Over the past decade, quantum computing has evolved from a theoretical curiosity into a fast-developing field with real engineering roadmaps, public funding, and increasing relevance to blockchain security. While these machines are not yet powerful enough to break the cryptographic primitives used in Rootstock and Bitcoin, the threat is no longer distant science fiction. It’s a question of when, not if.
Rootstock, as a smart contract platform anchored to Bitcoin, inherits much of Bitcoin’s cryptographic structure, most notably ECDSA for signatures and SHA-256 for proof-of-work. These cryptographic tools are well-established and secure against classical adversaries. But they are not quantum-safe.
Shor and Grover: The Two Quantum Algorithms That Matter
The threat comes from two quantum algorithms with very different implications:
- Shor’s algorithm breaks public-key cryptography based on integer factorization and discrete logarithms; this includes RSA, Diffie-Hellman, and crucially, ECDSA, which secures both Rootstock and Bitcoin user accounts. Once a public key is exposed (e.g., when a user sends a transaction), a large enough quantum computer could derive the corresponding private key and steal funds.
- Grover’s algorithm offers a quadratic speedup for brute-force search. In Rootstock, this affects SHA-256, reducing its effective strength from 256 bits to 128 bits. This doesn’t break proof-of-work, but it would give quantum-equipped miners a competitive edge and might centralize mining.
Are Quantum Computers Really Coming?
Yes, but not tomorrow.
- IBM plans to launch Starling, a fault-tolerant quantum system with over 200 logical qubits, by 2029.
- Breaking ECDSA would likely require thousands of logical qubits, equivalent to tens of millions of physical qubits, once error correction is included.
- Europol and academic institutions estimate that real-world cryptographic attacks may be feasible within 10 to 20 years.
This might sound like a long time, but blockchain migrations take years of coordination. By the time a threat is imminent, it may be too late to act.
What’s at Risk in Rootstock?
Several parts of the Rootstock system could be impacted by quantum attacks:
- User accounts (EOAs): Any account that has revealed its public key (by sending a transaction) becomes vulnerable once Shor is practical.
- Multisig wallets and bridges: Signers’ public keys are visible and could be forged.
- Smart contracts: Admin keys used in Ownable, AccessControl, and upgradable proxy contracts are often ECDSA-based.
- Merged mining: Grover’s algorithm weakens SHA-256 and could make Rootstock’s PoW less fair or more centralized over time.
What About Bitcoin?
Bitcoin also relies on ECDSA and SHA-256, making it subject to the same quantum threats. However, its script design offers temporary mitigation: modern outputs (P2PKH, P2WPKH) do not expose public keys until coins are spent. That means funds are relatively safe until they are moved at which point the public key is visible and vulnerable.
Still, any spent UTXO, or any address using the older P2PK format (common in early mining rewards), is permanently exposed and could be targeted once Shor-capable machines arrive.
The Bitcoin community has begun discussing the issue. Several developers have proposed migration paths and BIPs, such as:
- Transitioning users to quantum-safe address formats.
- Introducing opcodes like OP_CHECKSIGFROMSTACK to support new signature types.
- Deprecating ECDSA in the long term.
However, no consensus has been reached, and Bitcoin’s highly conservative governance makes such transitions slow. For now, quantum readiness in Bitcoin is in the research and proposal stage.
What Can Be Done?
Rootstock is currently in the research phase of its post-quantum roadmap. The team is evaluating standardized signature schemes such as:
- CRYSTALS-Dilithium: Fast verification, moderate signature size (~2.4 KB). Ideal for user accounts and general-purpose signing.
- SPHINCS+: Hash-based, stateless, extremely secure. Better suited for long-term custody or bridge keys.
- W-OTS+/Lamport: One-time signatures with simple structure. Useful for recovery or emergency paths.
In parallel, we are exploring what it would take to:
- Introduce new PQ account types (or hybrid ECDSA + PQ accounts).
- Support PQ signature verification in RSKj via precompiles.
- Migrate contracts and bridge infrastructure to quantum-safe controls.
- Establish a post-quantum checkpoint, a block height beyond which chain history is finalized, and reorgs using broken ECDSA keys are no longer valid.
The Path Forward
The quantum threat is real, but there’s time to prepare. And the best time to start is now.
Blockchain infrastructure doesn’t adapt overnight. Wallets, contracts, bridges, and consensus mechanisms all require careful upgrades and those upgrades require years of planning, testing, and deployment.
Rootstock is committed to engineering with foresight. This is how we keep Bitcoin’s smart contract layer secure not just for the next cycle, but for the next century.