Ripple’s XRP may be less exposed to quantum computing threats than bitcoin

Quantum computing has become one of the hottest topics lately, thanks to Google saying that a sufficiently powerful machine could mine old blockchains with less firepower than initially estimated.

For XRP holders, a nuanced answer, based on experts, is that XRP’s architecture is better positioned than Bitcoin’s. XRP is the digital token that runs on the XRP Ledger (XRPL), which is an open source, decentralized blockchain. Ripple, a fintech firm, uses XRP to facilitate cross-border transactions.

Let’s discuss in detail, one step at a time.

The threat

Every major blockchain shares the same fundamental cryptographic features that include a private key, which is the secret password you never share but uses to sign and execute transactions on the distributed ledger.

For this, a public key is mathematically derived, and from it your wallet address is generated, which you share with others to receive funds.

The quantum vulnerability everyone is talking about is that a sufficiently powerful machine using the so-called Shor’s algorithm could theoretically reverse-engineer your private key from the exposed public key, draining your funds.

Typically, your public key is exposed to the network when you send a transaction, and when you receive funds, only your address is on the chain. That’s why your account activity, whether you’ve sent funds, makes your quantum vulnerable, not your balance or how long you’ve held the address.

XRP’s exposure

This week, XRP Ledger’s validator Vet, performed a quantum vulnerability audit of the entire ledger and found that approximately 300,000 XRP accounts with 2.4 billion XRP have never sent any funds. They have only received funds so far, meaning their public keys have never been exposed to the network.

So these accounts are quantum safe by default.

However, there are dormant whale accounts that have previously transacted and exposed their public keys, but this happened at least 5 years ago. They are essentially exposed and not active. If a quantum computer emerged tomorrow, these whales would be in trouble.

Vet found two such accounts on the entire XRP Ledger, and together they hold 21 million XRP. Although this sounds like a lot, it is only 0.03% of the circulating supply.

Note that the vulnerability is based on the assumption that they are dormant and not for “key rotation” – an XRPL feature that allows you to exchange your signing key without moving funds at all. Think of it this way: You can change the lock on your home (account) without moving home. This way, your funds stay safe, no sending transaction takes place, and anyone holding your old key is locked out of your account.

“The XRP Ledger is account-based and allows for key rotation signing. So you can rotate keys that sign on behalf of an account without changing the account. Of course, this is by no means a perfect solution and real quantum-proof algorithms will probably be adopted,” said Vet on X.

Technically, this feature is available to everyone, but the problem arises when people aren’t around to use it – the so-called long dormant accounts, who may have lost keys, passed away, or simply aren’t paying attention. This is what makes them vulnerable.

Mayukha Vadari, staff software engineer at Ripple, pointed to the “escrow feature” as another defense against quantum risk.

She said that funds locked in escrow with a time lock are safe, not because of cryptography, but because of logic – a time lock simply prevents withdrawal until a specified time has passed.

“Timelocks aren’t hash-based either, you just can’t get in until that time is up (at least not via quantum – you’d need another bug for that). Yes, that’s true, can’t stop a black hole – but the attacker is less incentivized to do so because they don’t get the funds,” Vadari said.

It is worth noting that while the time lock specifically protects the funds, the account that those in escrow have locked can carry quantum risks like any other XRPL account. So, an attacker could potentially take control of the account and cancel or modify the sponsor or simply wait for the timeout to end.

How Bitcoin Compares

The quantum threat to Bitcoin looks worse than that to XRP for two reasons.

First, the sheer scale. A significant portion of early bitcoin was mined using a format called P2PK, which exposed public keys directly in the transaction output – no spend transaction required. This includes Satoshi Nakamoto’s 1 million BTC, which has never moved. Broadly, Google estimates that around 6.9 million BTC are vulnerable, which equates to nearly 35% of bitcoin’s circulating supply, a huge figure compared to XRP’s 0.03%.

All of these are sitting ducks for a potential quantum attacker.

Even holders who recognize the threat and want to protect have a structural problem that XRP holders do not. This is because Bitcoin’s blockchain lacks a key rotation feature, leaving holders with only one option: move funds to a new address whose public key has never been seen. Funds at that new address are quantum safe.

However, when you move funds from old to new, the transaction sits in the memory pool (a temporary waiting room) for about 10 minutes. During this time, the public key of the old address is exposed. A sufficiently strong quantum machine can mine this public key in ten minutes. This risk is still largely theoretical, but it points to bitcoin holders’ relative structural vulnerability.

That said, note that Bitcoin developers have already started several proposals to develop quantum resistance.