Bitcoin 防止量子威脅的時鐘正在倒數，這可能導致包括 Satoshi 在內的 690 萬枚 BTC 被耗盡

📄完整原文· 由 trafilatura 自動擷取9057 字

Clock is ticking for bitcoin to prevent quantum threat as it could drain 6.9 million BTC including Satoshi’s Can a network without formal governance coordinate the biggest cryptographic migration in its history? What to know: - Quantum computers cannot disrupt bitcoin mining or the blockchain ledger itself, but they could eventually break the cryptography that protects wallet ownership. - Roughly 6.9 million bitcoin, including Satoshi Nakamoto’s early holdings and any coins spent from since 2021’s Taproot upgrade, are already exposed to future quantum attacks because their public keys are visible on-chain. - Unlike Ethereum, which has a coordinated, well-funded post-quantum migration plan, bitcoin lacks a unified roadmap, and its anti-centralization culture makes it harder to agree on urgent security upgrades before quantum hardware matures. Not everything in bitcoin is at risk from a quantum computer. Bitcoin mining, the process by which new blocks get added to the blockchain, uses a type of math called hashing that quantum computers cannot meaningfully break. The ledger itself and the rule that new bitcoin can only be created through mining would survive a quantum attacker. Blocks would still get produced, and the chain would keep running. What would not survive is ownership. Bitcoin wallets are protected by a different kind of math that turns a secret private key into a public address anyone can see. The math works easily in one direction and not at all in the other, which is the only thing stopping a stranger from spending your coins. Part 1 of this quantum computing series went into physics. A quantum computer is not a faster version of a regular computer. It is a fundamentally different kind of machine, starting at a very cold, very small loop of metal where particles behave in ways they do not behave anywhere else on Earth. Part 2 walked through what happens when you point that machine at bitcoin. Bitcoin wallets depend on a one-way math problem. Turning a secret private key into a public address takes milliseconds. Going the other way, from public address back to the private key, would take a regular computer longer than the age of the universe. A quantum algorithm called Shor's collapses the gap. Google's paper this month showed the attack could be run with far fewer resources than anyone previously estimated, in a window that races against bitcoin's own block times. This piece, the last in the series, is about the response. What is actually at risk, what bitcoin has done about it, and whether a network built to resist coordinated change can coordinate the biggest security upgrade in its history before the hardware catches up. What's exposed, what's safe The at-risk pool is large. Roughly 6.9 million bitcoin, about one-third of everything ever mined, sits in wallets whose public keys are already permanently visible onchain. Most of this is early bitcoin from the network's first years, stored in an address format that published the public key by default. It also includes any wallet that has ever been spent from, because spending reveals the key for whatever remains. A quantum attacker would not need to race against a transaction in progress. Rather, they could work through the wallets with already exposed keys at their own pace, one by one. Bitcoin’s pseudonymous creator, Satoshi Nakamoto, holds roughly 1 million bitcoin, untouched since the network's early days, and this stack now sits in the exposed category. The 2021 Taproot upgrade expanded the problem. Taproot is a change to how bitcoin addresses work, intended to make transactions more efficient and more private. A side effect was that any bitcoin spent since Taproot activated has published the key protecting whatever remains at that address. This was not a mistake but a reasonable tradeoff at the time, when quantum timelines looked much longer than they do now. What's in the works? While the quantum threat has sparked a heated debate in recent months, and other blockchains are preparing, nothing concrete has emerged from Bitcoin developers yet. Ethereum, which can be considered one of Bitcoin's largest competitors among institutional investors looking at the crypto market, has had a formal quantum-resistant program since 2018. The Ethereum Foundation runs four teams working on the migration full-time, with more than ten independent developer groups shipping weekly test networks. The plan maps specific upgrades across four upcoming network-wide changes, moving Ethereum's security to new math that quantum computers cannot break. It has even launched a dedicated website, pq.ethereum.org, to publish its progress. Bitcoin has no equivalent strategy so far. That doesn't mean there aren't any efforts out there to solve it. One such formal proposal is BIP-360 from a group of developers and researchers. It would add new quantum-safe address types that holders could voluntarily migrate to. A competing proposal from BitMEX Research would install a detection system that triggers defensive action if a quantum attack is observed on the network. However, neither has broad support from bitcoin's core developers, and the two proposals solve different halves of the problem. Nic Carter, one of bitcoin's prominent advocates, has called it out in the past months. "Elliptic curve cryptography is on the brink of obsolescence," Carter wrote on X, referring to the math that secures bitcoin wallets. He described Ethereum's approach as "best in class" and bitcoin's as "worst in class," citing developers who "deny, gaslight, gatekeep, bury heads in sand" rather than engage with the problem. Adam Back, the Blockstream CEO and a prominent early bitcoin contributor, disagrees on the urgency but agrees on the direction. "Quantum computing still has a lot to prove. Current systems are essentially lab experiments," Back said at a conference earlier this month. But he also said bitcoin should prepare now, with optional upgrades built in advance so the network can migrate when needed, rather than scrambling in a crisis. The coordination problem So what's the biggest challenge in implementing effective solutions against Bitcoin's quantum threat? Bitcoin's migration is harder than Ethereum's for reasons unrelated to the actual math. Ethereum has a foundation that funds engineering work and a governance process that regularly passes major upgrades. Bitcoin has neither. Its development culture treats any central authority as a failure mode, and its social consensus holds that changes to the protocol should be rare and hard. Those priors have kept the network stable for nearly two decades, but they also make the quantum problem structurally harder for bitcoin to solve. Migrating the 6.9 million exposed coins requires decisions the network has spent twenty years avoiding. Should old address formats be frozen after a certain date to protect coins from future theft? Should exposed coins be allowed to move to new quantum-safe addresses using their original keys? What happens to coins whose owners cannot or will not migrate? Satoshi's coins are the sharpest example. Freezing old formats protects the coins from theft but makes them permanently inaccessible, including to Satoshi. Leaving the old formats open means those coins sit as a standing prize for whoever builds the first working quantum computer or has access to a quantum computer and wants to attack. Setting a migration deadline forces Satoshi to either move the coins, revealing their ownership, or lose them. Every option changes bitcoin's character in ways the network has historically refused to change it. What happens next The Google paper's own framing is a summary of where the industry stands. A successful attack on the math bitcoin uses "should not be seen as a wake-up call to adopt post-quantum cryptography as much as a potential signal that PQC adoption has already failed." This means that by the time the threat becomes visible, the window to respond may already have closed. Developers now face a question of whether a network built to resist coordinated change can coordinate the biggest security upgrade in its history before the hardware catches up to the theory. Ethereum's eight-year head start suggests the correct answer is to start now. Bitcoin's governance culture suggests the likely answer is to wait until the threat is demonstrated, then move. Only one of those answers works if the timeline turns out to be shorter than the optimists' estimate. More For You Independent researcher Giancarlo Lelli broke a 15-bit elliptic curve key on publicly accessible quantum hardware, 512 times larger than the previous public demonstration in September 2025. What to know: - An independent researcher used publicly accessible quantum hardware to break a 15-bit elliptic curve key, winning Project Eleven’s one bitcoin Q-Day Prize in the largest public demonstration yet of a quantum attack relevant to cryptocurrencies. - While the feat is far from threatening bitcoin’s 256-bit elliptic curve security, it shows that...

資料狀態✓ 已擷取全文閱讀原文（CoinDesk）

🔍歷史類似事件· 關鍵字 + 標的比對6 則

2026-04-24

SpaceX 的 750 億美元 IPO 可能會抽走有助於推升 BTC 和加密貨幣的流動性。

相似度 380%標的 BTC關鍵字 bitcoin/drain/could

2026-04-24

持有 BTC 的 Metaplanet 籌集 5,000 萬美元以購買更多 BTC

相似度 380%標的 BTC關鍵字 million/bitcoin/btc

2026-04-23

1450 億美元的算術：為何 Bitcoin 的量子威脅是可控的，而非生存危機

相似度 380%標的 BTC關鍵字 threat/bitcoin/quantum

2026-04-21

該策略可能在 2026 年底前達到 100 萬枚 Bitcoin；River 指出 STRC 的資金流入遠超 ETF 的淨收益

相似度 380%標的 BTC關鍵字 million/bitcoin/could

2026-04-20

量子威脅即將衝擊 Bitcoin 與加密貨幣——XRP Ledger 正如何準備應對

相似度 380%標的 BTC關鍵字 threat/bitcoin/quantum

2026-04-18

什麼是 Q-Day？解析量子運算對 Bitcoin 的威脅

相似度 380%標的 BTC關鍵字 threat/bitcoin/quantum

💡 目前用關鍵字 + 標的比對（MVP）· 之後會升級為 embedding 語意搜尋

原始資訊

ID：8b552f7adc

來源：CoinDesk

發佈：2026-04-25 09:00:00

分類：一般 · 導出分類 neutral

標的：BTC

社群投票：+0 / −0 · ⭐ 0 重要 · 💬 0 留言