Quantum computers, “military-grade” encryption and Bitcoin: what is real, what is hype, and how PQ-REACT responds

In the last months, in PQC-related headlines, several eye-catching topics have emerged: “Chinese hackers use quantum computer to break military-grade encryption” and “Quantum computers could crack Bitcoin by 2027”. (Futurism) These stories understandably raise concern, especially for communities working with blockchain, financial infrastructure and critical communications.

From the perspective of the PQ-REACT project, which is building a practical framework to migrate real systems – including blockchains – to post-quantum cryptography (PQC), the key questions are simple:

“Is this already happening? How do we separate scientific results from sensational headlines, and what are we concretely doing about it?”

Did a quantum computer really break “military-grade” encryption?

The recent “military-grade encryption cracked” stories are based on a Chinese research paper where a team used a D-Wave quantum annealer to mount attacks on several Substitution–Permutation Network (SPN) block ciphers such as Present, Gift-64 and Rectangle.(Cybernews) These algorithms are used in some constrained and embedded environments, and their structure is related to that of AES, which is often marketed as “military-grade” encryption.

However, several important technical details tend to disappear in the headlines:

First, the attacks were demonstrated on very small key sizes. According to reporting, the quantum-assisted attack was carried out on an effective key of only 22 bits – that is about four million possibilities.(Newsweek)
This is significantly smaller than the 128- or 256-bit keys used in real-world AES deployments, or the 2048-bit and larger keys used in common public-key systems.

Second, the device used is a quantum annealer, not a general-purpose, error-corrected gate-based quantum computer. Annealers are powerful optimisation machines, but they are not “cryptanalytically relevant quantum computers” in the sense used by the cryptography community: machines capable of running full-scale Shor-type attacks on RSA or elliptic-curve systems at large key sizes.

Third, even experts quoted in those articles stress that the work is interesting but does not imply that widely deployed standards like AES-256 are broken today. One security researcher explicitly called the suggestion of an imminent threat to mainstream encryption “misleading”, precisely because of the tiny key size and idealised assumptions.(Newsweek)

From a PQ-REACT perspective, the right conclusion is not “military-grade encryption has fallen”, but rather “quantum research is making incremental but real progress on structured cryptographic problems”. That is exactly why post-quantum migration is urgent: we cannot wait until there is a full-scale, cryptanalytically relevant quantum computer before changing our underlying infrastructure.

Will quantum computers break Bitcoin’s cryptography by 2027?

The second recurring claim is that “quantum computers will be able to break Bitcoin’s encryption by 2027”.
This often traces back to a 2017 academic paper by Aggarwal et al., which analysed quantum attacks on Bitcoin. The authors noted that, under very optimistic assumptions about quantum hardware progress, the elliptic-curve signatures used by Bitcoin could be broken “as early as 2027”.(arXiv)

Bitcoin security rests mainly on two primitives: the Elliptic Curve Digital Signature Algorithm (ECDSA) over the secp256k1 curve for transaction signatures, and the SHA-256 hash function used in proof-of-work and address generation. ECDSA is directly vulnerable to Shor’s algorithm on a sufficiently large quantum computer; SHA-256 is more resistant and only suffers a quadratic speed-up via Grover’s algorithm.(Schneier on Security)

Modern estimates of when a “cryptographically relevant” quantum computer could break these systems vary:

Many national bodies such as the German BSI, the UK NCSC and Europol’s Quantum Safe Financial Forum still use conservative estimates in the early-to-mid 2030s for large-scale attacks, while explicitly warning that the timeline may accelerate and that migration plans must start now.(Reuters)

The honest answer is therefore: “2027” is an extremely aggressive scenario, not an agreed prediction. But because data and value on blockchains can remain sensitive for decades, and because adversaries can already record data today and decrypt it later (“harvest now, decrypt later”), responsible actors must behave as if a powerful quantum attacker could exist well before the most conservative estimates.(The Quantum Insider)

Where PQ-REACT comes in: a PQC framework for real systems

PQ-REACT (Post-Quantum Cryptography Framework for Energy Aware Contexts) is an EU-funded project that targets precisely the infrastructures that will be hit hardest by a future quantum attacker: 5G and beyond networks, smart grid systems, and blockchain-based ledgers used for critical services.

The project’s core objective is to design, develop and validate a framework that allows these heterogeneous systems to migrate from classical to post-quantum cryptography in a controlled, measurable and energy-aware way. This includes building a PQC algorithm repository, a middleware layer, a context-agility manager and recommendation engines that can select suitable PQC algorithms based on regulatory, performance and security requirements.

A key ingredient is realistic assessment of quantum threats. In WP 3, PQ-REACT partners use the Eclipse Qrisp quantum programming framework together with high-performance classical simulators and access to actual quantum hardware to test the resilience of PQC algorithms against quantum and hybrid quantum-classical attacks. This allows us to go beyond paper estimates and study how candidate schemes behave under concrete attack models and resource constraints.

At the same time, PQ-REACT keeps a close alignment with international standardisation. The project explicitly builds on the NIST PQC process and on European guidance such as the BSI recommendations to adopt hybrid cryptographic schemes and crypto-agile architectures.

The PQ-REACT PQC blockchain pilot: a quantum-resistant ledger in practice

One of the three PQ-REACT pilots is directly focused on blockchain: the “Quantum Resistant Distributed Ledger for End-to-End Network Services”. In this use case, a distributed ledger is used to manage and monitor network slices that span multiple infrastructure providers in a 5G environment, including QKD-enabled core networks and edge domains.

Today, most distributed ledgers and blockchains rely on non-quantum-safe cryptography, often using elliptic-curve signatures similar to those in Bitcoin. This means that quantum computers could in the future forge transactions, hijack identities, or rewrite parts of the ledger’s history.

The PQ-REACT PQC blockchain pilot tackles several concrete challenges that are directly relevant to Bitcoin and other DLTs:

• It replaces classical digital signatures with post-quantum schemes from the upcoming standards (for example, lattice-based signatures such as ML-DSA / CRYSTALS-Dilithium or hash-based signatures), and studies how larger key and signature sizes affect ledger performance and storage.

• It introduces hybrid signature constructions – combining a classical and a PQC signature on the same transaction – in line with recommendations from BSI and other bodies. This allows a smoother migration path where systems remain secure even if a newly standardised PQC scheme is later weakened, because the classical and PQC parts would need to be broken simultaneously.

• It tests crypto-agility mechanisms so that ledger deployments can switch algorithms or parameter sets without hard-forking the entire system, an ability that is crucial for long-lived blockchains like Bitcoin that might need several generations of cryptography over their lifetime.

• It deals with practical issues such as fragmented key transmission and storage to cope with much larger PQC public keys, and evaluates processing overheads on energy-constrained devices participating in the ledger. While the PQ-REACT pilot is not modifying Bitcoin itself, it directly addresses many of the engineering questions that a future quantum-safe Bitcoin or Bitcoin-like system would need to solve.

So, should Bitcoin users worry today?

From our vantage point inside PQ-REACT, the message is two-fold.

First, there is no public evidence that current, properly configured mainstream cryptography – including AES-256 and Bitcoin’s ECDSA-based signatures at full strength – has already been broken by existing quantum computers. The recent “military-grade encryption cracked” headlines describe proof-of-concept attacks on severely reduced parameters using specialised quantum annealers, not an operational capability to read your VPN traffic or drain live Bitcoin wallets today.(Newsweek)

Second, waiting for that capability to exist would be irresponsible. Building, standardising, deploying and migrating to PQC takes years, especially in complex, highly regulated infrastructures. At the same time, attackers can already store encrypted blockchain data and other traffic now, planning to decrypt it later when quantum hardware matures.(The Quantum Insider)

For Bitcoin and other public blockchains, this means that planning quantum-safe upgrades – based on NIST-standardised PQC algorithms and hybrid constructions – is urgent, even if the most realistic “Q-day” scenarios point to the early 2030s rather than 2027.(NIST)

How PQ-REACT connects to these security concerns

PQ-REACT’s role is to turn abstract warnings into concrete migration paths.

For blockchain and Bitcoin-like systems, the project:

• Designs and tests PQC-enhanced ledgers in real 5G and QKD-enabled environments, demonstrating end-to-end network services backed by quantum-resistant smart contracts and SLAs.

• Benchmarks PQC algorithms and hybrid schemes using both HPC and access to real quantum hardware, so that security levels, energy cost and performance impact are empirically understood rather than guessed.

• Aligns with legal and regulatory expectations in Europe, including guidance on “store now, decrypt later” risks, PQC migration planning and insurance impact, so that operators of critical ledgers can justify and document their choices.

The bottom line from our experts is therefore clear: the frightening headlines around quantum computers, military-grade encryption and Bitcoin contain a kernel of truth – quantum attacks are coming and they will be powerful – but they often compress complex timelines and technical caveats into click-friendly slogans.

PQ-REACT exists precisely to work through those complexities, to build quantum-safe architectures for blockchains and other critical systems, and to provide practical guidance so that when a truly cryptanalytically relevant quantum computer appears, our infrastructure – including the distributed ledgers it depends on – is already prepared.

Written by our project’s coordinator The National Centre for Scientific Research “Demokritos”.