Glassnode Flags 1.92M BTC at Quantum Risk as France Sets 2027 Crypto Security Deadline

Glassnode Flags 1.92M BTC as Quantum-Exposed as France Moves Toward 2027 Crypto Security Deadline

In today’s Bitcoin news, France’s national cybersecurity agency ANSSI (Agence Nationale de la Sécurité des Systèmes d’Information) announced at the France Quantum conference that it will stop certifying any security products lacking quantum-resistant encryption starting in 2027. A full migration deadline is set for 2030, applying to government agencies and critical infrastructure operators. The move comes alongside Glassnode’s May 2026 report, which estimates that 6.04 million BTC—about 30.2% of total supply—has public keys exposed on-chain.

This is more than a regional compliance update. It represents one of the clearest government-set timelines yet for phasing out classical public-key cryptography, arriving just as analysts increasingly measure Bitcoin’s theoretical exposure to future quantum computing capabilities.

Bitcoin Security Breakdown: Glassnode’s 6.04 Million BTC Estimate

Glassnode divides the exposed supply into two categories. The first is 1.92 million BTC (around 9.6% of supply), defined as structurally exposed coins. These include outputs where public keys are inherently visible, such as early P2PK transactions, legacy multisig formats, and Taproot (P2TR) outputs.

The second category totals 4.12 million BTC (about 20.6%), labeled operationally exposed. This includes coins whose public keys became visible through address reuse, partial spending patterns, or custodial wallet practices.

The report emphasizes that modern storage behavior is the main source of risk rather than long-dormant coins. Exchanges are estimated to hold between 1.63 and 1.66 million BTC in the operationally exposed category. In contrast, sovereign holdings from the U.S., U.K., and El Salvador reportedly show no quantum exposure due to the use of non-exposed address types. Meanwhile, roughly 13.99 million BTC (69.8%) remains unexposed under Glassnode’s classification framework.

The underlying risk stems from Bitcoin’s use of ECDSA (Elliptic Curve Digital Signature Algorithm) over the secp256k1 curve. If a fault-tolerant quantum computer were to run Shor’s algorithm at scale, it could derive private keys from publicly visible keys, potentially compromising exposed balances once a so-called “Q-Day” arrives. Outputs based on hashed public keys, such as P2PKH, remain protected until spent, offering a temporary buffer.

France and the Post-Quantum Timeline

Speaking at the France Quantum conference, ANSSI Chief of Staff Samih Souissi framed the transition as a broader governance and sovereignty issue, not just a technical upgrade.

The agency’s roadmap requires organizations to inventory sensitive systems by end-2026, map dependencies by end-2027, and complete migration to post-quantum cryptography (PQC) by 2030.

This timeline aligns with broader global shifts. Google has reportedly set a 2029 target for migrating internal systems to PQC, while quantum security firm Project Eleven estimates a cryptographically relevant quantum computer could emerge as early as 2030.

The U.S. National Institute of Standards and Technology (NIST) has also signaled plans to phase out classical public-key systems such as RSA and ECC by around 2030–2035, with major technology providers already integrating these expectations into hardware and software roadmaps.

Academic discussions, including those presented at DEF CON 33, suggest that as few as 1,754 logical qubits could theoretically threaten secp256k1-based systems under optimistic assumptions, though most researchers still place viable risk windows 10–20 years out.

Earlier studies vary widely in their estimates. Deloitte previously suggested up to 4 million BTC could be exposed under broader definitions, while Chaincode Labs placed the range between 4 million and 10 million BTC. Glassnode’s 6.04 million figure sits within this spectrum but applies more specific classification criteria.

About The Author

ctleditor

See author's posts