Breaking Bitcoin’s blockchain with quantum computers might not be as difficult as previously thought, and Bitcoin’s Taproot technology, which allows for more efficient and private transactions, could be partly to blame, Google’s Quantum AI team said Monday in a blog post and newly released white paper.
The team said the computing power needed to break Bitcoin’s security could be much lower than previously assumed, raising new questions about how quickly quantum threats could become a reality.
In a new white paper, researchers found that decrypting the cryptography used by Bitcoin and Ethereum could require fewer than 500,000 physical qubits, well below the “millions” often discussed in recent years.
Google previously pointed to 2029 as a potential milestone for useful quantum systems, indicating that migration must precede that, making the paper’s conclusion that attacks could require less computing power all the more significant.
Quantum computers use qubits instead of traditional bits and can solve certain problems much faster than current machines. One such issue is decrypting the type of encryption that protects crypto wallets.
Google said it has designed two potential attack methods, each requiring around 1,200 to 1,450 high-quality qubits. That’s a fraction of previous estimates and suggests the gap between current technology and a viable attack may be smaller than investors imagine.
The research also describes how such an attack could work in practice.
Rather than targeting old wallets, a quantum attacker could attack transactions in real time. When a person sends bitcoins, a piece of data called a public key is briefly revealed. A sufficiently fast quantum computer could use this information to calculate the private key and redirect funds.
Under Google’s model, a quantum system could prepare part of the calculation in advance, then complete the attack in about nine minutes once a transaction appears. Bitcoin transactions typically take around 10 minutes to confirm, giving an attacker around a 41% chance of preempting the initial transfer.
Other cryptocurrencies like Ethereum may be less exposed to this specific risk because they validate transactions more quickly, leaving less time for an attack.
The study also estimates that about 6.9 million bitcoins, or about a third of the total supply, are already held in wallets whose public key has been exposed in some way. This includes approximately 1.7 million bitcoins from the network’s early years, as well as funds affected by address reuse.
This figure is much higher than recent estimates from CoinShares, which argued that only about 10,200 bitcoins are concentrated enough to significantly move markets if stolen.
The Taproot problem
The findings also shed new light on Taproot, Bitcoin’s 2021 update. While Taproot improved privacy and efficiency, it also made public keys visible on the blockchain by default, removing a layer of protection used in older address formats.
Google researchers say this design choice could increase the number of wallets vulnerable to future quantum attacks.
Google is also changing the way it shares security-sensitive searches. Rather than publishing the step-by-step details of how cryptosystems could be compromised, the team used a technique called zero-knowledge proof to prove their conclusions are correct without revealing the method itself. This allows others to verify the results while limiting the risk of misuse of the research.
The key point for investors is not that quantum computers are about to compromise crypto, but that the time frame could be shorter, and the risks broader, than previously considered.
