More ready than Bitcoin? How Zcash developers are preparing for the quantum threat

Quantum computers are still a long way from breaking modern cryptography, but Zcash developers consider the possibility an active threat. The privacy coin’s engineers have drawn up contingency plans for a future machine powerful enough to sift through old blockchain data and uncover years of user activity.

For a privacy-focused network, a “Q-Day” quantum attack would strike at the very core of the design. According to Zcash employee and engineer Sean Bowe, a successful attack could expose past activities, disrupt basic safeguards and force developers to react under pressure as the network reevaluates its security model.

“With Bitcoin, the biggest risk is that someone can steal your money, but Zcash faces two risks,” Bowe said Declutter. “Being a privacy-oriented system, there is a danger that a quantum computer could break cryptography and allow someone to counterfeit coins. There is also the risk that a quantum machine could undermine users’ privacy by digging back into years of blockchain transactions.”

These concerns have shaped how Zcash has evolved over the years. The cryptocurrency was launched in 2016 under the Electric Coin Company and Zooko Wilcox-O’Hearn, based on academic work from Johns Hopkins, MIT and Tel Aviv University.

It shares Bitcoin’s fixed supply of 21 million coins, proof-of-work algorithm and four-year halving schedule, but upgrades require community approval, leaving control divided among independent organizations. That structure and the community’s focus on the overall health of the network, Bowe says, make it easier to coordinate security decisions as the threat model changes.

“Privacy and quantum resistance are issues we have been thinking about for a long time,” he said. “We are prepared to make major protocol changes in a year or two if necessary, and we can get everyone on board, even within different organizations in the community.”

Industry attention to the threat of quantum computing has continued to grow. Ethereum co-founder Vitalik Buterin recently warned that a powerful quantum computer, using Shor’s algorithm, could break the elliptic curve cryptography used by Bitcoin and Ethereum as early as 2028. His comment reignited discussion about how quickly major networks should prepare.

One of Zcash’s most developed answers to date is a proposal known as quantum recoverability. Rather than waiting for a full suite of quantum-safe cryptographic tools, the idea is to build a system that can withstand a quantum attack long enough for developers to upgrade the network.

“Quantum recoverability, also called quantum robustness, is the idea of ​​designing a system that can withstand a future quantum attack, even if it is not currently quantum safe,” says Bowe. “The goal is to structure the protocol so that if powerful quantum computers ever emerge, the network can be paused and upgraded, and then users can still access and spend their money.”

Without such a mechanism, Bowe says, a quantum attacker could seize private keys and wipe out accounts before an upgrade could take effect. If quantum recovery is possible, users would have a way to maintain control of their money even if elliptic curve cryptography failed.

Zcash — which has recently returned to the spotlight after a roughly 15x price increase since September 1 — is not quantum-proof today, Bowe acknowledged, but much of the protocol work required for quantum recovery has already been completed. The remaining steps involve wallet software and not changes to the consensus rules.

“Next year we should be able to have support for quantum recovery in our pockets,” Bowe said. “It no longer requires a protocol change. Now it involves changes to the wallets, and we can send those a lot easier.”

Looking ahead, Bowe said he believed quantum computers that could break elliptic curve cryptography remain further away than some predictions suggest. He added that the real challenge will be how well a network can organize a response once the threat becomes tangible.

“With Bitcoin, the ability to respond is poor even if the quantum risk is low. Panicking now is probably healthy because it will be slow and difficult to get everyone on board with the changes needed,” he said. “At Zcash, we’ve thought about this for so long, and we’ve been working on it along the way, that the remaining changes don’t feel daunting. We can implement and ship them without much worry.”

He said the two communities face the same existential threat; their willingness varies.

“We are in a different position and don’t have the same reason to panic,” he said. “It really comes down to perspective.”