Google Cuts Quantum Resources Needed to Break ECC, Raising Pressure on Crypto to Prepare for Post-Quantum Security
Google researchers say the quantum resources required to break the elliptic curve cryptography protecting Bitcoin, Ethereum, and many other blockchain systems may be far lower than previously estimated, a development that could accelerate pressure on the cryptocurrency industry to prepare for a post-quantum future.
In a new whitepaper, Google Quantum AI presented updated circuit constructions for the 256-bit elliptic curve discrete logarithm problem (ECDLP-256), the mathematical foundation behind widely used elliptic curve cryptography. For the 256-bit case, the researchers say the attack can be implemented using either about 1,200 logical qubits and 90 million Toffoli gates or about 1,450 logical qubits and 70 million Toffoli gates, depending on whether the circuit is optimized for qubit count or gate count.
That is the part of the announcement drawing the most attention. SecurityWeek reported that the revised estimate is roughly a 20x reduction compared with some prior assumptions about the resources needed to break cryptocurrency encryption, while Google’s own blog frames the result as a meaningful step toward understanding the real-world urgency of elliptic-curve migration.
The paper does not mean Bitcoin or Ethereum can be broken today. Google’s argument is about future feasibility once cryptographically relevant, fault-tolerant quantum computers become available. The company says these new estimates strengthen the case for moving sooner on post-quantum cryptography (PQC), particularly for systems that depend on elliptic curve signatures and key exchange.
According to Google’s blog, the company is now urging organizations to accelerate migration planning and is targeting key internal transition milestones by 2029. Broader reporting on the announcement notes that Google is warning a future quantum computer could threaten currently deployed public-key cryptography sooner than many organizations had expected.
One of the more interesting parts of the disclosure is how Google handled transparency. Instead of publishing the full optimized circuits in a way that would hand implementation details directly to others, the company released a zero-knowledge proof so external parties can verify the claims without receiving the underlying attack circuits themselves. That approach is meant to balance scientific verifiability with responsible disclosure concerns around security-sensitive optimization work.
The blockchain angle is especially important because elliptic curve cryptography is deeply embedded across wallets, transaction signing, consensus-related infrastructure, and broader Web3 ecosystems. If future quantum machines can solve ECDLP-256 more efficiently than previously believed, then the time available for protocol redesign, wallet migration, key rotation, and cryptographic transition planning may be shorter than many projects assumed. This is an inference based on the role of ECC in cryptocurrency systems and Google’s revised estimates.
The concern also extends beyond crypto. ECC is widely used in modern internet security, including authentication, certificates, and encrypted communications. Google’s messaging is therefore broader than digital assets alone: the company is using the cryptocurrency example as one of the clearest demonstrations of why organizations should not wait for a fully mature quantum computer before starting migration work.
At the same time, there is still uncertainty around timelines. External reporting notes that some experts believe cryptographically relevant quantum computers may not arrive until the 2030s or later, even as Google argues that preparation should happen now because of the combination of hardware progress, error-correction advances, and “store now, decrypt later” risk.
The broader lesson is not that blockchain encryption has suddenly collapsed. It is that the margin of safety may be shrinking faster than expected. Google’s updated estimates move the conversation from abstract long-term theory toward concrete engineering thresholds, and that makes post-quantum transition planning harder to postpone, especially for ecosystems like cryptocurrency where upgrading cryptographic foundations can take years of governance, implementation, and user migration. This is an analytical conclusion based on Google’s paper and public commentary around it.
Reference Links and Sources
