The quantum computing power required to break the encryption that secures blockchains continues to decline, at least in theory, raising the question of whether the industry can migrate to quantum-resistant platforms before they become vulnerable at an affordable cost.
A new paper by Caltech and quantum startup Oratomic suggests a system with around 26,000 qubits could break ECC-256, the encryption standard that secures the Bitcoin and Ethereum blockchains, in about 10 days. RSA-2048, used by financial institutions to secure their Web2 platforms, is more challenging, they found.
The researchers found the cryptography protecting bitcoin
Qubits are the basic units of quantum computers, similar to bits in traditional machines. They are a measure not of speed, like gigahertz or teraflops, but rather reflect the scale of the system, closer to the number of cores or transistors in a chip.
The paper, posted Monday to the arXiv preprint server, landed alongside a Google Quantum AI whitepaper that pegged the threshold at fewer than 500,000 physical qubits.
The two are closely connected: the Oratomic team uses Google’s quantum circuits designed to break 256-bit elliptic curve cryptography, the system securing bitcoin and ether wallets, and shows a neutral-atom setup — laser-controlled atoms acting as qubits — could run them with about a 50th of the qubits Google estimated.
Together, the papers mark one of the sharpest compressions yet in the timeline of quantum threats. Estimated requirements for running Shor’s algorithm, the quantum method for breaking public-key encryption, have now fallen five orders of magnitude in two decades, from roughly 1 billion physical qubits in 2012 to about 10,000 today.
Those gains translate into clearer timelines for potential attacks.
Under the paper’s assumptions, a system with around 26,000 qubits could break ECC-256, the encryption standard that secures the Bitcoin and Ethereum blockchain, in about 10 days, effectively allowing a quantum computer to derive private keys and take control of funds.
RSA-2048, used by financial institutions to secure their web2 platforms, would require closer to 102,000 qubits and roughly three months in a highly parallelized setup. Elliptic curve cryptography is more exposed because it achieves comparable security with smaller keys, making it easier work for a quantum machine.
That roughly 10-day window makes the rapid “on-spend” attack outlined in Google’s paper, where a quantum computer cracks a key in minutes and front-runs a live bitcoin transaction, unlikely under these assumptions.
It does little, however, to reduce the longer-term risk to funds already sitting in vulnerable addresses, including an estimated 6.9 million BTC tied to early wallets and reused addresses.
That framing comes with caveats. All nine authors are shareholders in Oratomic, with six employed by the company, positioning the paper as both a scientific result and a roadmap for its hardware approach.
The direction, however, is becoming harder to ignore. The question is no longer whether quantum systems can break crypto, but whether the industry can migrate before the cost of doing so collapses further.
