New research from Google suggests quantum computers may need far fewer resources than previously estimated to break the cryptography that secures cryptocurrency blockchains.
Google’s study, released Monday, estimates a quantum computer could break the 256-bit elliptic curve discrete logarithm problem (ECDLP-256) used by Bitcoin (BTC) and Ethereum (ETH) with under 500,000 physical qubits, based on the company’s current hardware assumptions. The researchers developed two quantum circuits to test on a superconducting-qubit, cryptographically relevant quantum computer (CRQC) and report a roughly 20-fold reduction in qubit requirements.
Under a theoretical scenario in the paper, a quantum machine could recover a Bitcoin private key in as little as nine minutes, leaving a narrow window for an “on-spend” attack given Bitcoin’s ~10-minute block time. An on-spend attack would exploit a public key revealed during a transaction to derive the corresponding private key and steal funds if the attacker completes the computation before the transaction is confirmed. The team estimated the time to launch an on-spend attack from a primed state at the moment the public key is learned to be roughly either nine or 12 minutes.
Co-author and Ethereum researcher Justin Drake said the findings increased his confidence that a Q-Day (a quantum-capable break) by 2032 is more plausible, suggesting at least a 10% chance that a quantum computer could recover private keys from exposed public keys by then.
The paper also warns that Ethereum’s account model is particularly susceptible to “at-rest” attacks. Because an account’s public key becomes permanently visible on the blockchain after its first transaction, an attacker can take unlimited time to derive the private key. Google calls this a systemic, unavoidable exposure unless the protocol transitions to post-quantum cryptography (PQC). The company estimates the 1,000 wealthiest exposed Ethereum accounts—holding about 20.5 million ETH—could be cracked in fewer than nine days under its assumptions.
Google says it aims to raise awareness and offers recommendations to help the cryptocurrency community improve security and stability before such attacks become feasible. It recommends transitioning blockchains to PQC sooner rather than waiting for active threats.
On Wednesday, Google set a 2029 deadline for its own post-quantum cryptography migration, warning that “quantum frontiers” may be closer than commonly assumed. Crypto figures reacted: Nic Carter said elliptic curve cryptography is nearing obsolescence and noted Ethereum developers are working on mitigations while Bitcoin developers lag. The Ethereum Foundation released a post-quantum roadmap in February, and Vitalik Buterin has proposed changes to validator signatures, data storage, accounts and proofs to prepare for quantum risks.
Cointelegraph is committed to independent, transparent journalism. This news article is produced in accordance with Cointelegraph’s Editorial Policy and aims to provide accurate and timely information. Readers are encouraged to verify information independently. Read our Editorial Policy https://cointelegraph.com/editorial-policy
