Cryptocurrency
A figure buried in Google Quantum AI research has quietly alarmed the cryptocurrency world: using Shor's algorithm on a sufficiently powerful quantum computer, the elliptic curve cryptography protecting a Bitcoin wallet could theoretically be broken in approximately nine minutes. Bitcoin's average block confirmation time is ten minutes. The margin is razor-thin.
Bitcoin relies on ECDSA — Elliptic Curve Digital Signature Algorithm — to secure wallets and sign transactions. When you send Bitcoin, your wallet software derives a public key from your private key using elliptic curve mathematics. This is a one-way function: easy to compute in one direction, computationally infeasible to reverse on classical computers.
Quantum computers running Shor's algorithm change that equation entirely. Shor's algorithm can efficiently solve the discrete logarithm problem that underpins ECDSA, meaning a sufficiently powerful quantum computer could work backwards from a public key to derive the private key — and drain the wallet.
The critical window: A Bitcoin public key is exposed on the network between the moment a transaction is broadcast and when it's confirmed in a block — roughly 10 minutes. A quantum computer that can crack ECDSA in under 10 minutes could intercept and redirect a transaction in flight.
Google Quantum AI researchers estimated that breaking Bitcoin's elliptic curve cryptography would require approximately 317 × 10⁶ physical qubits — roughly 317 million — to do so within one hour. To compress the attack to under ten minutes would require significantly more. Today's most advanced quantum processors have thousands of qubits, not millions. We are not there yet.
But progress is not linear. Google's Willow chip demonstrated error correction scaling that suggests the qubit count required for cryptographically relevant attacks may be lower than previously thought. The timeline is compressing.
Not all Bitcoin is equally exposed. The risk depends on whether your public key has ever been revealed on-chain. Reused addresses — wallets that have received and sent Bitcoin, exposing their public key — are most vulnerable. Wallets that have only received Bitcoin and never spent it keep their public key hidden, providing a layer of protection.
Estimates suggest approximately 25% of all Bitcoin — including coins in wallets belonging to Satoshi Nakamoto — sits in addresses whose public keys are already exposed. At current prices, that represents hundreds of billions of dollars at theoretical quantum risk.
The Bitcoin community is actively debating post-quantum migration. Options include adopting NIST-standardised post-quantum signature schemes (like CRYSTALS-Dilithium) or hash-based signatures like XMSS. Ethereum co-founder Vitalik Buterin has proposed a hard-fork mechanism to protect funds in a quantum emergency.
The challenge is coordination: migrating a decentralised network with no central authority requires community consensus, extensive testing, and time — none of which are in abundant supply if Q-Day arrives faster than expected.