Q-day may be coming for Satoshi’s coins

12cbQLTFMXRnSzktFkuoG3eHoMeFtpTu3S is one of the many Bitcoin addresses attributed to Satoshi Nakamoto.

So only Satoshi can spend the 18.44290142 bitcoin held there, because only he knows the private key that can unlock them. (Assuming he hasn’t lost it, which I definitely would have by now.) 

This is what it means to “own” bitcoin: In crypto’s system of public-key cryptography, knowledge of the private key is 10/10ths of the law.

These all-important private keys are randomly generated whenever a new Bitcoin wallet is created (more or less).

The corresponding public key and address are then mathematically derived from the private key, based on a geometric pattern of operations defined by elliptic curve math. 

This pattern creates a mathematical relationship between public and private keys that lets you prove you know a private key without you having to reveal it.

(If the public and private keys were both randomly generated, the pairs would have to be kept in a centralized database somewhere, defeating the purpose of Bitcoin.)

The pattern is effectively impossible to discern.

Knowing Satoshi’s public key address, you can only brute-force guess at the private key that unlocks it — like cracking a safe’s combination lock by trying every possible combination. 

Using today’s computers, this would take trillions of years.

Using tomorrow’s computers, however, it might take minutes.

The quantum computers of tomorrow will be able to discern the pattern that connects a public key to a private key.

This will be like cracking a safe by ear, the way they did in old movies.  

Or something. 

My best understanding is that the principles of superposition, quantum interference, and Fourier-transform operations will allow a quantum computer to “listen” to the mathematical structure of elliptic curve operations the way a safe cracker listens to the clicks of a combination lock.

Once it detects the hidden rhythm in the mathematical operations, it can calculate the private key.

I'm sure the analogy is not exact, but the bottom line is that quantum computing can reverse-engineer a private key from a public one.

This is a problem for Satoshi, because his public keys are all, well, public.

We know the Bitcoin addresses he used, simply because they were used so early. This means we also know the even longer, more inscrutable public keys for those addresses — because early Bitcoin transactions often used a format that recorded the public key directly on the blockchain. (Today, transactions hide the public key behind a hash until the coins are spent.)

These keys are all at risk of being taken by the quantum computers of tomorrow.

Not literally tomorrow, of course. The crowd at Metaculus estimates that Q-day — the day when quantum computers will be able to break Bitcoin’s elliptic curve cryptography — will happen in September 2032.

In Bitcoin time, however, seven years almost is tomorrow.

Among others, Nic Carter has been sounding the alarm on the quantum risk to Bitcoin, because “changing Bitcoin is like steering an aircraft carrier.” 

Between arguing over what measures to take, testing whatever changes are agreed upon, implementing the changes, and getting holders to adopt them, it will take years to make Bitcoin quantum-resistant.

And quantum computers could arrive any time, so we’d better start arguing now. 

Others are more sanguine. Bitcoin developer Brandon Black, for example, says there’s a “near zero” chance that quantum computers will be able to break Bitcoin's elliptic curve cryptography within the next decade, and maintains that Nic Carter is being unnecessarily alarmist.

Everything I know about quantum computing I learned in the last two hours, so I can't adjudicate.

I am, however, fairly representative of the marginal buyer of bitcoin (traditional investor, worried about runaway government spending), so I think I’m qualified as any to say that

1. No one who doesn’t already own bitcoin wants to think about this stuff,
   and

2. to the extent they do think about it, they’ll be less likely to buy. 

Whatever the Bitcoin community eventually chooses to do about quantum risks, there are only two basic options with regard to Satoshi’s coins: Seize them or let them be seized.

Both options seem to pose significant reputational risk. 

If Satoshi's coins are left where they are — in old-form addresses that expose the public key — a quantum computer will eventually reverse-engineer the associated private key and seize them.

Aside from the negative price impact the subsequent selling would presumably have, that would seem to undermine Bitcoin's core principle of “not your keys, not your coins” — that your coins are safe as long as you control the private key.

The alternative is for the Bitcoin community to pre-emptively freeze Satoshi’s coins by agreeing on a soft fork of the chain that would make Satoshi's quantum-vulnerable addresses unspendable.

That, too, would seem to undermine the idea of Bitcoin as an unseizable asset — or, as Nic Carter warns, “quantum pierces Bitcoin’s promise of inviolability.”

Either way, the risk of quantum computers is a reminder that bitcoin isn’t truly a bearer asset — you can put your private key in a safe at home, but the coins themselves remain forever on the blockchain.

Changes to that blockchain — including which bitcoins can and cannot be spent — are enforced by proof-of-work, not by a vote of those with the most coins.

So who really “owns” the coins then?

In the case of Satoshi’s $90 billion stash, it might be whoever gets to Q-day first.

— Byron Gilliam

Crypto's premier institutional event is returning to NYC this coming March 24-26.

Get your ticket today with promo code: BREAKDOWNNL for $100 off.