Quantum + AI cuts crypto‑breaking qubits

A quantum computer stores information in qubits, and researchers now say future machines may need far fewer of them to break crypto wallets than earlier estimates suggested. (arxiv.org) The new estimate comes from a March 30, 2026 paper by Google Quantum AI researchers with co-authors from the Ethereum Foundation and Stanford University. They wrote that breaking the 256-bit elliptic curve math used by Bitcoin and Ethereum could take fewer than 1,200 logical qubits or fewer than 500,000 physical qubits on a superconducting machine under their hardware assumptions. (arxiv.org) That math problem is called the elliptic curve discrete logarithm problem, and it underpins the digital signatures that prove a wallet owner authorized a transaction. The paper says Shor’s algorithm, a quantum method for solving some hard math problems quickly, can run in minutes on a future “cryptographically relevant quantum computer” if error rates and control speeds are good enough. (arxiv.org) The change is in the estimate, not in today’s hardware. Google said on March 31 that it was publishing resource numbers and a zero-knowledge proof to let others verify the result without releasing the full attack circuits. (research.google) Google’s researchers said their circuits cut the physical-qubit estimate by about 20 times versus earlier single-instance estimates for the same 256-bit problem. That is why social posts boiled the result down to “about tenfold,” even though the paper and Google’s blog describe a larger reduction under the paper’s baseline comparison. (research.google) Bitcoin and Ethereum do not face the same exposure. The paper says a fast enough superconducting machine could mount an “on-spend” attack against some Bitcoin transactions by deriving a private key after the public key appears in the mempool, while Ethereum accounts become vulnerable after a first transaction makes the public key permanently visible onchain. (arxiv.org) Cointelegraph reported Google’s estimate as fewer than 500,000 physical qubits and said the work implied a private key could be recovered in roughly 9 to 12 minutes in the paper’s attack model. The outlet also cited Ethereum researcher Justin Drake, a paper co-author, saying his confidence in “Q-Day by 2032” had risen. (cointelegraph.com) The paper does not say such a machine exists now. Quantinuum said its Helios system, introduced in late 2025, has 98 physical qubits, which is still orders of magnitude below the hundreds of thousands of physical qubits assumed in Google’s attack estimate. (quantinuum.com) Google’s paper ends with a policy and engineering message rather than a prediction of immediate theft. The authors urged vulnerable cryptocurrency communities to start migrating to post-quantum cryptography “without delay,” because the new result narrows the gap between theory and the machines that would be needed to exploit it. (arxiv.org)