Overview
- Google Quantum AI, in a paper published Tuesday, says Shor‑style circuits using about 1,200–1,450 logical qubits could break the elliptic‑curve signatures that secure Bitcoin and Ethereum with fewer than 500,000 physical qubits, a roughly 20x cut from prior estimates, and the team withheld the circuits and used a zero‑knowledge proof to support the claim.
- The study models a live “on‑spend” theft in which a fast quantum machine derives a private key about nine minutes after a transaction reveals its public key, leaving roughly a 41% chance to beat Bitcoin’s 10‑minute block confirmation.
- Google estimates 6.7–6.9 million BTC sit in addresses with visible public keys due to Taproot’s key‑path design and address reuse, and it highlights a large pool of older P2PK outputs that are dormant and hard to migrate.
- For Ethereum, the authors warn of broader exposure across accounts, smart‑contract admin keys, data‑availability commitments, and validator BLS signatures, and they estimate the 1,000 richest accounts could be cracked in under nine days on a fast‑clock machine.
- No quantum computer can execute these attacks today, but Google has set a 2029 internal target for post‑quantum migration and urges near‑term steps like avoiding address reuse and planning coordinated upgrades to quantum‑resistant schemes.