A newly circulated research X article from Justin Thaler, a research partner at A16z and an associate professor at Georgetown University, tackles one of crypto’s most misunderstood anxieties: the looming threat of quantum computing to blockchains.

Thaler’s core argument is blunt: timelines to a cryptographically relevant quantum computer are being wildly overstated, leading to rushed calls for sweeping post-quantum migrations that may introduce more risk than protection. Based on publicly known milestones, he argues that a quantum system capable of breaking real-world cryptography remains well beyond reach, even over the next decade.

He draws a sharp distinction between encryption and digital signatures—two concepts often lumped together in online discourse. Encryption is vulnerable to so-called “harvest now, decrypt later” attacks, where encrypted data intercepted today could be cracked years down the line once quantum machines mature. For that reason, Thaler says post-quantum encryption should already be rolling out where long-term confidentiality matters.

Digital signatures, however, operate on a very different timeline. Blockchains rely on signatures to authorize transactions, not to hide data. There is nothing to retroactively decrypt, meaning signatures only become vulnerable after a cryptographically relevant quantum computer actually exists. That nuance, Thaler notes, dramatically reduces the urgency for immediate migration.

This matters for public blockchains like Bitcoin and Ethereum, which largely expose transaction data by design. Contrary to some official analyses, Thaler stresses that these networks are not exposed to harvest-now-decrypt-later attacks at all. The real quantum risk is future signature forgery, not the decryption of past transactions.

Privacy-focused chains are a different story. Networks that encrypt transaction details could see historical activity retroactively exposed if quantum computers eventually defeat elliptic curve cryptography. For those systems, earlier transitions—or hybrid approaches—may be justified if performance costs are tolerable.

Bitcoin, meanwhile, faces a unique headache that has little to do with quantum timelines and everything to do with governance, Thaler says. Any switch to post-quantum signatures would require active participation from users, leaving potentially millions of abandoned coins exposed. Sorting out what to do with those funds could take years of social coordination, regardless of when quantum machines arrive.

Thaler also warns that post-quantum cryptography isn’t a free lunch. Many candidate schemes involve massive increases in signature size, slower performance, and far more complex implementations. History offers plenty of cautionary tales where “quantum-safe” algorithms were later broken by ordinary computers, not quantum ones.

Also read: Coinbase Forms Quantum Advisory Board as Post-Quantum Risks Threaten Blockchain Security

In fact, Thaler argues that bugs, side-channel attacks, and faulty implementations pose a far more immediate threat to blockchains than quantum computers. Rushing immature cryptography into production, he suggests, risks locking networks into fragile systems that may need to be replaced all over again.

After A16z shared the research thread publicly, replies quickly filled with users championing their favorite so-called “quantum-resistant” coins—often without acknowledging the technical trade-offs or the long timelines Thaler outlines. The response pointed to his broader point: the conversation around quantum risk is moving faster than the science itself.

The X article comes on the heels of Bitcoin developers looking into quantum-resistance strategies, while the Ethereum Foundation has moved in parallel by forming a dedicated task force to tackle the same concern.

• What is a cryptographically relevant quantum computer?
  A fault-tolerant quantum system capable of breaking modern public-key cryptography at scale.
• Is Bitcoin vulnerable to harvest-now-decrypt-later attacks?
  No, because Bitcoin uses signatures for authorization, not encryption.
• Why does encryption face more urgent quantum risk than signatures?
  Encrypted data can be stored today and decrypted later, while signatures cannot be retroactively forged.
• Should blockchains migrate to post-quantum cryptography now?
  Planning should start now, but rushed deployment carries serious technical risks.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。