Overview
- Google Quantum AI published a whitepaper Tuesday showing that breaking the elliptic-curve signatures used by Bitcoin and Ethereum could require roughly 1,200–1,450 logical qubits, translating to fewer than 500,000 physical qubits and minutes of runtime.
- The study details an “on-spend” attack that could derive a private key in about nine minutes after a transaction reveals a public key, and it flags large at-rest targets such as roughly 1.7 million BTC in older address types with exposed keys.
- No current quantum computer can run the attack, yet coauthor Justin Drake now estimates at least a 10% chance that a machine could recover a private key by 2032.
- Google verified its circuit-size claims with a zero-knowledge proof instead of publishing attack details and set 2029 as its own migration target while urging a shift to post-quantum cryptography across the industry.
- Developers and users are being told to cut near-term risk by avoiding address reuse, rotating keys, and planning upgrades, as Ethereum advances a multi-year post-quantum roadmap and Bitcoin explores proposals such as BIP-360.