Google Researchers Lower the Bar for Quantum Attacks on Bitcoin's Cryptography
Google researchers have published findings that tighten the timeline on one of the most consequential threat scenarios in digital finance: a quantum computer capable of breaking the cryptographic foundations of Bitcoin and other blockchain-based assets.
The specific target is elliptic-curve cryptography — and more precisely, the elliptic curve discrete logarithm problem for 256-bit curves (ECDLP-256), which underlies the key pairs that secure Bitcoin wallets and transactions. The researchers’ updated estimates reduce the quantum computing hardware requirements needed to execute such an attack, meaning the capability threshold is lower than the field previously assumed.
This matters because ECDSA (Elliptic Curve Digital Signature Algorithm) is not an obscure edge case in Bitcoin’s security model — it is the security model for ownership. A sufficiently capable quantum computer running Shor’s algorithm could, in principle, derive a private key from a public key, enabling the theft of any funds in wallets whose public keys have been exposed on-chain. That includes a substantial fraction of all Bitcoin ever mined.
The operative phrase in the Google findings remains “future quantum computer.” No machine currently exists with the error-corrected qubit count required to threaten ECDLP-256 at scale. But the research community’s track record on hardware requirement estimates has consistently moved in one direction — downward. Each reduction in the projected resource cost shrinks the margin between current hardware trajectories and the attack threshold.
The cryptographic community has been aware of this vector for years. NIST finalized its first post-quantum cryptographic standards in 2024 precisely because the transition timeline for critical infrastructure is measured in decades, not months. Bitcoin’s governance process, however, is not NIST. Migrating the network to quantum-resistant signature schemes requires social consensus across a famously fractious ecosystem, and the window for an orderly transition narrows with each downward revision to attack cost estimates.
The Google paper doesn’t move the threat from theoretical to imminent. It moves it from distant to calculable — and that’s a different kind of pressure.