The quantum computing power required to break the encryption that secures blockchains continues to decline, at least in theory, raising the question of whether the industry can affordably migrate to quantum-resistant platforms before they become vulnerable.
A new paper from Caltech and quantum startup Oratomic suggests that a system with about 26,000 qubits can break ECC-256, the encryption standard that secures the Bitcoin and Ethereum blockchains, in about 10 days. RSA-2048, used by financial institutions to secure their Web2 platforms, is more challenging, they found.
The researchers found that the cryptography protected bitcoin and ether (ETH) wallets could be broken with as few as 10,000 physical qubits, collapsing previous estimates that, until this week, still ran into the hundreds of thousands.
Qubits are the basic units of quantum computers, similar to bits in traditional machines. They are not a measure of speed, like gigahertz or teraflops, but rather reflect the scale of the system, closer to the number of cores or transistors in a chip.
The paper, posted Monday to the arXiv preprint server, landed alongside a Google Quantum AI whitepaper that set the threshold at fewer than 500,000 physical qubits.
The two are closely related: The Oratomic team uses Google’s quantum circuits designed to break 256-bit elliptic curve cryptography, the system secures bitcoin and ether wallets, and shows a neutral-atom setup — laser-controlled atoms that act as qubits — could run them with about a 50th of the qubits Google estimated.
Together, the papers mark one of the sharpest compressions to date in the timeline of quantum threats. Estimated requirements to run Shor’s algorithm, the quantum method for breaking public key encryption, have now dropped five orders of magnitude in two decades, from about 1 billion physical qubits in 2012 to about 10,000 today.
These gains translate into clearer timelines for potential attacks.
Under the paper’s assumptions, a system with about 26,000 qubits could break ECC-256, the encryption standard that secures the Bitcoin and Ethereum blockchain, in about 10 days, effectively allowing a quantum computer to derive private keys and take control of funds.
RSA-2048, used by financial institutions to secure their web2 platforms, would require closer to 102,000 qubits and about three months in a highly parallelized setup. Elliptic curve cryptography is more exposed because it achieves comparable security with smaller keys, making it easier for a quantum machine to work.
The roughly 10-day window makes the fast “on-spend” attack outlined in Google’s paper, where a quantum computer cracks a key in minutes and front-ends a live bitcoin transaction, unlikely under these assumptions.
However, it does little to reduce the long-term risk to funds already sitting on vulnerable addresses, including an estimated 6.9 million BTC tied to early wallets and reused addresses.
That framing comes with caveats. All nine authors are shareholders in Oratomic, with six employed by the company, positioning the paper as both a scientific outcome and a roadmap for its hardware approach.
However, the direction is becoming harder to ignore. The question is no longer whether quantum systems can break crypto, but whether the industry can migrate before the cost of doing so collapses further.
