Google says fewer than 500k qubits could break Bitcoin cryptography
Google says 500k qubits could break Bitcoin; 9‑minute mid‑tx theft modeled
Google’s Quantum AI team lowers the bar for a quantum break of ECDLP‑256. A live attacker could steal Bitcoin mid‑transaction in about 9 minutes.
A new whitepaper and blogpost claim that breaking the elliptic-curve crypto behind BTC and Ethereum may need fewer than 500,000 physical qubits and roughly 1,200 logical qubits, not “millions.” Google calls this a ~20× reduction versus prior estimates.
“We estimate that these circuits can be executed on a superconducting qubit CRQC with fewer than 500,000 physical qubits in a few minutes… This is an approximately 20‑fold reduction in the number of physical qubits required to solve ECDLP‑256.”
The team models a live “mid‑tx” attack. A quantum adversary derives the private key from a just‑revealed public key and sweeps funds in ~9 minutes, giving a 41% chance to beat Bitcoin’s 10‑minute block time. Ethereum fares better due to faster confirmation, per the paper.
Taproot changes the picture. By exposing public keys on‑chain by default, Taproot removes the hash‑first shield older formats had and expands the pool of quantum‑exposed coins to about 6.9 million BTC, according to the whitepaper.
Google also set 2029 as its internal deadline to complete post‑quantum migration, compressing the perceived “Q‑day” timeline. Source: Google security blog.
On X, Nic Carter flagged another study from Oratomic, Caltech, and UC Berkeley that claims attacks with 10,000 reconfigurable atomic qubits. Source: Nic Carter’s post.
- Watch Taproot usage and address‑reuse hygiene.
- Track post‑quantum migration plans and timelines from BTC devs.
- Monitor progress on faster confirmations and any protocol hardening.
