Google Warns Crypto Sector About Quantum Computing Threat
Google has alerted the cryptocurrency industry that the threat posed by quantum computing is more immediate than many may have realized. This concern has caught the attention of industry participants once again.
A white paper released by Google’s Quantum AI team indicates that breaking the 256-bit elliptic curve encryption protecting Bitcoin and Ethereum wallets might only require about 500,000 qubits—this is a significant reduction from previous estimates that ranged in the millions.
The research highlights that a quantum computer could decrypt Bitcoin’s private key in roughly nine minutes after the public key is exposed during a transaction. This would give an attacker a 41% chance of successfully breaching Bitcoin’s 10-minute confirmation window.
The implications of this study have reverberated throughout online cryptocurrency circles. It’s not that quantum computers can challenge Bitcoin at this very moment, but the timeline for when they could pose a serious threat has certainly shrunk.
“We are no longer looking at the mid-2030s. Quantum computers of this scale will be possible by the end of the decade,” stated Haseeb Qureshi, Managing Partner at Dragonfly. “Every blockchain urgently needs a transition plan. Post-quantum is no longer just theoretical.”
Qureshi also noted some peculiar aspects of Google’s findings. The research team refrained from disclosing the actual quantum circuit; instead, they provided a zero-knowledge proof that confirms the circuit’s existence without diving into its operational details. “This is quite unusual and suggests that Google takes this matter seriously,” he remarked.
Justin Drake, a researcher at the Ethereum Foundation and a co-author of the paper, expressed growing confidence that quantum computing could be a reality by 2032. He believes there’s at least a 10% chance that a quantum computer could recover the secp256k1 private key from the public key by then.
According to Drake, the optimized quantum circuit might consist of only 100 million Toffoli gates, which is surprisingly efficient, with a total execution time around 1,000 seconds on a superconducting platform.
“One of Google’s optimizations arose from an unexpectedly simple observation, and we are still uncovering easier improvements,” Drake noted. “AI hasn’t even been used to find these optimizations yet.”
While human researchers are still making discoveries that enhance the technology, the limits on the number of qubits required have yet to be reached. Drake mentioned that the number of logical qubits could soon dip below 1,000.
Conor Deegan, a security engineer whose research was referenced in Google’s paper, highlighted patterns in studies related to multiple cryptocurrencies. He pointed out that quantum computing offers a singular investment that can lead to classic vulnerabilities that can be exploited indefinitely.
Various cryptocurrencies—such as Ethereum’s “KZG” trust setup, Zcash’s “Sapling” protocol, and Litecoin’s “MimbleWimble”—embed elliptic curve difficulty in fixed public parameters that need to be compromised just once for broader vulnerability.
“In light of these resource evaluations, establishing new crypto infrastructure on the ECDLP curve is no longer justifiable,” Deegan concluded.
Google’s paper estimates that approximately 6.9 million Bitcoins—or around one-third of the total supply—are stored in wallets with compromised public keys. This includes 1.7 million BTC from Bitcoin’s early history, including coins linked to Satoshi Nakamoto, the pseudonymous creator of Bitcoin, as well as those affected by address reuse.
Earlier reports indicated that Bitcoin’s 2021 Taproot upgrade—which aimed to enhance private transactions—also inadvertently made public keys on the blockchain public by default, introducing quantum risks.
This figure vastly overshadows a February estimate from CoinShares, which indicated that only around 10,200 BTC were concentrated in amounts sufficient to cause “significant market disruption” if compromised. Google’s methodology, however, accounts for all publicly available keys, not just large balances.
Differences Between Bitcoin and Ethereum
Reactions have varied significantly across the industry. Ethereum’s proactive measures have garnered praise, while Bitcoin’s perceived inaction has raised alarms.
“Q-day should be viewed similarly to the year 2000, but it’s a real issue,” said a leading crypto investor known only as “McKenna.” “Thanks to the Ethereum Foundation for its early research. The concerning aspect is Bitcoin’s lack of urgency and differing views on how to address a vulnerable asset.”
The Ethereum Foundation recently launched pq.ethereum.org, providing eight years of post-quantum research, weekly developmental shipments from multiple client teams, along with a roadmap for multi-fork migration.
Drake is not just a co-author on Google’s paper; he’s also part of the Ethereum group, serving as a bridge between researchers who quantify threats and developers aiming to create defenses.
Eli Ben Sasson, co-founder of StarkWare, urged the Bitcoin community to amplify initiatives like BIP 360, a proposal to establish a quantum-resistant wallet format for a voluntary transition.
“It’s not fear-mongering to assert that quantum computers are on the horizon,” Ben Sasson asserted. “The claims that Bitcoin can’t adapt are unfounded. We must start developing solutions today.”
Bitcoin supporter Bit Pain expressed, “I still think a 10-year window is more likely, but I’m becoming concerned over the probability of disruptive events occurring within the next five years. It might be prudent to act in the coming year or two.”
Payne noted a “national security” angle, emphasizing, “CRQC was developed in secrecy and could emerge at any moment.”
Google’s choice of employing zero-knowledge proofs, rather than revealing the quantum circuit, underscores this concern. If leading quantum research institutions shy away from publishing their work due to security, it’s likely that national institutions would follow suit.
Drake concurred, suggesting that one should assume advanced algorithms may be concealed in the future, indicating a potential future suppression of academic work.
Why Focus on Cryptocurrencies?
Some in the industry questioned why Google directed its extensive analysis at cryptocurrencies instead of financial institutions or military systems. ETF analyst Eric Balchunas wondered why Google would allocate its research resources to cryptocurrencies rather than something with broader societal implications.
Nic Carter from Castle Island Ventures offered insight: blockchain systems are particularly vulnerable to encryption breaches caused by quantum computers. “Compromising a single key wouldn’t affect a bank, but it would upend a blockchain,” Carter said. “They are fundamentally more susceptible. Banks would eventually update their systems anyway.”
Binance co-founder Qiao Changpeng called for calm while acknowledging the practical challenges involved.
“All cryptocurrencies need to do is upgrade to quantum-proof algorithms. Thus, there’s no reason for panic,” Zhao stated. “There are significant implementation considerations, which complicate planning upgrades in a decentralized world.”
Zhao furthermore posed a direct question to Satoshi, saying, “If these coins require movement during migration, it implies that he still exists, which is intriguing. On the other hand, if they don’t, it might be wise to lock or effectively burn those addresses to prevent them from falling into the wrong hands.”
In a larger discussion, cryptocurrency commentator Quinten Francois noted, “Should quantum computing destroy Bitcoin, it would also dismantle the global banking system, and military communications, among others.”
Elon Musk cheekily commented that even if one forgets a wallet password, access would still be possible in the future.
This paper addresses such concerns. Unlike centralized systems, such as banks and military networks, which can push software updates to users, a decentralized blockchain lacks that capability. The migration timeline for Bitcoin’s infrastructure, covering wallets, exchange support, and new address formats, could span five to ten years even after a solution is identified.
Google mentioned it is collaborating with Coinbase, the Stanford Blockchain Institute, and the Ethereum Foundation to devise a responsible transition plan.
Ultimately, Google framed its research not as an attack on cryptocurrencies but as an initiative to “support the long-term health of the cryptocurrency ecosystem.” The general consensus across the industry indicates that this threat is now tangible—it’s time to take action. The only unresolved issue is whether necessary migrations will occur before the technology catches up.
Read more: How Bitcoin, Ethereum, and other networks are preparing for the looming quantum threat
