Bitcoin Forum

Low fees of 1 or 2 satoshis per vByte are an excellent opportunity to make your coins more safe and private. You can even make them almost quantum-safe - in 2025!

Well, in many cases, you may already have done your homework. But if not, then this post ist a reminder :)

---

New bitcoiners often make a mistake: they often re-use their Bitcoin addresses. Some think that a Bitcoin address is kind of an "identity", or an "account", like some altcoin communities like Ethereum's told them. But that is not the case!

Bitcoin is best used without re-using addresses. [1] There are two main reasons:

1) Re-using Bitcoin addresses make it easier for any entity, for example chain analysis companies, but also thieves and scammers, to link your coins together. In short: Your privacy is at risk! (See also this post (https://bitcointalk.org/index.php?topic=5536662.msg65342563#msg65342563)).

2) When you spend coins from an address, you expose your public key for this address and store it to the blockchain. In the future, this may enable attackers with quantum computers to compute the private key using the public key and steal your coins! [2] [3]

There's an easy fix: simply move the coins on the re-used addresses to a freshly generated address! Both Bitcoin Core and the popular SPV wallets like Electrum or Sparrow provide easy means to do that.

1) Simply select the tab or menu item where your addresses are shown.

2) Select an address which was not used. In Electrum for example, you see the number of transactions made with this address under the column "Tx". If it is zero, then you can use this address.

3) Copy this address.

4) Now you have two options to spend them:

4a) If you have coin control enabled, then it's best to separate the coins according to the address where you received them. Select all coins which are on the same address, add them to coin control, and then send all these coins to a fresh address.

4b) If you don't have coin control enabled or don't know how to use it, or you have only one or two re-used address(es), then you can simply send all the Bitcoins to the fresh address.


Note:

There is a special class of re-used addresses: those where you only received coins, but never spent them. This is typically the case in bounty campaigns when you decide to hodl all rewards.
It is a good idea to eventually move these coins to a fresh address too, but in this case it is best if you then never use this address again. So if you want to continue to hodl the coins which arrive in this address and not spend them, it's not necessary to move them.

Note 2:

If you for any reason still have coins which were received with a P2PK script, i.e. paid directly to a public key instead to an address, move them too! This is often the case if you mined in the early years of Bitcoin. They're not less private, but they are vulnerable to quantum computing attacks just like coins on re-used addresses. It's unlikely you're a beginner in this case though :)

---

[1] Well, there are some cases where re-using addresses is convenient, for example if you participate in a bounty campaign. Even veterans often forget to move these coins to fresh addresses, too! But it's always a good idea to regularly move coins from re-used addresses to fresh ones.

[2] In theory, once quantum computer technology has advanced to the point where keys can be calculated in less than an hour, even your coins on addresses that were never re-used can be stolen. But first, this would require insane quantum computing power. And second, it's likely that at this date there will always be quantum-safe addresses available.

[3] There are proposals to burn (https://blog.lopp.net/against-quantum-recovery-of-bitcoin/) or re-distribute "vulnerable" coins should quantum computers become a problem. Coins on re-used addresses could be considered "vulnerable". Moving them to an un-used address NOW would save your coins from being burnt because you forget about them in the future!

---

Translations of this topic:

- Portuguese (https://bitcointalk.org/index.php?topic=5540065.0)
- Ukrainian (https://bitcointalk.org/index.php?topic=236982.msg65341135#msg65341135)
- German (https://bitcointalk.org/index.php?topic=5543905.0)
- Romanian (https://bitcointalk.org/index.php?topic=5543927.0)
- Croatian (https://bitcointalk.org/index.php?topic=5544038.msg65403330#msg65403330)
- Pidgin (Naijá) (https://bitcointalk.org/index.php?topic=5399898.msg65402238#msg65402238)
- Polish (https://bitcointalk.org/index.php?topic=5544470.0)
- Indonesian (https://bitcointalk.org/index.php?topic=5545188.0)
- Urdu (https://bitcointalk.org/index.php?topic=232519.msg65422984#msg65422984)
- Russian (https://bitcointalk.org/index.php?topic=5546230)
- Spanish (https://bitcointalk.org/index.php?topic=5549021)
- Filipino (https://bitcointalk.org/index.php?topic=5552446.0)

Newbies don't know about this trick on consolidation inputs when mempools are clear, and transaction fees are cheap. They don't know about mempools, don't know about fee rates like relying on centralized exchanges in bitcoin storage and withdrawal for transactions, don't know about a fact that cheap transaction fees won't last forever.

Minimize your transaction fee with Electrum wallet. (https://bitcointalk.org/index.php?topic=5452925.0)
Guide on consolidation of small inputs and update on mempool status. (https://bitcointalk.org/index.php?topic=2848987.0)
All about transaction fees in Electrum. (https://bitcoinelectrum.com/how-to-manually-set-transaction-fees/)

There is a telegram bot to track Bitcoin transaction fee, if they don't want to observe Bitcoin mempools with Bitcoin mempool observing sites. (https://bitcointalk.org/index.php?topic=5500358.msg64230168#msg64230168)

[Telegram Bot] Bitcoin Fees - fees and tx tracker (https://bitcointalk.org/index.php?topic=5445635.0)

More advanced guide on Bitcoin privacy.
https://bitcoiner.guide/privacy/

Indeed, most don't know and most don't care, for the reasons you've mentioned, plus that seeing how expensive it is to withdraw from any CEX they will use wrapped bitcoin and other altcoins.

However, this has the potential to help some - few, who actually want bitcoin, who maybe missed this or that bit of information - hence I still find it a good idea to write it down (now and then), no matter how small the number of them is.

But if we seriously discuss about address been re-used which kind of exposes one privacy  then the idea of consolidating of fees will still be another thing, because consolidating your coins will simply just link them together as one, but most of the time it is usually same thing since you will be using same coins for possible combine transactions later.

For me consolidating should be done this way for privacy reasons: all little inputs on same address should be sent to one one address and this way you have just one input but do not combine inputs from other addresses to one if this re-use of address is your problem.

Thank you for sharing your knowledge with us d5000.

Since almost the beginning of my crypto-journey I have had difficulties in making decisions because of the gap between the hypothetically preferable actions and the consequences in the real world. They consist mainly in the paralysis due to the idea of creating taxable events just because of making virtual transactions.

This topic awakens the same feelings in me. If I decide to make my coins more private and secure, I can have problems in the future if I'm ever required to prove the origin of my funds. And yet, failure to follow your advice can also have negative consequences. I believe that in other jurisdictions this problem is not so common.

Don't care and don't know are two different levels of lack of information. Don't care is too more severe than don't know because if they are ready for learning, they can learn it. If they don't care, they won't learn even someone proactively teach them about these things.

Coins and tokens are different and people must care to learn about it first.

• Definition of tokens. (https://bitcointalk.org/index.php?topic=2251834.0)

Wrapped tokens are tokens that don't have their native blockchains and they are built up on blockchains like Ethereum, Binance Smart Chain, Tron, Solana, Harmony ... They have risks that if the native blockchains on which they are deployed have technical problems, their Wrapped tokens will automatically have issues.

Wrapped Bitcoin tokens are tokens with pegs to Bitcoin price that is risky because Wrapped tokens can depeg and when a depeg event happens, rather than have 1 bitcoin, you will have 1 Wrapped Bitcoin token with value lower than 1 bitcoin or even zero.

That is great advice, especially for beginners like us. For another safety reason, I always use a new wallet to secure my assets that are relatively large in value or for hodl purposes, especially in the long term, not only on Bitcoin wallets but also on other crypto wallets or altcoins. However, from your explanation, there is one thing I want to ask, does that mean we are still safe from quantum computing attacks by using a new wallet or generating a new address on the same seed phrase ?

Anytime you make transaction, your address public key is known already. If quantum computers is able to be used to access bitcoin private key, it will not be through bitcoin address but through the public key. If you used a bitcoin address to receiver bitcoin but you did not send the coin to another address or anyone, the public key can not be known and can not be attacked in the future with the use of the quantum computer.

So what d5000 (OP) is saying is that you should move your bitcoin to the address that you have not used to make transaction before so that your public key is not known to anyone but only you. Fees are low now which is a perfect time to transfer the coin to a new address.

Then what's the need of calling it decentralization when they say, "not your keys, not your coins" a scammer doesn't have my keys and so why would I be worried about using the same address when I know for sure that nothing could happen to my balance if i receive coin in the same address.

So I got these questions;
So, whenever fees are low, it's best to always regenerate new address and send your coins to the new address?

Why doing this when fees are low and not in any regular moment?

How can my pk get exposed to this computing quantum mechanics if coins are stored in my reused address?

Indeed, I should have been formulating better my sentences.


I really know the difference, just in this context I felt it doesn't matter, all are just different faces of "garbage".
But yeah, since we started teaching the newbies, it can be helpful to be correct in all terms (hence a bit of merit for ya).

Do you really create a taxable event in your jurisdiction when moving your own Bitcoins? If you can prove that both origin and destination addresses are yours, then normally there should be no problem.

I also don't understand that part. Of course, if you use mixers or similar stuff then it may be more challenging to prove the origin of your funds. But again, proving the origin of funds of a transaction you did with both keys under your own control -- something you can show to the authorities simply signing a message with both keys -- should not be a problem.

You can of course do that at any time but it's simply a convenient moment when fees are at 1-2 sat/vbyte. The problem is also not so urgent (quantum computers are far away still, at least a decade probably) that you have to hurry now with that action.

Public keys are exposed when you spend Bitcoins. The public key of the sender is stored in every transaction, because the address is not enough to prove the correctness of the digital signature (https://en.wikipedia.org/wiki/Digital_signature) (the signature is the mechanism you prove you owned the coins on your address). As I described in the OP, if you only receive BTC but never spend them, then no action is required.

The public key could be, in the future, used to steal the Bitcoins with Shor's algorithm (https://en.wikipedia.org/wiki/Shor%27s_algorithm). This is a known problem of ECDSA, the cryptographic system used to manage public and private keys in Bitcoin. ECDSA is used in a lot of other applications (online banking and other encrypted stuff) so Bitcoin isn't the only application at risk if this becomes a problem.

But again, this may become a problem in a decade, or two, or three, or never. It's however not a bad idea to prevent that to happen already today, instead of waiting until everybody and their grandpa do it, and fees are at 1000 sat/vByte ...

Small correction of the Telegram bot ANN thread should be this one https://bitcointalk.org/index.php?topic=5445635.0
It was probably a mistake due to using a smaller screen, a mobile phone.

The direct link of the bot is here @BitcoinFeesAlert_bot (https://t.me/BitcoinFeesAlert_bot)

Thank you. I made this mistake by putting a topic ID of LoyceV's topic that was included in that post.

I knew that you did knew about it, and this is for newbies who by chance read that post and have some insights to learn because I think there are not many newbies know about it while it is very helpful and even vital to keep their investment capital safely and avoid losses by wrong belief in scam tokens including Wrapped Bitcoin tokens.

No, I didn't mean that. What I said is that I haven't taken many decisions in the last years because of the fear to create taxable events, but I'm referring to trading, swapping, staking, withdraw fiat from crypto...

In the second paragraph I explained that moving funds between different accounts of mine awakens in me the same feelings, but in this case because it adds a layer of difficulty in order to prove the origins of the funds.


You're right. It's just that if I'm ever asked about them, the easier the explanation the better. You never know who you will encounter and even if the explanation is very reasonable, if they want to create problems, they will. You could later prove you're right in a trial, but that's the gypsy course: "juicios tengas y los ganes".

Okay, I understand that it is recommended to use a new address and has never made a transaction. So does that mean we can use a new wallet (or generate a new address) that comes from the same seedphrase? or is it better to create a wallet from a different seedphrase? I didn't get an answer to my question, or maybe I don't understand your explanation. I hope OP or those of you who understand can also answer this, because I have little knowledge about it and really care about this security thing.

I agree that not reusing the Bitcoin address will help with privacy and security?, too, in case quantum computing ever becomes real. But wide spreading too much can cause a burden on fees in the future because we never know how the fee situation will be. So it's better if we consolidate them once in a while to new address to tackle the fee market while also maintaining the privacy.

Thanks for the information, d5000, most of it I already knew but the part about quantum computers I regret not having read yesterday before making a transaction to consolidate the inputs for the bet on the local forum (https://bitcointalk.org/index.php?topic=5532661.0).

The thing is that as the funds were received at an address that is published and with which I signed a message, yesterday I made a consolidation at 1.03 sats/vbyte but sent the funds to the same address. If I had thought about it I would have created a new address, transferred the funds to it, and then put it in the OP.

So, the question is: do you think it's worth taking advantage of low fee times to do this even if it means losing a few satoshis? How advanced can quantum computing be? The funds will be there until the end of the year at the latest.

What does it mean precisely? Why people would be more supposed to not spend Bitcoins earned from bounty campaigns than BTC they've bought onto an exchange, I don't get it. If you are taking part in a bounty campaign it means you are a crypto user and not just an investor, so you like using cryptos, spending them and exchanging them in my opinion.

Yes but in some case consolidation will only bring about reduction in privacy especially when  consolidation is done on a consolidated  input to form a bigger input.
If any of this input is being tracked somehow then it will continue to expose the state of such victim portfolio.

I never thought of the situation you present in the way you thought of it.  I know it is bad practice to reuse addresses and I have not reused an address in a LONG time anyway but I never thought of Public Keys becoming a possible target of Quantum Computers.

But I see two problems.  First of all, if no solution is found by the time an evil Quantum Computer is activated then a lot of people would start losing their Bitcoin which would in turn completely destroy the trust a lot of people had into Bitcoin.  It would lead to WAY bigger trouble than just having a reused address stolen.

Second of all, is it safe to assume that Quantum Computers able to compute a private key from a public key may be able to do much worse anyway and if Bitcoin and the internet is not ready by that time then it may be doomed?

To be honest i've considered this, but then again, if i got my moolah on a ledger that's not really exposed anywhere, why bother? Usually when i use funds, i filter them through an exchange and that way traces are more or less gone. Especially if you want to cash out (OTC), they usually ask for binance transfer of usdt/USDC

It's not that urgent, I think ... The most optimistic (from quantum computing point of view) estimations talk about the early 2030s, but most think quantum computers which are able to break ECDSA 256 bit with Shor's algorithm are at least a decade away (they need millions of qubits, current QCs have hundreds). So an address which is only used until the end of the year should not be in danger. And if I'm wrong with that, then we're doomed anyway because in this case QC is evolving much faster than expected and much more severe attacks are possible than an attack on Bitcoin ...

In this sentence I was referring to those people that participate in a bounty campaign but do not spend the received funds for a while, for example if they want to HODL these BTC. Of course most people spend the rewards from time to time, and those would benefit from sending the coins to an unused address as I wrote in the OP.

Of course. However, the lower the number of re-used addresses, the lower the "evil QC attackers" can steal. It is likely that the "evil QC attackers" will first concentrate on Satoshi's coins and other unspent block rewards from 2009/2010. But eventually they could try to break re-used addresses once QCs become faster.

But if the problem begins to appear on the horizon, for example if the first million-qubit QC is built by the Pentagon (but private attackers are still years away), then I expect many people to rush to spend their Bitcoins to unused addresses. This would lead to a high fee level. The more people doing this kind of "consolidation" now, the less high the fees would get in this phase.

Correct. But that's why there's so much research going on about post-quantum cryptography, because otherwise online banking and basically everything depending on encrypted data is doomed. And also Bitcoin eventually probably will include the option to switch to "quantum safe" addresses.

I wonder if it makes sense to wait for the "danger" to approach in order to act in the sense that the developers should perhaps think seriously about it today? I'm not at all technically savvy enough to say how complicated something like that would be, but I'm always one of those who will say "don't put off until tomorrow what you can do today".

Given that there are still people using legacy addresses today, even if we get solutions for quantum computers today, I wonder if people would use them. In addition, I would never trust publicly available information about the stage of development of quantum computers, secret programs exist precisely for the reason that things remain secret.

There are discussions in the mailing list already. Matt Corallo recently proposed adding a state of the art post-quantum algorithm (https://groups.google.com/g/bitcoindev/c/uUK6py0Yjq0/m/sZMN0x36AgAJ) like SPHINCS+ (https://sphincs.org/) to Tapscript. He thinks that it would make sense to add such a feature around a decade before the problem becomes urgent, to give people time to migrate.

However there seems to be uncertainty if the complexity this adds (it would require at least two softforks to work as expected, because Taproot itself would also to have be changed to prevent the attacker spending via the key-path which would continue to be ECDSA as far as I understand) would be worth it considering the feature would probably not being used much today.

In theory one could even add post quantum cryptography via a Bitcoin-pegged token on the Bitcoin chain (using an OP_RETURN based technique like Counterparty or ... erm ... Runes ;) ) without "Core developer approval". There may be other techniques like BitVM. But an "official" PQC algorithm would of course be much better. And for today, the approach described in the OP, simply sending coins to an unused address, is definitely enough for those who have a lot of coins sitting on re-used or P2PK addresses/UTXOs.

True, as far as we are concerned, these computers might already be available for use and the information being footed to the public might not necessarily be true, I definitely won't develop something in secret and then tell the world about it, what's been made in secret will be used in secret

Hello d5000!

Please be aware that AOBT started working (https://bitcointalk.org/index.php?topic=5442314.msg61853233#msg61853233) on translating your thread in various languages. I hope this is good news :)

And a First translation is already done: Portuguese translation (https://bitcointalk.org/index.php?topic=5540065.0), made by r_victory.

I would also suggest you, if you like the idea, to list the translations and the translators' names at the bottom of your topic. You can find here (https://bitcointalk.org/index.php?topic=5156835) an example of how authors listed our translations.

Yeah, you get double results with one effort. Moving your funds from a reused address to a fresh address wouldn't only give you privacy, it also saves you fees when the time comes when you have to spend them. You're not only protecting your funds from quantum possibilities, you're also consolidating UTXOs, making your next transaction smaller in size.

However, I think it's important to note that it might actually be better if you spread your Bitcoin holdings in different fresh addresses. Dividing your Bitcoin into smaller amounts is actually good for your privacy and security. Surely, you don't want to be paying somebody while divulging how much Bitcoin you have.

Thank you! I'll be linking the translations in the OP.

I think consolidating amounts into a single unused address is recommendable if one of these conditions apply:

1) the amount isn't too large (e.g. consolidating several small outputs),
2) you explicitly want the fortune to be on one address, e.g. to store it in some cold-walled solution (metal, paper etc.),
3) the addresses already are connected in some way, so chain analysis companies already identify them as a single wallet, e.g. if you got different payments from a single exchange, service etc. on all of them, or if you use them without additional protections in a single Electrum wallet for example.

In all other cases I agree with you that it's better to store the coins on several addresses.

I do agree that having good address management in wallets is very important, but I don't see how doing this can make coins more safe or more private.
Anyone can easily check the history of newly generated addresses and find all previous transactions with connection to old addresses.
As for being more quantum safe, we should probably get some kind of fork in future with new type of address.

I think you mean the "history of addresses appearing first in transactions" (because address which haven't been used, can't be detected observing the blockchain).
It is of course correct that this can be checked.

But if you transact from your old, reused address A to a new address B, then nobody knows for sure if B is yours, from the fact alone that there was a transaction from A. It looks like any other payment.

Chain analysis companies need other elements to assign a higher probability that B is yours. Such elements can be:

- Transactions from B to another address which can be linked to you, for example a CEX deposit address, or another address you also used with A.
- Transacting in a short timeframe, or in a single transaction, to several addresses including B.
- Various transactions from A to B - so don't use your newly created addresses twice!
- Transacting at approximately the same time of the day to several addresses including B, however you could also be making payments typically at this hour of the day, so they can't assign a too high probability to this.
- Perhaps also too "round" amounts, e.g. if you tend to transact always 0.01 BTC to other addresses (like B).
- And of course, if you send any coins on B back to A, then a perfect circle will be detected and B being linked to the same identity as A.
- Some wallets like Electrum "leak" addresses which are part of the same wallet to the servers when querying data about transactions. Thus, even when using Tor, if chain analysis companies happen to operate such a server, they can link these addresses together. For best privacy, don't use this kind of wallet, or use one wallet per address you want to separate.

These practices should thus be also avoided.

If you want to make your coins even more private, more steps are possible, like sending first a relatively big amount from A to B, then a smaller amount to an address C, and so on. The more it looks like "random payments from random addresses", the better.

I wanted to stay the OP relatively short so I didn't mention these details, often I think my posts are considered "too long to read" ;) I've linked this post in the OP.

As long as quantum computers aren't able to crack ECDSA keys in 10 minutes (during the transaction phase, while the public key is exposed), addresses which never were use are safe, from today's science point of view. Even trying to crack an address in 10 minutes is risky if the block time can be 2 or even 1 minute if they're unlucky.

QCs will first take a lot of time to crack keys, so re-used addresses and of course P2PK users are those most at risk.

Hey d5000, please be aware that 1 more translation was made for your topic by AOBT:

Ukrainian translation (https://bitcointalk.org/index.php?topic=236982.msg65341135#msg65341135), made by DrBeer

Cheers!

I am coming back to this thread for announcing one more translation made by AOBT:

German translation (https://bitcointalk.org/index.php?topic=5543905.0), made by cygan

Later edit: make that two more translations :) I also translated this thread in Romanian (https://bitcointalk.org/index.php?topic=5543927.0).

Hey d5000, please be aware that a Polish translation (https://bitcointalk.org/index.php?topic=5544470.0) has been done by cygan for your topic.

And this is not all, since an Urdu translation (https://bitcointalk.org/index.php?topic=232519.msg65422984#msg65422984) was made by Adiljutt156.

Cheers! :)

I am coming back to this thread to announce that AOBT made one more translation:

Indonesian translation (https://bitcointalk.org/index.php?topic=5545188.0), made by Husna QA.

for all those who are very interested in this topic, i have uploaded some slides that illustrate the complex qc topic and show us all how the whole processes could be accelerated by quantum computers
and according to this report (https://chaincode.com/bitcoin-post-quantum.pdf) from ChaincodeLabs, 50% of all Bitcoins could be at risk once qcs hit the market

https://talkimg.com/images/2025/06/04/UX9ZIT.jpeg https://talkimg.com/images/2025/06/04/UX9n5l.jpeg https://talkimg.com/images/2025/06/04/UX9QU1.jpeg https://talkimg.com/images/2025/06/04/UX9GTm.jpeg https://talkimg.com/images/2025/06/04/UX9M1W.jpeg https://talkimg.com/images/2025/06/04/UX9meJ.jpeg https://talkimg.com/images/2025/06/04/UX9Rfb.jpeg https://talkimg.com/images/2025/06/04/UX9TKv.jpeg https://talkimg.com/images/2025/06/04/UX9zHH.jpeg https://talkimg.com/images/2025/06/04/UX9FIg.jpeg https://talkimg.com/images/2025/06/04/UX9N7I.jpeg
https://twitter.com/Bitcoin_Devs

@GazetaBitcoin: Thanks, added all translations!

@cygan: Nice slides. However, I quite do not like the penultimate one, which tries to oversimplify a bit much when it says that quantum computers would take "hours to days". According to what I've read about this topic, this depends largely on the qubit capacity of the quantum computer. Thus a small QC which is "just" capable to crack an ECDSA key could take months instead, and this would be probably what we'd to expect at first. Basically this slide is assuming a quantum computer with millions of qubits, and omits that information.

A source for this (quite obvious) dependency on the number of qubits is here (https://www.wired.com/story/youre-not-ready-quantum-cracks/): according to Craig Gidney, a 20 million qubit QC would take 8 hours for RSA-2048, while a 1 million qubit QC would take a week. While this seems to confirm the "hours to days" claim (and is probably the source of the slide), if QCs advance we will probably first see some with tens or hundreds of thousands of qubits, which would take months to years. As of now, the largest quantum computers have around 1000 qubits; while there are annealers with higher qubit numbers like the D-Wave devices, they aren't capable to run Shor's algorithm.

yes, you're absolutely right
i think the slide was only meant to show the technical difference in computing power, how powerful the new qc will be (of course, it all depends on the processors that will be built into them and will certainly also come onto the market in different computing powers in this sector)

---

a summit will be held in san francisco on july 17 and 18 on the topic of quantum computing and Bitcoin.
leading researchers and experts from both fields have been invited to promote productive and thought-provoking discussions on this ever-growing topic

https://talkimg.com/images/2025/06/05/UXbRyz.jpeg
https://pbquantum.com/

now i will present you more slides on this topic today
here i will go into more detail about the quantum computer technology in relation to the security of Bitcoin and what the differences are between the so-called long-range and short-range attacks
here we go:

https://talkimg.com/images/2025/06/07/Ud22kI.jpeg https://talkimg.com/images/2025/06/07/Ud2Ugd.jpeg https://talkimg.com/images/2025/06/07/Ud2Xd5.jpeg
https://talkimg.com/images/2025/06/07/Ud2dFz.jpeg https://talkimg.com/images/2025/06/07/Ud2uo2.jpeg https://talkimg.com/images/2025/06/07/Ud2wlc.jpeg
https://talkimg.com/images/2025/06/07/Ud2H6P.jpeg https://talkimg.com/images/2025/06/07/Ud2SVq.jpeg https://talkimg.com/images/2025/06/07/Ud2ZDj.jpeg
https://talkimg.com/images/2025/06/07/Ud2CnG.jpeg

https://talkimg.com/images/2025/06/07/Ud2QkD.jpeg https://talkimg.com/images/2025/06/07/Ud2Ggf.jpeg https://talkimg.com/images/2025/06/07/Ud2muZ.jpeg https://talkimg.com/images/2025/06/07/Ud26F8.jpeg https://talkimg.com/images/2025/06/07/Ud2Po3.jpeg https://talkimg.com/images/2025/06/07/Ud2Rxw.jpeg
https://twitter.com/Bitcoin_Devs

Thanks for the slides. However imo the presentation has a problem: it omits that short range (or short exposure) attacks are much, much more unlikely than long "range" attacks. Even a quantum computer with millions of qubits would take several days to calculate a private key from a public key.

Also the time window is unpredictable. If the quantum attacker is pointing his expensive hardware with billions of qubits taking ~10 min per key to a transaction, and the block gets mined in 2 or 5 minutes instead, the attacker has wasted his effort for nothing. Thus there would be always risk involved for the attacker.

So is very much the final stage of quantum computer development, when QCs became very fast and ubiquitous. Before that happens, all addresses with re-used keys and P2PK/P2MS keys will have been emptied already. If Bitcoin is not "quantum safe" at that moment, then BTC will probably also not be worth anything anymore.

There's a proposed BIP 360 (https://github.com/cryptoquick/bips/blob/p2qrh/bip-0360.mediawiki) (still not official) which would allow to send Bitcoins to quantum-resistant addresses in a new P2QRH output type. It's interesting if this will get accepted as an official BIP and how the discussion goes ...

Hey d5000, please allow me to let you know that AOBT made a new translation for your topic:

Russian translation (https://bitcointalk.org/index.php?topic=5546230), made by zasad@.

Also, please do not forget to add to OP also the Indonesian translation, which I mentioned above (https://bitcointalk.org/index.php?topic=5536662.msg65443011#msg65443011) :)

As of now, AOBT made 9 translations for your topic, so at least 1 more should be expected.

How IBM will build the world's first large-scale, fault-tolerant quantum computer (https://www.ibm.com/quantum/blog/large-scale-ftqc)
"With two new research papers and an updated quantum roadmap, IBM® lays out a clear, rigorous, comprehensive framework for realizing a large-scale, fault-tolerant quantum computer by 2029.
IBM has the most viable path to realize fault-tolerant quantum computing. By 2029, we will deliver IBM Quantum Starling — a large-scale, fault-tolerant quantum computer capable of running quantum circuits comprising 100 million quantum gates on 200 logical qubits. We are building this system at our historic facility in Poughkeepsie, New York."

The tenth one in Croatian was made by katanic97 and can be found here (https://bitcointalk.org/index.php?topic=5544038). Although we can consider translations for this topic finished (we usually understand that 10 translations are enough), the Spanish one is still pending...

Please, d5000, let me know if you'll do it yourself in the end. It will be a pleasure for me to translate it otherwise.

Thanks for the info, but it seems to me like still only a roadmap, IBM marketing blabber, vaporware until it's actually there and working as advertised. I'm not qualified to judge if they can hold the timeline.

While we phantasize about still fictional QCs large enough to be able to attack Bitcoin, more likely earlier able to attack crucial encryption technology of global internet, transaction fees are still pretty low.

We occasionally have partially full blocks, i.e. you could've transactions confirmed that pay a fee rate as low as 1 sat/vB, if you're not in a hurry (should easily become confirmed latest within a week, usually way less than that from what I see looking at past blocks of few recent days). Mempool situation is remarkably chilled these days, quite a joy for transaction fee penny pinchers.  :)

I believe it's something they can achieve if they want to do it since everything they needed to execute the quantum computer resistant is already finalised, and we also have platform like Quside, working on strongest cryptographic base for a lifespan of security which IBM and others can also learn from their research.

Having said that, QC won't attack Bitcoin but it will be use to attack Bitcoin wallet entropy especially the exposed public keys and it will be use in mining  to find the next block early.

Dear d5000, I'm glad to inform you that I've just finished the translation into Spanish of this topic and that you can find it here (https://bitcointalk.org/index.php?topic=5549021). Feel free to add it to the OP.

A particularly demanding task, taking into account that you're a native Spanish speaker yourself. I hope you find it right, but feel free to ask me to make the changes you deem appropriate.

Hey d5000, please be aware that one more translation for your topic was made by an AOBTer:

Filipino translation (https://bitcointalk.org/index.php?topic=5552446.0), made by Peanutswar

Feel free to add this one to OP as well :)