Citi analysts have published research identifying quantum computing as a material threat to Bitcoin's long-term security model, while Ethereum faces lower exposure to the same risk. The distinction hinges on how each blockchain handles cryptographic keys and address formats.
Bitcoin's vulnerability stems from its address reuse patterns and ECDSA (Elliptic Curve Digital Signature Algorithm) implementation. When Bitcoin holders spend coins, they expose their public keys on the blockchain. A sufficiently advanced quantum computer could theoretically derive private keys from these exposed public keys using Shor's algorithm, compromising funds. Bitcoin's UTXO model and on-chain transaction history create a permanent record of exposed keys that quantum adversaries could target retroactively.
Ethereum's account-based model presents a different threat profile. The network uses the same ECDSA cryptography, but Ethereum addresses derive from Keccak-256 hashing of public keys rather than direct public key exposure. This additional layer of hashing provides protection even if quantum computers crack ECDSA. An attacker would need to break both the ECDSA signature and invert Keccak-256, a computationally harder problem than Ethereum's current protocol structure requires.
The Citi analysis carries weight given institutional adoption of Bitcoin as a treasury asset. MicroStrategy, BlackRock, and other corporate holders increasingly hold BTC on public blockchains or with custodians. A quantum threat timeline remains uncertain. Estimates range from five to 30 years before quantum computers reach sufficient capability, but the risk of "harvest now, decrypt later" attacks looms. Adversaries could collect encrypted transactions today for decryption once quantum capabilities mature.
Bitcoin developers have acknowledged the quantum threat. Taproot upgrades improved key security through Schnorr signatures, but foundational vulnerabilities remain. The network would eventually require a cryptographic migration, potentially involving soft forks or protocol changes to support post-quantum algorithms like CRYSTALS-Kyber or Falcon.
Ethereum's technical architecture provides inherent advantages here, though no blockchain remains entirely quantum-safe indefinitely. Both networks would face challenges upgrading to post-quantum cryptography without compromising decentralization or backwards compatibility.
For institutional treasuries accumulating Bitcoin, the Citi research underscores a long-term security consideration. While quantum threats remain distant, the irreversible nature of blockchain transactions means preparation and protocol upgrades cannot wait until quantum computers arrive at scale. The quantum clock ticks loudest for Bitcoin holders.