RSA, ECC & Hashes: What Breaks?

ECDSA: The Primary Target

Used by: Bitcoin, Ethereum (EOAs), Litecoin, Dogecoin, and most major cryptocurrencies
Quantum vulnerability: Critical (Broken by Shor’s algorithm)
Time to break: Hours on a cryptographically relevant quantum computer

How ECDSA Works (Simplified)

ECDSA (Elliptic Curve Digital Signature Algorithm) is based on elliptic curve mathematics. You generate a private key (a random 256-bit number), perform elliptic curve point multiplication to create a public key, share the public key with the world, and use your private key to sign transactions without revealing it.

The security relies on the elliptic curve discrete logarithm problem: given the public key, it’s computationally infeasible to derive the private key. On a classical computer, this would take billions of years.

Why Quantum Breaks It

Shor’s algorithm can solve the discrete logarithm problem in polynomial time. For a 256-bit ECDSA key, a classical computer needs roughly 2^128 operations (basically impossible), while a quantum computer needs approximately 256^3 operations (millions, not quintillions).

This reduces an impossible problem to a practical one. With a cryptographically relevant quantum computer (1,500+ logical qubits), breaking a single ECDSA signature takes hours, not eons.

What This Means for Your Wallet

If your Bitcoin or Ethereum address has ever made a transaction, your public key is on the blockchain. An attacker with a quantum computer can download your public key, run Shor’s algorithm to derive your private key, create a transaction sending your funds to their address, sign it with your private key, and broadcast the transaction.

From the blockchain’s perspective, this is a legitimate transaction. You “authorized” it because your private key signed it. There’s no way to prove it wasn’t you.

Hash Functions: Weakened, Not Broken

Used by: All blockchains (mining, Merkle trees, address derivation)
Quantum vulnerability: Moderate (Weakened by Grover’s algorithm)
Impact: Security reduced by half, but manageable

Grover’s Algorithm: The Quadratic Speedup

Unlike Shor’s exponential speedup for signatures, Grover’s algorithm provides only quadratic speedup for hash attacks. This means SHA-256 (256-bit security) effectively becomes 128-bit security against quantum, Keccak-256 also becomes 128-bit effective security, and SHA-512 maintains 256-bit effective security.

128-bit security is still strong—it would take a quantum computer billions of years to brute-force a SHA-256 hash. This is vastly less urgent than the signature problem.

What This Means for Blockchains

Hash function weakening affects three areas: Proof-of-Work mining (quantum miners get a quadratic advantage but classical ASICs remain competitive), address derivation (P2PKH addresses with unexposed public keys remain relatively safe), and blockchain integrity (Merkle tree weakening is real but manageable).

Investor Takeaway

When evaluating your cryptocurrency holdings, assume all ECDSA/Ed25519/RSA schemes are critically vulnerable, check if the project has published a migration plan to lattice-based or hash-based signatures, don’t be fooled by newer signature schemes (Ed25519 is just as vulnerable as ECDSA), and remember that hash function concerns are real but secondary to signature vulnerability.