On March 31, 2026, Google Quantum AI, a subsidiary of Google, released a white paper that garnered widespread attention, claiming that the resources required for a future quantum computer to crack Bitcoin's encryption would be about 20 times less than previously estimated. This research quickly sparked heated discussions within the industry, and headlines such as "Quantum Computer Breaks Bitcoin in 9 Minutes" began circulating in the market. But frankly, this kind of panic happens once or twice a year; it just sounds particularly alarming this time because it's backed by Google.
We have systematically reviewed this 57-page paper and several key studies published at the same time, to analyze the credibility of the relevant claims, the actual impact of the current development of quantum computing on the cryptocurrency and mining industries, the stage of related risks, and whether they are truly imminent.
Reassessing Technological Risks
Traditionally, Bitcoin's security is built on a one-way mathematical relationship. When a wallet is created, the system generates a private key, from which the public key is derived. When using Bitcoin, users need to prove they possess the private key, but not by directly revealing it. Instead, they use the private key to generate a cryptographic signature that the network can verify. This mechanism is secure because modern computers would need billions of years to reverse-engineer the private key from the public key. Specifically, the time required to crack the Elliptic Curve Digital Signature Algorithm (ECDSA) far exceeds current feasible limits. Therefore, from a cryptographic perspective, blockchain has always been considered unbreakable.
But the emergence of quantum computers has broken this rule. They work differently; instead of checking keys one by one, they explore all possibilities simultaneously and use quantum interference effects to find the correct key. To put it simply, a traditional computer is like a person trying out keys one by one in a dark room, while a quantum computer is like several master keys that can match all the locks at once, approximating the correct answer more efficiently. Once quantum computers are powerful enough, an attacker could quickly calculate your private key from your exposed public key, then forge a transaction to transfer your Bitcoin to their own account. Once such an attack occurs, the assets will be extremely difficult to recover due to the irreversible nature of blockchain transactions.
On March 31, 2026, Google Quantum AI, in collaboration with Stanford University and the Ethereum Foundation, released a 57-page white paper. At the heart of this paper is an assessment of the specific threats posed by quantum computing to Elliptic Curve Digital Signature Algorithms (ECDSA). Most blockchains and cryptocurrencies use 256-bit elliptic curve cryptography based on the Discrete Logarithm Problem (ECDLP-256) to protect wallets and transactions. The research team found that the quantum resources required to break ECDLP-256 have been significantly reduced.
They designed a quantum circuit running Shor's algorithm specifically for deriving the private key from the public key. This circuit needs to run on a specific type of quantum computer, namely a superconducting quantum computing architecture. This is the main technological approach currently being developed by companies like Google and IBM, characterized by high computational speed but requiring extremely low temperatures to maintain the stability of the qubits. Assuming the hardware performance meets the standards of Google's flagship quantum processor, this attack could be completed in a few minutes using fewer than 500,000 physical qubits. This figure is about 20 times lower than previous estimates.
To more intuitively assess this threat, the research team conducted a simulation. They applied the aforementioned circuit configuration to a real Bitcoin transaction environment and found that a theoretical quantum computer could reverse-engineer the public key to the private key in approximately 9 minutes, with a success rate of about 41%. The average Bitcoin block time is 10 minutes. This means that not only approximately 32% to 35% of the Bitcoin supply is at risk of being statically compromised because the public key is already exposed on the blockchain, but attackers could theoretically intercept transactions before they are confirmed and steal funds. Although a quantum computer with these capabilities has not yet emerged, this discovery extends quantum attacks from "static asset harvesting" to "real-time transaction interception," causing considerable anxiety in the market.
At the same time, Google released another key piece of information: the company has moved up its internal deadline for post-quantum cryptography (PQC) migration to 2029. Simply put, post-quantum cryptography migration involves "changing the locks" of all systems currently relying on RSA and elliptic curve cryptography, replacing them with locks that are difficult for quantum computers to break. Before Google released this white paper, this was originally a long-planned project. Previously, the National Institute of Standards and Technology (NIST) gave a timeline of abandoning old algorithms by 2030 and completely banning them by 2035, with the industry generally believing there was about ten years to prepare. However, based on its recent progress in quantum hardware, quantum error correction, and quantum factorization resource estimation, Google judged that the quantum threat was closer than previously thought, and thus significantly moved its internal migration deadline forward to 2029. This objectively compressed the preparation period for the entire industry and sent a signal to the cryptography industry: quantum computing is progressing faster than expected, and security upgrades need to be put on the agenda sooner. This is undoubtedly a milestone research, but in the process of media dissemination, anxiety has also been amplified. How should we rationally view this impact?
Do we really need to worry?
Could quantum computing render the entire Bitcoin network inoperable?
There is a threat, but it's concentrated on the security of signatures. Quantum computing doesn't directly affect the underlying structure of the blockchain, nor does it disable the mining mechanism. Its real target is the digital signature stage. Every Bitcoin transaction requires a private key signature to prove ownership of funds. The network verifies the signature's correctness. The potential capability of quantum computing is to deduce the private key after the public key has been published, thereby forging signatures.
This presents two real-world risks. One occurs during the transaction process. When a transaction is initiated, and the information enters the network but has not yet been packaged into a block, there is theoretically a possibility of it being preemptively replaced; this type of attack is called an "on-spend attack." The other type targets addresses whose public keys have been exposed in the past, such as wallets with addresses that have not been used for a long time or have been reused. This type of attack has more time to occur and is easier to understand.
However, it's important to emphasize that these risks do not apply universally to all Bitcoins or all users. The threat only exists within the few-minute window during which you initiate a transaction, or if your address has historically exposed its public key. This is not an immediate disruption of the entire system.
Will the threat arrive so soon?
The "9-minute breakthrough" presupposes the creation of a fault-tolerant quantum computer with 500,000 physical qubits. Google's most advanced Willow chip currently has only 105 physical qubits, and IBM's Condor processor has approximately 1,121, several hundred times less than the 500,000 threshold. Ethereum Foundation researcher Justin Drake estimates the probability of a Q-Day breaking the quantum barrier by 2032 to be only 10%. Therefore, this is not an imminent crisis, but it is not a tail risk that can be completely ignored either.
What is the biggest threat to quantum computing?
Bitcoin is not the most affected system; it's simply the one whose value is most intuitive and easily perceived by the public. The challenges posed by quantum computing are a broader systemic problem. All internet infrastructure relying on public-key encryption, including banking systems, government communications, secure email, software signatures, and identity authentication systems, will face the same threat. This is precisely why institutions like Google, the NSA, and the NIST have been pushing for a post-quantum cryptography migration over the past decade. Once quantum computers with practical attack capabilities emerge, it won't just be cryptocurrencies that will be impacted, but the entire trust system of the digital world. Therefore, this is not a single risk specific to Bitcoin, but a systemic upgrade of the global information infrastructure.
The Imagination and Feasibility of Quantum Mining
On the same day Google published its paper, BTQ Technologies published a research paper titled "Kardashev Scale Quantum Computing for Bitcoin Mining," quantifying the feasibility of quantum mining from both physical and economic perspectives. The paper's author, Pierre-Luc Dallaire-Demers, comprehensively modeled all the technical aspects of quantum mining, from the underlying hardware to the upper-level algorithms, thereby estimating the actual cost of mining with quantum computers.
The research found that even under the most favorable assumptions, mining with a quantum computer still requires approximately 10⁸ physical qubits and 10⁴ megawatts of power, roughly equivalent to the total output of a large national power grid. With the mainnet difficulty set for Bitcoin in January 2025, the required resources surge to approximately 10²³ physical qubits and 10²⁵ watts, approaching the energy output of a star. In comparison, the current power consumption of the entire Bitcoin network is approximately 13-25 gigawatts, an order of magnitude smaller than the energy required for quantum mining.
The study further points out that the theoretical speedup advantage of Grover's algorithm is offset by various overheads in practical engineering, and cannot be truly translated into mining profits. Quantum mining is impractical both physically and economically.
Google isn't the only organization discussing this issue. Coinbase, the Ethereum Foundation, and the Stanford Blockchain Research Center are all advancing related research. Ethereum Foundation researcher Justin Drake commented, "By 2032, there's at least a 10% chance that a quantum computer will be able to recover the secp256k1 ECDSA private key from an exposed public key. While a cryptographically significant quantum computer still seems unlikely before 2030, now is undoubtedly the time to start preparing."
Therefore, we don't need to worry about quantum computing having a fatal impact on mining at present, because the amount of resources it requires far exceeds the scope of any rational economic decision. No one would spend so much energy to grab 3.125 bitcoins in a single block.
Cryptocurrencies will not die, but they need to be upgraded.
If quantum computing raises a question, the industry has always had an answer. That answer is "post-quantum cryptography" (PQC), which refers to encryption algorithms that are resistant to quantum computers. Specific technical approaches include introducing quantum-resistant signature algorithms, optimizing address structures to reduce public key exposure, and gradually migrating through protocol upgrades. Currently, NIST has standardized post-quantum cryptography, with ML-DSA (a modular lattice-based digital signature algorithm, FIPS 204) and SLH-DSA (a hash-based stateless signature algorithm, FIPS 205) being the two core post-quantum signature schemes.
At the Bitcoin network level, BIP 360 (Pay-to-Merkle-Root, or P2MR for short) was officially included in the Bitcoin Improvement Proposal Library in early 2026. It addresses a transaction mode introduced by the Taproot upgrade activated in 2021. While Taproot was intended to improve Bitcoin's privacy and efficiency, its "key path spending" feature exposes public keys during transactions, potentially making it a target for future quantum attacks. The core idea of BIP 360 is to remove this path that exposes public keys, changing the transaction structure so that fund transfers no longer require the public key to be displayed, thereby reducing exposure to quantum risks from the source.
For the cryptocurrency industry, blockchain upgrades involve a series of issues, including on-chain compatibility, wallet infrastructure, address systems, user migration costs, and community coordination. This requires the joint participation of the protocol layer, clients, wallets, exchanges, custodians, and even ordinary users, essentially updating the entire ecosystem. However, the industry has at least reached a consensus on this; further progress is simply a matter of implementation and time.
The title sounds intimidating, but the reality isn't that urgent.
A detailed breakdown of these latest developments reveals that things aren't as alarmist as they seem. While human research into quantum computing is accelerating towards reality, we still have ample time to respond. Bitcoin today is not a static system, but a network that has continuously evolved over the past decade. From script upgrades to Taproot, from privacy improvements to scaling solutions, it has constantly sought a balance between security and efficiency through change.
The challenges posed by quantum computing may simply be the reason for the next upgrade. The clock of quantum computing is ticking. The good news is that we can all hear it and have time to react. In this era of ever-advancing computing power, what we need to do is ensure that the trust mechanisms of the crypto world always stay ahead of technological threats.
