Hi, I summarised the threat of Quantum Computers (and some potential solutions) in another thread. Hope this answers the question and/or provokes further discussion.
The weakest point with a QC attack is re-using addresses in a public-key (asymmetric) cryptographic system.
The question of 'how soon' someone will have a sufficiently powerful QC is difficult to answer, given all the hype and bluster that accompanies each announcement, and also the distinction between 'proper' QCs and approaches that are merely quantum annealing, such as D-Wave.
Thank you for the link and very detailed response. I will go through that thread in detail later when I have time.
Here's a relevant paper that speculates about when ECDSA will be broken:
Quantum attacks on Bitcoin, and how to protect against themThe elliptic curve signature scheme used by Bitcoin is much more at risk and could be completely broken by a quantum computer as early as 2027, by the most optimistic estimates.
Wasabi Wallet creator nopara73
believes 202223 is closer to the mark:
For Bulletproofs, what matters is the Shor RSA2048 line, which is predicted to be broken in 202223. In fact, ECC is more vulnerable than RSA in a post-quantum world, so our discrete logarithm assumption may be broken even sooner.
The whole thing is fascinating in the link you provided about the question "
Who will steal Satoshis bitcoins?" but the undeniable fact is that at some point something will come along (either out of the blue and shock us all or by virtue of a slow build up) to pose a serious threat to private keys.