Key Points France will require quantum-resistant encryption certification by 2027, with full migration by 2030. Glassnode estimates 6.04 million Bitcoin have public keys exposed on-chain. Fra
France’s cybersecurity agency ANSSI announced it will stop certifying products that lack quantum-resistant encryption starting in 2027.
The requirement applies to government bodies and critical infrastructure operators, with full transition to post-quantum cryptography mandated by 2030.
The announcement coincides with new data showing that a significant share of Bitcoin has public keys already visible on-chain.
According to a May 2026 report by Glassnode, 6.04 million BTC, about 30.2% of circulating supply, fall into this category.
Glassnode divides the exposed amount into 1.92 million BTC considered structurally exposed and 4.12 million BTC classified as operationally exposed.
Structurally exposed outputs include P2PK addresses from early mining, bare multisig scripts, and Taproot outputs that reveal public keys by design.
Operational exposure stems from address reuse, partial UTXO spending, and certain custodial wallet practices.
The analysis attributes between 1.63 and 1.66 million BTC of this subset to exchanges.
By contrast, government holdings from countries such as the United States, United Kingdom, and El Salvador reportedly show no public-key exposure at rest.
Glassnode estimates that 13.99 million BTC, or around 69.8% of supply, remain unexposed under its criteria.
Bitcoin transactions rely on the Elliptic Curve Digital Signature Algorithm (ECDSA) over the secp256k1 curve.
A sufficiently advanced quantum computer using Shor’s algorithm could theoretically derive private keys from exposed public keys, putting those funds at risk.
Outputs such as P2PKH maintain additional protection because their public keys are not revealed until funds are spent.
This distinction forms the basis for categorizing risk levels across the supply.
ANSSI’s roadmap requires organizations to inventory sensitive data by the end of 2026 and identify affected systems by 2027.
Complete migration to post-quantum cryptography is scheduled for 2030.
The timeline aligns with broader institutional planning.
Google has set an internal 2029 deadline for transitioning systems to post-quantum standards.
The U.S. National Institute of Standards and Technology has signaled plans to phase out classical public-key schemes such as RSA and ECC around 2030 and discontinue their use by roughly 2035.
These signals are shaping vendor roadmaps for hardware security modules and operating systems.
Research presented at DEF CON 33 suggested that 1,754 logical qubits could be sufficient under optimistic assumptions to challenge secp256k1-based systems.
However, many experts estimate the practical threat window may still be ten to twenty years away.
Previous studies have produced similar exposure estimates.
A Deloitte analysis suggested around 4 million BTC were vulnerable due to address types or reuse, while Chaincode Labs projected a 4–10 million BTC range, placing Glassnode’s 6.04 million estimate within earlier projections.
