Quantum advance could threaten Bitcoin and Ethereum keys

Google Quantum AI on March 31, 2026 published a proof showing a quantum approach about 10 times faster than earlier methods for solving the elliptic-curve discrete logarithm problem used by Bitcoin and Ethereum. The company released a zero-knowledge proof that a working circuit exists but did not provide full circuit diagrams. U.S. officials limited wider technical disclosure.

Within weeks, independent researchers reproduced the technique. French researcher André Schrottenloher posted a preprint outlining how to reconstruct circuits with costs similar to those implied by Google’s proof. A public challenge followed and hobbyist teams and independent researchers used automated search tools and AI to test candidate circuits against the proof’s verifier, producing faster iterations and lowering resource estimates by more than 8% in hours.

The disclosed approach and subsequent public work put new numbers on the scale of quantum hardware needed to attack current cryptocurrency keys. Researchers report the method would require fewer than 1,200 logical qubits when implemented at the efficiencies described. The work narrows the gap between classified research and what is publicly verifiable, and it reduces prior estimates of the qubit count and time needed for a practical attack.

Responses from the crypto-security community followed. Justin Drake of the Ethereum Foundation adjusted his probability estimates, assigning roughly a 50% chance that a quantum computer capable of breaking current cryptocurrency cryptography could exist by 2032 and about a 10% chance by 2030. He wrote that a commonly cited 2035 government estimate should be discounted, adding, “with hindsight, that date is a joke and should be discounted entirely.” Charles Guillemet, chief technology officer at Ledger, noted that the zero-knowledge proof produced an effective testbed for rediscovery and wrote, “The ZKP was designed to hide the attack. What it actually published is the reward function for rediscovering it.”

Experts and industry technologists urged planning rather than emergency changes to live systems. They cautioned against rapid replacement with unvetted post-quantum algorithms, saying poorly tested alternatives could introduce new vulnerabilities. The recommended response is phased migration, coordinated testing of candidate post-quantum schemes, and continued monitoring of quantum hardware progress.

Some organizations have begun planning timelines. Ethereum, Google and Cloudflare have discussed a target of 2029 for migrating some systems to post-quantum cryptography. Within the Ethereum community, work is under way to adopt hash-based signature schemes as a replacement for current elliptic-curve signatures.

Public-key systems used by most cryptocurrencies rely on problems that are hard for classical computers, such as the elliptic-curve discrete logarithm problem. Quantum algorithms can solve those problems faster if large, error-corrected quantum processors become available. The recent work does not imply an immediate break of live networks, but it shortens the estimated path to a machine capable of practical attacks. Wallets, exchanges and other custodians are advised to develop migration road maps, run coordinated tests of post-quantum algorithms and monitor developments so transitions can proceed in an orderly way rather than in response to a crisis.