../notes · 2026-04-10 · ternarycrypto

Why I'm tracking the quantum threat to Bitcoin

The quantum threat to Bitcoin stopped being theoretical in March. Here's why I built a monitoring feed instead of another newsletter.

The most interesting thing that happened to Bitcoin this year is something almost none of the usual commentators are tracking carefully — and most of the ones who are tracking it are doing it badly.

On 30 March 2026, Google Quantum AI published “Securing Elliptic Curve Cryptocurrencies against Quantum Vulnerabilities.” It reported a tailored Shor’s algorithm for the 256-bit elliptic curve discrete logarithm problem — the problem that sits underneath every Bitcoin signature — that needs under 1,200 logical qubits and under 90 million Toffoli gates. Compiled onto surface-code error correction, that’s fewer than 500,000 physical qubits. Roughly twenty times cheaper than the previous best estimate. The authors explicitly noted that the resulting attack could run inside the ten-minute window of a Bitcoin block, which means “on-spend” attacks — stealing coins in flight between broadcast and confirmation — are now on the table as a technical concept rather than a thought experiment.

Nine days later, Bernstein — Wall Street, not crypto Twitter — sent a client note saying the industry has three to five years to migrate to post-quantum signatures. Not “a decade,” which was the standard line eighteen months ago. Three to five years. Adam Back is saying the same thing in more measured language, and BTQ Technologies put the first working BIP-360 implementation on a live testnet ten days before the Google paper dropped.

None of this means Bitcoin is broken. It means something much more interesting: Bitcoin is now running a race it didn’t know it was running a year ago. The race is political as much as it is technical — BIP-360 is a proposal, P2MR is a testnet, Dilithium isn’t in anyone’s hardware wallet yet, and the coordination problem of migrating roughly 1.7 million coins in legacy addresses is closer to a governance crisis than an engineering one. The engineering is mostly known. The coordination isn’t.

Why I built a feed instead of a newsletter

I looked for a dedicated publication that tracks this intersection — quantum cryptanalysis, PQC standards, Bitcoin signature migration, the coordination and policy layer — and I didn’t find one. There are quantum newsletters that barely mention Bitcoin. There are Bitcoin newsletters that treat “quantum” as a Twitter meme. There are two or three excellent researchers writing occasionally on their personal blogs. Nothing that aggregates the signal, scores it honestly, and publishes a live feed.

I thought about writing one. Then I ran the math. A good weekly newsletter is thirty to fifty hours per month if you do it properly. I don’t have thirty to fifty hours per month. I have maybe two. The gap is twenty times, which is — not coincidentally — the same ratio Google’s paper knocked off the qubit requirements. When you’re outgunned by twenty to one, you don’t fight, you automate.

So ternarycrypto is not a newsletter. It’s a crawler. It polls arXiv, NIST, Google Research, Hacker News, CoinDesk, Decrypt, and the Bitcoin BIPs repo. It scores each item for relevance to the quantum-crypto intersection. It publishes the feed as a plain page with UTC timestamps and no marketing. Once a week, the crawler drafts a digest of the top items and I skim it. Once a month — maybe — something real enough happens that I write a note like this one. That’s the whole operation. The bandwidth budget is two hours a month on purpose, because if I try to make it more, I won’t make it at all, and then the site will be dead again.

Where this actually goes

This isn’t a panic-sell piece. The three-to-five-year window Bernstein describes is plausible but almost certainly too narrow on the downside and too wide on the upside simultaneously, which is the shape of real uncertainty. The realistic scenarios, as I see them:

First, nothing happens fast. The quantum hardware roadmap stalls, as it has for most of the last decade. Bitcoin gets BIP-360 or a successor merged, wallet software rolls out P2MR support, and by 2030 the holders who moved their coins are fine. Legacy coins in exposed addresses become a long-tail insurance problem. This is the base case and it’s probably 60% likely.

Second, quantum hardware moves faster than the roadmap. Google or IBM or a Chinese lab demonstrates a logical-qubit milestone that compresses the timeline. Bitcoin has a rushed soft fork debate. Old coins get controversial — burn them, grandfather them, or let them rot? This is where the real governance crisis lives, and it’s maybe 25% likely inside five years.

Third, the signature scheme holds and BIP-360 adoption is smoother than anyone expects. PQ signatures are larger and slower, but block space is not the binding constraint people thought it was, and the migration happens quietly. 15% likely, and the one that gets the least attention because it’s boring.

In every one of those scenarios, the useful thing to have is not a confident prediction. It’s a feed. Something I can glance at once a week and know whether the base case is still the base case. That is what ternarycrypto is for.

What I’ll write about here

Not much. The whole point of this project is that I automated the part I’m not willing to do by hand. When I do write a note, it will be because one of a few things happened:

If you want those as an email, you can’t have them. The RSS feed is at /rss.xml. That is the only subscription interface this site will ever have. I am not going to spend twenty percent of this project’s time budget pretending to run a newsletter.

The feed is live. The Q-Day clock is on the homepage. The crawler runs on a schedule and the code is in the repo. If you find a source I should be pulling from that I’m missing, tell me. If you think the scoring is wrong, the JSON is in src/content/feed/items.json and you can see every score.

Two hours a month. That’s the deal. Let’s see what happens.

← back to /notes