AI narrows quantum crypto risk

A Bitcoin wallet is protected by a private key, which works like the only key that fits one lock. A quantum computer threatens that lock because Peter Shor’s algorithm can turn a public key back into a private key much faster than ordinary computers can. (research.google.com) A qubit is the basic unit inside a quantum computer, and a logical qubit is the error-corrected version that can survive noise long enough to do useful work. Google’s March 30, 2026 paper says the attack on the 256-bit elliptic curve problem behind many crypto systems could run with under 1,200 logical qubits in one design, or under 1,450 in another. (arxiv.org) Those logical qubits are not the same as the physical qubits you see in hardware announcements, because each logical qubit is built from many physical ones for error correction. Google’s estimate says a superconducting machine with fewer than 500,000 physical qubits could run the attack in minutes under its assumptions. (arxiv.org) That is the shift behind this week’s crypto panic: the math got cheaper before the machines arrived. Google says its new estimate is about 20 times lower than older estimates that sat in the millions of physical qubits. (research.google.com) Bitcoin is not equally exposed at every moment, because the public key is often hidden until a coin is spent. Google’s paper says the first fast-clock quantum machines could target public mempool transactions, which is the waiting room where a Bitcoin transaction sits before miners confirm it. (arxiv.org) Bitcoin’s average block interval is about 10 minutes, so a thief would need to solve the key before the next block closes the window. Google’s analysis says that could happen in about nine minutes in a future attack model, which is why the paper focuses on “on-spend” theft instead of some instant collapse of the whole chain. (cointelegraph.com) Taproot, the Bitcoin upgrade activated in November 2021, changed the shape of that exposure by letting payments go to Schnorr public keys with a pay-to-Taproot output. Bitcoin Optech describes Taproot outputs as payments to public keys, and several writeups on Google’s paper argue that this makes exposed-key coins easier to count and watch. (bitcoinops.org) Ethereum has a similar lock problem, but it shows up in more places because Ethereum uses public-key signatures for ordinary wallets and for validators that help run the chain. The Ethereum Foundation’s post-quantum page says the concentrated risk is in Elliptic Curve Digital Signature Algorithm keys for wallets and Boneh-Lynn-Shacham keys for validators, because a strong enough quantum computer could forge signatures and impersonate them. (ethereum.org) The “artificial intelligence” part of the story is not that a chatbot can crack Bitcoin today. The change came from better circuit design and optimization work, which is the same kind of search-and-improve process machine learning tools can accelerate inside research teams, and Google presented the result as a new resource estimate rather than a live attack. (research.google.com) There is still no machine anywhere near these thresholds, and even the more aggressive neutral-atom estimate reported after Google’s paper describes a future system with about 10,000 physical qubits, not a device anyone can buy or deploy now. The risk moved from “science fiction” toward “engineering roadmap,” which is why security teams are talking about migration years before “Q-Day” arrives. (blockhead.co) The practical answer is not to guess the exact year of the first dangerous machine. The National Institute of Standards and Technology finalized its first three post-quantum cryptography standards on August 13, 2024, and Google’s paper says vulnerable blockchain communities should start the same kind of migration without delay. (nist.gov, arxiv.org)