Google Slashes Quantum Timeline 20-Fold, Reigniting Bitcoin and Crypto Security Fears

Key Points

• Google researchers reduce quantum hardware estimates needed to challenge elliptic-curve cryptography.
• Findings intensify medium-term security discussions for Bitcoin, Ethereum, and exposed crypto addresses.

A new paper from Google Quantum AI reports a roughly 20-fold reduction in the estimated hardware required to break elliptic-curve cryptography, the signature system securing Bitcoin (BTC) and Ethereum (ETH) transactions.

The research reframes a long-standing theoretical risk as a more defined engineering challenge rather than a distant possibility.

The study, co-authored by Google researchers alongside external cryptographers, lowers prior projections of more than 10 million physical qubits to fewer than 500,000 for a cryptographically relevant quantum computer.

At current valuations, assets dependent on the affected cryptographic assumptions across Bitcoin, Ethereum, and stablecoins exceed $600 billion.

Revised Estimates for Running Shor’s Algorithm

The analysis centers on Shor’s algorithm applied to the 256-bit elliptic curve discrete logarithm problem, which underpins the Elliptic Curve Digital Signature Algorithm used by Bitcoin and Ethereum.

In principle, a sufficiently advanced quantum computer could use Shor’s algorithm to derive a private key from a public key, enabling unauthorized transaction signing.

Earlier assessments between 2017 and 2023 suggested such an attack would require millions of physical qubits, placing potential feasibility decades away under most models.

According to the March 30, 2026 Google Quantum AI whitepaper, the same computation could be executed with about 1,200–1,450 logical qubits and under 500,000 physical qubits, completing in minutes once initialized.

Logical qubits differ from physical qubits because quantum error correction requires many physical qubits to maintain a single stable logical unit.

The reported reduction reflects improved error-correction methods and gate efficiency rather than the discovery of a new quantum algorithm.

The paper does not claim that such a machine currently exists, but it revises the scale of hardware needed to attempt the attack.

Exposure of Bitcoin Addresses to Quantum Risk

Risk exposure within Bitcoin is not uniform across all address types.

Legacy pay-to-public-key (P2PK) outputs, common in early blocks, reveal full public keys on-chain and are considered the most directly exposed.

A quantum-capable attacker would not need to monitor new transactions to target those addresses, since their public keys are already visible.

Pay-to-public-key-hash (P2PKH) addresses reveal public keys only when funds are spent, creating a limited theoretical window of exposure during transaction processing.

An estimated 6.7 million Bitcoin addresses have exposed public keys through these mechanisms, representing a notable portion of circulating supply.

It is not publicly known how much of this exposure is tied to institutional holders, though early-mined coins contribute to the aggregate figure.

At the protocol level, Bitcoin does not yet have a consensus-approved migration path to post-quantum signature schemes.

While quantum-resistant cryptographic standards are under development in broader research communities, no formal upgrade proposal has reached consensus-stage adoption within Bitcoin.

The revised hardware estimates are likely to influence the timeline and urgency of these technical discussions.