ECDSA Vulnerability: How Quantum Computers Will Break Bitcoin's Security

How ECDSA Works (Simple Version)

ECDSA is based on elliptic curve mathematics. Here's the simplified version:

1. Key generation: You pick a random number — your private key. Multiply it by a known "generator point" on an elliptic curve. The result is your public key.
2. The trapdoor: Going from private → public is easy (scalar multiplication). Going from public → private requires solving the Elliptic Curve Discrete Logarithm Problem (ECDLP), which is computationally infeasible on classical computers.
3. Signing: To authorize a transaction, you create a mathematical proof (signature) using your private key and the transaction data.
4. Verification: Anyone can verify the signature using your public key, without learning your private key.

Bitcoin uses the secp256k1 curve specifically. Ethereum uses the same curve. This means they share exactly the same vulnerability.

How Shor's Algorithm Breaks ECDSA

In 1994, mathematician Peter Shor demonstrated that quantum computers can efficiently solve two problems:

• Integer factorization (breaks RSA)
• Discrete logarithms (breaks ECDSA, EdDSA, Diffie-Hellman)

For ECDSA specifically, Shor's algorithm exploits quantum superposition and entanglement to solve the ECDLP in polynomial time. What takes a classical computer longer than the age of the universe becomes feasible in hours or days on a sufficiently powerful quantum computer.

Which Addresses Are Most Vulnerable?

Not all Bitcoin addresses are equally exposed:

• Pay-to-Public-Key (P2PK) — MOST VULNERABLE: The public key is directly visible. These are early Bitcoin addresses, including Satoshi's coins. Approximately 1.7 million BTC sit in P2PK addresses.
• Reused P2PKH/P2SH addresses — VULNERABLE: Once you send from a Pay-to-Public-Key-Hash address, the public key is revealed. Reusing the address means the key is permanently exposed.
• Unused P2PKH addresses — PARTIALLY SAFE: If you've only received BTC but never sent, only the hash of your public key is on-chain. However, the moment you try to move funds (even to escape a quantum attack), your public key is revealed during the transaction.

Ethereum's Exposure

Ethereum is arguably more vulnerable than Bitcoin:

• Ethereum addresses are derived from public keys using Keccak-256 hashing, but the full public key is included in every outgoing transaction
• Every active Ethereum address (one that has ever sent a transaction) has its public key exposed
• Smart contracts, DeFi interactions, and NFT transactions all expose the user's public key
• The Ethereum ecosystem is heavily based on address reuse (unlike Bitcoin's UTXO model)

The Replacement: CRYSTALS-Dilithium (ML-DSA)

CRYSTALS-Dilithium (standardized by NIST as ML-DSA in FIPS 204) is the designated successor to ECDSA for post-quantum digital signatures. Unlike ECDSA's elliptic curve math, Dilithium's security is based on the Module Learning With Errors (MLWE) problem — which quantum computers cannot efficiently solve.

BMIC has implemented Dilithium as its primary transaction signing mechanism from day one. As NewsBTC reported, BMIC is building quantum-safe wallets for Ethereum — replacing ECDSA with Dilithium within the EVM ecosystem via account abstraction.

Timeline: When Does ECDSA Break?

Conservative estimates suggest a quantum computer capable of breaking 256-bit ECDSA requires:

• ~2,330 logical qubits (or ~4-20 million physical qubits with error correction)
• Expert consensus: 2029-2035 for cryptographically relevant quantum computers
• Google's Willow chip (2024) demonstrated real-time quantum error correction — a critical milestone
• IBM's roadmap targets 100,000+ qubits by 2033

But remember: the "Harvest Now, Decrypt Later" threat means your ECDSA-signed transactions are being captured today for future quantum attack.