Bitcoin currently has 16,039,132 public keys on-chain, exposing it to potential attacks by quantum computers, according to data from an on-chain analytics platform developed by a Bitcoiner programmer known as Wicked at X.
This amount of public keys is equivalent to approximately 6,920,868 BTC (34.58% of the network’s total supply). Equivalent to almost 500,000 USD.
A published public key is a public key that becomes visible on the blockchain after the public key has been made public. Whether the owner performed the transaction or by design of the type of address used.
This is relevant to the post-quantum discussion because Scholl’s algorithm is runnable on a sufficiently powerful quantum computer, and its public key could theoretically be used to: Get the corresponding private key and access your funds. Without a visible public key, such an attack would not be possible.
Moreover, this revelation is still relevant today, before the advent of quantum hardware that can take advantage of it. As ANSSI and other security agencies have warned, the following practices are being used: “Harvest now, decrypt later” (Harvest now, decipher later).
Using this technique, a malicious attacker could: Get and save the published public key now In the future, when sufficiently powerful quantum computers are developed, we can try to derive the corresponding private keys. This means that the attack cannot be carried out yet, but the funds for the address where the key is exposed may be currently being harvested.
Management types most at risk
A breakdown of each type of address reveals significant differences in the level of risk. P2PK (Public Key Payment) addresses correspond to Satoshi’s era and are the oldest on the network. They have published 100% of 1,716,320 BTC.
Next, P2TR (Taproot Payment in Root) supports the Taproot format introduced in 2021. They also have 100% of 205,581 BTC exposed.because by design it exposes the public key directly on the chain.
In other formats, exposure is partial. P2WSH (Payment to Witness Script Hash) has 50.46% of funds exposed. P2SH (Payment for Script Hash) 32.14%; P2PKH (Payment for Public Key Hash) 25.71%; P2WPKH (Payment for Witness Public Key Hash) 22.71%.
Just because your keys are exposed doesn’t mean your funds are currently at risk. Quantum attacks that exploit that exposure would require hardware that doesn’t yet exist.
Finally, Wicked’s data shows the scale of the migration challenge. The idea is to move all these funds to an address with a private key. Ongoing network processing takes approximately 157 daysas estimated by the tool. This data is consistent with previous Circle estimates reported by CriptoNoticias. This estimate calculated a similar time frame to migrate all vulnerable UTXOs (unused transaction outputs) out of Bitcoin.
(Tag Translation) Bitcoin (BTC)
