Share
A new research paper from Google Quantum AI, co-authored with Ethereum Foundation researcher Justin Drake and Stanford cryptographer Dan Boneh, is intensifying debate across the crypto industry after suggesting that future quantum computers could break Bitcoin-level cryptography in minutes rather than years.
The study estimates that cracking the 256-bit elliptic curve cryptography used by Bitcoin and Ethereum could require around 1,200 logical qubits and tens of millions of quantum operations, representing roughly a 10-fold improvement in efficiency over prior estimates. The authors validated the calculations using zero-knowledge proofs while withholding full circuits, describing the move as responsible disclosure given the security implications.
Today, Google Quantum AI published a research paper that might boost the post-quantum migration. Their team has tailored Shor’s algorithm to solve the 256-bit Elliptic Curve Discrete Logarithm Problem. ECDLP is the hard mathematical problem that secures ECDSA: the signature… pic.twitter.com/CDzn4ydN2z
— Charles Guillemet (@P3b7_) March 31, 2026
More controversially, the paper introduces a “primed” attack model, where a quantum computer pre-computes input-independent steps before a transaction appears. Once a public key is revealed in the mempool, the remaining computation could complete in approximately nine minutes — close to Bitcoin’s 10-minute block time, potentially enabling on-spend attacks under ideal conditions.
The findings mark a shift in how researchers view quantum risk. Previously, analysts treated wallet-at-rest attacks as the first realistic threat, with live transaction attacks expected much later. The new estimates suggest that once a cryptographically relevant quantum computer exists, both attack vectors may become viable at roughly the same time.
Google research estimates more than 1.7 million Bitcoin remain in such addresses. These coins include early mining rewards and possibly lost wallets.
Because public keys are already visible, these funds are vulnerable to at rest quantum attacks.
The paper emphasizes that quantum progress does not follow a smooth curve. Instead, breakthroughs depend on discrete engineering milestones such as error correction, interconnect reliability, and decoding performance. Once those thresholds are crossed, scaling from small demonstrations to cryptographically relevant machines could occur rapidly.
That dynamic has already prompted broader warnings. Google recently said that powerful quantum computers capable of breaking modern encryption could emerge as early as 2029, urging organizations to begin migrating to post-quantum cryptography now.
The concern extends beyond crypto markets. Governments, intelligence agencies and cybersecurity organizations have increasingly warned about “store-now, decrypt-later” attacks, where encrypted data is harvested today and decrypted once quantum hardware matures.
Justin Drake has increasingly framed quantum computing as a systemic threat to blockchain security. In recent research discussions, Drake said advances in algorithms and hardware are reducing the cost of breaking cryptographic keys, potentially affecting multiple components across blockchain systems simultaneously.
Ethereum developers are now targeting post-quantum security timelines around 2029, reflecting growing concern that migration could take years and must begin before hardware breakthroughs occur.
Ethereum researcher Justin Drake on why quantum computing is "a big opportunity for Ether the asset"
1. Property rights. Quantum threatens any crypto holdings with exposed public keys — including an estimated 1M BTC. Drake argues Ethereum's approach will be non-interventionist,… pic.twitter.com/F7qR3ikCs5
— Etherealize (@Etherealize_io) March 24, 2026
The paper also highlights another risk: one-time protocol breaks. Some blockchain systems embed elliptic-curve assumptions into fixed public parameters. A single successful quantum attack could produce reusable classical exploits without needing further quantum access, a scenario researchers describe as structurally different from individual wallet attacks.
Moreover, Google identifies multiple Ethereum risk categories:
Because Ethereum functions as programmable financial infrastructure, quantum risk extends beyond wallets into entire decentralized applications.
Despite the growing urgency among researchers, several Bitcoin veterans remain skeptical about near-term risks.
Adam Back, CEO of Blockstream and inventor of Hashcash, has repeatedly argued that cryptographically relevant quantum computers remain decades away. Back has estimated that meaningful threats could take 20 to 40 years to emerge, giving Bitcoin ample time to transition to quantum-resistant cryptography.
i think the risks are short term NIL. this whole thing is decades away, it's ridiculously early and they have massive R&D issues in every vector of the required applied physics research to even find out if it's possible at useful scale. but it's ok to be "quantum ready" and
— Adam Back (@adam3us) December 18, 2025
Back has also dismissed recent warnings as exaggerated, arguing that current quantum machines remain far too limited to threaten Bitcoin’s security model today.
Nick Szabo, a cryptographer and early Bitcoin pioneer, has taken a more nuanced view. Szabo has acknowledged that quantum computing is eventually inevitable, but argues that governance, legal and regulatory risks remain more immediate threats to cryptocurrencies.
Anarcho-capitalism is a wonderfully abstract ideal that can inspire innovation. It helped inspire me to help invent cryptocurrency.
But real-world cryptocurrencies are not trustless — they are trust-minimized. Each cryptocurrency has a legal attack surface, representing the…
— Nick Szabo (@NickSzabo4) November 16, 2025
That divergence reflects a broader debate inside crypto: whether quantum computing represents a distant theoretical risk or an emerging engineering race.
Some institutional investors are already adjusting. A recent strategy shift from Jefferies removed Bitcoin from a long-term portfolio, citing quantum computing risks and estimates that millions of coins could become vulnerable once cryptographically relevant quantum computers emerge.
Meanwhile, cybersecurity firms warn that organizations are largely unprepared. A recent industry survey found that 90% of enterprises lack quantum-resistant systems, despite most expecting quantum attacks within five years.
Even if quantum computers remain years away, migration may take longer.
Transitioning Bitcoin or Ethereum to post-quantum cryptography would likely involve:
Such upgrades historically take years to deploy.
The Google-backed research does not claim that Bitcoin or Ethereum are immediately vulnerable. But it does suggest the timeline between first practical quantum machines and real-world attacks may be shorter than previously assumed.
The result is a shift in framing: quantum computing is no longer just a distant theoretical threat, but an emerging strategic race between cryptographers and quantum hardware developers.
And if the paper’s estimates prove accurate, the window to react when the tipping point arrives may be measured in minutes rather than years.
Share
