Google warns quantum computers could crack Bitcoin encryption within minutes
Google's Quantum AI team has published a white paper revealing that breaking the elliptic curve cryptography securing Bitcoin and Ethereum may require far fewer quantum computing resources than previously thought — and could theoretically be done fast enough to intercept a transaction before it is confirmed on the blockchain.
The research, co-written with the Ethereum Foundation and Stanford University, estimates that cracking the Elliptic Curve Digital Signature Algorithm protecting cryptocurrency wallets would require fewer than 500,000 physical qubits, roughly 20 times less than prior estimates of around 10 million. Using Shor's algorithm, a sufficiently powerful quantum computer could derive a wallet's private key in approximately nine minutes just under Bitcoin's average block confirmation time of 10 minutes creating an estimated 41% probability of intercepting a transaction before it is finalized.
In a notable act of responsible disclosure, the research team chose not to publish the actual attack circuits. Instead, it released a zero-knowledge proof allowing the cryptographic community to verify the claims without handing potential attackers a blueprint. The white paper describes two circuit designs: one operating with fewer than 1,200 logical qubits and 90 million operations, and another requiring fewer than 1,450 logical qubits and fewer total operations. Both function within the 500,000 physical qubit threshold.
The findings also identified a longer-term vulnerability affecting wallets at rest. Approximately 6.9 million BTC held in wallets with exposed public keys a figure potentially worsened by the 2021 Taproot upgrade, which made more public keys visible on the blockchain by default face exposure to future quantum attacks even outside the transaction window.
Google has set an internal target of migrating its own infrastructure to post-quantum cryptography by 2029, and the white paper urged the broader cryptocurrency ecosystem to follow. The company framed the migration timeline as increasingly urgent in a blog post published last week.
Bitcoin security researcher Justin Drake put the probability of a quantum computer recovering a secp256k1 ECDSA private key from an exposed public key by 2032 at a minimum of 10%, stating the time to begin preparing is now. Analysts at Bitfinex told Decrypt the risk represents a genuine engineering challenge for the crypto sector but falls well short of an existential threat in its current state, noting that Bitcoin's cryptographic foundations have long been understood to carry a finite lifespan.
The white paper recommends transitioning blockchain systems to quantum-resistant algorithms, rotating cryptographic keys, and preventing the reuse or exposure of public keys. While fault-tolerant quantum computers capable of executing such attacks remain years away, the research has compressed a timeline that once seemed distant into a horizon now measured in years rather than decades.
-
14:30
-
14:15
-
14:00
-
13:45
-
13:30
-
13:15
-
13:00
-
12:30
-
12:15
-
12:00
-
11:45
-
11:30
-
11:15
-
11:00
-
10:49
-
10:45
-
10:30
-
10:15
-
10:00
-
09:55
-
09:45
-
09:30
-
09:15
-
09:00
-
08:45
-
08:30
-
08:15
-
08:00
-
07:45
-
07:30
-
07:16
-
07:07
-
17:00
-
16:45
-
16:33
-
16:30
-
16:21
-
16:15
-
16:01
-
16:00
-
15:45
-
15:37
-
15:30
-
15:25
-
15:15
-
15:11
-
15:00
-
14:45
-
14:44
