a16z Crypto: The security focus of public chains like BTC and ETH should be on protocols and governance, without blindly switching to quantum-resistant solutions

a16z Crypto published a long article on platform X stating that the timeline for the emergence of quantum computers capable of breaking cryptocurrencies (CRQC) is often exaggerated, and the likelihood of their appearance before 2030 is extremely low. The risk status of different cryptographic primitives varies.

Post-quantum encryption needs to be deployed immediately due to the "harvest now, decrypt later" (HNDL) attack. In contrast, post-quantum signatures and zkSNARKs are less susceptible to HNDL attacks; migrating too early could bring risks such as performance overhead, immature implementation, and code vulnerabilities. Therefore, a cautious rather than hasty migration strategy should be adopted.

For blockchains, most non-privacy public chains like Bitcoin and Ethereum primarily use digital signatures for transaction authorization, so there is no HNDL risk. The pressure to migrate mainly comes from non-technical challenges such as slow governance, social coordination, and technical logistics.

Bitcoin faces unique issues, including its slow governance speed and the existence of millions of quantum-vulnerable tokens worth hundreds of billions of dollars that may be abandoned. In contrast, privacy chains, due to their encryption or concealment of transaction details, do face HNDL attack risks and should transition as soon as possible.

a16z Crypto emphasizes that in the coming years, implementation security issues such as code vulnerabilities, side-channel attacks, and fault injection attacks are more urgent and significant security risks compared to the distant threat of quantum computers. Developers should prioritize investment in code audits, fuzz testing, and formal verification.