Google claims quantum advantage, Trump invests in quantum computing company, is the quantum threat to Bitcoin coming again?

This week, two seemingly unrelated but actually closely related pieces of news have attracted widespread attention in the technology and crypto circles:

1. Google claims that its latest "Willow" quantum chip has achieved "verifiable quantum advantage" and is 13,000 times faster than top supercomputers in specific algorithms.
2. Political news: According to the Wall Street Journal, the Trump administration is in talks to directly "invest" in a quantum computing company with the intention of "nationalizing" the technology.

A technological breakthrough and a political move together point to a question that sends chills down the spine of the crypto world: Is the "Sword of Damocles" hanging over Bitcoin—the quantum threat—one step closer?

Why is “control” more important than “speed”?

Every time there’s quantum news, someone in the field (like the founder of Mysten Labs) comes out to maintain stability, saying it’s “at least another 10 years away” before a substantial threat emerges. This view is based on a simple “linear extrapolation”—the term means assuming that technology will advance at a constant speed, like a car .

But this judgment may have misjudged Google's "trump card".

What is truly alarming in this announcement is not the 13,000-fold speed increase, but the shift in phraseology: from “Quantum Supremacy” to “Verifiable Quantum Advantage.”

If the "hegemony" in 2019 was a display of computing power to show off its muscles, then today's "verifiable advantage" is a precise declaration of control .

Google has successfully simulated "quantum chaos," a system state in physics so complex and chaotic that even classical supercomputers cannot simulate it . This demonstrates that Google's ability to control noise is making a leap forward.

To understand this, we must first clarify two concepts:

What is a "qubit"? Classical computers use "bits" (0 or 1) for calculations. Quantum computers, on the other hand, use "qubits," microscopic particles that can exist in a superposition of 0 and 1 simultaneously . This property gives them the potential to surpass classical computers.

What is "noise"? Quantum bits are extremely fragile. Any slight external disturbance (such as temperature or vibration) can cause them to "err" or "forget" information. This is "noise." Noise is quantum computing's biggest enemy.

Therefore, Google's achievement means that humans have made a breakthrough in the core problem of "controlling noise", which is precisely the only way to build a quantum computer with error correction capabilities that can ultimately crack the code.

So, this is no longer a distant cry of "wolf." This is the starting gun that has already been fired, announcing the official start of a global "crypto migration."

The real "nuclear weapon": Shor's algorithm and the historical baggage of HNDL

The urgency of this migration stems from the unique nature of the quantum threat. What exactly is it?

This is primarily due to two algorithms. The first is the Grover algorithm, a "super search engine" that accelerates the cracking of hash algorithms such as SHA-256. However, this isn't a fatal blow; the resulting increase in computing power is still manageable.

The real "nuclear weapon" is Shor's algorithm .

The sole purpose of Shor's algorithm is to break the encryption foundation of today's Internet. For cryptocurrencies, it can do something extremely dangerous: deducing your "private key" from your "public key."

What is this concept? We must first explain two basic terms:

• Public Key: Like your bank account number or home address, you can give it to anyone and have them transfer money or send you a letter.
• Private Key: Like your bank card password or house key, it is the only proof of your access to your assets and you must never tell anyone.

All current cryptocurrencies are based on an ironclad principle: the private key cannot be deduced from the public key . Shor's algorithm is the "master key" that breaks this ironclad principle.

So, how difficult is it to create this "master key"?

This requires a distinction between "physical qubits" and "logical qubits":

• Physical Qubits: Google's recently released "Willow" chip boasts 105 physical qubits . Think of them as 105 unskilled musicians prone to playing wrong notes . They are extremely fragile and susceptible to interference from noise.
• Logical Qubits: These are what Shor's algorithm really needs and are nearly perfect "musicians" .

How do we obtain "logical bits"? The answer is "human wave tactics." Through a technique called quantum error correction (QEC), hundreds or even thousands of unreliable "musicians" (physical bits) are formed into an "orchestra" and correct each other's errors to simulate a perfect "musician" (logical bit) .

The generally accepted estimate in the industry is that it takes about 2,300 "logical bits" to crack Bitcoin's signature.

This corresponds to an astonishing number of "physical bits": about 13 million "physical bits" (musicians) are needed to crack it within 24 hours .

This huge gap is the source of confidence for the "10-year theory".

However, this calculation ignores a more subtle and pressing threat model: " Harvest Now, Decrypt Later" (HNDL).

The logic of HNDL is extremely simple: an attacker with sufficient storage capacity can download and store the entire public ledger of Bitcoin (and other chains) in its entirety starting today . They don't need to crack it immediately, they just need to wait .

When that "13 million bit" machine comes out one day in the future, we will use it to decrypt the "historical data" that has already been stored on the hard drive.

Bitcoin's early protocol designs (such as P2PKH, an early address format ) are particularly vulnerable to this attack. Its mechanism stipulates that an address's "public key" (your "home address") is only broadcast to the entire network and permanently recorded in the immutable ledger the first time a transaction is sent from that address.

This means that the "public key" of any Bitcoin address that has ever spent money is permanently exposed .

It is estimated that at least 25% of all Bitcoin is held in addresses where public keys are exposed . For Ethereum (which uses an account model , meaning your public key is always public), this proportion could be over 65%.

Crucially, the HNDL is a historical burden . Even if Bitcoin successfully upgrades to a quantum-resistant algorithm through a hard fork in the future, it will not be able to retroactively protect these exposed public keys that have already been recorded in historical blocks.

This "ghost" is already lurking in the system, and it is targeting not the future but the "past".

An Expensive New World: The True Cost of PQC Migration

Faced with this clear and present threat, the global cryptography community is not sitting idly by. A defensive "great migration" has already begun, heading towards a new "safe continent"—post- quantum cryptography (PQC) .

The map of this migration was created by NIST (the National Institute of Standards and Technology, the U.S. government's technology standards-setting agency). NIST launched a global, open competition to select a new generation of encryption standards that can withstand attacks from quantum computers. The first winners have already been determined:

1. ML-KEM (Kyber): for public-key encryption and key exchange.
2. ML-DSA (Dilithium): used for digital signatures (will replace Bitcoin's signature algorithm).
3. SLH-DSA (SPHINCS+): A backup standard based on hashing algorithms in addition to lattice cryptography (a new type of mathematical problem thought to be hard for both ordinary and quantum computers) to spread the risk.

But even though the maps of the "New World" have been drawn, the cost of navigation may be too high to bear.

We’ve talked a lot about the challenges of “governance” and “consensus” before, but the reality is that the PQC algorithm itself (especially the hash-based SPHINCS+) is extremely expensive in terms of performance.

According to the latest Ethereum testnet data (as seen in the Poqeth 2025 study):

• Gas Cost: Currently, ECDSA signature verification costs approximately 21,000 gas . SPHINCS+ verification costs, on the other hand, soars to 1,200,000-2,500,000 gas —a more than 100-fold increase. In a network with a 30MB block gas limit, a single signature consumes nearly 10% of the capacity, making this completely unscalable.
• Signature size: ECDSA signatures are ~70 bytes . SPHINCS+ signatures, on the other hand, are ~41,000 bytes (~41KB) in size – a nearly 600x increase.

As someone in the industry pointed out sharply: "There is far too little gas in a block to run anything, let alone the old Bitcoin network."

This reality of not being able to run makes the word "upgrade" extremely heavy. This is no longer a simple "soft/hard fork" governance choice, but a fundamental issue of technical feasibility .

Different blockchains are preparing their own “ships”:

• Bitcoin's "Dreadnought": The community is discussing an extremely radical "hard fork" proposal. A hard fork is a mandatory, incompatible network upgrade, like switching traffic from driving on the right to driving on the left overnight. The proposal could even freeze funds in old addresses that haven't been migrated. This drastic strategy faces significant consensus resistance.
• Ethereum's "exploratory fleet": Vitalik Buterin's roadmap is much more flexible. He suggests using L2s (second-layer networks such as Arbitrum or Optimism, which are used to speed up Ethereum and reduce fees) as a "testing ground" for PQC, and gradually infiltrating it using Account Abstraction (AA), a new feature that makes Ethereum wallets smarter and more flexible, ultimately completing the replacement from the outside in.
• Solana and BNB Chain: As representatives of high-performance public chains, they are currently more in the research and exploration phase and have yet to offer a clear official roadmap like Ethereum. Performance overhead is their biggest concern in migrating to PQC.
• Comparison of PQC Migration Strategies of Mainstream Blockchains

This comparison table clearly reveals that this is not only a choice of technical route, but also a battle royale of various project governance models.

The first acceleration: the geopolitical race towards nationalization

Don't think this is just a matter for programmers. The first to put the pedal to the metal in this "great migration" is the national team .

Quantum computing has long been a strategic high ground in the world's great power struggles. The United States allocated $1.2 billion to the National Quantum Initiative Act of 2018, while China's 14th Five-Year Plan lists it as its second-highest priority, with public investment estimated to exceed $15 billion.

But this is still just "spending money to support".

The Wall Street Journal's report on the Trump administration's discussions for a stake sends a completely different signal: This is no longer "government support"; it's nationalization . Quantum computing is transforming from a "research project" to a "national strategic asset," comparable in nature to nuclear weapons or national oil companies. What the US government seeks is no longer influence; it's absolute control .

This "national-level" arms race is an absolute double-edged sword.

On the one hand, the crazy investment of the "national team" is accelerating the maturation of this quantum ghost and forcing it to come out of the cage quickly, which greatly compresses our defense time.

On the other hand, it is precisely this national security-level fear that forces NIST to work so hard to create PQC standards .

The biggest risk brought by "the national team personally taking part" is the fragmentation of standards .

NIST develops open-source standards, hoping for global adoption. However, if the US government controls core technologies through equity, other major powers will inevitably develop their own national standards to counter these efforts, motivated by national security concerns.

This could lead to network splitting (Splinternet) at the "cryptographic" level.

This is fatal for systems like BTC and ETH that rely on a globally unified, borderless consensus. The appeal of "national sovereignty" could fundamentally undermine the global consensus on "decentralization."

The second acceleration: Bubbled Wall Street capital

If the "national team" is the first accelerator, then the second accelerator is Wall Street .

Even as the "10-year theory" was still popular, the capital market had already invested heavily. Over the past year, US quantum computing companies have seen astonishing growth. For example, $RGTI (Rigetti Computing) saw its share price surge from $0.80 to $40, a 50-fold increase.

But behind this frenzy lies an extremely high valuation bubble. Companies like $IONQ and $QUBT have EV/sales (enterprise value/revenue) ratios as high as 400 times or even tens of thousands times. It should be noted that all of these companies are currently operating at a significant loss.

This poses a huge risk for stock market investors chasing high prices. But for the entire crypto world, it sends a more dangerous signal: the market (private capital) is working alongside the national team to frantically "transfuse blood" into the quantum race.

Whenever this "quantum bubble" bursts, the huge amount of capital it injects has already significantly accelerated the R&D process of these companies, which constitutes another "accelerator" and makes the "10-year theory" even more unreliable.

The rules of survival in the era of the "Great Filter"

Google's "verifiable quantum advantage" isn't a drill; it's the starting gun. It declares that humanity's control over quantum systems is crossing a threshold, moving from "theory" to "engineering."

Under the dual acceleration of the "national team" and "Wall Street", participants in the circle should wake up:

1. The threat has arrived . The "ghost" (HNDL) has entered the village and is "sneaking" at all your exposed historical public keys.
2. The "new world" (PQC standards) has been found , and NIST's map has been drawn.
3. Mass migration is the only way to survive. However, the real challenge lies first in technical feasibility (cost and performance) , followed by governance and consensus. If it can't run, there's no point in talking about governance.

Facing this future, the survival rules for different roles are simple:

• For VCs and funds: Immediately incorporate "quantum readiness" into the core framework of "DD" (due diligence, the in-depth research before investing). A project that has no plan for PQC migration or avoids discussing its high performance costs should be considered a significant risk.
• For developers and project owners: Study NIST standards now. New systems must adhere to the principle of "crypto-agility" —a design concept that means making cryptographic modules "pluggable" so they can be easily replaced in the future without having to start over.
• For regular cryptocurrency holders: Before the PQC wallet becomes widely available, develop good cryptographic hygiene habits. The core rule is this: never reuse addresses! Use a new address for every payment. This simple habit can significantly reduce the risk of your public key being exposed, preventing you from becoming a "legacy."

The quantum threat is not "doomsday," it is a great filter .

It will ruthlessly screen out ecosystems characterized by chaotic governance, slow response, and hype. Ultimately, only those projects that successfully "land" are truly capable, visionary, and capable of execution, and only those that can truly "create a secure and autonomous financial future."