Nic Carter says quantum computing is the biggest long-term risk to bitcoin’s core cryptography and urges developers to treat it with urgency, not as science fiction.
In an essay published Monday, the Coin Metrics cofounder explains in plain language how bitcoin’s keys work and why quantum matters. Carter writes that users start with a secret number (a private key) and derive a public key with elliptic-curve math on the secp256k1 curve, the basis for ECDSA and Schnorr signatures.
He describes that transformation as deliberately one way: easy to compute forward, infeasible to reverse under classical assumptions. “Bitcoin’s entire cryptographic premise is ‘there exists a one-way function that’s easy to compute in one direction, and infeasible to invert,’” he writes.
To build intuition, Carter likens the system to a giant number scrambler. Going from private to public is efficient for honest users, he says, because they can use a shortcut known as “double and add” to reach a result quickly. He adds there is no comparable shortcut in the opposite direction.
For non-specialists, he offers a deck-shuffle analogy: you can repeat the same sequence of shuffles to reach an identical final order, but an observer cannot look at the shuffled deck and infer how many shuffles were used.
Carter argues the concern is that a sufficiently powerful quantum computer could erode that asymmetry by making progress on the discrete logarithm problem that underpins bitcoin’s signatures. In his telling, routine network behavior also raises exposure: when coins are spent, a public key is revealed on-chain.
He says that is safe today because converting a revealed public key back to the private key is not practical, but quantum advances could change that calculus, especially if addresses are reused and more keys remain visible for longer.
He is not calling for panic. Carter says the point is to plan.
Near term, he highlights basic hygiene such as avoiding address reuse so public keys are not exposed longer than necessary. Longer term, he urges the community to prioritize post-quantum signature schemes and realistic migration paths, framing them as engineering work rather than a distant thought experiment.
The essay is the first in a short series; Carter said on X that parts II and III will arrive in the next couple of weeks and will cover “post-quantum break scenarios.”
