Google paper cuts qubits to break Bitcoin and Ethereum signatures by 20x
Google Quantum AI cut the qubit budget to break ECDSA about 20x. The team shows an attack feasible under 500,000 physical qubits, a shift with direct implications for Bitcoin and Ethereum. Google Quantum AI whitepaper.
What changed: not the algorithm, the engineering. The paper optimizes Shor’s algorithm for the 256-bit elliptic curve discrete log problem behind ECDSA. Whitepaper.
New resource counts:
- 1,200 logical qubits and 90 million Toffoli gates, or 1,450 logical qubits and 70 million Toffoli gates
- Fewer than 500,000 physical qubits on a superconducting CRQC
- Run time in minutes once primed
Whitepaper.
Context. Earlier analyses placed the threshold in the multi‑million physical qubit range, pushing “Q‑Day” into the 2040s. The new estimates pulled that forward in risk models. Whitepaper Nic Carter on Google’s 2029 PQC timeline.
Authors include Google researchers, Ethereum Foundation’s Justin Drake, and Stanford’s Dan Boneh. Whitepaper.
Attack surface. A capable CRQC running Shor could derive a private key from any exposed ECDSA public key and sign unauthorized transactions. Whitepaper.
Which outputs are most exposed on Bitcoin:
- P2PK outputs, common in early blocks, publish the public key on‑chain permanently
- P2PKH with address reuse exposes the public key upon spend, creating a brief interception window
Source discussion in the paper and ecosystem commentary. Whitepaper.
Industry read‑through. “All crypto has to do is upgrade to post‑quantum algorithms,” wrote CZ, noting execution challenges. CZ comment.
Headline
Google cuts ECDSA‑breaking hardware to <500k qubits. BTC and ETH threat moves closer.
