Google issues warning: Quantum computing may crack Bitcoin encryption by 2029

Google researchers point out that by 2029, quantum computers may be able to break through the security systems of mainstream blockchains. Currently, as many as 6.9 million Bitcoins are vulnerable to being cracked by quantum computing power at any time due to the public keys being exposed.

Investing in quantum computing is generally considered a bet on the future. Large-scale, high-performance quantum systems are expected to emerge in the coming years, bringing both disruptive potential and new risks. Google warns against complacency.

This Alphabet subsidiary is working to advance its own quantum computing ambitions. Its Willow chip is believed to have sparked a global quantum fever by the end of 2024, putting this emerging technology firmly in the spotlight.

Now, Google researchers have released a white paper stating that "Q-Day" (the moment when quantum computers can break the encryption protecting massive amounts of global data) is not a distant threat. The company has also specified a particular year, urging the public to prepare for this event before then.

This paper, uploaded this week to Cornell University's arXiv platform, focuses specifically on cryptocurrencies. Cryptocurrency transactions rely on two keys: a private key and a public key. The private key is a very large, random, and confidential number that allows you to manage and access your funds. The corresponding public key is publicly shared and used to receive cryptocurrency. The security of cryptocurrencies like Bitcoin relies on a technique called elliptic curve cryptography. Its basic assumption is that existing computers cannot derive the private key from the public key. This is true—traditional computers simply cannot do this in a feasible time. However, quantum computers are different. As Barron's previously reported, future machines may be able to run a quantum algorithm called "Shor's algorithm," which can factor large numbers into their prime factors. The paper highlights a specific use case for Shor's algorithm called an "on-spend attack." When you send Bitcoin, your public key is briefly exposed to the network while the transaction is in the mempool awaiting confirmation. This process takes approximately 10 minutes. Researchers have found that running an optimized Shor algorithm on a "fast-clock" quantum computer (or a computer using a specific quantum architecture) can derive the private key from the public key in just 9 to 12 minutes. Crucially, researchers estimate that on a superconducting quantum computer, fewer than 500,000 physical qubits are needed to break the elliptic curve cryptography protecting Bitcoin and most mainstream cryptocurrencies. This is about 20 times less than earlier estimates. Researchers point out that up to 6.9 million Bitcoins are stored in addresses where the public keys have been exposed. Because these keys are public, the quantum system will not be limited by the 10-minute window and can use Shor's algorithm to compromise these wallets at any time. One of the paper's co-authors, Justin Drake, stated on social media that his confidence in "Q-Day" arriving before 2032 has "significantly increased." Drake predicts that by that year, the probability of a quantum system recovering the private key from an exposed public key will be at least 10%. "I expect the narrative to shift and further drive investment in post-quantum cryptography research," Drake wrote. While he acknowledges he's not a "quantum expert" and that these results, which haven't yet been peer-reviewed, need time to be "properly validated," he believes Google's estimates are conservative, based on discussions with the research team. The industry consensus is that this event will most likely occur sometime in the 2030s, but Google expects "Q-Day" to arrive sooner. The company believes that a quantum computer with practical cryptographic capabilities could be sufficient to break most mainstream blockchains by around 2029. Coincidentally, this timeline coincides with the target timeframes set by most quantum research teams for the advent of large-scale, commercial-grade quantum computers. IBM, often considered a competitor to Google in the quantum field, also aims to deploy a fault-tolerant supercomputer before then. In a blog post last week, Google urged businesses to strengthen their cybersecurity measures to avoid being left behind. The company wrote, "The threats to encryption technology already exist today due to 'store-first, decrypt-later' attacks. Threats to digital signatures, on the other hand, represent future risks." Google is particularly pushing for a transition to "post-quantum cryptography," which employs new, quantum-resistant algorithms to protect data against future attacks.