Guide icon indicating copy to clipboard operation
Guide copied to clipboard
verified publisher icon BitcoinDesign

Design UX for quantum-secure private keys

Open GBKS opened this issue 1 year ago • 4 comments

I was listening to this podcast that discusses the threat of quantum computers to the bitcoin security model. At some point, users may need to switch to new private keys that cannot be found by quantum computers. The details are not clear yet, because so much about quantum computers is not clear yet. But one potential scenario is given in the podcast where there's a 10-year window for users to upgrade/migrate their keys to new quantum secure ones. This could be an interesting design exercise to do.

  • How should wallets explain this upgrade to users?
  • How do you handle reminders? Do you escalate them as the deadline nears?
  • What might be the steps for users to migrate?
  • How do backups change?
  • What about migrating lightning channels? Multi-signature wallets?

This could be split up into a How it works page that discusses the technical basics (that research needs to be done anyways in order to design for it), and a reference design that provides matching user flows and design considerations (the upgradeable wallet seems in the same vein).

GBKS avatar Jan 07 '25 08:01 GBKS

Interesting article on this topic by Jameson Lopp, laying out various scenarios along with benefits and drawbacks.

GBKS avatar Mar 17 '25 11:03 GBKS

There's a proposal now for a post quantum migration.

It would be quite the undertaking to migrate wallets and coins to new addresses and blocking transactions to old address types, while also allowing for a recovery mechanism.

Would still be interesting to visualize this as a concept exploration.

GBKS avatar Jul 17 '25 06:07 GBKS

Just quickly exploring some ideas, after reading an AI-summary from the Presidio Bitcoin Quantum Summit live streams.

  1. Indicating to users when some of their funds are at risk. This could take them to a migration screen.
  2. A new address type in the receive screen
  3. Quantum-resistant sending results in much larger signatures, potentially costing a ton more in fees.

Image

Lots more might change, lots more to explore.

GBKS avatar Jul 24 '25 14:07 GBKS

Did a little bit of AI brainstorming (aka making up stuff) on the threat itself.

I can't verify any of this without lots of research, but let's just roll with it as a starting point.

  1. Supposedly you need ~2,500 to 5,000 logical qubits and ~10⁸ to 10⁹ physical qubits (accounting for quantum error correction), with deep, sustained coherence times, very low error rates, and massive parallelism and stability.
  2. This is far beyond current capabilities — but let’s assume it becomes possible within ~10–20 years.
  3. Estimates from quantum research institutions (IBM, Google, Rigetti) say it will cost $400M to $1.5B to build such a bitcoin-cracking quantum computer. Only very few entities can actually afford this.
  4. It still takes hours to days to crack a private key. Across 100K attacked, this might average out to $4K to $15K per key.
  5. Attackers need to make up their investment so they want to have a certain ROI per attack.
  6. If people find out, they react and the window of opportunity for attackers closes. So attackers then might quietly hack a lot of keys, and transfer tons of bitcoin at once.
  7. That makes old addresses with 1+ bitcoin that are considered lost the prime targets (probs less backlash with those lost coins). This math would change as the tech matures and becomes more broadly available and affordable.If that logic roughly holds, then quantum-secure keys might be only for wealth individuals and institutions for a period of time, as the ROI would be worth it to attack them. If the cost remains high over time, maybe some keys never have to be updated?

Interesting dynamics here.

GBKS avatar Jul 28 '25 08:07 GBKS