I don't think these incentives make sense at all. Government organizations suspected to be developing quantum computers probably have larger annual budgets than 20 billion. The ability to undermine virtually all cryptographic systems is unquantifiably large.
Once the cat is out of the bag, everyone will rush to post-quantum cryptography and all that value will be lost in a relatively short period. Indeed, we already witnessed this in the 2010s following the Snowden revelations when big tech, in a concerted effort, adopted HTTPS. Now that is the standard.
For example, "The Fiscal Year 2022 budget appropriation included $65.7 billion for the National Intelligence Program, and $24.1 billion for the Military Intelligence Program."
It's worth way more than $20B USD to have a working quantum computer that nobody knows about. You don't burn a weapon like that by inducing everyone to update immediately.
This is a myopic take, the attacker could not spend the bitcoins because of the public ledger and the value of bitcoin would drop to nothing once it is realized that wallets are not secure. They'd burn bitcoin for no gain, for a loss even, because they would reveal their capabilities and maybe even who they are.
Bitcoin is already quantum attack resistant, unless you use un-hashed public keys or reuse Bitcoin addresses (as some do).
If Bitcoin would become vulnerable, its value would collapse to zero overnight once it's known. There is limited amount of money anyone could extract before the value collapses.
That is a misleading claim. First: Any quantum key cracker would need to be fast since the operations would all have to be performed within the coherence time, so an attacker could race coins as they were spent or perform small reorgs to steal coins even if they lost the initial race. Secondly: The majority of all circulating coins are stored in addresses which have been reused. Thirdly: the common hashing scheme you mention is 160 bits, so in the presence of quantum computers would only have 80 bits of security against second preimages just by using grover's algorithim and perhaps worse with more specialization (and, in fact, somewhat less considering multi target attacks) which wouldn't and shouldn't be regarded as secure.
> If Bitcoin would become vulnerable, its value would collapse to zero overnight once it's known. There is limited amount of money anyone could extract before the value collapses.
Once its known. There have been insecure altcoins where hackers skimmed them for many months without being noticed. It is indeed technically finite, sure, but large.
> The majority of all circulating coins are stored in addresses which have been reused.
Interesting, do you have any statistics on that? But I guess with large exchange wallets, it makes sense.
> only have 80 bits of security against second preimages just by using grover's algorithim
True, but 80 bits are anything but trivial to brute-force using classical computers! I'm not that familiar with quantum complexity, but as I understand it, you'd still need 2^80 quantum operations to brute-force a 160 bit hash.
Bitcoin wouldn't "become vulnerable". Someone would discover the vulnerability. If this person put it to use before making it widely known the could definitely extract a large amount of money before the bitcoin network before the public at large noticed (at which point the price would start to plummet)
My understanding is that bitcoin addresses are quantum safe as long as you do not reuse an address after spending funds sent to it [0]. Per the linked article, this is standard practice, so I would assume the majority of addresses are actually quantum safe.
And for more context: with p2pkh addresses, you are sending to the hash of the address, and hashes are quantum safe.
Once the cat is out of the bag, everyone will rush to post-quantum cryptography and all that value will be lost in a relatively short period. Indeed, we already witnessed this in the 2010s following the Snowden revelations when big tech, in a concerted effort, adopted HTTPS. Now that is the standard.
For example, "The Fiscal Year 2022 budget appropriation included $65.7 billion for the National Intelligence Program, and $24.1 billion for the Military Intelligence Program."
Source: https://irp.fas.org/budget/index.html