Live Trading News
Latest News

Quantum Computing Just Became an Institutional Risk

BlackRock tripled its quantum-computing risk disclosure and Google's research keeps shrinking the cost of breaking elliptic-curve cryptography. Why the hard part is coordination, not cryptography — and why KXCO built post-quantum from genesis.

By Shayne Heffernan10 min readBullishVerified
Part of theBlockchain Center
Quantum Computing Just Became an Institutional Risk

Something quiet but important happened to the quantum-computing debate this year: it stopped being a debate among cryptographers and became a line item in the world's largest asset manager's risk disclosures. When BlackRock expanded — by widely reported accounts, roughly tripling — the quantum-computing section of its iShares Bitcoin and Ethereum ETF filings in May 2025, it was not making a prediction. It was doing what a fiduciary does: telling investors that the cryptography securing the assets in these funds could, in time, be undermined by quantum computing, and that fixing it would require broad consensus across a decentralized network.

I want to be precise, because the versions of this story circulating are louder than the source. BlackRock did not publish a dramatic standalone manifesto, and it did not say a quantum computer can break Bitcoin today. It added a risk factor — the same genre of disclosure that lists custody risk and market risk — and it did so because the underlying research keeps moving in one direction. That is the real signal, and it is a stronger one than any headline: the largest allocator in the world now considers quantum a material enough risk to digital assets that it must be written down next to all the others.

Diagram contrasting a legacy elliptic-curve chain — whose keys are exposed at rest and whose transactions can be hijacked in flight — with Armature L1, which is post-quantum from genesis using ML-DSA-65 and ML-KEM-768
Diagram contrasting a legacy elliptic-curve chain — whose keys are exposed at rest and whose transactions can be hijacked in flight — with Armature L1, which is post-quantum from genesis using ML-DSA-65 and ML-KEM-768

The research underneath the disclosure

BlackRock's caution tracks a steady tightening of the academic estimates. Google Quantum AI's Craig Gidney revised his own 2019 figure for factoring a 2048-bit RSA key downward by roughly twentyfold — from around twenty million noisy qubits to fewer than one million. Follow-on work pushed the same direction of travel into elliptic-curve cryptography, the family that actually secures Bitcoin, Ethereum and most major chains, and modeled concrete attack scenarios rather than abstract feasibility. Bitcoin does not use RSA; it uses elliptic-curve cryptography (ECC), and ECC falls to the same quantum attack — Shor's algorithm — that dispatches RSA. None of this is a deadline. It is a trend line, and the trend points one way.

The exposure resolves into two distinct risks, and they matter separately. The first is at rest: on chains like Bitcoin, spending reveals the public key tied to an address, and enormous numbers of addresses have their public key sitting on the ledger permanently. Once a capable quantum computer exists, a private key can be derived from an exposed public key at leisure. Google's analysis put roughly 6.9 million BTC — about a third of supply — in addresses with exposed keys. The second is in flight: a transaction broadcast to the public mempool reveals its key in the seconds or minutes before confirmation, opening a window for an attacker to derive the key and push a competing transaction that hijacks the funds. The first risk is larger; the second is harder to defend, because it attacks money that is moving.

Q-Day is a range, not a date

Markets want a date, and this is a story that refuses to give one. "Q-Day" — the moment a cryptographically relevant quantum computer exists — could be five years away or fifteen, and anyone who quotes you a precise figure is selling something. But the absence of a date is not the absence of risk, and here is where I think a lot of allocators are quietly mispricing the situation. Two features of this particular risk make "wait and see" the wrong posture even without a date.

The first is that the exposure is retroactive. "Harvest now, decrypt later" means an adversary does not need the machine today to benefit from your cryptography today; they can record now and break later. On a public blockchain this is even starker than in ordinary finance, because the vulnerable material — those exposed public keys — is already published on an immutable ledger, permanently, waiting. The clock on that exposure started years ago.

The second is that the defense takes years to deploy. If a legacy network needs a multi-year coordinated migration to become quantum-safe, then the migration has to begin well before Q-Day arrives, not after. Put those together and the uncomfortable conclusion is that the correct time to act is always "earlier than feels necessary," because both the exposure and the remedy run on clocks that are already ticking. That is exactly the logic a fiduciary applies, and it is why BlackRock's disclosure is the leading indicator, not the lagging one.

The hard part is coordination, not cryptography

Here is the part BlackRock got exactly right, and the part most coverage skips. The replacement cryptography already exists. The US National Institute of Standards and Technology finalized the post-quantum standards in August 2024 — the lattice-based schemes now designated ML-KEM, ML-DSA and SLH-DSA. The algorithms are public and implementable today. The genuinely hard problem is operational: coordinating a multi-year protocol upgrade across a decentralized network of validators, custodians, exchanges and wallet providers who share no central authority and every incentive to move slowly.

Consider what a legacy chain must actually do. Agree, by rough consensus, on a new signature scheme. Define a migration for hundreds of millions of existing addresses — including a plan for coins whose keys are lost and whose owners will never move them, which cannot simply be seized. Ship the change through every wallet, exchange and custodian roughly in step, without splitting the chain. And do all of it while the largest, slowest-moving holders — the very institutions now disclosing the risk — watch for any sign the migration introduces new failures. That is a governance problem the size of the network, and governance at that scale is measured in years, not quarters.

The other way: start quantum-safe

I have spent the last few years building on a simple conviction: if the migration is the hard part, the most direct answer is not to have one. That is the design decision behind Armature L1, the settlement network beneath KXCO. It was built post-quantum from its first block. Its signatures are ML-DSA-65 and its key exchange is ML-KEM-768 — the exact NIST standards a legacy chain would have to migrate to — present from genesis rather than bolted on later. There is no elliptic-curve layer to escape, nothing exposed at rest for a quantum computer to harvest, and nothing in flight secured by a curve that Shor's algorithm can solve.

Armature is not a science project. It has roughly two-second settlement finality, it speaks standard tooling so existing developers are productive immediately, and it has a public explorer anyone can read. Its native unit, ARMR, meters and settles activity on the network — it is a settlement unit, not a tradeable cryptocurrency, and nothing here is investment advice. The claim I am making is narrow and, I think, important: for new value, and for the growing set of institutional use cases that do not need to live on a specific legacy chain, "start quantum-safe" is available today, without waiting for anyone else's governance process to conclude.

There is a second half to the toolkit, for the estates that cannot move wholesale. Sentinel, our quantum-resistant cloud, includes a scanner that reads a codebase and its dependencies and reports exactly where it still relies on the vulnerable algorithms — the inventory step almost everyone skips because they assume they already know, and almost everyone is wrong. And because trust infrastructure that asks you to take its word for things is a contradiction, the verification tools are open source: you can take a KXCO signature and check it yourself, in your own code, with no KXCO server in the loop. That is deliberate. The whole point of building the trust layer is that you should never have to trust the company that built it.

Let me also be honest about the boundary. Building post-quantum from genesis solves the migration problem for what you build on Armature. It does not migrate Bitcoin or Ethereum — nothing can do that except those networks' own governance. What we offer is a quantum-safe place to build now, and tools to inventory and reduce exposure on the chains you already use.

Why the ontology is the quiet answer

If coordination is the real obstacle, then the most valuable thing KXCO builds is not the cryptography — it is the layer that makes coordination cheap. Underneath our products sits what we call the ontology: a shared, verifiable model of who and what things are, who owns them, who has authority to act, and what has happened. Identities, assets, authority and events are not scattered across separate systems that have to be reconciled after the fact; they are views of one connected structure that every participant can check independently.

Diagram showing the KXCO ontology at the center coordinating validators, custodians, exchanges, wallets and regulators, with a cryptographic bill of materials for inventory and NIST post-quantum algorithms as the target
Diagram showing the KXCO ontology at the center coordinating validators, custodians, exchanges, wallets and regulators, with a cryptographic bill of materials for inventory and NIST post-quantum algorithms as the target

This matters directly for the problem BlackRock names. When a custodian, an exchange and a regulator need to agree that a pool of assets has moved from a quantum-vulnerable arrangement to a quantum-safe one, the fragmented approach is a chain of attestations passed between parties who each keep their own records — and every hand-off is a place for those records to drift apart. On a shared model, the same question is a query against one verified structure that returns the same answer to everyone, because there are no private copies of the fact to disagree about. That is coordination made cheap, which is the only way a migration at the scale of an economy ever actually completes. A quantum-safe ledger removes the cryptographic exposure; the ontology removes the coordination friction. They belong together.

What it means for allocators

Step back from the technology and there is a market thesis here, and it is not the obvious "quantum will crash Bitcoin" scare. My read is close to the opposite. A disclosed, understood, addressable risk is worth far less to be afraid of than an undisclosed one — and what BlackRock has done is move quantum from the second category into the first. The likely path is not a sudden break but a slow, visible migration, in which the assets and infrastructure that are demonstrably quantum-ready command a premium of confidence, and those that are not carry a discount that widens as Q-Day estimates tighten. Resilience becomes a differentiator you can underwrite.

That reframes where the value accrues. It is not only in the incumbent chains, which face the hardest and slowest migrations, but in the infrastructure being built quantum-safe from the ground up, and in the tooling that lets everyone else inventory and reduce their exposure on a schedule they can evidence. This is the same pattern every major security transition follows: the market first ignores the risk, then prices it abruptly, and the winners are the ones who built for it before it was priced. Post-quantum is now firmly in the "beginning to be priced" phase — which, for anyone allocating to digital-asset infrastructure, is precisely the window that matters.

None of this is a trade recommendation. It is an observation about where a large, slow, structural cost is about to land, and about who is positioned on the right side of it. The institutions with the most at stake are the ones whose records must remain valid the longest — banks, custodians, registries, funds — and for them, quantum readiness is shifting from a line in a risk section to a procurement requirement.

What institutions should take from this

For organizations that cannot simply move everything to a from-genesis chain tomorrow — and that is most of them — the sequence is the one we run ourselves. Scan the estate for where it still relies on vulnerable cryptography; produce a cryptographic bill of materials so the migration is tracked rather than guessed; migrate signing and key exchange to the NIST standards, keeping classical and post-quantum side by side so you can roll out incrementally and roll back safely; and sign the result so it is provable to an auditor. "Harvest now, decrypt later" means the clock on confidentiality already started: anything signed or encrypted today that must stay valid for a decade is already inside the window, which is why the inventory step is urgent even when the full migration will take years.

The competitor marketing that prompted me to write this got one thing right: post-quantum readiness is shifting from a future research project to an immediate infrastructure requirement. The reason is the audience. As institutional adoption grows, the holders with the most value at rest are also the ones with the longest horizons and the strictest disclosure obligations — the ones who must now list quantum as a material risk. For them, "we will migrate when we have to" is not a strategy a risk committee can sign off, because the exposure accrues today and the migration itself is a multi-year program that has to start before the threat is acute.

So the question is no longer "when will a quantum computer break elliptic-curve cryptography?" — a date nobody can pin down. It is "will the infrastructure we build today be on the right side of that line, whenever it arrives, and can we prove it?" For new build, the answer that survives a risk review is a network that was quantum-safe from the start. For existing estates, it is a tracked, evidenced migration. That is the whole reason KXCO exists, and it is why I keep returning to the same idea: the transition to post-quantum security does not start on some future Q-Day. It starts with the design decisions you make today.

Shayne Heffernan is the founder of KXCO by Knightsbridge. Sources: BlackRock's May 2025 iShares Bitcoin and Ethereum ETF prospectus amendments; Google Quantum AI research (Gidney, 2025) on quantum resource estimates; NIST FIPS 203/204/205 (August 2024). This article is commentary, not investment advice.

Advertisement
Target150
Keep reading
Read Live Trading News on Telegram

Every story, signed and delivered.

Subscribe to the kxco channel and get the headline, the AI-written key takeaways, and the chain-anchor link the moment we publish. Audio versions and per-ticker subscriptions arrive in the next iteration.

Open @KnightsbridgeInsightsNo email required.