Overview
Research published by Google's quantum computing team has revealed that breaking the elliptic curve digital signature algorithm (ECDSA) — the cryptographic foundation securing Bitcoin, Ethereum, and most other major cryptocurrencies — requires approximately 20 times fewer quantum computing resources than previously estimated. The findings do not mean current cryptocurrency holdings are at immediate risk, but they significantly compress the theoretical timeline within which a sufficiently powerful quantum computer could break today's crypto-asset security and have major implications for the urgency of post-quantum cryptography adoption.
The Cryptographic Foundation of Cryptocurrency
Bitcoin, Ethereum, and the vast majority of cryptocurrencies rely on elliptic curve cryptography — specifically the secp256k1 or P-256 curves — to generate public-private key pairs. The security of these systems rests on the computational hardness of the elliptic curve discrete logarithm problem (ECDLP): deriving a private key from a corresponding public key is computationally infeasible for classical computers.
Quantum computers, however, can run Shor's algorithm — a quantum algorithm that solves the discrete logarithm problem in polynomial time. A sufficiently capable quantum computer running Shor's algorithm could, in theory, derive a Bitcoin or Ethereum private key from its public key, enabling an attacker to sign transactions and drain funds from any wallet whose public key has been exposed on-chain.
The question has always been: how large a quantum computer — measured in logical, error-corrected qubits — would be needed to execute this attack in a practical timeframe?
Google's Updated Resource Estimates
Previous research, including widely cited work from 2022, estimated that breaking the 256-bit elliptic curve cryptography used by Bitcoin would require on the order of thousands of logical qubits and millions of physical (noisy) qubits, with attack timelines measured in hours to days on a future fault-tolerant quantum computer.
Google's new research demonstrates that algorithmic improvements — particularly advances in quantum circuit compilation, error correction overhead reduction, and optimized implementations of Shor's algorithm for elliptic curves — allow the same attack to be executed with roughly 20 times fewer qubits than previously estimated. The research reportedly leverages improved techniques for performing modular arithmetic on quantum hardware more efficiently.
This is a meaningful shift. While today's largest quantum processors operate at scales far below what is needed for cryptographically relevant attacks, the revised estimates reduce the barrier:
- Fewer logical qubits means error correction overhead is lower
- Fewer physical qubits means the required hardware is closer to what near-term roadmaps project
- Shorter circuit depth may reduce the coherence time requirements, making the attack feasible on less perfect hardware
Immediate Risk Assessment
Existing quantum computers — including Google's own Willow chip announced in late 2024 — operate in the hundreds of noisy physical qubit range. The revised Google estimates still require thousands of logical qubits, which in turn require millions of physical qubits with current error correction techniques. No quantum computer remotely near this capability exists today or is anticipated within the next several years.
Current cryptocurrency holdings are not at immediate risk from quantum attacks.
However, the security community operates on long planning cycles. The concern is not today's hardware but hardware that may exist in five to fifteen years. Cryptographically relevant quantum computing (CRQC) represents a threat that organizations must begin preparing for now, because:
- Migration to post-quantum cryptographic standards is a slow, multi-year process
- Adversaries engaged in "harvest now, decrypt later" attacks may already be collecting encrypted data to decrypt once CRQC is available
- Blockchain protocols require community consensus and coordinated hard forks to change their cryptographic primitives — a process that takes years
Post-Quantum Cryptography: The Response
NIST finalized its first set of post-quantum cryptographic (PQC) standards in 2024, including CRYSTALS-Kyber for key encapsulation and CRYSTALS-Dilithium for digital signatures. These algorithms are believed to be resistant to quantum attacks and are built around mathematical problems — lattice problems and hash functions — that Shor's algorithm cannot efficiently solve.
For cryptocurrency specifically, post-quantum migration is more complex than in traditional IT:
- On-chain address exposure: Any Bitcoin address that has sent a transaction has had its public key exposed on the blockchain, making it theoretically vulnerable once a CRQC exists. Cold wallets that have never been used to send may be safer, depending on implementation.
- Protocol governance: Migrating Bitcoin or Ethereum to quantum-resistant signature schemes requires community-wide consensus, client upgrades, and user migration — an enormously complex coordination problem.
- Wallet standards: Hardware and software wallet vendors will need to implement and adopt new signature algorithms.
What This Means for Security and Crypto Professionals
For enterprise security teams:
- Accelerate inventory of systems relying on ECC-based cryptography (TLS, SSH, code signing, PKI)
- Begin pilot deployments of NIST PQC algorithms in non-critical systems to build operational experience
- Ensure cryptographic agility — systems should be designed to swap algorithms without full rewrites
For cryptocurrency investors and custodians:
- Understand that wallets with exposed public keys (any address that has sent a transaction) carry long-term quantum risk
- Monitor Bitcoin and Ethereum governance discussions around post-quantum transitions
- Hardware wallet manufacturers and major protocols will publish migration guidance; stay current with those communities
For researchers and developers:
- Google's findings highlight that resource estimates for quantum attacks are moving targets — improved algorithms regularly revise what is required
- Treat current PQC estimates with similar caution; assume quantum attack efficiency will continue to improve
Conclusion
Google's revised qubit estimates do not change the immediate threat landscape, but they provide a meaningful data point in a trend that security professionals must take seriously: the quantum computing threat to current public-key cryptography is advancing on multiple fronts simultaneously — hardware improvements, error correction advances, and algorithmic efficiency gains. The 20x reduction in resource requirements is a signal that the window for comfortable post-quantum migration may be shorter than previously assumed, reinforcing the urgency of beginning that transition now.