What is Q-Day?

Home → Quantum Threat Explained → What is Q-Day?

Q-Day is shorthand for the moment when a cryptographically relevant quantum computer (CRQC) becomes operational—capable of breaking the public-key cryptography that secures virtually all cryptocurrencies.

It’s not a single event. Different actors—nation-states, corporations, research labs—will achieve this capability at different times. But there will be a first mover. And when that happens, the clock starts ticking for every vulnerable blockchain.

Defining “Cryptographically Relevant”

Not all quantum computers are created equal. A quantum computer with 100 qubits can do interesting physics experiments. It cannot break Bitcoin.

A cryptographically relevant quantum computer needs:

• ~1,500 logical qubits (error-corrected, reliable) to break ECDSA signatures
• Millions of physical qubits (with current error correction overhead)
• Low error rates (below threshold for practical Shor’s algorithm execution)
• Coherence time sufficient to complete the calculation (hours, not seconds)

We’re not there yet. Current quantum computers have achieved ~1,100 physical qubits (IBM Condor) but only ~5-10 logical qubits. The gap between “impressive physics demo” and “breaks Bitcoin” is still massive—but closing.

The First 24 Hours: A Scenario

What happens when the first CRQC becomes operational? Here’s a plausible timeline:

Hour 0: Discovery

A nation-state quantum program (let’s say China or the US) successfully factors a 2048-bit RSA key using Shor’s algorithm. The calculation takes 4 hours on their newly operational CRQC. Internal verification confirms the result is correct.

The team doesn’t announce it publicly. Why would they? They now possess a weapon that can compromise encrypted communications, financial systems, and cryptocurrency wallets globally.

Hour 6: Target Selection

Strategic decision: Do they target traditional financial infrastructure first, or cryptocurrency? The choice depends on objectives:

• Financial warfare: Target government bonds, encrypted communications
• Quick profit: Target high-value Bitcoin wallets with exposed public keys
• Strategic patience: Harvest data quietly and wait

For cryptocurrency specifically, the attacker identifies wallets with revealed public keys—particularly old Bitcoin addresses (P2PK) and heavily-transacted Ethereum addresses. These are the easiest targets.

Hour 12: First Attacks

If they choose cryptocurrency as a target, the attacks begin. The quantum computer derives private keys from exposed public keys. Transactions are crafted and broadcast:

• Satoshi’s ~1M BTC (if targeted) begins moving for the first time since 2010
• Old Bitcoin addresses with visible public keys are drained
• High-value Ethereum addresses with transaction history are emptied

The transactions are valid from the blockchain’s perspective. No consensus rules are violated. The signatures are mathematically correct.

Hour 18: Market Panic

Word spreads on social media. Bitcoin’s price crashes as holders realize that anyone with a quantum computer can now steal their funds. Ethereum follows. All ECDSA-protected cryptocurrencies experience panic selling.

Exchanges halt withdrawals. Nobody knows who has quantum access or which wallets are safe. Trading volume spikes as people try to exit positions, but liquidity evaporates.

Hour 24: Emergency Response

Blockchain developer teams convene emergency calls. Options are discussed:

• Emergency hard fork? Too slow—takes weeks minimum to coordinate
• Freeze affected addresses? Violates immutability, requires consensus
• Advise users to move funds immediately? But to where? New addresses are also vulnerable

The reality sets in: there is no quick fix. Projects without quantum-resistant cryptography already deployed are fundamentally broken. The only question is how fast the damage spreads.

Why “Just Update the Software” Won’t Work

Traditional software can be patched quickly. Banks can update their encryption over a weekend. Cryptocurrency faces unique challenges:

The Immutability Problem

Blockchains are designed to be unchangeable. That’s their core value proposition. But it also means:

• Old transactions remain on-chain using old cryptography
• Historical public keys are already exposed and harvestable
• You can’t “patch” Bitcoin’s 2009 genesis block

Even if you deploy quantum-resistant signatures today, attackers can use quantum computers to break old signatures and steal coins that transacted years ago.

The Coordination Problem

Upgrading a decentralized blockchain requires coordinating thousands of independent actors:

• Developers must write and test new code
• Miners/validators must upgrade their software
• Node operators must deploy updates
• Exchanges must update wallet infrastructure
• Wallet providers must ship new versions
• Users must move their coins to new quantum-safe addresses

This process takes years, not days. Bitcoin’s Taproot upgrade (2021) was first proposed in 2018 and took 3+ years to activate. Segwit took even longer. And those weren’t emergency situations.

The “Old Coins” Dilemma

What about coins that can’t move? Lost keys, forgotten wallets, deliberately inactive addresses (like Satoshi’s)? Three bad options:

1. Leave them vulnerable: Attackers steal them, flooding the market and crashing prices
2. Confiscate to new addresses: Violates property rights and immutability—no longer “trustless”
3. Burn them: Reduces supply, changes economics, still violates immutability principles

There is no good solution once Q-Day arrives. The only viable approach is proactive migration before the threat becomes operational.

The Store-Now-Decrypt-Later Attack

Q-Day isn’t just about the future. The threat is already here in a different form.

For high-value wallets, this attack is economically viable right now:

• Blockchain data is public and free to copy
• Storage costs are negligible (a few terabytes for all Bitcoin transactions)
• If you’re targeting a wallet with $100M in Bitcoin, spending $10K/year to store that data until quantum computers arrive is a trivial investment

This means the countdown to Q-Day started years ago. Even if projects migrate successfully, historical transactions remain vulnerable to retroactive decryption.

When Is Q-Day? The Timeline Uncertainty

Nobody knows for certain. Expert predictions range from 2028 (aggressive) to 2040+ (conservative), with consensus around early 2030s.

Variables affecting the timeline:

• Error correction progress: If overhead drops from 1,000:1 to 100:1, timelines accelerate dramatically
• Government funding: China and the US are investing billions—increased spending could shorten timelines
• Algorithmic breakthroughs: More efficient Shor implementations or better error correction codes
• Black swan events: Classified programs may already be further along than public disclosures suggest

Investor Takeaway

Projects that haven’t started migration planning are already behind schedule. Projects with active testnets and governance proposals are the ones most likely to survive.

Check where your holdings stand: View our quantum vulnerability rankings →