New research from Google indicates that quantum computers may need significantly less power than previously estimated to breach the cryptography securing Bitcoin and Ethereum. The study reveals a projection that fewer than 500,000 physical qubits could be sufficient to crack the cryptographic protections in place.
The research reports a 20-fold reduction in the number of qubits necessary to solve the 256-bit elliptic curve discrete logarithm problem (ECDLP-256) widely utilized in cryptocurrency blockchains. If realized, this advance could enable a quantum computer to decipher a Bitcoin private key in as little as nine minutes, creating opportunities for “on-spend attacks” during Bitcoin’s 10-minute block interval.
An “on-spend” attack allows a quantum computer to derive a private key from a public key exposed in a transaction, effectively enabling theft of funds. Co-author Justin Drake stated, “My confidence in Q-Day by 2032 has shot up significantly. IMO there’s at least a 10% chance that by 2032 a quantum computer recovers […] private key from an exposed public key.”
Researchers also highlighted Ethereum’s susceptibility to “at-rest attacks,” which do not depend on timing factors. Once an Ethereum account transmits its first transaction, the public key remains visible on the blockchain indefinitely. This exposes the account to risk, as a quantum attacker can leisurely derive the private key from any exposed public key.
Google estimated that the wealthiest 1,000 exposed Ethereum accounts, holding approximately 20.5 million ETH, could be compromised in under nine days. The company aims to raise awareness and has begun advising the cryptocurrency community to adopt post-quantum cryptography (PQC) now rather than wait for potential threats to materialize.
On Wednesday, Google established a 2029 deadline for transitioning to post-quantum cryptography, suggesting that the risks posed by quantum computing may arrive sooner than anticipated. Crypto entrepreneur Nic Carter remarked that elliptic curve cryptography is nearing obsolescence, noting that Ethereum developers are actively addressing the issue while characterizing Bitcoin developers as taking a “worst in class approach.”
The Ethereum Foundation previously released its post-quantum roadmap in February, with co-founder Vitalik Buterin underscoring the necessity for changes in validator signatures, data storage, accounts, and proofs for better preparedness against quantum threats.
