Google Quantum AI researchers, along with co-authors from the Ethereum Foundation (Justin Drake) and Stanford (Dan Boneh), showed that cracking the 256-bit elliptic curve discrete logarithm problem could be achieved with roughly 1,200 logical qubits and 70–90 million Toffoli gates — or fewer than 500,000 physical qubits on a superconducting system. In an idealized fast-clock setup, this could theoretically recover a private key from an exposed public key in approximately 9 minutes — faster than Bitcoin’s average 10-minute block time in some scenarios.
This represents roughly a 20-fold reduction in resource requirements compared to prior estimates. The team also withheld the full quantum circuits (publishing only a proof they exist), which some analysts interpreted as a sign Google views the advance as particularly serious.
A parallel paper using neutral-atom hardware further compressed requirements, pushing the “Q-day” timeline — when cryptographically relevant quantum computers (CRQCs) become practical — potentially into the late 2020s or early 2030s rather than the mid-2030s.
Reactions have been sharply divided:
Bitcoin’s core vulnerability lies in exposed public keys — those revealed when funds are spent. Once a public key is on-chain, a sufficiently powerful quantum computer could theoretically derive the private key. Google’s estimates suggest this could happen quickly enough to race against block confirmation in some scenarios.
Dormant coins (including a significant portion of Satoshi’s holdings) with never-revealed public keys remain safer for now, but “harvest now, decrypt later” attacks remain a long-term concern.
Bitcoin lacks a centralized upgrade path, so any migration to post-quantum signatures (e.g., lattice-based or hash-based schemes) would require years of coordination among developers, miners, and users — raising risks of network splits or bugs.
Ethereum appears somewhat better positioned, with an active post-quantum research effort and a clearer upgrade roadmap, though it also faces multiple quantum attack surfaces.
Google itself has accelerated its internal post-quantum cryptography migration target to 2029, citing rapid progress in hardware, error correction, and factoring estimates.
For the crypto industry, the consensus is shifting from “distant theoretical risk” to “serious planning needed within the next few years.” Key priorities include:
While panic is unwarranted — practical, large-scale quantum computers capable of these attacks are still years away — the window for proactive preparation is narrowing. The debate now centers not on whether blockchains must adapt, but on how quickly and how smoothly that transition can occur.
Bitcoin’s decentralized nature makes it resilient in many ways, but it also makes coordinated cryptographic upgrades one of its greatest long-term challenges. The coming years will test whether the community can rise to it.
