Google: Post-quantum migration is urgent, cracking cryptocurrency costs drop dramatically

Google’s quantum AI team released a white paper on March 31, stating that future quantum computers may only need fewer than 1,200 logical qubits and 90 million Toffoli Gates to break the ECDLP-256 elliptic curve cryptography protocol that currently protects the security of most blockchains and cryptocurrencies. The number of physical qubits required is about 20 times lower than earlier estimates.

Why ECDLP-256 Is More Fragile Than Before: A Breakthrough in Quantum Resource Estimates

(Source: Google)

ECDLP-256 (a 256-bit elliptic-curve discrete logarithm problem) is the core cryptographic foundation for most blockchains, cryptocurrencies, and many traditional digital security systems. Google’s latest white paper is based on implementing two quantum circuits using Shor’s algorithm, and its resource estimation results are alarming:

Circuit A: fewer than 1,200 logical qubits + 90 million Toffoli Gates

Circuit B: fewer than 1,450 logical qubits + 70 million Toffoli Gates

Under assumptions that meet Google’s flagship quantum processor hardware standards, these circuits could be executed and completed in minutes with fewer than 500,000 physical qubits—about 20 times fewer qubits than required by past estimates.

Once large-scale cryptography-related quantum computers (CRQC) reach this threshold, they can break widely used public-key cryptographic technologies, directly threatening the security of existing cryptographic assets. Google notes that, as quantum computing technology accelerates, implementing CRQC is no longer a distant future.

Four Urgent Anti-Quantum Actions for the Cryptocurrency Community

Initiate post-quantum cryptography (PQC) migration assessments immediately: identify how much the systems rely on ECDLP-256, and develop a migration roadmap

Avoid exposing or reusing wallet addresses: elliptic-curve cryptography has vulnerabilities under quantum attacks, and reusing addresses increases an attacker’s visibility into information

Look at policy options for abandoned addresses: long-term inactive addresses may pose systemic risk under quantum threats, so a policy framework must be set in advance

Synchronize a 2029 migration timeline: Google and organizations such as Coinbase and the Ethereum Foundation have set clear collaboration deadlines, and the industry needs to plan in sync

A New Framework for Responsible Disclosure: How Zero-Knowledge Proofs Protect Public Safety

A core challenge Google faces with this white paper is disclosing security vulnerabilities without giving malicious actors an attack guide. Google points out that the situation for cryptocurrencies is especially complex—its value comes not only from system security, but also from public trust, and FUD (fear, uncertainty, and doubt) techniques can also attack systems.

Google’s solution is to use a “Zero-Knowledge Proof” construction: third parties can independently verify Google’s resource estimation conclusions without obtaining the details of the underlying quantum circuits that could enable attacks. This approach, developed in cooperation with the U.S. government, has already been shared with organizations such as SIFMA and ISLA, and it calls on other quantum computing research teams to adopt the same responsible disclosure framework.

Frequently Asked Questions

What is ECDLP-256, and why is it crucial to cryptocurrency security?

ECDLP-256 is the core cryptographic foundation for most blockchain and cryptocurrency systems, used to protect wallet private keys, digital signatures, and transaction verification. Currently, conventional computers cannot break it in a reasonable amount of time, but in the future, sufficiently powerful quantum computers could complete it in minutes, directly threatening the security of existing cryptographic assets.

How does post-quantum cryptography (PQC) withstand quantum attacks?

PQC is a cryptographic algorithm designed based on mathematical problems that are believed to resist breaking by quantum computers—for example, lattice-based cryptography. Compared with elliptic-curve cryptography that relies on ECDLP-256, PQC algorithms will not fail in front of quantum computers, but migrating them requires coordinated efforts across the industry and ample implementation time.

Why does Google set 2029 as the anti-quantum migration deadline?

Google conducts a comprehensive assessment based on the pace of quantum hardware development and the time required to migrate cryptographic systems, concluding that 2029 is a target node that balances urgency and feasibility—considering both that CRQC could reach a threat level within a decade and also giving the industry sufficient time to formulate and implement PQC migration plans. Google has reached collaboration consensus with organizations such as Coinbase and the Ethereum Foundation.