Crypto industry may be running out of time to prepare for quantum attacks
Google’s latest research suggests the cryptocurrency industry may have less time than expected to prepare for quantum computing.
In a whitepaper, Google examines risks to elliptic curve cryptography, the system securing most blockchain networks. The researchers revisit earlier assumptions about how difficult it would be for a quantum computer to break these protections, concluding that the required resources may be lower than previously estimated.
“To share this research responsibly, we engaged with the U.S. government and developed a new method to describe these vulnerabilities via a zero-knowledge proof, so they can be verified without providing a roadmap for bad actors. We urge other research teams to do the same to keep people safe,” researchers said.
At the core of the analysis is Shor’s algorithm, which can solve the mathematical problems underlying digital signatures. The team estimates that breaking the elliptic curve discrete logarithm problem for widely used parameters could require roughly 1200 to 1450 logical qubits and tens of millions of quantum gate operations. These figures represent an improvement over earlier estimates and point to steady progress in quantum algorithm design.
A key takeaway is how quickly such an attack could happen. The researchers estimate a quantum system could derive a private key in under half an hour, and in some scenarios as little as nine minutes. That falls within the time it takes for a blockchain transaction to be confirmed.
That matters because blockchain transactions are not instantaneous. During the interval between broadcast and confirmation, an attacker could extract a public key, compute the corresponding private key, and submit a competing transaction, known as an “on-spend” attack.
Two other categories of quantum attacks are also outlined. “At-rest” attacks target public keys exposed over long periods, such as those tied to reused addresses or dormant wallets. “On-setup” attacks exploit weaknesses in protocol parameters to create reusable backdoors. The risk depends on both system design and user behavior, including practices such as key reuse.
Dormant crypto wallets could become prime targets
The paper also looks at how different types of quantum hardware change the threat. Faster systems, including superconducting and photonic designs, could move quickly enough to act during a live transaction. Slower machines would more likely go after keys that have been exposed for longer periods. Which approach becomes viable first will shape how defenses need to be built.
The risk is not limited to active transactions. Funds sitting in inactive wallets, especially those linked to lost private keys, cannot be upgraded to newer cryptographic schemes. If quantum systems reach the required scale, those holdings could be exposed.
“We want to raise awareness on this issue and are providing the cryptocurrency community with recommendations to improve security and stability before this is possible, including transitioning blockchains to post-quantum cryptography (PQC), which is resistant to quantum attacks,” researchers wrote.
Transitioning to post-quantum cryptography is technically feasible, but the process is complex and slow, particularly for decentralized networks that require broad coordination.
Quantum attacks on cryptocurrencies are not happening today. But the gap between theory and practice is narrowing, and the time available to prepare is shrinking.