A new research paper from Google's Quantum AI division has detailed a practical attack scenario where a sufficiently powerful quantum computer could derive a Bitcoin private key in approximately nine minutes, creating a long-term existential threat to the cryptocurrency's security model.
The paper, co-authored by researchers from the Ethereum Foundation and Stanford University, outlines how Shor's algorithm can be optimized to break the elliptic curve cryptography (secp256k1) that underpins every Bitcoin transaction. "Shor’s algorithm allows a sufficiently powerful quantum computer to efficiently reverse this one-way function, turning a bitcoin public key into its corresponding private key and enabling theft," the original report states, highlighting the core of the threat.
The research reduces previous estimates for the number of physical qubits required for such an attack by a factor of 20, down to a range of less than 500,000. The attack capitalizes on Bitcoin's 10-minute average block confirmation time. An attacker could intercept a broadcasted transaction from the mempool, calculate the private key in nine minutes, and submit a competing transaction to steal the funds with a roughly 41% chance of success. More critically, an estimated 6.9 million Bitcoin, or about one-third of the total supply, are already held in wallets where public keys have been permanently exposed, leaving them vulnerable to an "at-rest" attack that does not face the same time constraint.
This development introduces a significant long-term risk that could erode confidence in Bitcoin's security model, currently valued with a market capitalization of over $1.5 trillion. While the necessary quantum hardware does not yet exist, the paper accelerates the timeline and provides a concrete blueprint for breaking what was once considered unbreakable. The vulnerability lies in the fundamental mathematics of public-key cryptography; a private key is used to create a public key in a process that is easy to perform but computationally impossible for classical computers to reverse.
Shor's algorithm, discovered in 1994, provides a method for quantum computers to solve this reverse operation efficiently by finding the period of a specific function. The Google paper's main contribution is optimizing the algorithm's implementation against Bitcoin's specific secp256k1 curve. By pre-computing parts of the algorithm that are constant for the curve, the machine can wait in a "primed" state, beginning the final calculation the moment a target public key is identified. This reduces the final computation time to the nine-minute window.
The threat landscape is twofold. The first is the "mempool race," targeting transactions in transit. The second, and more immediate concern once a capable machine is built, is the trove of 6.9 million BTC in addresses that have reused wallets, permanently exposing their public keys on the blockchain. These funds could be targeted without any race against the clock. The findings may increase focus on developing and implementing quantum-resistant cryptographic standards for Bitcoin and other digital assets.
This article is for informational purposes only and does not constitute investment advice.
