[atwood22]

Classical asymmetric encryption algorithms like RSA and ECDSA (which Bitcoin uses) can be easily broken by a quantum computer. Brute-forcing symmetric algorithms like AES gets a speed up on a quantum computer, but not enough to consider the algorithms broken.

[astrange]

Bitcoin doesn't use them in a way that'd let you completely break it; the asymmetric keys aren't broadcast until someone does a new transaction with them, so you can't fake one for a wallet you've never seen the public key to.

[atwood22]

How is the transaction signature verified without the public key? This link seems to indicate spender public keys are inside of the transaction: https://bitcoin.stackexchange.com/a/102667

[astrange]

Ah, I had the details wrong. If there’s a signed transaction from a wallet, then you have the compressed public key and it’s not quantum safe.

But if the funds are sent to a new wallet address and there’s no transactions signed by that wallet yet, it can’t be forged without also reversing the hash that created the address.

[atwood22]

Yes, it was a good idea to do that. I didn't realize that addresses were essentially a hash of the public key, but it makes sense.

[birdyrooster]

Oh cool, can you tell me who has successfully and easily achieved this result?

[akavel]

Peter Shor; though whether easily, I can't say for sure. https://en.wikipedia.org/wiki/Shor's_algorithm

[l33tman]

The previous commenter was being sarcastic, due to the use of the "easy" word (there is no implementation of Shor's algorithm yet that comes even near outpacing the classical version)