On March 31, the Google Quantum AI team published new research indicating that quantum computers could potentially crack Bitcoin public keys in less than nine minutes. This is less than the average time it takes to mine a new block.
The study, titled “Securing Elliptic Curve Cryptocurrencies from Quantum Vulnerabilities: Resource Estimation and Mitigation,” was led by Ryan Babush and Hartmut Neven, with collaboration from researchers at the University of California, Berkeley, the Ethereum Foundation, and Stanford University.
The central finding is numerical. According to the paper, running Shor’s algorithm (a quantum method that can derive a private key from a public key) can defeat the ECDLP-256 algorithm (the standard used by Bitcoin). Less than 1,200 logical qubits 90 million Toffoli gates, or less than 1,450 logical qubits and 70 million Toffoli gates.
A logical qubit is a quantum computing unit with built-in error correction capabilities, built from hundreds or thousands of individual physical qubits. The Toffoli gate is the most expensive basic operation in Shor’s algorithm and determines how long it takes to run.
Research shows that when these circuits are replaced with physical hardware, Superconducting qubit architecture with less than 500,000 physical qubits in minutes.
According to Google, this represents a nearly 20x reduction compared to the previous best-efficiency estimate for the same problem.
Google estimates of quantum threats
The paper also introduces operational distinctions related to Bitcoin. Researchers distinguish between “fast-clock” quantum computers (such as those based on superconducting, photonic, or silicon qubits) and “slow-clock” quantum computers (such as those based on neutral atoms or ion traps).
The former performs operations two to three orders of magnitude faster. This difference is important because Bitcoin’s average block time is 10 minutes. If a quantum computer can derive the private key of a transaction before it is recorded on the chain, it can intercept it and redirect funds.
Google estimates that superconducting machines with the described functionality exist. It takes about 9 minutes to get your keywhich makes that kind of attack on Bitcoin transactions (called an in-transit attack) technically possible.
The in-transit attack works as follows. When a user submits a transaction, their public key is exposed on the network for the time it takes to be included in a block. In the meantime, a sufficiently fast quantum computer could obtain the corresponding private key and issue a fake transaction. Misappropriating funds before the original is verified.
Previously, it was thought that no quantum machine could complete the process within a 10-minute block of Bitcoin. Google’s new numbers They close that gap significantly.
The study also notes that the estimated 500,000 physical qubits assumes relatively conservative hardware conditions and is consistent with quantum processors that Google has already demonstrated experimentally. More aggressive architectures may reduce the count Less than 100,000 physical qubitsHowever, according to Google Quantum AI, that type of hardware does not yet exist at a proven scale.
Although Google did not publish the circuits that enabled the attack (so as not to provide manuals to potential attackers before a vulnerable network was migrated), it did include publicly verifiable cryptographic evidence that would allow third parties to confirm that these circuits existed and produce the declared results.
Ethereum has a wider attack surface
Google’s paper devotes a specific section to Ethereum, concluding that its quantum exposure is broader than Bitcoin’s exposure, consistent with what CriptoNoticias has already described.
Unlike Bitcoin, where the main risk lies in the user’s private keys, Ethereum combines that risk with additional vulnerabilities stemming from its security. Account model, its smart contract and its consensus mechanism.
Research shows that the 1,000 most valuable contracts in the network are approximately 20.5 million ether (ETH) vulnerable to attacks when storedthe management keys of the contracts that manage over $200 billion in total stablecoins and real world assets (RWA) will be made public from the moment you make your first transaction.
Ethereum’s proof-of-stake (PoS) consensus mechanism is also vulnerable because it uses a signature scheme called BLS on Elliptic Curves, which could commit resources similar to those needed to attack Bitcoin, according to Google’s analysis.
However, the paper acknowledges that the Ethereum Foundation has an advantage in the post-quantum crypto transition compared to Bitcoin. Centralized leadership for more agile adjustment of protocol changes.
Is the transition period narrowing?Different opinions
A Google Quantum AI study concludes that while we are still ahead of the time needed to transition cryptocurrencies to post-quantum cryptography (PQC), an algorithm designed to resist quantum attacks, that margin is narrowing.
This transition is technically feasible given that there is a PQC standard approved by the National Institute of Standards and Technology (NIST) in 2024. Specifically regarding Bitcoin, the BIP-360 proposal raises the following issues: A new type of address hides public keys from attacks at restHowever, there is still no consensus within the community.
The obstacles are not just technical. As ARK Invest warned in a report published on March 11th, co-authored with custodian Unchained, Bitcoin’s decentralized governance will at the same time Its greatest strength and main obstacle Implement changes in time.
ARK predicts that certain quantum threats will arrive within 10 to 20 years, in line with institutional consensus from companies such as IBM, Microsoft, and NIST. New paper reduces the amount of hardware required upon arrival.
ARK also identified that approximately 35% of the BTC supply is in vulnerable addresses, including 1.7 million BTC in the older form of Bitcoin (P2PK). The public key is exposed directly on the chain and cannot be migrated if the private key is lost. These funds would be the first target of a dormant attack.
Opinions remain divided about the urgency. Blockstream co-founder Adam Back says the risk is “10 or 20 years down the road.” Ethereum co-founder Vitalik Buterin predicts that Ethereum could arrive in 2028.
What Google is adding to the discussion is not a date, but a variable that changes faster than expected: the cost of an attack.
(Tag Translation) Bitcoin (BTC)
