{"id":90762,"date":"2025-11-07T12:48:33","date_gmt":"2025-11-07T09:48:33","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=90762"},"modified":"2025-12-04T06:51:58","modified_gmt":"2025-12-04T03:51:58","slug":"secret-harvesters-why-quantum-computers-threaten-bitcoin-privacy","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/secret-harvesters-why-quantum-computers-threaten-bitcoin-privacy\/","title":{"rendered":"Breaking Bitcoin&#8217;s Shield: The Looming Danger of Quantum Computing to Privacy"},"content":{"rendered":"<p>In September 2025, the US Federal Reserve <a class=\"tracking_link\" href=\"https:\/\/www.federalreserve.gov\/econres\/feds\/files\/2025093pap.pdf\" target=\"_blank\" rel=\"noopener\" title=\"\">published<\/a> an analytical paper on the Harvest Now, Decrypt Later (HNDL) strategy. The approach assumes adversaries collect encrypted data today to decrypt it in future with sufficiently powerful quantum computers.<\/p>\n<p>The authors use Bitcoin as an example and examine what HNDL could mean for blockchains built on traditional cryptography.<\/p>\n<p>They conclude that even timely adoption of post-quantum cryptography will not shield historical data because blockchains are immutable. Together with representatives of the bitcoin mixer <a class=\"tracking_link\" href=\"https:\/\/mixer.money\/ru\/\" target=\"_blank\" rel=\"noopener\" title=\"\">Mixer.Money<\/a>, we outline proactive steps users can take to bolster privacy even after \u201cQ Day\u201d.<\/p>\n<h2 class=\"wp-block-heading\">How HNDL works<\/h2>\n<p>The attack is simple: an adversary copies databases and other protected information. There is no immediate payoff, but once a cryptoanalytically-relevant quantum computer (CRQC) emerges, it can unlock private keys or information tied to transaction histories.<\/p>\n<p>For Bitcoin, the quantum threat implies a potential break of digital signatures. A sufficiently powerful quantum computer could derive a private key from a public one, opening the door to wallet compromise and transaction-history exposure.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><em>\u201cAt first glance, in such a situation privacy looks like the least of concerns. However, the Fed\u2019s research draws attention to the fact that timely deployment of post-quantum cryptography will not protect historical data. Even if users move funds to quantum-resistant addresses, attackers could potentially reveal previously inaccessible data about transactions and links between addresses,\u201d say representatives of Mixer.Money.<\/em><\/p>\n<\/blockquote>\n<p>The Fed study stresses that, unlike security, privacy lacks a simple fix. Bitcoin\u2019s historical data are exposed to retrospective compromise.<\/p>\n<h2 class=\"wp-block-heading\">The vulnerability of Bitcoin addresses<\/h2>\n<p>There are different <a href=\"https:\/\/forklog.com\/en\/news\/the-main-types-of-bitcoin-address\">types of Bitcoin addresses<\/a>. Their susceptibility to quantum attack depends on when and how the public key becomes visible.<\/p>\n<ul class=\"wp-block-list\">\n<li><strong>Pay-to-Public-Key (P2PK). <\/strong>The public key itself serves as the recipient\u2019s address. <a href=\"https:\/\/forklog.com\/en\/news\/who-is-satoshi-nakamoto\">Satoshi Nakamoto<\/a>\u2019s coins (around 1m BTC) sit on such <a href=\"https:\/\/forklog.com\/en\/news\/utxo-management-how-to-prepare-your-bitcoin-wallet-for-a-bull-market\">UTXO<\/a>. The public keys to these coins are known today. They fall into the long-range attack category: adversaries have unlimited time to derive the private keys;<\/li>\n<li><strong>Pay-to-Public-Key-Hash (P2PKH). <\/strong>The blockchain records only the hash of the public key. The key itself is not visible until an outgoing spend occurs.<\/li>\n<\/ul>\n<p>The weakness appears at the first spend. The owner publishes the full public key in the script to prove ownership. From that moment the address is no longer quantum-resilient. If an adversary later gains a quantum computer, they could derive the private key.<\/p>\n<p><a href=\"https:\/\/forklog.com\/en\/news\/what-is-segregated-witness\">SegWit<\/a> addresses with the bc1q prefix work like P2PKH. Until the first spend, UTXOs are safe; afterwards the public key becomes part of the blockchain record.<\/p>\n<p>Taproot addresses (P2TR) with the bc1p prefix contain a shortened form of the public key (akin to the old P2PK). According to <a href=\"https:\/\/forklog.com\/en\/news\/chaincode-labs-sizes-up-the-quantum-threat-to-bitcoin\">Chaincode Labs<\/a>, in January 2025 Taproot accounted for 32.5% of all UTXO outputs but just 0.74% of the total supply of the first cryptocurrency.<\/p>\n<p>A quantum computer could recover private keys at scale and infer which addresses belong to the same person. Deloitte analysts <a class=\"tracking_link\" href=\"https:\/\/www.deloitte.com\/nl\/en\/services\/risk-advisory\/perspectives\/quantum-computers-and-the-bitcoin-blockchain.html\" target=\"_blank\" rel=\"noopener\" title=\"\">estimate<\/a> that roughly 25% of all bitcoins are already potentially exposed to quantum analysis. The Chaincode Labs study <a href=\"https:\/\/forklog.com\/en\/news\/chaincode-labs-sizes-up-the-quantum-threat-to-bitcoin\">expands<\/a> the range to 20\u201350% of coins in circulation (4\u201310m BTC). This bucket includes:<\/p>\n<ul class=\"wp-block-list\">\n<li>old UTXOs with exposed keys (P2PK);<\/li>\n<li>lost coins at known addresses;<\/li>\n<li><a class=\"tracking_link\" href=\"https:\/\/bitinfocharts.com\/top-100-richest-bitcoin-addresses.html\" target=\"_blank\" rel=\"noopener\" title=\"\">hundreds of thousands<\/a> of bitcoins at addresses with revealed keys due to reuse.<\/li>\n<\/ul>\n<p>Large holders\u2014exchanges and custodians\u2014have often kept funds at the same addresses. That concentrates vast sums on single keys, making them priority targets for quantum attacks.<\/p>\n<h2 class=\"wp-block-heading\">How to protect privacy now<\/h2>\n<p>Quantum compromise threatens to expose Bitcoin\u2019s history retrospectively, so users should think about transaction privacy in advance. It is impossible to eliminate HNDL without migrating to new algorithms. But reducing on-chain links will complicate analysis. To do so:<\/p>\n<ul class=\"wp-block-list\">\n<li><strong>do not reuse addresses.<\/strong> Generate a new address for each payment received. Reuse causes different inputs to be combined and easier to link to you. On a subsequent spend, the public key will also be revealed and become potentially vulnerable to quantum attack;<\/li>\n<li><strong>break transactional links.<\/strong> Avoid situations where the whole \u201csender\u2013recipient\u201d chain is obvious to an outside observer. If you are moving funds between your own wallets, or making a payment you would prefer to keep anonymous, consider using bitcoin mixers.<\/li>\n<\/ul>\n<p>For example, <a class=\"tracking_link\" href=\"https:\/\/mixer.money\/ru\/\" target=\"_blank\" rel=\"noopener\" title=\"\">Mixer.Money<\/a> lets you receive bitcoins at new addresses that are not linked on-chain and without the need to pass <span data-descr=\"know your customer\" class=\"old_tooltip\">KYC<\/span>. The service splits a user\u2019s coins into parts and sends them to exchanges. After a randomly selected interval (to thwart timestamp analysis), the user receives the same amount (minus a fee), but from other exchanges and different investors.<\/p>\n<p>This severs links between the original transaction and the final recipient. A third-party analyst sees on-chain that funds arrived from many addresses with no obvious tie to the sender. In essence, Mixer.Money hampers both classical on-chain analysis and any future quantum analysis of transaction histories.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><em>\u201cTry not to reveal your identity by linking it to addresses. Do not send bitcoins directly from an anonymous wallet to an exchange where identity verification has been completed. It is better to withdraw funds via a mixer. Do not publish publicly the addresses you use. Do not share your wallet\u2019s extended public key (xpub) \u2014 these data can be analysed both now and retrospectively,\u201d add the team at Mixer.Money.<\/em><\/p>\n<\/blockquote>\n<p>The less information about your transactions is tied to you or consolidated, the harder it will be to piece together when the quantum era arrives.<\/p>\n<h2 class=\"wp-block-heading\">A quantum transition without KYC<\/h2>\n<p>The Fed\u2019s study highlights less obvious privacy facets that matter to anyone aiming to remain anonymous on Bitcoin over the long term.<\/p>\n<p>The ecosystem is gradually preparing for post-quantum cryptography. Proposals such as<a href=\"https:\/\/forklog.com\/en\/news\/q-day-jitters-how-bitcoins-developers-plan-to-thwart-quantum-computers\"> BIP-360<\/a> are emerging to migrate to new addresses. Experts <a href=\"https:\/\/forklog.com\/en\/news\/solana-founder-warns-of-quantum-threat-to-bitcoin\">are debating<\/a> the timing of \u201cQ Day\u201d and migration paths.<\/p>\n<p>For ordinary users, one point is crucial: the quantum threat is not merely theoretical but a practical risk that grows over time. The sooner you <a class=\"tracking_link\" href=\"https:\/\/mixer.money\/ru\/\" target=\"_blank\" rel=\"noopener\" title=\"\">take measures<\/a> to protect privacy on the Bitcoin network, the better.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Together with representatives of the bitcoin mixer Mixer.Money, we outline proactive steps to bolster privacy even after \u201cQ Day\u201d.<\/p>\n","protected":false},"author":1,"featured_media":90763,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"How HNDL and quantum threats imperil Bitcoin privacy\u2014and what users can do now.","creation_source":"ai_translated","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[1144],"tags":[575],"class_list":["post-90762","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-longreads","tag-quantum-computers"],"aioseo_notices":[],"amp_enabled":true,"views":"248","promo_type":"1","layout_type":"1","short_excerpt":"How HNDL and quantum threats imperil Bitcoin privacy\u2014and what users can do now.","is_update":"0","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/90762","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=90762"}],"version-history":[{"count":2,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/90762\/revisions"}],"predecessor-version":[{"id":91754,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/90762\/revisions\/91754"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/90763"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=90762"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=90762"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=90762"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}