Bitcoin’s BIP352 Silent Payments system could face future privacy exposure if quantum computing breaks current cryptographic standards. Researcher Conduition warns that a “store now, decrypt later” attack could allow third parties to collect public addresses today and reconstruct full transaction histories once a Cryptographically Relevant Quantum Computer (CRQC) emerges.
How could quantum computers break BIP352?
The BIP352 protocol, known as Silent Payments, allows users to receive Bitcoin using a single reusable public address. While the system generates unique internal addresses for each payment to improve privacy, its security rests on a specific mathematical foundation: the Elliptic Curve Discrete Logarithm Problem (ECDLP).

According to an analysis published by researcher Conduition on July 2, 2026, the privacy of this system depends on the difficulty of solving the ECDLP. If a Cryptographically Relevant Quantum Computer (CRQC) is developed, it could potentially solve this problem, allowing an attacker to invert a user’s public key.
Once the public key is inverted, the attacker can derive the user’s scanning key. This capability would enable the attacker to reconstruct a complete history of all payments associated with a previously published address.
BIP352 improves current Bitcoin privacy by preventing address reuse. It allows a single public address to function as a gateway for multiple unique, one-time addresses, making it harder to link transactions on the blockchain.
What is the “store now, decrypt later” strategy?
The threat described by Conduition is not an immediate exploit but a long-term privacy risk. This scenario involves a “store now, decrypt later” approach, where malicious actors or third parties collect and archive public addresses and transaction data visible on the blockchain today.
As reported by CriptoNoticias, these actors would hold this data until quantum computing technology matures. Once a CRQC becomes available, the archived information becomes vulnerable, turning today’s “innocuous” public data into sensitive, deanonymized transaction histories.
The researcher emphasizes that the risk doesn’t stem from a flaw in the BIP352 protocol’s current code, but from the potential degradation of the mathematical assumptions that protect it over time.
Does this threat apply to all of Bitcoin?
While the analysis focuses on BIP352, the broader implications for the Bitcoin network are significant. Within the community, there is a consensus that this exposure isn’t unique to Silent Payments.
Most current cryptographic schemes used in Bitcoin, including many core components of the protocol, rely on elliptic curve cryptography. Therefore, a quantum breakthrough targeting the ECDLP would affect much more than just privacy-centric payment methods.
| Feature | BIP352 Silent Payments | Standard Bitcoin Addresses |
|---|---|---|
| Primary Privacy Benefit | Reduces address reuse via scanning keys | Basic pseudonymity |
| Quantum Risk Factor | Reconstruction of full payment history | Direct derivation of private keys |
| Mathematical Basis | ECDLP | ECDLP |
The ongoing debate among developers and researchers isn’t about whether to disable privacy tools like BIP352. Instead, the focus is on how the network can transition toward quantum-resistant cryptographic schemes without sacrificing the privacy benefits users rely on today.
For users concerned about long-term privacy, the evolution of Bitcoin will likely involve moving toward “Post-Quantum Cryptography” (PQC). Monitoring updates regarding quantum-resistant signature schemes is essential for staying ahead of these technological shifts.
Frequently Asked Questions
Is the BIP352 protocol currently insecure?
No. The vulnerability is conditional and depends on the future existence of a Cryptographically Relevant Quantum Computer (CRQC). Under current computing standards, the protocol remains secure.

What exactly is the ECDLP?
The Elliptic Curve Discrete Logarithm Problem is the mathematical challenge that makes it nearly impossible for modern computers to calculate a private key from a public key. Quantum computers could potentially solve this problem efficiently.
How can Bitcoin users protect themselves from quantum threats?
Users cannot prevent “store now, decrypt later” attacks, but the Bitcoin network can mitigate the risk by implementing and migrating to quantum-resistant cryptographic algorithms as the technology evolves.
What are your thoughts on the balance between current privacy tools and future quantum risks? Let us know in the comments below, or subscribe to our newsletter for more deep dives into blockchain security.
