Ethereum, for example, uses BLS signatures extensively throughout its consensus process.Equivalent post-quantum schemes with comparable efficiency do not yet exist, and although researchers are actively developing post-quantum threshold and aggregate signature systems, today’s approaches generally involve larger signatures, slower execution and interactive communication requirements that could complicate consensus protocols.The report recommends that blockchain communities begin planning migration strategies immediately, particularly those whose security models depend heavily on aggregation techniques.Rather than advocating abrupt transitions, the board favors staged approaches, including introducing periodic post-quantum checkpoints into existing chains under which selected blocks would receive post-quantum signatures, anchoring earlier portions of the blockchain history against future forgery attempts.This approach could allow networks to gain meaningful protection without immediately replacing every component of their consensus systems, while the board also stresses the importance of crypto-agility, or the ability to update cryptographic algorithms without extensive redesigns.Networks that build flexibility into their protocols today may find future migrations considerably easier.The report identifies differences among major blockchain ecosystems, indicating that Ethereum’s smart contract architecture potentially provides greater flexibility because developers can implement alternative signing mechanisms without necessarily requiring consensus-wide governance changes.Bitcoin presents a different challenge because protocol modifications generally proceed cautiously and require broad agreement, meaning migration strategies must minimize disruption while preserving compatibility with existing infrastructure.Beyond the technical considerations, the analysts report that user behavior may prove to be an even more difficult challenge.Transitioning millions of users to new cryptographic standards would likely require large-scale coordination across exchanges, custodians, wallet providers and blockchain communities, while hardware security modules may need upgrades, multi-party computation systems could require redesign, and software wallets would need new capabilities. Some users, however, may never migrate at all.The report highlights dormant wallets as one of the most difficult governance questions facing the industry.If owners fail to transfer assets into post-quantum-secured addresses before quantum attacks become feasible, blockchains may face uncomfortable choices, as vulnerable assets could remain exposed to theft indefinitely or communities might decide to invalidate or “burn” inaccessible funds.Neither outcome is likely to prove universally acceptable, which is why the board reports that these decisions should not be postponed until a crisis emerges.Instead, the board writes that blockchain communities should begin discussing policies now and communicate them publicly to reduce uncertainty among investors and users.The report ultimately rejects two extreme positions that have characterized portions of the quantum debate. On one hand, it reports against complacency, with the board expressing high confidence that large-scale fault-tolerant quantum computers will eventually be built and cautioning against assuming that engineering difficulties will permanently prevent progress.On the other hand, the report warns against panic, noting that fault-tolerant quantum computers capable of threatening modern blockchains do not yet exist and that significant scientific and engineering advances remain necessary before they become practical.The appropriate response is measured preparation, according to the advisory board, adding that the cryptocurrency sector has navigated major technical transitions before, from scaling upgrades to consensus changes. The migration to post-quantum cryptography may ultimately become another chapter in that history.Although the timeline remains uncertain, the board reports that this uncertainty strengthens rather than weakens the case for action.If preparations begin early, they contend, the blockchain ecosystem can adapt gradually and deliberately, whereas if the industry waits until the threat becomes urgent, the choices may become considerably more difficult.Share this article:Keep track of everything going on in the Quantum Technology Market.In one place.