Google's quantum computing team just dropped a paper that the crypto world has been dreading for years, and the headline number is hard to ignore: a sufficiently powerful quantum computer could, in theory, crack a live Bitcoin transaction in roughly nine minutes.

The research, published on March 30, estimates that breaking the 256-bit elliptic curve cryptography (ECDLP-256) that protects Bitcoin wallets would require fewer than 500,000 physical qubits - about 20 times fewer than previous estimates. That's a significant downward revision, and it changes the timeline for when this threat becomes a real concern.

How the Attack Would Actually Work

Bitcoin's encryption protects wallets by keeping private keys hidden from public keys. Under normal conditions, no known classical computer can reverse-engineer a private key from a public key in any realistic timeframe. Quantum computers operating with Shor's algorithm, however, can crack elliptic curve cryptography much faster.

The specific attack described in the paper targets real-time transactions rather than old dormant wallets. When a Bitcoin transaction is broadcast to the network, the sender's public key is briefly exposed for roughly 10 minutes before the transaction confirms. The paper estimates that a quantum attacker who has pre-computed the necessary setup steps could exploit that window with about a 41% chance of success in under nine minutes.

That's not a guaranteed crack - it's a probabilistic attack during a narrow exposure window. But 41% odds with a nine-minute timer is a very different threat profile than what most people have been planning around.

Who's Most at Risk

Approximately 6.9 million Bitcoin are already considered vulnerable to a longer, slower quantum attack - including roughly 1.7 million coins from the Satoshi era. These older wallets reuse addresses or have exposed public keys, which means there's no time-pressure window needed; a quantum computer would just need enough qubits and time.

Ironically, Bitcoin's Taproot upgrade - introduced in 2021 to improve privacy and efficiency - may have made things worse. By exposing public keys by default in certain transaction types, Taproot expanded the pool of wallets exposed to real-time quantum attacks. That wasn't the intent, but it's now a documented risk in Google's own research.

Ethereum is actually less exposed to the nine-minute attack because ETH transactions confirm much faster, leaving a shorter window for a quantum attacker to work within.

Where Things Actually Stand

Here's the important context: this threat is not imminent. No quantum computer today comes close to 500,000 useful physical qubits with the error correction needed to run Shor's algorithm against live Bitcoin transactions. Google's own Willow chip, the most advanced publicly known quantum processor, operates at a far smaller scale than what the paper describes as necessary.

Google has been working on post-quantum cryptography (PQC) migration since 2016 and set a 2029 target for completing its own migration. The research was conducted using zero-knowledge methods specifically to avoid providing a usable attack recipe to bad actors.

The Bitcoin community has been aware of quantum risk for years, and several post-quantum signature schemes exist that could, in principle, replace the current ECDSA standard. What this paper does is sharpen the urgency. The qubit requirement is now lower than expected, the timeline may be tighter than people assumed, and the Taproot complication is newly documented.

Whether the ecosystem moves fast enough to address this before a capable quantum computer exists is the real open question - and right now, the answer is unclear.

------- Author: Adam Lee Asia News Desk / Breaking Crypto News

Subscribe to GCP in a reader