Breaking Bitcoin’s blockchain with quantum computers may not be as difficult as once thought, and Bitcoin’s Taproot technology, which enables more efficient, private transactions, may be partly to blame, Google’s Quantum AI team said Monday in a blog post and newly released whitepaper.
The team said the computing power required to break Bitcoin’s security may be far lower than previously thought, raising new questions about how quickly quantum threats can become a reality.
In a new white paper, researchers found that cracking the cryptography used by Bitcoin and Ethereum could require fewer than 500,000 physical quantum bits, or qubits, well below the “millions” often cited in recent years.
Google has previously pointed to 2029 as a potential milestone for useful quantum systems and said migration must come before that, making the paper’s finding that attacks may require less computing power more significant.
Quantum computers use qubits instead of traditional bits and can solve certain problems much faster than today’s machines. One of these problems is breaking the type of encryption that protects crypto wallets.
Google said it designed two potential attack methods that each require about 1,200 to 1,450 high-quality qubits. That’s a fraction of previous estimates and suggests the gap between current technology and a viable attack may be smaller than investors think.
The research also outlines how such an attack could work in practice.
Instead of targeting old wallets, a quantum attacker could go after real-time transactions. When someone sends bitcoin, a piece of data called a public key card is revealed. A fast enough quantum computer could use this information to calculate the private key and redirect the funds.
Under Google’s model, a quantum system could prepare part of the calculation in advance and then complete the attack in about nine minutes when a transaction appears. Bitcoin transactions typically take about 10 minutes to confirm, giving an attacker about a 41% chance of cracking the original transfer.
Other cryptocurrencies like Ethereum may be less exposed to this specific risk because they confirm transactions faster, leaving less time for an attack.
The paper also estimates that about 6.9 million bitcoins, about a third of the total supply, are already sitting in wallets where the public key has been exposed in some way. That includes about 1.7 million bitcoins from the network’s early years, as well as funds affected by address recycling.
This number is far higher than recent estimates from CoinShares, which claimed that only about 10,200 bitcoins are concentrated enough to move markets significantly if stolen.
The taproot problem
The results also shed new light on Taproot, Bitcoin’s 2021 upgrade. While Taproot improved privacy and efficiency, it also made public keys visible on the blockchain by default, removing a layer of protection used in older address formats.
Google researchers say design choices could expand the number of wallets vulnerable to future quantum attacks.
Google is also changing how it shares sensitive security research. Instead of releasing the step-by-step details of how to break cryptosystems, the team used a technique called a zero-knowledge proof to prove its results are accurate without revealing the method itself. It gives others the opportunity to verify the results and at the same time limit the risk that the research may be misused.
The takeaway for investors is not that quantum computers are about to break crypto, but that the timeline may be shorter and the risks wider than previously thought.
