Safeguarding cryptocurrency by disclosing quantum vulnerabilities responsibly

2026-03-31 · Source: The latest research from Google · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy, Blockchain & Distributed Ledger Technology · Depth: Expert, short

Summary

Google Quantum AI researchers, Ryan Babbush and Hartmut Neven, have published a whitepaper detailing new quantum resource estimates for breaking 256-bit elliptic curve cryptography (ECDLP-256), which underpins most cryptocurrencies. Their findings indicate that future quantum computers could break this encryption with significantly fewer qubits and gates than previously thought, specifically using less than 1,200 logical qubits and 90 million Toffoli gates, or less than 1,450 logical qubits and 70 million Toffoli gates. These circuits could run on a superconducting qubit CRQC with under 500,000 physical qubits in minutes, representing a 20-fold reduction in physical qubits. Google advocates for a transition to post-quantum cryptography (PQC) and has developed a zero-knowledge proof method for responsible disclosure of these vulnerabilities, engaging with the U.S. government to share findings without providing a roadmap for malicious actors.

Key takeaway

For CTOs and security architects evaluating long-term cryptographic strategies, this research underscores the urgent need to integrate post-quantum cryptography (PQC) into blockchain and cryptocurrency systems. Your teams should prioritize PQC migration, aligning with Google's 2029 timeline, and implement practices like avoiding wallet address reuse to mitigate immediate risks. Proactive adoption of PQC is critical to safeguard digital assets against emerging quantum threats and maintain public confidence.

Key insights

Future quantum computers may break elliptic curve cryptography with significantly fewer resources than previously estimated.

Principles

• Responsible disclosure requires verifiable proof without attack details.
• PQC is essential for long-term blockchain security.

Method

A zero-knowledge proof allows third-party verification of quantum resource estimates for cryptographic attacks without revealing sensitive circuit details, mitigating "Fear, Uncertainty, and Doubt" (FUD).

In practice

• Transition blockchains to post-quantum cryptography.
• Avoid reusing vulnerable cryptocurrency wallet addresses.

Topics

• Quantum Cryptanalysis
• Elliptic Curve Cryptography
• Post-Quantum Cryptography
• Quantum Resource Estimates
• Responsible Vulnerability Disclosure

Best for: CTO, Research Scientist, VP of Engineering/Data, AI Security Engineer, AI Scientist, AI Architect

Related on AIssential

• SoK: Post-Quantum Cryptography (PQC) Implementation in Software Systems — PQC implementation is a socio-technological challenge requiring integrated Human, Organizational, and Technological approaches, not just technical solutions.
• Crypto Faces Increased Threat From Quantum Attacks — Quantum computers pose a cryptographic threat sooner than expected, necessitating an urgent transition to post-quantum algorithms.
• Post‑Quantum Security: How Lattice Cryptography Keeps Data Safe — Lattice cryptography offers quantum-safe security by leveraging mathematical problems too complex for even quantum computers.
• Secure Coding Drift in LLM-Assisted Post-Quantum Cryptography Development: A Gamified Fix — The reliance on LLMs in PQC development causes "Secure Coding Drift," a socio-technical vulnerability degrading secure coding practices.
• How Spain’s ICFO Helped Build a Quantum Security Startup for the AI Era — Photonic quantum random number generators provide verifiable, high-quality entropy crucial for AI and post-quantum cryptography.
• The Rise of Crypto Agility: How to Secure Systems for the Quantum Era — Crypto agility enables rapid adaptation of cryptographic mechanisms to new threats and technologies without disrupting systems.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by The latest research from Google.