Scott Aaronson: Quantum Computers Could Crack Crypto by 2029

Scott Aaronson, fresh off his election to the US National Academy of Sciences, has a message for anyone dragging their feet on quantum-resistant encryption: move now or regret it.

In a position paper convened by Coinbase and co-authored with cryptographers Dan Boneh, Justin Drake, Yehuda Lindell, and Dahlia Malkhi, Aaronson warns that fault-tolerant quantum computers capable of breaking deployed cryptosystems could arrive by 2029. The paper focuses on cryptocurrencies, which rely heavily on ECDSA for securing transactions. A quantum computer running Shor's algorithm could derive private keys from public keys, draining wallets with no recourse.

Unlike centralized systems that can push security updates, blockchains like Bitcoin need complex consensus mechanisms and hard forks to migrate to new standards like CRYSTALS-Dilithium, the NIST-selected post-quantum signature scheme.

That coordination takes years.

Aaronson sees a parallel to AI safety. Anthropic's Mythos model finally jolted the cybersecurity community awake to AI risks, and he thinks quantum needs a similar shock. The companies building fault-tolerant quantum computers aren't slowing down to give cybersecurity time to adapt. Some hardware experts he trusts are now telling him 2029 is plausible.

His argument has a sharp edge: better that US companies build this capability in the open than foreign intelligence services develop it in secret. He acknowledges the reasoning sounds self-serving, similar to AI companies arguing that racing toward dangerous superintelligence is actually the safest path. But he leaves that debate to others.

The technical community isn't uniformly convinced. Quantum scaling doesn't have a clear architectural path the way uranium enrichment did during the Manhattan Project. Current quantum factorization records are modest enough that a recent satirical paper showed you could replicate them with an 8-bit home computer or an abacus.

But even skeptics agree: adopt post-quantum cryptographic standards now.

Aaronson's warning is straightforward. Switch to quantum-resistant encryption. Tell your organization to do the same. Don't come crying to his blog if you didn't listen.