Quantum Computing and Bitcoin Security: What the Q-Day Prize Result Means for Crypto
A researcher cracked a 15-bit Bitcoin key using quantum hardware. We break down what actually happened, how far away Q-Day really is, and what Bitcoin is doing about it.
Key Takeaways
1. A researcher broke a 15-bit elliptic curve key using publicly available quantum hardware, winning Project Eleven's Q-Day Prize. This is a proof-of-concept milestone, not a threat to real Bitcoin wallets today.
2. Bitcoin's actual encryption uses 256-bit keys. Current quantum computers can crack 15 bits. Bridging that gap is estimated to require millions of stable qubits, which does not yet exist.
3. The Bitcoin development community is already preparing. BIP-360 and BIP-361 are active proposals to migrate Bitcoin toward post-quantum signature schemes before Q-Day becomes a realistic risk.
Introduction: A Headline Worth Reading Carefully
In early 2025, a researcher named Giancarlo Lelli cracked a 15-bit elliptic curve cryptography (ECC) key using a publicly available quantum computer. Project Eleven, an organization focused on quantum computing risks to Bitcoin, had posted a $1 million prize challenge called the Q-Day Prize, and this was the first claimed result.
If you saw that headline and immediately worried your Bitcoin was at risk, this article is for you. If you saw it and dismissed it entirely, this article is also for you. The truth sits somewhere in the middle.
Here is what happened, what it means, and what the Bitcoin network is doing about it.
What Is the Q-Day Prize?
Project Eleven is a quantum computing research organization that launched the Q-Day Prize to track real-world progress in quantum attacks against Bitcoin-style cryptography. The prize challenges competitors to break increasingly large ECC keys using actual quantum hardware, with the end goal of demonstrating whether, and when, Bitcoin's cryptography could realistically be broken.
The prize structure is straightforward: break an ECC key using a quantum computer, document your method, and claim the reward. The keys start small. Giancarlo Lelli broke a 15-bit key. Bitcoin uses 256-bit keys.
That gap is not a minor technical detail. It is the entire story.
A Quick Explanation: What Is Elliptic Curve Cryptography?
Bitcoin uses a cryptographic system called the Elliptic Curve Digital Signature Algorithm (ECDSA) to secure wallets and sign transactions. When you create a Bitcoin wallet, you are given a private key (a secret number) and a public key (derived from the private key using mathematical operations on an elliptic curve).
The security relies on one core assumption: it is mathematically easy to go from a private key to a public key, but it is computationally impossible to reverse that process with a classical computer. The math involved is called the discrete logarithm problem on an elliptic curve.
Classical computers cannot solve this efficiently, even with enormous processing power. Quantum computers, using an algorithm called Shor's algorithm, could theoretically solve it much faster. That is the source of the concern.
What Shor's Algorithm Actually Does
Shor's algorithm, developed by mathematician Peter Shor in 1994, is a quantum computing method designed to factor large numbers and solve discrete logarithm problems exponentially faster than classical methods. On a sufficiently powerful quantum computer, it could be used to derive a Bitcoin private key from a public key.
The key phrase is: on a sufficiently powerful quantum computer. That machine does not currently exist.
The 15-Bit Result in Context
Here is what Giancarlo Lelli actually demonstrated: using IBM's publicly available quantum hardware, he successfully ran a version of Shor's algorithm to break a 15-bit ECC key. This is a genuine technical achievement and a meaningful milestone for quantum research.
However, it is important to understand the scale difference involved:
Key Size | Status | Estimated Qubits Required | Current Threat Level |
15-bit ECC | Broken (Q-Day Prize) | ~20 noisy qubits (demonstrated) | Proof of concept only |
256-bit ECC (Bitcoin) | Not broken | Estimated 4 million+ stable qubits | No current threat |
2048-bit RSA (web/banking) | Not broken | Estimated 4,000+ logical qubits | No current threat |
The largest functional quantum computers in 2025 operate at roughly 1,000 to 2,000 physical qubits, and most of those are noisy and error-prone. Error-corrected logical qubits, the kind needed for running Shor's algorithm at scale, are still far fewer in number. The difference between cracking a 15-bit key and a 256-bit key is not a matter of slightly better hardware. It represents a difference of potentially millions of stable, error-corrected qubits.
So How Worried Should You Actually Be?
The short answer: not immediately. The longer answer requires understanding a concept called Q-Day.
Q-Day refers to the hypothetical future date when a quantum computer becomes powerful enough to break real-world encryption, including Bitcoin's 256-bit ECC. Most credible researchers and institutions currently estimate Q-Day is somewhere between 10 and 30 years away, if it arrives at all in the form originally theorized.
That said, the Q-Day Prize result matters because it proves the direction of travel. Research is advancing. Hardware is improving. The 15-bit result would have seemed impossible five years ago. Ignoring the trend entirely would be a mistake.
Reality Check Your Bitcoin wallet is not at risk from today's quantum computers. Current hardware cannot come close to breaking 256-bit elliptic curve keys. The Q-Day Prize result is a milestone for researchers, not a warning for Bitcoin holders to panic. |
What Bitcoin Is Doing About It: BIP-360 and BIP-361
Bitcoin's development community is not waiting for Q-Day to arrive before acting. Two active proposals, BIP-360 and BIP-361, address the post-quantum transition.
BIP-360: QuBit Pay to Quantum Resistant Hash
BIP-360 proposes a new type of Bitcoin address, called a QuBit address, that uses post-quantum signature algorithms instead of the current ECDSA system. The proposal introduces quantum-resistant cryptographic schemes that would be resistant to Shor's algorithm, even on a future powerful quantum computer.
The idea is that users could migrate their Bitcoin to QuBit addresses before Q-Day arrives, securing their funds under a cryptography scheme that quantum computers cannot break.
BIP-361: Post-Quantum Signatures Framework
BIP-361 is a broader framework proposal that addresses how the Bitcoin network could formally adopt and standardize post-quantum cryptographic algorithms. It builds on the groundwork laid by BIP-360 and covers the technical process for network-wide migration.
Both proposals are in active development and discussion as of 2025. They are not yet merged into Bitcoin's codebase, but they represent the community taking the long-term quantum threat seriously.
The Migration Challenge
Transitioning Bitcoin's cryptographic foundation is a significant technical and coordination challenge. It is not simply a software update. Consider the following:
Challenge | Detail |
Wallet compatibility | Every existing Bitcoin wallet would need to support new address formats and signature schemes |
User migration | Coin holders would need to actively move Bitcoin from old ECDSA addresses to new quantum-resistant addresses |
Exposed public keys | Wallets that have already broadcast a public key through a transaction are more vulnerable than wallets that have never spent from them |
Network consensus | Any change to Bitcoin requires broad consensus across nodes, miners, and developers |
Legacy coins | Bitcoin associated with old addresses, including Satoshi's coins, may never be migrated and could theoretically be at risk on Q-Day |
The migration window matters. If Q-Day were to arrive suddenly with no warning, wallets with exposed public keys would be at risk. The standard security advice for this scenario is to never reuse Bitcoin addresses and to send Bitcoin from cold storage wallets only after ensuring your receiving address has not had a public key exposed on-chain.
Hardware Wallet Tip Using a hardware wallet like a Ledger device adds a critical layer of physical security and keeps your private keys offline. Read our Hardware Wallet Setup and Security guide to understand how to protect your Bitcoin properly. |
You can explore Ledger hardware wallets at: shop.ledger.com
A Progress Timeline: Quantum vs. Bitcoin Cryptography
Year | Milestone |
1994 | Peter Shor publishes Shor's algorithm for quantum computers |
2009 | Bitcoin launches with 256-bit ECDSA security |
2019 | Google claims quantum supremacy on a narrow task (not cryptography) |
2023 | IBM introduces 1,000+ qubit processor |
2024 | NIST finalizes first post-quantum cryptography standards (ML-KEM, ML-DSA) |
2025 | Q-Day Prize: 15-bit ECC key broken on public quantum hardware |
2025 | BIP-360 and BIP-361 post-quantum migration proposals active in Bitcoin development |
TBD | Q-Day: estimate ranges from 10 to 30+ years depending on hardware progress |
What Should You Actually Do Right Now?
There is no reason to panic, but there are sensible precautions worth taking regardless of the quantum timeline:
Do not reuse Bitcoin addresses. Each address used should be spent only once. This limits exposure of your public key on the blockchain.
Use a hardware wallet. Keeping your private keys offline significantly reduces attack surface, quantum or otherwise.
Stay informed about BIP developments. If BIP-360 or BIP-361 reaches adoption, migrating to quantum-resistant addresses will become straightforward.
Avoid leaving large balances in hot wallets. Web and mobile wallets that are internet-connected carry more risk in general.
Follow credible sources. Ignore sensational headlines claiming quantum computers are days away from breaking Bitcoin. The research community provides measured assessments.
The Bigger Picture: Post-Quantum Cryptography Is a Global Effort
Bitcoin is not alone in facing this challenge. In 2024, the U.S. National Institute of Standards and Technology (NIST) finalized the first set of post-quantum cryptographic standards, covering encryption and digital signatures. These standards are now being integrated into government systems, banking infrastructure, and internet security protocols.
Bitcoin's transition to post-quantum cryptography will be one of many such migrations happening across digital infrastructure over the coming decade. The Q-Day Prize result is a useful reminder that the work needs to start long before the threat becomes immediate.
FAQ: Quantum Computing and Bitcoin Security
Can a quantum computer steal my Bitcoin today?
No. Current quantum computers are nowhere near powerful enough to break Bitcoin's 256-bit elliptic curve cryptography. The Q-Day Prize result involved a 15-bit key, which is a tiny fraction of Bitcoin's actual key size.
What is Q-Day?
Q-Day refers to a theoretical future moment when quantum computers become powerful enough to break modern encryption. Most researchers estimate this is between 10 and 30 years away, if it happens at all on that timeline. Estimates vary widely and hardware progress is uncertain.
What is BIP-360?
BIP-360 is a Bitcoin Improvement Proposal that introduces a new type of Bitcoin address, called a QuBit address, using post-quantum signature schemes. It would allow users to migrate their Bitcoin to quantum-resistant addresses before Q-Day.
Are my Bitcoin transactions safe right now?
Yes. Bitcoin's current cryptography is secure against all known classical and quantum computing capabilities available today. The Q-Day Prize result is a research milestone, not a sign that Bitcoin transactions are currently at risk.
What is Shor's algorithm?
Shor's algorithm is a quantum computing method that can solve the mathematical problems underlying modern public-key cryptography much faster than classical computers. On a sufficiently large quantum computer, it could theoretically be used to derive a private key from a public key.
What wallets are most at risk if Q-Day arrives?
Wallets that have already broadcast a public key to the blockchain, meaning wallets that have made at least one outgoing transaction, are considered more exposed. Wallets that have received Bitcoin but never spent from them have not yet exposed their public key.
Should I change my Bitcoin wallet because of quantum computing?
Not yet. However, following good security practices such as using a hardware wallet and avoiding address reuse is sensible now and will remain sensible as the quantum computing landscape develops.
Next Step: Understand How Your Wallet Is Secured Before quantum computing becomes a realistic threat, understanding the basics of how your Bitcoin wallet works is the most practical thing you can do. Read our Hardware Wallet Setup and Security Guide to learn how private keys work, how to store them safely, and how to migrate your funds when the time comes. |
Disclaimer: This content is for educational and informational purposes only and is not financial advice. Nothing here is a recommendation to buy or sell any asset or use any platform. Do your own research and manage your risk.
Read More
Need deeper training?
Join our structured modules with live examples and expert checklists for effective implementation.
JOIN THE ACADEMY
Ad
Get a $100K funded account
See current qualification terms and payout conditions.
Sponsored
Share Transmission
Broadcast this signal to your network
