The reaction from the crypto industry was that a quantum computing threat was still far off when Google unveiled its Willow quantum chip in December 2024.
Bitcoin uses SHA-256 for mining and ECDSA for signatures, both of which are theoretically vulnerable to quantum decryption, but the consensus was that the threat was decades away. Breaking the encryption would require millions of physical qubits (a unit of information in quantum systems). Willow was only 105.
That story has changed marginally sixteen months later and Google isn’t ruling anything out.
The company announced this week that it will set a 2029 deadline to migrate its authentication services to post-quantum cryptography, citing advances in quantum hardware, bug fixes, and factorization resource estimates.
Google’s security engineering team wrote that quantum computers “will pose a significant threat to current cryptographic standards, and specifically to encryption and digital signatures,” and that the threat to digital signatures specifically “requires transitioning to PQC before a cryptographically relevant quantum computer.”
These risks are not theoretical. The Android 17 mobile operating system already integrates post-quantum digital signature protection. Chrome now supports post-quantum key exchange. Google Cloud offers post-quantum solutions to enterprise customers.
Here’s why it’s important
Classical computers process information as bits, each a 0 or 1, and solve problems by testing possibilities one at a time. Quantum computers use qubits that can exist as 0 and 1 simultaneously, a property called superposition, which allows them to explore a large number of possibilities in parallel.
For most everyday tasks, the advantage is negligible. But for specific problems like factoring the large prime numbers that underpin modern encryption, a sufficiently powerful quantum computer could solve in minutes what would take a classical machine more time than the age of the universe.
Bitcoin uses ECDSA (Elliptic Curve Digital Signature Algorithm) to sign transactions, which is exactly the category of cryptography that Google noted requires migration before a quantum computer capable of breaking it arrives.
A sufficiently powerful quantum computer running Shor’s algorithm could derive private keys from public keys, allowing an attacker to spend any bitcoin whose public key has been exposed on the blockchain.
Shor’s is a quantum computing method that can crack the math that protects passwords and wallets exponentially faster than regular computers.
When CoinDesk wrote about Willow in December 2024, the math was reassuring. Chris Osborn, founder of the Solana Dialect ecosystem project, put it clearly at the time: it takes approximately 5,000 logical qubits to run Shor’s algorithm against current encryption, and each logical qubit requires thousands of physical qubits for error correction.
That meant millions of physical qubits, compared to Willow’s 105. The gap seemed enormous.
What has changed is not the qubit count. It is the trajectory of error correction and the institutional response. Google went from demonstrating “subthreshold” bug fixing, meaning they could convert noisy physical qubits into usable logical ones for the first time, to setting a corporate migration deadline at 16 months.
When the company that builds quantum computers urges developers to migrate by 2029, it’s a sign that the gap is closing faster than the public timeline suggests.
Ethereum co-founder Vitalik Buterin had already called for urgency in October 2024, a month before Willow’s announcement.
“Quantum computing experts like Scott Aaronson have also recently begun to take much more seriously the possibility that quantum computers will actually work in the medium term,” Buterin wrote at the time.
“This has consequences across the entire Ethereum roadmap: it means that every piece of the Ethereum protocol that currently relies on elliptic curves will need to have some hash-based or quantum-resistant replacement.”
How Ethereum and Bitcoin Developers Are Responding
The contrast with how the two largest blockchain networks are responding could not be starker.
The Ethereum Foundation treated this as a directive and built accordingly. Eight years of work, now visible in weekly shipping development networks and a public roadmap with branch-level specificity.
Bitcoin’s governance model makes this type of coordinated response structurally more difficult. There is no Ethereum Foundation equivalent to funding and directing a multi-year engineering effort.
Protocol changes require broad consensus among a decentralized developer community that has historically moved slowly and deliberately, a feature of stability but a drawback when facing a deadline.
Bitcoin’s last major crypto upgrade, Taproot, required years of discussion before its activation in 2021.
Ethereum launched pq.ethereum.org this week, a hub dedicated to its post-quantum security effort that has been underway since 2018. The Ethereum Foundation’s post-quantum team, cryptography team, protocol architecture team, and protocol coordination team have spent eight years building toward a migration that affects every layer of the protocol.
More than 10 customer teams send devnets weekly through what the foundation calls PQ Interop. The roadmap maps out specific milestones across four upcoming hard forks, from a post-quantum key registry to a full PQ consensus.
Bitcoin, on the other hand, has no equivalent effort. There is no coordinated roadmap. No multi-team engineering program. No branching milestones.
Nic Carter, one of Bitcoin’s most prominent proponents and co-founder of crypto fund Castle Island Ventures, said the quiet part out loud this week.
“Elliptic curve cryptography is on the verge of obsolescence,” he wrote on
Carter directly contrasted the two approaches. Ethereum’s approach, he said, was “best in class,” describing how the network “meets and announces a specific and detailed PQ roadmap for 2029, sets it as a top strategic priority, integrates PQ into an ongoing roadmap, detailed FAQs, no fear, just action.”
Bitcoin’s approach, Carter said, was “the worst of its kind.” He noted that there is currently a group working on a quantum-related proposal that “has not received any buy-in from mainstream developers,” with developers pointing to isolated pieces of research as evidence of progress without having “a coherent strategy or roadmap.”
“Everyone knows I’m a bitcoiner and I would like to see bitcoin win,” Carter added. “I don’t say this to hurt feelings. I say this to stimulate action.”
However, the urgency is not universally shared.
Companies like CoinShares argue that fears of an imminent quantum threat to bitcoin are overblown, estimating that only about 10,200 BTC are concentrated enough in vulnerable legacy address types that their theft could cause “appreciable market disruption.”
The remaining exposed supply, about 1.6 million BTC in older public key payment addresses, is scattered across more than 32,000 separate wallets averaging about 50 BTC each, making them slow and unprofitable to decrypt individually, as CoinDesk reported at the time.
But the question is not whether quantum computing will eventually threaten blockchain cryptography. Google, the Ethereum Foundation, NIST, and now prominent Bitcoin advocates agree that this will be the case.
It’s about whether three years is enough time to migrate a global, decentralized protocol that has no central authority to set deadlines, no coordinated engineering team to execute them, and a culture that treats urgency with suspicion.
Ethereum’s answer is that eight years of preparation put it in a position to execute the migration across four hard forks. Google’s answer is that 2029 is the deadline and the migration is already underway in its products.
Bitcoin’s response, so far, is silence. And as Carter warned, “ETHBTC will begin to reflect the divergence in prioritization” if that silence continues.
