Safeguarding Cryptocurrency by Disclosing Quantum Vulnerabilities Responsibly
Source type: Research blog post / whitepaper summary Authors: Ryan Babbush (Director of Research, Quantum Algorithms, Google Quantum AI) and Hartmut Neven (VP of Engineering, Google Quantum AI) Publisher: Google Research Blog Date: 2026-03-30 URL: https://research.google/blog/safeguarding-cryptocurrency-by-disclosing-quantum-vulnerabilities-responsibly/ Paper: https://arxiv.org/abs/2603.28846
Overview
google-quantum-ai researchers ryan-babbush and hartmut-neven publish updated estimates showing that future cryptographically relevant quantum computers (CRQCs) could break ECDLP-256 — the elliptic curve cryptographic system protecting bitcoin and most blockchain networks — using far fewer qubits than previously thought (~20× reduction). They advocate transitioning to post-quantum cryptography (PQC) and introduce a novel responsible disclosure method using zero-knowledge proofs.
Quantum Resource Estimates
The paper compiles two Shor’s algorithm quantum circuits for ECDLP-256:
| Circuit | Logical Qubits | Toffoli Gates |
|---|---|---|
| Circuit A | < 1,200 | ~90 million |
| Circuit B | < 1,450 | ~70 million |
Physical qubit estimate: Fewer than 500,000 physical qubits on a superconducting CRQC — executable in a few minutes.
This represents an ~20× reduction in required physical qubits compared to prior estimates, continuing a long trend of algorithmic optimisation.
See also cottier-2026-quantum-computing-breakthroughs which reports that a separate Caltech/Oratomic paper reduces the qubit count further to ~25,000–30,000 for Bitcoin’s ECDLP.
Why This Matters for Cryptocurrency
Most blockchain technologies (including Bitcoin) rely on ECDLP-256 for:
- Signing transactions (wallet security)
- Key derivation
When CRQCs become available, any exposed or reused wallet address could be attacked. The authors note this is not yet possible — but the timeline is shortening.
Practical recommendations for the crypto community:
- Transition blockchains to PQC (well-understood, standardised).
- Avoid exposing or reusing vulnerable wallet addresses.
- Consider policy options to address abandoned cryptocurrency coins.
- Act now — PQC implementation takes time at blockchain scale.
Google’s own migration timeline targets 2029 for PQC transition across its systems.
Responsible Disclosure Approach
Vulnerability disclosure in crypto is especially fraught: beyond digital security, public confidence in the system is itself an asset. Unsubstantiated FUD (fear, uncertainty, doubt) about quantum attacks can damage crypto value without providing real security benefits.
Google’s approach:
- Clarify where blockchains are immune to quantum attacks (reducing FUD).
- Substantiate resource estimates via a zero-knowledge proof — third parties can verify the claims without obtaining a blueprint for attacks.
- Engage US government before publication.
Collaborators on next steps: coinbase, Stanford Institute for Blockchain Research, Ethereum Foundation.
Entities Mentioned
- ryan-babbush — Co-author; Director of Research, Quantum Algorithms, Google Quantum AI
- hartmut-neven — Co-author; VP of Engineering, Google Quantum AI
- google-quantum-ai — Research group
- coinbase — Collaborator on post-quantum migration
- ethereum-foundation — Collaborator