Back to Home

Breaking ECC with 500k qubits: Google calculations

Google Quantum AI calculated that breaking ECC requires less than 500 000 physical qubits — 20 times less than previous estimates. ZKP was used for safe disclosure. Immediate transition to PQC is recommended for blockchain systems.

Google: ECC will be broken with 500 thousand qubits — 20 times easier
Advertisement 728x90

# Quantum Attacks on ECC: Google Lowers Qubit Threshold to 500,000

Google Quantum AI has released calculations showing that elliptic curve cryptography (ECC) can be broken using fewer than 500,000 physical qubits. That's 20 times fewer than previous estimates. In optimized schemes, Shor's algorithm requires 1,200–1,450 logical qubits and runs in minutes—a pressing concern for the blockchain systems behind most cryptocurrencies.

Optimizing Quantum Circuits for Shor's Algorithm

Researchers compiled two versions of quantum circuits for ECC factoring. The first scheme uses fewer than 1,200 logical qubits, the second fewer than 1,450. Accounting for error rates in current systems drops the physical qubit threshold from millions to hundreds of thousands.

Key improvements:

Google AdInline article slot
  • Reduced circuit depth to minimize errors.
  • Optimized window functions in modular arithmetic.
  • Noise models for NISQ devices.

Such machines aren't available yet, but scaling progress (e.g., Google Sycamore) is closing the gap.

Zero-Knowledge Proofs for Responsible Disclosure

To avoid handing attackers ready-made instructions, Google used ZKP. Independent verifiers can confirm correctness without access to the circuits. Consultations with US authorities preceded publication.

This sets a precedent for quantum research:

Google AdInline article slot
  • Publishing performance metrics without source code.
  • Verification via cryptographic primitives.
  • Collaboration with regulators to balance openness and security.

The approach is recommended for similar work at IBM, IonQ, and university labs.

Recommendations for Migrating to PQC

The authors stress the urgency of transitioning to post-quantum cryptography. NIST has already standardized algorithms like Kyber, Dilithium, and others to replace ECC and RSA.

Practical steps for blockchain developers:

Google AdInline article slot
  • Integrate PQC into smart contracts (Ethereum 2.0 roadmap).
  • Hybrid schemes: ECC + PQC for gradual rollout.
  • Audit existing keys for reuse.

Google plans to migrate its infrastructure by 2029. Similar efforts are underway at Coinbase, Stanford Blockchain Lab, and Ethereum Foundation.

Wallet owners: avoid addresses with public balances—they're vulnerable to harvest-now-decrypt-later attacks.

Key Takeaways

  • 20-fold reduction: ECC breakage possible with <500k physical qubits instead of 10M+.
  • ZKP publication: New standard for disclosure without compromising security.
  • Threat timeline: Engineering challenge for 5–10 years, not science fiction.
  • PQC migration: Start now—Kyber/Dilithium standards are ready.
  • Blockchain adaptation: Hybrid keys as an interim solution.

Long-Term Implications for IT Infrastructure

The quantum threat is becoming a quantifiable risk. For senior developers, this means rethinking key exchanges in distributed systems. Testing PQC under real workloads will reveal overhead: Kyber-768 adds ~1.5x to ciphertext size compared to ECDH.

Benchmarks on classical simulators confirm feasibility: Shor's circuits with 20n qubits (n = key length) are achievable at error rates <10^-4.

Preparing for Q-Day requires:

  • Quantum circuit simulators (Cirq, Qiskit).
  • Integrating lattice-based crypto into SDKs.
  • Monitoring scaling progress (logical qubits roadmap).

— Editorial Team

Advertisement 728x90

Read Next