Nic Carter says quantum computing poses the biggest long-term risk to Bitcoin’s core cryptography and urges developers to treat it with urgency, not science fiction.
In an essay published Monday, the Coin Metrics co-founder explains in plain language how Bitcoin keys work and why quantum matters. Carter writes that users start with a secret number (a private key) and derive a public key with elliptic curve calculations on the secp256k1 curve, the basis of the ECDSA and Schnorr signatures.
He describes this transformation as deliberately one-way: easy to calculate forward, impossible to reverse under standard assumptions. “The cryptographic principle of Bitcoin is that there is a one-way function that is easy to calculate in one direction and impossible to reverse,” he writes.
To develop intuition, Carter compares the system to a giant number scrambler. Switching from private to public is effective for honest users, he says, because they can use a shortcut called “double and add” to quickly arrive at a result. He adds that there is no comparable shortcut in the opposite direction.
For non-specialists, he offers an analogy to card shuffling: you can repeat the same sequence of shuffles to achieve an identical final order, but an observer cannot look at the shuffled deck and deduce how many shuffles were used.
Carter argues that the concern is that a sufficiently powerful quantum computer could erode this asymmetry by making progress on the discrete logarithm problem that underlies Bitcoin’s signatures. According to him, the network’s routine behavior also increases visibility: when coins are spent, a public key is revealed on-chain.
He says this is safe today because converting a revealed public key to a private key is impractical, but quantum advances could change that calculus, especially if addresses are reused and more keys remain visible for longer.
He is not calling for panic. Carter says the point is to plan.
In the short term, it emphasizes basic hygiene rules, such as avoiding address reuse so that public keys are not exposed for longer than necessary. Longer term, he urges the community to prioritize post-quantum signature schemes and realistic migration pathways, presenting them as a work of engineering rather than a far-out thought experiment.
The essay is the first in a short series; Carter said on X that Parts II and III would arrive in the coming weeks and would cover “post-quantum breakup scenarios.”
