Last month, the United States Commerce Department signed letters of intent to award just over $2 billion to nine quantum computing companies building the machines that break the cryptography defending Bitcoin and Ethereum, and the cryptography that the rest of the internet runs on.
These are not simply research grants. They represent industrial policy for manufacturing scale, and an investment in long-term equity outcomes where the government hopes to turn a profit. IBM is getting $1B to stand up a quantum-grade superconducting wafer foundry. GlobalFoundries is getting $375M for a multi-architecture fab. The remaining $636M is split across seven companies actually building quantum computers, across superconducting, trapped ion, photonic and neutral-atom modalities.
When a country builds purpose-built fabrication facilities for a technology, it is no longer asking whether that technology works. It is asking how fast it can scale. The Commerce Department believes quantum to be beyond the experimental, “maybe one day” phase, and wants to win the race to a cryptographically relevant quantum computer (CRQC) before its adversaries. Being able to break widely used cryptography is a very powerful advantage that every government would love to have.
To defend against a CRQC, we need post-quantum cryptography. The defense side has no comparable backer.
By all public accounts, quantum computing capabilities are developing quickly. Google's quantum researchers have spent the last twelve months publishing increasingly aggressive resource estimates for breaking elliptic curve cryptography. This public research raised alarms; going forward, it is likely that only a small fraction of the field's research will be public. The conclusion and the recommendation of experts is that migration to post-quantum cryptography should begin immediately.
The gap is not a funding gap
The obvious response to the U.S. government’s announcement is that the defense side needs equivalent funding. Find an industry consortium, match the $2 billion, fund post-quantum cryptography research at the same scale, and close the gap.
That response is wrong, or at least insufficient. The issue with post-quantum defense is that everyone needs to adopt the solution at once. This is more of a coordination problem than a financial hurdle. Money can fund the offense to converge on capability. It cannot fund the defense to converge on adoption.
Securing bitcoin shows the shape of the challenge. There is one cryptographic system to defend, but the defense only works if every wallet, every custodian, every exchange and every long-dormant address moves to a new system together. Partial migration is partial protection. The defense has to propagate to millions of independent endpoints, none of which can be forced.
This is why the most exposed institutional holders have been waiting. They are waiting for the coordination work to happen, which a research grant does not accomplish. The work needs an actor with the standing to convene the protocol communities, the custodians, and the regulators who must move together. No funded entity has taken on that role at the scale Bitcoin requires.
The geopolitical race
Government funding accelerated the offense. Every dollar that compounds into quantum hardware compresses the defense's runway.
The day after the U.S. announcement, Emmanuel Macron committed €1 billion to France's quantum strategy and called for Europe to "change the scale" of investment, naming the U.S. and China as its competitors.
China had already routed roughly $17.5 billion through three regional venture funds before the U.S. announcement landed; the U.S. move now gives Beijing the political cover to authorize another round. This is what a three-way industrial-policy race looks like, and it just compressed everyone's planning horizon, whether they were ready or not.
What has to happen now
A serious response begins with coordinated migration work, started before the offense capability matures, because the migration has a long tail, and the runway just got shorter.
What is different about the post-quantum case is the scale of the coordination challenge. Bitcoin is uniquely exposed: any address that has ever spent funds has its public key sitting onchain in the clear, forgeable the moment elliptic curve cryptography breaks, with no way to recall it.
Secure Sockets Layer (SSL) deprecation occurred because browser vendors drew a line in an era when the cryptographic deployment surface was a fraction of what it is now. SHA-1 was officially deprecated by the standards body NIST, even though it had never been demonstrably exploited. In each example, institutional actors with the authority to set deadlines and force adoption acted across the systems they controlled.
Bitcoin and other digital asset networks and protocols have no vendor, no central authority, no entity that can declare a hard date and force the network to move. The defense has to be negotiated among stakeholders who must all agree, with no actor in a position to force compliance.
The most time-sensitive piece is on the protocol side. The Bitcoin community must advance post-quantum migration proposals while there is still room to debate the trade-offs, rather than accept whatever can be activated under pressure.
The institutional custodians holding bitcoin on behalf of ETF issuers, corporates, and sovereigns (e.g., Coinbase, Fidelity, BNY Mellon, and others) must fund migration infrastructure while the window for proactive upgrades remains open. Stablecoin issuers have to harden their signing systems against post-quantum forgery.
None of this happens by waiting. The institutions holding bitcoin have been waiting for the moment when migration became urgent enough to fund seriously. That moment just came and went.
The federal government has already drawn the lines. The transition to post-quantum cryptography standards, outlined in the NIST IR 8547, sets specific deadlines: RSA-2048 and ECDSA at 112-bit security are deprecated in 2030 and disallowed in 2035; every quantum-vulnerable public-key algorithm is prohibited in NIST standards after 2035. National Security Memorandum 10 directs federal systems to mitigate quantum risk on the same horizon. These are not aspirational targets. They are dates that compliance officers, vendors and procurement officers across the federal government are already planning against.
The digital asset industry should be held to the same schedule. The Clarity Act, now moving through Congress, gives federal regulators their first comprehensive framework for digital asset oversight. That framework should require custodians, exchanges and stablecoin issuers operating in the United States to publish post-quantum migration plans, with milestones that align to NIST's 2030 and 2035 deadlines. The CHIPS Act accelerated the offense. The Clarity Act framework can force the defense to keep pace. The U.S. Department of the Treasury and the SEC have the standing to enforce it. They should use it and force coordination that the industry has been deferring for years.
