Quantus Magazine

Covering the chain built for the quantum age

BlackRock Weighs In on Quantum: A Risk to Manage, Not a Doomsday

When BlackRock — the world’s largest asset manager and the firm behind the largest spot Bitcoin ETF — publishes a whitepaper on quantum computing, the crypto industry pays attention. Its June 2026 paper, authored by Will Su, Inish Cisson, and Robert Mitchnick, arrives at a conclusion that is striking mostly for its calm: quantum computing is a real but manageable risk to blockchains, one to be tracked and prepared for over a long horizon — not an imminent doomsday.

That framing is worth dwelling on. We recently covered the Quantus State of Quantum report, which drew on the same body of research to argue the industry is dangerously complacent. BlackRock works from much of the same evidence and lands somewhere more measured. The disagreement is not about the physics; it is about urgency and what a credible response looks like.

Two algorithms, two very different threats

The paper draws a distinction that gets lost in most headlines. Quantum computing threatens blockchains through two separate algorithms, and they are not equally dangerous.

  • Shor’s algorithm is the genuine concern. It breaks the elliptic-curve cryptography (ECC) behind the digital signatures that authorize transactions on Bitcoin, Ethereum, and nearly every chain. Given a public key, a sufficiently powerful quantum computer could derive the private key — a complete break of the signature scheme.
  • Grover’s algorithm attacks hash functions like SHA-256, but only offers a quadratic speedup. BlackRock’s view echoes a point now widely accepted: proof-of-work mining and hashing are effectively quantum-resistant, because any speedup an attacker gains is absorbed by the network’s automatic difficulty adjustment. The vulnerable component is signatures, not mining.

This is the same “don’t conflate mining security with signature security” point the Quantus report made — and on the technical substance, the two documents agree completely.

How close is “Q-Day”?

The crux of BlackRock’s calmer tone is timing. A cryptographically relevant quantum computer — one large enough and stable enough to run Shor’s algorithm against real ECC keys — does not yet exist, and the gap between today’s machines and that threshold remains substantial. Today’s devices are measured in the hundreds to low thousands of noisy physical qubits; breaking a 256-bit elliptic-curve key is widely estimated to require millions of physical qubits once error correction is accounted for.

The paper surveys the public roadmaps — IBM, Google’s Willow milestone, and others — and notes that recent breakthroughs have compressed estimates, while still placing a practical threat no earlier than around 2030 and quite possibly later. The honest answer is a range, not a date. Crucially, BlackRock frames this window not as cause for panic but as runway: enough time for an orderly, standards-based migration if the industry uses it.

Where the real exposure sits

BlackRock separates the threat into two attack patterns, which helps size the actual risk rather than the worst-case headline.

  • Long-range attacks target coins whose public keys are already visible on-chain — reused addresses and the old pay-to-public-key format. The paper estimates that on the order of 6 to 7 million BTC (roughly 25–35% of supply) sit in addresses with exposed public keys, including dormant early-era coins. These are the most immediately vulnerable on Q-Day.
  • Short-range attacks would require deriving a private key from a public key in the narrow window between a transaction being broadcast and confirmed — minutes, not years. This demands a vastly faster quantum computer and is a far harder bar to clear.

The practical implication: a large share of exposure can be retired simply by users moving funds to fresh, unexposed addresses before a quantum computer is capable — behavior wallets and exchanges can encourage well in advance.

The tools already exist

Much of BlackRock’s confidence rests on the fact that the cryptographic replacements are already standardized. In 2024, NIST finalized its first post-quantum standards: FIPS 203 (ML-KEM) for key exchange, FIPS 204 (ML-DSA / Dilithium) as the primary signature replacement, and FIPS 205 (SLH-DSA / SPHINCS+) for hash-based diversity. Governments and infrastructure providers — from the NSA’s CNSA 2.0 suite to Cloudflare’s 2029 target — are already migrating.

For blockchains, the trade-off is the same one every analysis keeps returning to: post-quantum signatures are far larger than ECDSA’s compact ~64 bytes, which pressures throughput and on-chain storage. But BlackRock’s read is that this is an engineering cost to plan around, not a wall. The chains have a known destination and standardized parts to get there; the open question is governance and coordination, not whether a solution exists.

The ecosystem is already moving

To support its “manageable” thesis, the paper points to concrete migration work already underway across major networks:

  • Ethereum has elevated post-quantum security in its research roadmap, with Vitalik Buterin publicly flagging that elliptic curves are on their way out and emergency hard-fork transition paths under discussion.
  • Solana has shipped the Winternitz Vault, an optional account type using hash-based, quantum-resistant signatures.
  • Algorand has already incorporated post-quantum signatures into parts of its protocol.
  • Bitcoin remains the hardest case — BIP 360 and related proposals chart a path, but governance and the question of un-migrated coins are unresolved.

Same facts, calmer conclusion

Read alongside the Quantus report, BlackRock’s whitepaper is a useful study in how the same evidence can yield different temperatures. Both agree on the mechanics: Shor breaks signatures, hashing is safe, the standards are ready, and migration is a coordination problem. Where they part is emphasis. Quantus, building a quantum-resistant chain, stresses how easy it is to underestimate the threat and how painful retrofitting will be. BlackRock, a custodian of assets that wants orderly markets, stresses that there is time, the tools exist, and the industry is already moving.

The risk is real, the timeline is uncertain, and the response is known. What remains is execution.

Our reading of the BlackRock whitepaper

For a network like Quantus, which is built post-quantum from the ground up rather than retrofitted, the BlackRock framing is quietly validating: the destination it points every legacy chain toward is the one Quantus already starts from.

Source: Quantum Computing and Digital Assets — BlackRock Whitepaper, June 2026 (Will Su, Inish Cisson, Robert Mitchnick).

← Back to News

Discover more from Quantus Magazine

Subscribe now to keep reading and get access to the full archive.

Continue reading