Why did Adam Back label the Bitcoiner VC’s comments as “uninformed noise”?
Adam Back Calls Out Bitcoiner VC: “Uninformed Noise” on Quantum Risk Exposed
In a fresh round of crypto discourse, Blockstream CEO and Hashcash inventor Adam Back pushed back on a Bitcoiner VC’s quantum-computing “doom-talk,” calling it “uninformed noise.” The flare-up highlights a recurring tension in the industry: catchy, fear-driven narratives versus the slow, technical work of assessing and mitigating real security risks. Here’s what matters for Bitcoin, post-quantum cryptography (PQC), and the actual pathways to upgrade.
Quantum Risk to Bitcoin: What’s Real and What Isn’t
Shor’s Algorithm, ECDSA, and Practical Timelines
- Bitcoin currently relies on ECDSA (secp256k1) and Schnorr (BIP-340) signatures, both vulnerable to a sufficiently powerful, fault-tolerant quantum computer running Shor’s algorithm.
- State of the art in 2025: No fault-tolerant quantum computer exists. Estimates for breaking 256-bit EC discrete logs still require thousands of logical qubits and immense gate depth, translating to many millions of high-quality physical qubits plus error correction-well beyond current capabilities.
- Industry consensus (academia, NIST PQC program, major standards bodies): urgent to plan PQ migration; no evidence of an imminent break in the 2020s.
Where Bitcoin Is Actually Exposed
- Public-key exposure at spend time: A UTXO’s public key is revealed when it’s spent. If a capable quantum adversary existed at that moment, they could target that specific output within the confirmation window.
- Old P2PK and address reuse: Early P2PK outputs and any reused addresses already revealed public keys, so they are theoretically more exposed under a sudden quantum break.
- Lightning Network channels: Funding outputs and channel closures rely on on-chain signatures. Any quantum threat would manifest at channel open/close or on-chain settlement, not while funds are only off-chain.
| Attack Surface | Quantum Payoff | Near-Term Feasibility (2025) | Mitigation |
|---|---|---|---|
| ECDSA/Schnorr keys revealed on spend | Steal coins in mempool window | Not feasible | Adopt PQ signatures; faster confirmations; time-locked patterns |
| Old P2PK and reused addresses | Target known pubkeys | Not feasible | Preemptive migration to PQ or hash-based paths |
| Lightning channel closures | Contest outputs | Not feasible | PQ-aware channel templates; watchtowers |
Adam Back’s Core Point: “Uninformed Noise” vs. Upgrade Reality
Back’s critique lands on two pillars. First, the capabilities of quantum hardware are frequently overstated in crypto social media. Second, Bitcoin has known, pragmatic upgrade paths to mitigate quantum risk in advance of any credible threat.
Bitcoin’s Post-Quantum Upgrade Paths
- Add new PQ signature ops via soft fork: Introduce new opcodes to verify PQ signatures (e.g., Dilithium, Falcon, or SPHINCS+), letting users opt in while preserving backward compatibility.
- Move coins gradually: Encourage spends from pubkey-exposed or reused outputs into PQ or hybrid outputs (ECDSA + PQ), de-risking at the edges first.
- Hybrid and staged migration: For a transition period, require both classical and PQ signatures for high-value wallets or institutional custodians.
- Policy and tooling: Wallets default to PQ-ready descriptors; miners, exchanges, and custody providers coordinate activation windows long before any credible break.
PQC Candidates Bitcoin Developers Watch
| Algorithm | Type | Signature Size (approx.) | Pros | Cons |
|---|---|---|---|---|
| Dilithium | Lattice (NIST-selected) | ~2.7 KB | Well-studied, robust, good verifier performance | Larger signatures increase on-chain footprint |
| Falcon | Lattice (NIST-selected) | ~666 bytes | Very compact signatures | Implementation complexity, side-channel care |
| SPHINCS+ | Hash-based (NIST-selected) | ~7-17 KB | Conservative assumptions, stateless | Large signatures, bandwidth/storage heavy |
Trade-offs matter: larger signatures affect block space, fees, and mempool behavior. Falcon is compact but tricky to implement side-channel safe; Dilithium is “boring and solid” but heavier. SPHINCS+ is the conservative backstop. Bitcoin can also mix approaches: prioritize one scheme for routine payments and reserve hash-based signatures for cold migrations.
Separating VC Hot Takes from Expert Consensus
Venture voices often amplify worst-case scenarios to drive engagement. The expert view in 2025 is more measured:
- NIST has standardized PQC (Dilithium, Falcon, SPHINCS+, and Kyber for KEM). Enterprise migration is underway, but it’s multi-year.
- No public evidence of a fault-tolerant quantum computer capable of breaking ECDSA/Schnorr. Current devices are noisy and far from the logical-qubit counts required.
- Bitcoin’s scripting and soft-fork governance allow adding PQ verification paths without breaking existing coins.
Back’s “uninformed noise” dig is essentially a call to replace hype with concrete engineering timelines, realistic hardware assessments, and migration planning.
What Bitcoin Teams Should Do Now (2025)
Practical, Low-Drama Steps
- Wallets: Add PQ-hybrid descriptors in labs; simulate signature size impact; plan UX for multi-algorithm outputs.
- Miners/Relays: Test mempool limits and DoS protections against larger signatures to avoid spam vectors.
- Custodians/Exchanges: Inventory address types; prioritize moving any lingering pubkey-exposed funds into modern outputs; draft internal PQ runbooks.
- Researchers: Benchmark Dilithium/Falcon/SPHINCS+ verification in constrained environments; propose minimal, safe opcodes.
- Community: Educate that addresses hide pubkeys until spend; avoid reuse; prefer modern output types (e.g., Taproot).
Conclusion: Ignore the Panic, Prepare the Upgrade
Quantum risk to Bitcoin is real in theory but not imminent in practice. Adam Back’s rebuke of VC alarmism underscores a healthier path: engage the standards, plan soft-forkable PQ options, and migrate coins deliberately over years-not weeks. If and when the hardware truly advances, Bitcoin can meet it with measured engineering, not megaphone fear.
