The crypto industry’s reaction was that a quantum computing threat was still remote when Google unveiled its Willow quantum chip in December 2024.
Bitcoin uses SHA-256 for mining and ECDSA for signatures, both of which are theoretically vulnerable to quantum decryption, but the consensus was that the threat was decades away. Breaking encryption would require millions of physical qubits (a unit of information in quantum systems). Willow only had 105.
That story has changed marginally sixteen months later, and Google isn’t denying anything.
The company announced this week that it is setting a 2029 deadline to migrate its authentication services to post-quantum cryptography, citing advances in quantum hardware, error correction and factoring resource estimates.
Google’s security engineering team wrote that quantum computers “will pose a significant threat to current cryptographic standards and specifically to encryption and digital signatures,” and that the threat to digital signatures specifically “requires the transition to PQC prior to a cryptographically relevant quantum computer.”
These risks are not theoretical. The Android 17 mobile operating system already integrates post-quantum digital signature protection. Chrome already supports post-quantum key exchange. Google Cloud offers post-quantum solutions for enterprise customers.
Here’s why it’s important
Classical computers treat information as bits, each one either a 0 or a 1, and solve problems by checking the options one at a time. Quantum computers use qubits that can exist as both 0 and 1 simultaneously, a property called superposition, which lets them explore a large number of possibilities in parallel.
For most everyday tasks, the advantage is negligible. But for specific problems like factoring the large prime numbers that underpin modern encryption, a sufficiently powerful quantum computer could solve in minutes what would take a classical machine longer than the age of the universe.
Bitcoin uses ECDSA (Elliptic Curve Digital Signature Algorithm) to sign transactions, which is exactly the category of cryptography that Google has flagged as requiring migration before a quantum computer capable of breaking it arrives.
A sufficiently powerful quantum computer running Shor’s algorithm could derive private keys from public keys, allowing an attacker to use any bitcoin whose public key has been revealed on the blockchain.
Shor’s is a quantum computing method that can crack the math that protects passwords and wallets exponentially faster than normal computers.
When CoinDesk wrote about Willow in December 2024, the math was reassuring. Chris Osborn, founder of the Solana ecosystem project Dialect, made it clear at the time: About 5,000 logical qubits are needed to run Shor’s algorithm against current encryption, and each logical qubit requires thousands of physical qubits for error correction.
That meant millions of physical qubits against Willow’s 105. The gap seemed enormous.
What has changed is not the qubit count. It is the error correction trajectory and the institutional response. Google went from demonstrating “sub-threshold” error correction, meaning they could turn noisy physical qubits into usable logical ones for the first time, to setting an enterprise migration deadline of 16 months.
When the company that builds quantum computers encourages developers to migrate by 2029, it’s a signal that the gap is closing faster than the public timeline suggests.
Ethereum co-founder Vitalik Buterin called as early as October 2024, a month before the Willow announcement.
“Quantum computing experts like Scott Aaronson have also recently begun to take the possibility that quantum computers actually work in the medium term much more seriously,” Buterin wrote at the time.
“This has implications across the entire Ethereum roadmap: it means that every piece of the Ethereum protocol that currently depends on elliptic curves will have to have a hash-based or otherwise quantum-resistant replacement.”
How Ethereum and Bitcoin Developers Respond
The contrast in how the two largest blockchain networks are reacting could not be starker.
The Ethereum Foundation treated it as a directive and built accordingly. Eight years of work, now visible in weekly shipping gear and a public roadmap with fork-level specificity.
Bitcoin’s governance model makes this kind of coordinated response structurally more difficult. There is no Ethereum Foundation equivalent to funding and leading a multi-year engineering effort.
Protocol changes require broad consensus among a decentralized developer community that has historically moved slowly and deliberately, a feature for stability but a liability when faced with a deadline.
The last major cryptographic upgrade to Bitcoin, Taproot, took years of discussion before activating in 2021.
Ethereum launched pq.ethereum.org this week, a dedicated hub for its post-quantum security efforts that have been underway since 2018. The Ethereum Foundation’s post-quantum team, cryptography team, protocol architecture team, and protocol coordination team have spent eight years building toward a migration that touches every layer of the protocol.
More than 10 client teams send weekly devnets through what the foundation calls PQ Interop. The roadmap maps specific milestones across four upcoming hard forks, from a post-quantum key registry to full PQ consensus.
Bitcoin, on the other hand, has no equivalent stake. No coordinated timetable. No multi-team engineering program. No fork milestones.
Nic Carter, one of Bitcoin’s most prominent advocates and co-founder of crypto fund Castle Island Ventures, said the quiet part out loud this week.
“Elliptic curve cryptography is on the brink of obsolescence,” he wrote on X. “Whether it’s 3 or 10 years, it’s over, and we have to accept that. The only thing that matters is how quickly blockchain developers recognize that they need to bake cryptographic mutability into their networks.”
Carter opposed the two approaches directly. Ethereum’s approach, he said, was “best in class,” describing how the network “comes together and announces a specific, detailed PQ roadmap by 2029, makes it a top strategic priority, folds PQ into an ongoing roadmap, detailed FAQs, no fear, just action.”
Bitcoin’s approach, Carter said, was “best in class.” He noted that there is currently a group working on a quantum-related proposal that has “received zero buy-in from top developers,” with developers pointing to isolated pieces of research as evidence of progress while having “no coherent strategy, no roadmap.”
“Everybody knows I’m a bitcoiner and want bitcoin to win,” Carter added. “Not saying this to hurt feelings. Saying this to spur action.”
However, there is no universal urgency.
Firms like CoinShares argue that fears of an imminent quantum threat to bitcoin are overstated, and it estimates that only about 10,200 BTC are concentrated enough in vulnerable legacy address types that its theft could cause “noticeable market disruption.”
The remaining exposed supply, about 1.6 million BTC in legacy Pay-to-Public-Key addresses, is spread across more than 32,000 separate wallets averaging about 50 BTC each, making them slow and unprofitable to crack individually, as CoinDesk reported at the time.
But the question is not whether quantum computers will ultimately threaten blockchain cryptography. Google, the Ethereum Foundation, NIST, and now prominent Bitcoin advocates all agree it will.
At issue is whether three years is enough time to migrate a global, decentralized protocol that has no central authority to set deadlines, no coordinated engineering team to execute them, and a culture that treats urgency with suspicion.
Ethereum’s response is that eight years of preparation enabled it to perform the migration across four hard forks. Google’s response is that 2029 is the deadline and the migration is already underway in its products.
Bitcoin’s response so far is silence. And as Carter warned, “ETHBTC will begin to reflect the divergence in priorities” if this silence continues.
