Quantum Threat Critical Point: Can Cryptography Survive the 2028 Exam?

The fate of cryptography may be about to be rewritten. As the computational power of quantum computing grows exponentially, the elliptic curve cryptography systems relied upon by today’s blockchain world are facing an unprecedented challenge. Ethereum co-founder Vitalik Buterin’s prediction— that quantum computing could crack ECC before the 2028 US presidential election— quickly sparked intense discussion within the crypto community.

This is not alarmism. The elliptic curve cryptography that secures mainstream cryptocurrencies like Bitcoin and Ethereum is facing an unprecedented threat, and this countdown alarm signals the beginning of a industry-wide transformation.

Cryptographic Defense: The Core Pillar of Blockchain Security

In today’s digital asset ecosystem, elliptic curve cryptography acts like a protective wall, safeguarding the security of fields such as smart cars, IoT, and financial systems. Compared to traditional RSA algorithms, ECC is the better choice due to its “short key high defense” characteristics.

The operation principle of this cryptographic system is not complicated: it uses a pair of mathematically related keys— a public key and a private key. Users keep their private key secret for signing transactions, while the public key can be openly used as a wallet address. Its security fundamentally relies on the fact that deriving the private key from the public key is computationally infeasible. To illustrate, it’s easy to turn strawberries (private keys) into jam (public keys), but nearly impossible to revert jam back into strawberries.

When hackers attempt to pick the lock, ECC is like adding a dynamic password lock— not only providing a higher level of protection but also equipped with an “anti-tampering alarm.” That’s why Bitcoin and Ethereum chose this cryptographic scheme.

Quantum Computing: The Potential Ultimate Adversary in Cryptography

However, the advent of quantum computing has broken this balance. Quantum mechanics endows quantum computers with a special ability— to dramatically accelerate the solving of certain mathematical problems through specific algorithms. Among many quantum algorithms, Shor’s algorithm is particularly alarming to cryptography experts.

The brilliance of Shor’s algorithm lies in its ability to transform mathematically “almost unsolvable” problems on classical computers into “relatively easy” period-finding problems on quantum computers. This means that the current “private key-public key” systems face a real threat.

Recent progress confirms this. IBM’s 133-qubit machine successfully cracked a 6-bit elliptic curve cryptography, with researcher Steve Tippeconnic using the ibm_torino quantum system to perform Shor’s attack on the public key equation. This breakthrough is remarkable but still insufficient to threaten actual assets— because ECC-256 (256-bit elliptic curve cryptography) used by Bitcoin and Ethereum is far more complex than the 6-bit key that was cracked.

Threat Timeline: Experts’ Divergent Views

There is a clear divergence of opinions in academia regarding when quantum computing will threaten existing cryptographic systems.

Vitalik Buterin’s prediction is the most aggressive, believing elliptic curve cryptography could be cracked before 2028, and urging Ethereum to upgrade to quantum-resistant algorithms within four years. Scott Aaronson, director of the Texas Quantum Information Center, shares a similar view, suggesting that a fault-tolerant quantum computer capable of running Shor’s algorithm could emerge before the next presidential election.

Conversely, physicist David M. Antonelli offers an opposing view. He points out that even with the most optimistic forecasts (from IBM, Google, Quantinuum), by 2030 only a few thousand physical qubits will be available, far short of the requirements for hundreds of thousands or millions of logical qubits.

Encryption security expert MASTR provides a more precise mathematical analysis: cracking the elliptic curve signatures (ECDSA) currently used by Bitcoin and Ethereum would require about 2300 logical qubits and 10¹² to 10¹³ quantum operations, plus error correction, which translates to millions or even hundreds of millions of physical qubits. Currently, quantum computers can only achieve 100-400 noisy qubits with high error rates and short coherence times, still at least four orders of magnitude away from the threat level.

Former Google engineer Graham Cook even uses a vivid analogy to illustrate the remote nature of the threat: imagine 8 billion people, each with 1 billion supercomputers, each attempting 10⁹ combinations per second— the time required exceeds 10⁴⁰ years, far longer than the universe’s 14-billion-year history.

Asset Risk Assessment: Trillions of Dollars Awaiting Protection Upgrades

Despite the debate over the threat timeline, the potential financial impact cannot be ignored. Currently, about $1 trillion in digital assets rely on ECC-256 security. If elliptic curve cryptography is truly compromised, assets like Bitcoin, Ethereum, and all others relying on the same cryptographic technology will face risks.

The most covert danger may be the “harvest now, decrypt later” scenario— attackers stealing encrypted content now and decrypting it once quantum technology matures, effectively planting a time bomb for the future.

This potential threat has already influenced current policies. El Salvador redistributed its 6,284 Bitcoin (worth $681 million) in August, across 14 different addresses, with no single wallet holding more than 500 Bitcoin. The government explicitly cited quantum threats when explaining this move, stating that this decentralized architecture “limits exposure to quantum risks,” and has become a best practice for safeguarding emerging sovereign digital assets.

Vitalik Buterin recently estimated that the probability of quantum computers breaking modern cryptography by 2030 is 20%. While not high, this probability is enough to motivate global financial systems to take action.

Defense Strategies in the Post-Quantum Era

The good news is that the crypto world is not passively waiting. The industry is developing post-quantum cryptography (PQC) algorithms capable of resisting quantum attacks, with mainstream blockchains already making technical preparations.

Ethereum has already begun its preparations. Vitalik has written about countermeasures to quantum attacks, mentioning techniques like Winternitz signatures, STARKs, and even proposing emergency upgrade mechanisms. In comparison, Bitcoin’s upgrade flexibility is somewhat limited, but the community has proposed multiple solutions such as Dilithium, Falcon, and SPHINCS+.

Governments are also preparing in advance. The UK’s National Cyber Security Centre (NCSC) has outlined a roadmap for post-quantum cryptography migration, setting three key milestones: by 2028, organizations should define migration goals, complete comprehensive discovery, and develop initial plans; by 2031, high-priority PQC migration activities should be executed; by 2035, all systems should be migrated.

The European Commission’s progress is similar, proposing a “coordinated implementation roadmap for transitioning to post-quantum cryptography,” with milestones set for 2026, 2030, and 2035.

Traditional financial institutions are also taking action. From 2020 to 2024, global banks have invested in 345 blockchain-related projects, focusing on tokenization and digital asset custody infrastructure. HSBC began pilot testing tokenized gold using post-quantum encryption protocols in early 2024.

Rational Assessment: The Threat Is Real but No Need to Panic

Quantum threats do exist, but the current urgency is far less than public opinion suggests. Dragonfly managing partner Haseeb points out that running Shor’s algorithm does not equate to cracking 256-bit elliptic curve keys. Cracking a number is impressive, but factoring numbers with hundreds of digits requires much larger computational scale and engineering capability.

Currently, IBM’s quantum computers can only crack 6-bit ECC keys, which is a far cry from the 256-bit strength used in real cryptocurrencies— comparable to toy weapons versus professional-grade weapons.

However, technological development trajectories are never linear. The cryptographic challenge may indeed arrive around 2028, and governments and financial institutions are already beginning to prepare. Quantum threats are not the end of cryptocurrencies but a catalyst for evolution— as demonstrated by El Salvador’s Bitcoin custody management, adaptability and foresight are core to blockchain spirit. When quantum keys are finally forged, the new era of cryptography will be ready.