Shor's Algorithm Optimization Threatens secp256k1 Cryptography in Blockchains
Google Quantum AI has published a whitepaper demonstrating an optimized Shor's algorithm for breaking 256-bit elliptic curve cryptography secp256k1. The requirements have been reduced to 1,200 logical qubits and 90 million Toffoli gates, equivalent to fewer than 500,000 physical qubits. Computations take minutes, making the threat real for Bitcoin and Ethereum.
Key Algorithm Improvements
Researchers, including Ryan Babbush, Craig Gidney, and Justin Drake from the Ethereum Foundation, compiled Shor's algorithm into an efficient quantum circuit. Previous estimates (Litinski, 2023) required about 9 million physical qubits—the new optimization reduces the threshold by 20 times.
The algorithm solves the discrete logarithm problem on elliptic curves, which underlies blockchain private keys. Reversing a private key from a public one becomes feasible on quantum hardware.
The trend of reducing resource requirements continues: every 12–18 months, algorithmic improvements lower the demands, complementing hardware progress.
Quantum Attack Vectors
On-spend Attack
An attacker intercepts a transaction from the mempool, where the public key is visible. Within minutes, Shor's algorithm computes the private key, allowing funds to be stolen before block confirmation. The attack time is shorter than Bitcoin's block interval (10 minutes).
At-rest Attack
Wallets with already revealed public addresses are vulnerable without time constraints. According to the authors, 6.9 million BTC are at risk, including 1.7 million coins from the Satoshi era.
- On-spend: Requires real-time focus on the mempool.
- At-rest: Offline hacking, millions of addresses on the blockchain.
- ZK-proof detail: Google provided a zero-knowledge proof of the scheme's efficiency without disclosing details. The ZK-proof itself is not post-quantum secure.
Current State of Quantum Hardware
Google's Willow processor has 105 qubits—far from 500,000. However, the publication narrows the gap between theory and practice. Google plans post-quantum readiness by 2029, while NIST aims to phase out RSA by 2030. Justin Drake estimates the risk of quantum hacking by 2032 at least 10%.
The authors warn: the first cryptographically significant quantum machines will announce themselves through the blockchain, not a press release.
Post-Quantum Protection Measures
NIST approved post-quantum standards in 2024. For blockchains, the following are needed:
- Soft forks/hard forks of protocols.
- Updates to wallets and nodes.
- Community consensus.
- Migration to algorithms like Dilithium or Falcon.
- Auditing existing addresses for vulnerabilities.
In corporate systems, updates are easier, but decentralized networks require years of coordination. Action must be taken in advance.
Key Takeaways
- Shor's optimization reduces requirements to 1,200 logical qubits—20 times more efficient than previous estimates.
- On-spend attacks are possible within minutes; 6.9 million BTC are vulnerable at-rest.
- Google uses ZK-proof for verification without disclosing the scheme.
- Post-quantum migration in blockchains is a multi-year process—start urgently.
- The risk of quantum hacking is real by 2030–2032.
— Editorial Team
No comments yet.