Google Builds a Quantum Attack on Crypto Encryption, But Won’t Publish It

Google Quantum AI has published a whitepaper demonstrating that it can break the elliptic curve cryptography protecting most blockchains using 20 times fewer resources than previously estimated. The findings represent a significant acceleration in the timeline for quantum threats to cryptocurrency security .

The research team, which includes Ethereum Foundation researcher Justin Drake and Stanford cryptographer Dan Boneh, compiled two circuits capable of executing the attack. One circuit uses fewer than 1,200 logical qubits and 90 million operations. The other uses fewer than 1,450 logical qubits and 70 million operations. Both can run on fewer than 500,000 physical qubits — a dramatic reduction from previous estimates that placed the requirement at roughly 10 million physical qubits .

Despite the breakthrough, the team refused to release the actual attack circuits. Instead, they published a zero-knowledge proof that allows anyone to verify the claim without learning how the attack works. The decision follows established responsible disclosure norms, according to Ryan Babbush, Director of Quantum Algorithms at Google, and Hartmut Neven, VP of Google Quantum AI. Publishing the circuits would hand attackers a blueprint .

The paper warns that Bitcoin alone has over 1.7 million BTC sitting in wallet formats where public keys are already exposed. That figure could reach 2.3 million BTC when all vulnerable script types are counted. Ethereum, Solana, and other chains face similar exposure through smart contracts, staking systems, and data availability mechanisms .

Google has set a 2029 deadline for its own post-quantum migration, a significant acceleration from previous projections. Haseeb Qureshi, managing partner at Dragonfly Capital, called the findings “serious” and warned that all blockchains need transition plans immediately. “Post-quantum is no longer a drill,” he wrote .

This is wild. Google Research demonstrates a ~20x more efficient implementation of Shor's algorithm that could break ECDSA keys within minutes with ~500K physical qubits.

Google is now are more confident on a 2029 post-quantum transition. We are no longer looking at mid 2030s,… https://t.co/jGzFk5uLc0 pic.twitter.com/O4V1VbiXkf

— Haseeb ＞|＜ (@hosseeb) March 31, 2026

📌 Twitter Embed Description: Dragonfly Capital’s Haseeb Qureshi calls Google’s quantum breakthrough a serious threat, noting that all blockchains need transition plans immediately as post-quantum is “no longer a drill.”

Nic Carter, co-founder of Castle Island Ventures, described the paper as “very sobering.” He warned that the quantum clock is no longer theoretical. “The question now is whether crypto can upgrade its locks before someone builds the key,” he wrote .

WILD TAKE: the biggest systemic risk to Bitcoin right now isn’t ETFs or Trump, it’s Google’s quantum roadmap!!! https://t.co/cwdQnfPPOf

— BeInCrypto (@beincrypto) March 31, 2026

📌 Twitter Embed Description: BeInCrypto notes that Google’s quantum roadmap may pose a greater systemic risk to Bitcoin than ETFs or regulatory concerns.

The traditional elliptic curve cryptography that secures most blockchains relies on the Elliptic Curve Discrete Logarithm Problem (ECDLP-256). Classical computers would need billions of years to crack it. Quantum computers running Shor’s algorithm could theoretically do it in minutes. Google’s demonstration brings that theoretical threat significantly closer to reality .

The decision to withhold the circuits while publishing a zero-knowledge proof is highly unusual. It reflects Google’s assessment that the findings are sufficiently severe that full disclosure could enable malicious actors to accelerate their own quantum attacks. The team instead allows verification of the claim without revealing the methodology .

For crypto holders, the implications are profound. Vulnerable wallet formats—those where public keys are already exposed—represent a ticking clock. The industry has long discussed post-quantum migration, but Google’s findings suggest the timeline may be measured in years, not decades. The question now is whether blockchain networks can coordinate upgrades to quantum-resistant cryptography before a capable quantum computer emerges .