- Growth Bytes
- Posts
- Quantum Threat: Are We Safe?
This week: Q-Day isn't a 2040 problem anymore. Google just slashed the qubit requirement to break Bitcoin by 20x, 25% of all Bitcoin sits in vulnerable addresses, and the project that saw this coming five years ago joined us live to explain what to do about it.
Section 1 · Livestream Recap
The Quantum Clock Is Ticking Faster Than You Think — And Most of Crypto Isn't ReadyGuest: Ashton, Neptune Privacy
From Friday's deep-dive on the quantum threat to crypto
Trav and Q sat down with Ashton — BD & PR for Neptune Privacy — for the most consequential conversation we've had on this stream all year.
The short version: every major blockchain today is built on cryptography that quantum computers will eventually break, the timeline has compressed dramatically, and the proposals meant to fix it on Bitcoin and Ethereum are still drafts.
Meanwhile, a small team of PhD cryptographers started building the solution in 2021.
The three numbers that should reset your mental model:
20x Qubit requirement reduction in Google's 2026 paper (20M → 1M)
25% Of Bitcoin supply already in addresses with exposed public keys
4 mo UK AI Security Institute estimate for capability doubling time
Key takeaways from the stream:
"Q-Day" is no longer a 2040 conversation. Vitalik puts the probability of an actionable quantum threat at 20% by 2030. Google's 2026 paper cut the engineering requirement by an order of magnitude in a single research cycle.
Harvest Now, Decrypt Later (HNDL) is already happening. The NSA's "Bull Run" program is reportedly grabbing encrypted internet traffic and storing it for future decryption. Storage is cheap. Patience is free. Anything encrypted today with vulnerable cryptography is a future plaintext file.
25% of Bitcoin is already exposed — including Satoshi's. Any address that has ever sent a transaction has revealed its public key on-chain. Early Bitcoin address types had the public key built in. Satoshi's coins sit in the most vulnerable address class of all. Shor's algorithm can derive a private key from a public key in hours on a sufficiently powerful quantum computer.
BIP360 and EIP 7932 are still drafts. Bitcoin and Ethereum's official quantum-proofing proposals exist on paper. Neither is implemented. Both only protect future transactions — vulnerable Bitcoin stays vulnerable forever. And BIP360 needs 51% of miners to agree to a hard fork. Ashton: "that in and of itself might be as hard as quantum-proofing something."
The privacy problem is the same problem. Even if your private key survives Q-Day, the entire transaction history of any chain you've used becomes plaintext for chain analysis. Monero's 16-decoy ring signatures collapse to two or three guesses with quantum. Zcash's shielded pool is breakable. Privacy that wasn't quantum-resistant from day one isn't really privacy.
"I think we're going to see Satoshi's coins moved from that wallet before we realize that Q-Day is here. There's a mass panic of why, where, who did it. And then we're going to realize the day we've been debating is here. And it's too late."— Ashton, Neptune Privacy
The Big Idea: The hardest part of post-quantum crypto isn't the math — it's the social layer. The math has been understood for years. What hasn't been solved is coordinating millions of holders, thousands of miners, and dozens of competing chains to act before the deadline. Bitcoin's strength — its ossification, its refusal to change — is also its biggest quantum vulnerability. The chains that win the post-quantum era will be the ones that built it from day one, not the ones trying to bolt it on after Satoshi's coins start moving.
What to do: Audit your crypto holdings. Any address that has ever sent a transaction has exposed its public key. If you're holding meaningful Bitcoin in older address types, consider moving to newer types now. Start tracking the projects building quantum-safe infrastructure today — Neptune Privacy is the obvious one, but the category is going to grow fast. And if you're vibe-coding or shipping anything that touches keys, pick libraries with post-quantum roadmaps already in motion.
Section 2 · The Week in Quantum & Crypto
The Race, the Money, and the Math That Just Got Rewritten
The headlines builders should be tracking right now
Google Just Made Breaking Bitcoin 20× Easier in a Single Paper WATCH THIS SPACE
Google's 2026 research paper showed an order-of-magnitude reduction in the physical qubit requirements for breaking RSA 2048 — dropping the estimate from roughly 20 million qubits to 1 million. That's a 20× efficiency increase in quantum attack capability from a single research cycle. Cryogenic cooling infrastructure costs are dropping in parallel on Moore's law-style trajectories, with IBM, Google, and PsyQuantum all pushing the frontier. The UK's AI Security Institute now estimates frontier offensive cyber capability is doubling every four months.
Why You Care: If a major lab can cut the engineering requirement by 20× in one paper, the timeline you have in your head for Q-Day is almost certainly wrong. Plan as if it's closer than the official estimates.
Bitcoin and Ethereum's Quantum-Proofing Proposals Are Both Still Drafts WATCH THIS SPACE
BIP360 is Bitcoin's draft proposal for post-quantum signatures. EIP 7932 is Ethereum's equivalent. Neither is implemented. Both, even if shipped tomorrow, only protect future transaction outputs — they do nothing for the existing supply already in vulnerable addresses. BIP360 specifically requires 51% miner adoption to hard-fork through. The math is the easy part. The coordination is where post-quantum crypto actually gets stuck.
Why You Care: If you're holding long-term in BTC or ETH, you're betting that the social coordination problem gets solved before quantum capability arrives. That bet has gotten significantly worse this year.
The Global Quantum Arms Race: $15.3B from China, $4.5B from the UK WATCH THIS SPACE
The US and China are the clear leaders — US ahead on hardware and NIST standards, China having allocated $15.3 billion over five years and leading on quantum communications and QKD. Serious challengers include the UK ($4.5B allocated), Germany, France, and Canada. Strategic players include Australia, India, Japan, South Korea, and the Netherlands plus 10 others. The implications run far beyond crypto: first mover can decrypt rival intelligence, military, and financial communications. Whoever leads sets the global standards and supply chains.
Why You Care: Quantum compromise of 25% of Bitcoin isn't even the main prize for a nation-state attacker — it's "icing on the cake" on top of military and TradFi decryption. That changes how you should think about the threat actors and timeline.
Section 3 · Project Spotlight
The Chain That Saw This Coming in 2021
Neptune Privacy — quantum-safe, private by default, programmable layer coming in weeks
Neptune Privacy
UTXO-based, proof-of-work L1 — quantum-resistant and private by default from day one
Built on a 2021 white paper by PhD cryptographers Alan and Thorkill (originally as Neptune Cash, now forked and extended as Neptune Privacy). Mainnet launched late 2025. Uses ZK-Starks instead of ZK-Snarks — collision-resistant hash functions instead of elliptic curve pairings — making it mathematically resistant to Shor's algorithm. Private by default: every transaction is shielded, with no opt-in required. UTXO architecture similar to Bitcoin or Kaspa. CPU and GPU mineable.
What makes it different:
Mutator Sets. Where Monero uses 16 decoys per transaction and Zcash uses an opt-in shielded pool, Neptune's anonymity set is every UTXO that has ever existed on the chain. Mathematically indistinguishable from every other coin. No probabilistic guessing window.
Leviathan L2 (testnet now). A forked-and-rebuilt Miden VM that brings full DeFi programmability — comparable to EVM or Solana — but quantum-resistant and private by default. No mempool to target, so MEV, sandwich attacks, and front-running become structurally impossible. Mainnet expected in weeks, not months.
How to mine: GPU-minable on any modern graphics card. Hive OS works for multi-card rigs. Single card in a gaming PC works too.
How to hold: XNT is the native gas token for both L1 and L2 (no new token for Leviathan). Listed on SafeTrade and MEXC. Mobile wallet available on iOS and Android.
Quantum Vulnerability at a Glance
Chain | Cryptography | Quantum Status |
|---|---|---|
Bitcoin | ECDSA (elliptic curve) | Vulnerable |
Ethereum | ECDSA | Vulnerable |
Solana | ED25519 (elliptic curve) | Vulnerable |
Monero | Ring sigs + elliptic curve | Vulnerable |
Zcash | ZK-Snarks (EC pairings) | Vulnerable |
Neptune | ZK-Starks (hash functions) | Resistant |
AI agent angle: Ashton's read — "the next billion users are agents, not humans on chain." Neptune is Rust-based (which LLMs handle reliably), with strong Wasm, TypeScript, and Python SDK coverage already in place. Agents that need privacy + quantum safety as defaults will gravitate here.
⚠️ Honest caveat: Mainnet has only been live since late 2025 — this is a young chain. The Leviathan L2 programmability layer is still in testnet (though mainnet is reportedly imminent). It's a fully community-run, decentralized project with no marketing department or VC structure — that's a feature for some and a friction point for others. If you want bulletproof production deployment for real institutional money today, this is one to track closely, not deploy on yet.
Connect: X @NeptunePrivacy · Telegram: Neptune Privacy · GitHub: NeptunePrivacy / XNT-Core
Section 4 · What to Watch
Next 7–14 Days
Leviathan L2 mainnet — "weeks, not months." Neptune's programmability layer brings full quantum-resistant private DeFi. When it ships, it becomes the first chain where private payroll, private order books, and private agent-driven workflows are possible by default. Worth tracking closely if you build in DeFi or run any agent-driven on-chain workflow.
Watch Satoshi's wallet — seriously. Ashton's prediction is the cleanest canary signal in crypto right now: if those coins move, Q-Day isn't theoretical anymore. Set an alert on the address. It's free, and it's the lowest-effort early warning system you can have.
Back to AI next week. Trav and Q return to the AI agent track for next Friday's stream. If you want them to revisit ShipGuard updates, walk through the Hermes setup live, or cover a specific story, drop it in the comments or DMs.
The question worth sitting with this week: if "harvest now, decrypt later" is already happening, what are you sending encrypted today that you wouldn't want decrypted in 2030?
🔥 ENJOYED THIS ISSUE?
If Growth Bytes is part of your weekly stack, the best thing you can do is share it with one builder or creator who needs it.
🐦 X: HERE
📺 YouTube: HERE
🎵 TikTok: HERE
🌐 web3matters.xyz
We drop every Monday. See you next week.
— Trav & Q, Web3 Matters
Reply