Responsible disclosure and quantum vulnerabilities in cryptocurrency
Whether and how to disclose a security vulnerability is a long-standing debate. The “no disclosure” position holds that publicizing a flaw hands attackers an instruction manual. The opposing “full disclosure” view argues that public knowledge lets people protect themselves and pressures vendors to act. In practice the field has converged on a middle path known as responsible disclosure, or coordinated vulnerability disclosure: a flaw is shared with affected parties under agreed terms and a defined window before any public release. Variants with firm deadlines are used by major institutions such as CERT/CC at Carnegie Mellon University and Google’s Project Zero, and the approach is codified in the international standard ISO/IEC 29147:2018.
Disclosing vulnerabilities in blockchain technology is more delicate than in conventional software. A cryptocurrency is not only a distributed data-processing system; its value rests on both the cryptographic security of the network and public trust in it. The cryptographic layer could in principle be attacked by a cryptographically relevant quantum computer (CRQC), but public confidence can be eroded separately through fear, uncertainty, and doubt. Overstated or unverified claims about how easily a quantum computer could break the elliptic-curve cryptography behind most blockchains can therefore function as an attack on the system in their own right.
Why elliptic-curve cryptography is the concern
Bitcoin and many other networks secure transactions with the Elliptic Curve Digital Signature Algorithm (ECDSA), whose security depends on the difficulty of the elliptic-curve discrete logarithm problem (ECDLP). Shor’s algorithm, run on a sufficiently large fault-tolerant quantum computer, would solve that problem efficiently and expose the private key behind a published public key. Resource estimates for breaking a 256-bit curve vary widely — on the order of a few thousand logical qubits and several hundred thousand physical qubits, depending on the assumptions — and those figures have been falling as the underlying algorithms improve. The timeline remains genuinely uncertain and is the subject of active research rather than settled fact. Related coverage of automated security work appears in this report on tools that find and fix vulnerabilities.
Communicating estimates carefully
Because of the trust dimension, updated estimates of quantum attacks on elliptic-curve blockchains call for careful framing. One approach reduces the risk of unwarranted alarm by clarifying where blockchains are not vulnerable to quantum attack and by highlighting the progress already made toward post-quantum security. Another authenticates resource estimates without publishing the underlying quantum circuits, using zero-knowledge proofs — a cryptographic construction that lets third parties verify a claim without learning the sensitive details behind it.
The path to post-quantum security
Defenses already exist. In August 2024, the U.S. National Institute of Standards and Technology finalized its first post-quantum cryptography standards: ML-KEM (FIPS 203) for key encapsulation, and ML-DSA (FIPS 204) and SLH-DSA (FIPS 205) for digital signatures. These algorithms are designed to resist both classical and quantum attacks and can be deployed now, and several blockchain projects are exploring migration paths toward quantum-resistant signatures. Continued dialogue among the quantum, security, cryptocurrency, and policy communities is needed to align on disclosure norms as the technology matures.