Overview
- The whitepaper, published Tuesday, estimates that cracking the elliptic‑curve keys used by Bitcoin and Ethereum could take fewer than 500,000 physical qubits, with about 1,200–1,450 logical qubits and 70–90 million quantum gates.
- Researchers model an “on‑spend” heist in which a quantum machine derives a private key after a Bitcoin transaction is broadcast, completing the final step in about nine minutes with roughly a 41% chance to beat the ~10‑minute confirmation.
- Google estimates roughly 6.7–6.9 million BTC sit in addresses with public keys already visible due to Taproot’s key‑path design, address reuse, and early formats, creating a large pool of long‑term targets.
- To reduce operational risk, Google withheld the detailed attack circuits and released a zero‑knowledge proof to validate its resource claims after consulting U.S. authorities.
- No current quantum computer can run these attacks, yet teams across Ethereum and Bitcoin are moving on post‑quantum plans that could take years, including Ethereum’s roadmap and Bitcoin’s BIP‑360 experiments to hide keys and enable new signature types.