In Part 1, we covered the “Safe” (Symmetric) and the “Mailbox” (Asymmetric). The TL;DR: we use high-speed symmetric safes to store our data, but we rely on mathematical “couriers” to deliver the keys.
Today, we’re looking at why those couriers are about to get mugged by quantum computers. We’ll go deep into how Diffie-Hellman, Shor’s, and Grover’s actually work—and why Bitcoin sits right in the middle of the quantum crosshairs.
Part 1: The Math Behind Diffie-Hellman
In Part 1, we talked about Alice and Bob mixing paint colors to create a secret. In the digital world, we use something called Modular Exponentiation—basically “clock math.”
Mental Model: The Giant Clock
Imagine a clock with 17 hours on it (instead of 12). When you go past 17, you wrap around to the beginning.
Alice and Bob agree on:
- A “base” number: 3
- The clock size: 17
Plaintext
Step 1: Alice picks a secret number, a = 4
She calculates: 3^4 mod 17 = 81 mod 17 = 13
She sends "13" to Bob in public.
Step 2: Bob picks a secret number, b = 6
He calculates: 3^6 mod 17 = 729 mod 17 = 15
He sends "15" to Alice in public.
Step 3: The Magic
Alice takes Bob's 15, raises it to her secret 4:
15^4 mod 17 = 16
Bob takes Alice's 13, raises it to his secret 6:
13^6 mod 17 = 16
Result: Both arrive at 16 — the shared secret!
A hacker sees the 3, the 17, the 13, and the 15. But to find that “16,” they have to figure out the secret a or b. On a small clock, that’s easy. On a 2048-bit clock? A classical computer would have to guess for billions of years.
Why Classical Computers Can’t Break This
The security comes from the Discrete Logarithm Problem.
- Given: Base (3), Clock (17), Result (13)
- Find: What power of 3 gives 13 on this clock?
For small numbers, you can guess. For 2048-bit numbers, the search space is larger than the atoms in the universe. Classical computers are stuck.
Part 2: Shor’s Algorithm — Finding the Rhythm
This is where the Quantum Shadow falls. A classical computer is like someone trying to find a needle in a haystack by picking up one piece of straw at a time.
Shor’s Algorithm doesn’t look for the needle. It turns the haystack into a musical instrument and listens for the period.
Mental Model: The Rhythm of the Clock
Every mathematical function used in encryption has a “beat” or cycle. If you keep multiplying numbers on that 17-hour clock, eventually the results repeat:
Plaintext
3^1 mod 17 = 3
3^2 mod 17 = 9
3^3 mod 17 = 10
...
3^8 mod 17 = 16
...
3^16 mod 17 = 1 ← Back to the start!
The Period = 16 (it repeats every 16 steps)
If you know the Period, you can “break” the clock. You can reverse the math and find the secret a or b instantly.
How Shor’s Works (Intuitively)
A quantum computer doesn’t try every possible period one at a time. Instead:
- Step 1: Superposition The quantum computer looks at EVERY possible “beat” simultaneously. Not one guess at a time—all guesses at once.
- Step 2: Interference Like noise-canceling headphones:
- The “wrong” beats cancel each other out.
- The “correct” beat (the Period) gets louder and louder.
- Step 3: Measurement When the computer “measures” the result, it doesn’t have a list of guesses. It has the exact rhythm of your encryption.
Once it has the rhythm, your private key is exposed. The “one-way” math becomes two-way.
What Shor’s Breaks
| Algorithm | Based On | Shor’s Impact |
| RSA | Prime factorization | ❌ BROKEN |
| Diffie-Hellman | Discrete logarithm | ❌ BROKEN |
| ECDSA | Elliptic curve math | ❌ BROKEN |
| DSA | Discrete logarithm | ❌ BROKEN |
All of these rely on “one-way” math that has a period. Shor’s finds that period.
Part 3: Grover’s Algorithm — The High-Speed Search
If Shor’s is a sniper for Asymmetric math, Grover’s is a Ferrari for Symmetric math. Grover’s doesn’t “break” the math. It just makes searching for the key faster.
Mental Model: The Door Problem
- Classical Computer: 100 doors, prize behind one. On average, you check 50 doors to find it.
- Quantum Computer (Grover’s): You only check $\sqrt{100} = 10$ doors.
Grover’s provides a “square root” speedup on any brute-force search.
The Impact on AES
| Key Size | Classical Security | With Grover’s | Status |
| AES-128 | 128-bit | 64-bit | ❌ HACKABLE |
| AES-192 | 192-bit | 96-bit | ⚠️ MARGINAL |
| AES-256 | 256-bit | 128-bit | ✅ STILL SAFE |
Grover’s cuts the effective key size in half. AES-128 becomes crackable. AES-256 becomes AES-128 equivalent—still far beyond any attack for centuries.
The Fix: Just use bigger keys. AES-256 is quantum-resistant.
Part 4: Bitcoin and the Quantum Shadow
When it comes to Bitcoin, the “Quantum Shadow” isn’t a single threat—it’s two different storms approaching at different speeds.
Bitcoin uses both Hashing (Symmetric-ish) and Digital Signatures (Asymmetric), so it sits right in the middle of our 2×2 matrix.
The Bitcoin Vulnerability Matrix
| Component | Math Used | Type | Quantum Risk | Why? |
| Wallets / Ownership | ECDSA | Asymmetric | ❌ CRITICAL | Shor’s can derive private keys from public keys. |
| Mining / Integrity | SHA-256 | Symmetric | ✅ MODERATE | Grover’s only speeds up the guessing game. |
Storm 1: Shor’s vs. ECDSA (The Signing Storm)
Bitcoin uses the Elliptic Curve Digital Signature Algorithm (ECDSA) to prove you own your coins. This is the Asymmetric part of the chain.
- The Risk: Shor’s Algorithm is a sniper for this kind of math. If a quantum computer can see your Public Key, it can “un-calculate” the math to find your Private Key.
- The “Hiding” Trick: Most modern Bitcoin addresses (like those starting with
bc1) don’t actually show your Public Key on the blockchain right away. They show a Hash of it. Because hashing is quantum-resistant, your coins are “invisible” to Shor’s as long as they stay in that address. - The Vulnerability Window: The moment you hit “Send,” you reveal your Public Key to the network so miners can verify the transaction. In that brief window (usually 10 minutes until confirmation), a lightning-fast quantum computer could theoretically:
- See your Public Key in the pending transaction.
- Calculate your Private Key using Shor’s.
- Create a competing transaction sending YOUR coins to THEIR wallet.
- Get their fraudulent transaction confirmed first.
Storm 2: Grover’s vs. SHA-256 (The Mining Storm)
Bitcoin mining uses SHA-256, which is a Symmetric hashing function.
- The Risk: Grover’s Algorithm provides that “square root” speedup. It makes “guessing” the next block much faster.
- The Reality: Unlike the Signing Storm which could lead to theft, this is more about efficiency. If one miner gets a quantum computer, they would suddenly have a massive advantage over everyone else—but they can’t steal coins, just mine faster.
- The Fix: Bitcoin’s code has a “Difficulty Adjustment.” If blocks are being found too fast because of quantum miners, the network just makes the math harder. It doesn’t break Bitcoin; it just forces the arms race to accelerate.
Which Bitcoins Are at Highest Risk?
Not all Bitcoin is created equal in the eyes of a quantum computer:
- 🚨 HIGH RISK: “Old” coins from 2009-2010 (including Satoshi’s ~1M BTC). Back then, Bitcoin used P2PK (Pay to Public Key). The Public Key sits directly on the blockchain. These are “sitting ducks” for Shor’s Algorithm.
- 🛡️ LOW RISK: Coins in modern, unspent “Hashed” addresses. The quantum computer doesn’t know what Public Key to attack. Until you move the coins, you’re invisible.
The Bitcoin Timeline
- Today: Quantum computers too weak to run Shor’s at scale.
- 5-10 years: Early quantum systems might threaten weak keys.
- 10-20 years: Real threat to 256-bit elliptic curves (ECDSA).
- The unknown: When will “cryptographically relevant” quantum arrive?
The Bitcoin community is already discussing BIP 360 and other “Post-Quantum” upgrades. The real challenge isn’t the math—it’s human consensus. Getting millions of people to agree to migrate their coins to new quantum-safe addresses is the real hurdle.
Part 5: What’s Being Done — Post-Quantum Cryptography
The industry is moving toward Post-Quantum Cryptography (PQC). These are new algorithms designed to resist both classical and quantum attacks.
Mental Model: The 500-Dimensional Jungle
Current crypto (RSA, DH, ECDSA) uses “clock math”—finding periods on a number line or curve. Shor’s exploits the rhythm.
Post-quantum crypto uses “Lattice math”—imagine trying to find a specific point in a 500-dimensional jungle of crisscrossing vines. There’s no rhythm to find. Even Shor’s Algorithm gets lost.
NIST’s Chosen Algorithms (2024)
| Algorithm | Type | Use Case |
| ML-KEM (Kyber) | Lattice-based | Key exchange (replaces DH) |
| ML-DSA (Dilithium) | Lattice-based | Digital signatures (replaces ECDSA) |
| SLH-DSA (SPHINCS+) | Hash-based | Signatures (conservative backup) |
These are already being integrated into TLS 1.3, Signal, and other protocols. The transition is happening now.
The 2×2 Quantum Survival Guide
| Classical Computer | Quantum Computer | |
| Symmetric (AES) | ✅ Safe | ✅ Safe (use 256-bit) |
| Asymmetric (RSA/DH/ECDSA) | ✅ Safe | ❌ Broken (Shor’s) |
| Hashing (SHA-256) | ✅ Safe | ✅ Safe (Grover’s only halves strength) |
| Post-Quantum (Lattice) | ✅ Safe | ✅ Safe (no known quantum attack) |
Final Thought
The quantum threat isn’t about one algorithm or one application. It’s about the entire chain of how we establish trust and share secrets.
- Shor’s Algorithm → Breaks the “meeting” (key exchange, signatures).
- Grover’s Algorithm → Weakens the “talking” (but AES-256 survives).
Bitcoin sits in an interesting position:
- Mining (SHA-256) is quantum-resistant with difficulty adjustments.
- Ownership (ECDSA) is vulnerable, but “hiding” behind hashes buys time.
- The real risk is old P2PK addresses and the 10-minute vulnerability window.
The solutions exist. Post-quantum algorithms are ready. The challenge now is migration—getting the entire internet, and all of Bitcoin’s users, to upgrade before quantum computers mature.
The Quantum Shadow is coming. But unlike most security threats, we can see this one approaching. The question isn’t if we’ll adapt—it’s whether we’ll do it fast enough
