Breaking the Bitcoin blockchain with quantum computers may not be as difficult as previously thought, and Bitcoin’s Taproot technology, which enables more efficient private transactions, may be partly to blame, Google’s quantum AI team said Monday in a blog post and newly published whitepaper.
The team said the computing power needed to break Bitcoin’s security may be much less than previously assumed, raising new questions about how soon quantum threats could become a reality.
In a new white paper, researchers found that cracking the cryptography used by Bitcoin and Ethereum could require fewer than 500,000 physical quantum bits, or qubits, well below the “millions” often cited in recent years.
Google has previously pointed to the year 2029 as a potential milestone for useful quantum systems, saying the migration should come sooner, making the paper’s conclusion that attacks may require less computing power more significant.
Quantum computers use qubits instead of traditional bits and can solve certain problems much faster than current machines. One of those problems is breaking the type of encryption that protects crypto wallets.
Google said it designed two possible attack methods, each requiring approximately 1,200 to 1,450 high-quality qubits. This is a fraction of previous estimates and suggests that the gap between current technology and a viable attack may be smaller than investors think.
The research also describes how such an attack could work in practice.
Instead of attacking old wallets, a quantum attacker could go after transactions in real time. When someone sends bitcoins, a piece of information called the public key is briefly revealed. A fast enough quantum computer could use that information to calculate the private key and redirect the funds.
Under Google’s model, a quantum system could prepare part of the calculation in advance and then complete the attack in about nine minutes once a transaction appears. Bitcoin transactions typically take about 10 minutes to confirm, giving an attacker about a 41% chance of beating the original transfer.
Other cryptocurrencies like Ethereum may be less exposed to this specific risk because they confirm transactions faster, leaving less time for an attack.
The document also estimates that around 6.9 million bitcoins, about a third of the total supply, are already in wallets where the public key has been exposed in some way. That includes about 1.7 million bitcoins from the network’s early years, as well as funds affected by address reuse.
That figure is much higher than recent estimates from CoinShares, which argued that only about 10,200 bitcoins are concentrated enough to significantly move markets if they are stolen.
The taproot problem
The findings also shed new light on Taproot, Bitcoin’s upgrade for 2021. While Taproot improved privacy and efficiency, it also made public keys visible on the blockchain by default, removing a layer of protection used in older address formats.
Google researchers say the design choice could expand the number of wallets vulnerable to future quantum attacks.
Google is also changing the way it shares sensitive security research. Instead of publishing the step-by-step details of how to break cryptographic systems, the team used a technique called zero-knowledge proof to prove that their findings are accurate without exposing the method itself. That allows others to verify the results while limiting the risk that the research could be misused.
The bottom line for investors is not that quantum computers are about to disrupt cryptocurrencies, but rather that the timeline may be shorter and the risks broader than previously thought.
