Back to Home

Quantum threat secp256k1: 1200 qubits to break

Google Quantum AI optimized Shor's algorithm for breaking secp256k1, reducing requirements to 1200 logical qubits. On-spend and at-rest attacks on Bitcoin/Ethereum are described. Urgent migration to post-quantum algorithms is necessary.

Shor will break blockchain: Google reduces qubits by 20 times
Advertisement 728x90

Shor's Algorithm Optimization Threatens secp256k1 Cryptography in Blockchains

Google Quantum AI has published a whitepaper demonstrating an optimized Shor's algorithm for breaking 256-bit elliptic curve cryptography secp256k1. The requirements have been reduced to 1,200 logical qubits and 90 million Toffoli gates, equivalent to fewer than 500,000 physical qubits. Computations take minutes, making the threat real for Bitcoin and Ethereum.

Key Algorithm Improvements

Researchers, including Ryan Babbush, Craig Gidney, and Justin Drake from the Ethereum Foundation, compiled Shor's algorithm into an efficient quantum circuit. Previous estimates (Litinski, 2023) required about 9 million physical qubits—the new optimization reduces the threshold by 20 times.

The algorithm solves the discrete logarithm problem on elliptic curves, which underlies blockchain private keys. Reversing a private key from a public one becomes feasible on quantum hardware.

Google AdInline article slot

The trend of reducing resource requirements continues: every 12–18 months, algorithmic improvements lower the demands, complementing hardware progress.

Quantum Attack Vectors

On-spend Attack

An attacker intercepts a transaction from the mempool, where the public key is visible. Within minutes, Shor's algorithm computes the private key, allowing funds to be stolen before block confirmation. The attack time is shorter than Bitcoin's block interval (10 minutes).

At-rest Attack

Wallets with already revealed public addresses are vulnerable without time constraints. According to the authors, 6.9 million BTC are at risk, including 1.7 million coins from the Satoshi era.

Google AdInline article slot
  • On-spend: Requires real-time focus on the mempool.
  • At-rest: Offline hacking, millions of addresses on the blockchain.
  • ZK-proof detail: Google provided a zero-knowledge proof of the scheme's efficiency without disclosing details. The ZK-proof itself is not post-quantum secure.

Current State of Quantum Hardware

Google's Willow processor has 105 qubits—far from 500,000. However, the publication narrows the gap between theory and practice. Google plans post-quantum readiness by 2029, while NIST aims to phase out RSA by 2030. Justin Drake estimates the risk of quantum hacking by 2032 at least 10%.

The authors warn: the first cryptographically significant quantum machines will announce themselves through the blockchain, not a press release.

Post-Quantum Protection Measures

NIST approved post-quantum standards in 2024. For blockchains, the following are needed:

Google AdInline article slot
  • Soft forks/hard forks of protocols.
  • Updates to wallets and nodes.
  • Community consensus.
  • Migration to algorithms like Dilithium or Falcon.
  • Auditing existing addresses for vulnerabilities.

In corporate systems, updates are easier, but decentralized networks require years of coordination. Action must be taken in advance.

Key Takeaways

  • Shor's optimization reduces requirements to 1,200 logical qubits—20 times more efficient than previous estimates.
  • On-spend attacks are possible within minutes; 6.9 million BTC are vulnerable at-rest.
  • Google uses ZK-proof for verification without disclosing the scheme.
  • Post-quantum migration in blockchains is a multi-year process—start urgently.
  • The risk of quantum hacking is real by 2030–2032.

— Editorial Team

Advertisement 728x90

Read Next