Illustration of a digital hand manipulating a Bitcoin with a timer, representing research suggesting quantum computers could potentially break Bitcoin’s cryptography in minutes.
New Google research suggests future quantum computers could theoretically break Bitcoin’s cryptography in minutes.

Google has revised its estimate of the quantum computing power needed to break blockchain cryptography. The new figure is 20 times lower than previous projections. Ethereum's account model is flagged as structurally vulnerable because public keys are permanently exposed on-chain.

Quick Insights

  • New Google research estimates quantum computers could break the cryptography protecting Bitcoin and Ethereum using fewer than 500,000 physical qubits.
  • That's a 20x reduction from previous estimates of what would be needed to crack 256-bit elliptic curve cryptography.
  • The researchers estimate a quantum computer could derive a Bitcoin private key from a public key in roughly nine minutes.
  • Ethereum's account model is described as "structurally prone" to quantum attack because public keys are permanently exposed after a wallet's first transaction.

Google has published new research that significantly lowers its estimate of the quantum computing power needed to break the cryptography underpinning Bitcoin and Ethereum. The findings suggest the threat timeline may be shorter than the industry has assumed.

The paper, released on Monday by Google's quantum AI team, estimates that a quantum computer with fewer than 500,000 physical qubits could crack the 256-bit elliptic curve cryptography (ECDLP-256) that secures most major blockchains. Previous estimates had placed that figure roughly 20 times higher.

To be clear, a quantum computer capable of this does not exist yet. The largest current machines operate in the range of 1,000 to 1,500 qubits. But the gap between where the hardware is now and where it would need to be just got a lot smaller.

A Bitcoin Private Key Cracked in Nine Minutes

The research outlines a specific attack scenario against Bitcoin. When a user broadcasts a transaction, their public key is temporarily exposed on the network before the transaction is confirmed. A sufficiently powerful quantum computer could use that window to derive the private key from the public key and redirect the funds.

Google's researchers estimate this "on-spend attack" could be executed in approximately nine minutes. Bitcoin's average block time is ten minutes, which means the attack would need to complete before the transaction is confirmed. The margin is tight but theoretically viable.

Ethereum researcher and paper co-author Justin Drake said the findings have increased his confidence that a quantum computer capable of breaking elliptic curve cryptography could exist by 2032. He put the probability at "at least 10%."

Ethereum's Public Key Problem

The paper flags a different and arguably more serious vulnerability for Ethereum. Unlike Bitcoin, where public keys are only briefly exposed during transactions, Ethereum's account model reveals the public key permanently after a wallet sends its first transaction. Every Ethereum address that has ever made a transfer has its public key sitting on-chain, visible to anyone.

That means an attacker wouldn't need to race a transaction. They could take as long as needed to derive the private key from any exposed public key. Google's researchers describe this as an "at-rest attack" and call Ethereum's architecture "structurally prone" to it.

The researchers estimated that the 1,000 wealthiest exposed Ethereum accounts, holding roughly 20.5 million ETH, could be compromised in fewer than nine days.

Two Types of Quantum Attack
  • On-spend attack (Bitcoin): the attacker derives a private key from a public key exposed during a transaction. Must be done within the block confirmation window (roughly 10 minutes for BTC).
  • At-rest attack (Ethereum): the attacker derives a private key from a public key that is permanently visible on-chain. No time constraint. Any Ethereum wallet that has ever sent a transaction is exposed.

Google Sets 2029 as Its Own Quantum Migration Deadline

The research follows Google's announcement last week that it has set an internal 2029 deadline for migrating its own systems to post-quantum cryptography. The company warned that "quantum frontiers" could arrive sooner than expected.

In the paper, Google recommended that blockchain projects begin transitioning to post-quantum cryptography now rather than waiting for the threat to become real. The company framed the research as a responsible disclosure effort, aimed at giving the crypto industry time to act before the hardware catches up to the theory.

Ethereum appears to be further ahead on this front. The Ethereum Foundation published a post-quantum security roadmap in February, and co-founder Vitalik Buterin has outlined four areas that need to change: validator signatures, data storage, account structures, and proof systems. Crypto entrepreneur Nic Carter recently described elliptic curve cryptography as being on the "brink of obsolescence" and said Ethereum developers were already working on solutions while Bitcoin's approach to quantum resistance was "worst in class."

What This Means for Crypto Right Now

No quantum computer exists today that can break blockchain cryptography. The hardware is still orders of magnitude away from what would be needed. This is a future threat, not a present one.

But Google's research narrows the gap between the current state of quantum computing and the point at which it becomes a practical risk. The previous assumption was that millions of qubits would be needed. The revised figure of under 500,000 puts the target within range of what major quantum hardware programmes are working toward over the next decade.

For Bitcoin, the vulnerability is limited to the brief window when public keys are exposed during transactions. Users who hold BTC in addresses that have never sent a transaction (and therefore haven't revealed their public key) are not currently at risk. For Ethereum, the exposure is broader because public keys are visible on-chain indefinitely.

The practical takeaway is that post-quantum cryptography migration isn't a theoretical exercise for some distant future. It's an engineering problem that the largest projects in crypto need to be actively working on. Google's research suggests they have less time to solve it than they thought.

Disclaimer: Nakamoto Daily provides information for educational and entertainment purposes only. Nothing published here constitutes financial, investment, or trading advice. Readers should conduct their own research and consult a qualified financial adviser before making any investment decisions.