In case you missed it, Epoch released a behemoth of a report today (#1416746), and while I haven’t read the whole thing yet, I thought he did a nice job addressing quantum computing. Also: have I said lately how much I hate pdfs?

Towards the end of 2025, a focus on quantum computing risks to bitcoin’s underlying cryptography potentially drove an institutional investor sell -off. We believe that this part of the investment community is driven by several behavioral biases, namely loss aversion, herd mentality, and availability.

Here, we provide a summary of the arguments and our perspective. The concern is Neven’s law, which states that the computational power of quantum computers increases at a doubly -exponential rate relative to that of classical computers. If true, the timeline to break Bitcoin’s cryptography could be as short as 5 years.

Moore’s law for classical computers is akin to Nevin’s law for quantum computers. However, Moore’s law was an observation. Neven’s law is not an observation because logical qubits are not increasing at such a rate. Neven’s law is an expectation of experts. Based on our understanding of expert opinion in the fields we are knowledgeable about, we are highly skeptical of expert projections.

Today, quantum computers have not observably factored a number greater than 15. If quantum computers begin to factor larger numbers, then we would see evidence of growth, but whether that growth is exponential is a separate question.

All we have seen is that progress in physical (not logical) qubits has increased, and error rates are declining. The problem is that these factors have not mapped to the real world. Said differently, rising physical qubits and lower error rates are not inc reasing logical qubits and factorization.

Further, a potentially existential issue for quantum computing is that error rates scale exponentially with the number of qubits. If this relationship holds, even if logical qubits grow exponentially, it may still not translate into factorization. At its c urrent rate, it may even be more likely that classical computers, through Moore’s law and algorithm improvements, break the cryptography used by Bitcoin before quantum computers do.

So, we need to see quantum computers factor greater numbers to really point to any meaningful progress. Until then, the sky is not falling, and this risk is not even a priority for consideration. Assuming that it was a real risk, the question would then be come: what is the Bitcoin community going to do?

Quantum -resistant signature algorithms exist – implementing one of them is not the issue. The issue is that they’re all too large for Bitcoin and would consume block space, thereby lowering transaction throughput on the network. New signatures emerging tod ay are being tested and are increasingly data -efficient. This is one of the primary risks of implementing a quantum -resistant signature scheme prematurely – we may end up with a much less efficient scheme than we could have had if we had waited.

Chaincode Labs conducted an in -depth research paper on the problem, recommending the community consider a 2 -year contingency plan and a 7 -year comprehensive plan. For the short-term contingency plan, we know that taproot address types can make commitments to spend before the public key is revealed – thus hiding the public key from a quantum computer and protecting quantum -vulnerable public keys. Basically, modern address types have a hidden form of quantum resistance that can be unlocked, and this could be used if quantum factorization suddenly grows exponentially.

The significant risk is that achieving bitcoin consensus for improvement proposals is very challenging. Historically, the community has adopted consensus soft forks. If there is an existential risk, we anticipate that far more stakeholders would align on a soft fork solution than the majority. If a solution were ultimately adopted, there is a risk that these signature types would materially decrease the efficiency of the blockchain. The BIP360 team is working through the research on these proposals today.

In summary, the progress being made in the quantum computing field is not translating to practical outcomes, and the community itself has an incentive to make the public believe it is (to raise funding/awareness/etc). However, it is undoubtedly a topic wor th considering and understanding for the community to begin long -term planning of the various trade -offs associated with solutions that already exist today. The worst - case scenario we see for quantum risk is that a solution is implemented prematurely, with an exponentially lower efficiency trade -off had we waited longer before implementing.

As an investor, your job is to identify the most material risks to an asset and focus on understanding those. There are numerous risks to consider for Bitcoin as it competes in a geopolitical environment with monetary commodities and fiat currencies. We do not view quantum computing as a primary risk for the reasons above, and your intelligence is best spent elsewhere while the technical community develops solutions. If you’re reducing your allocation because of quantum risk, you’re being driven by behavior al bias and failing to see the benefits of a bitcoin allocation on net.

We recommend the following sources for further reading: • Chaincode Labs: Bitcoin and Quantum computing • Rearden Code: Gwart Show Quantum Computing Podcast • Nic Carter: Bitcoin and the Quantum Problem