- Google Quantum AI says 256-bit elliptic curve cryptography could be broken with fewer than 500,000 physical qubits in a matter of minutes.
- The new estimate cuts prior resource assumptions by roughly 20 times and sharpens pressure on the crypto sector to move toward post-quantum cryptography.
Google Quantum AI has put the crypto industry on notice again, this time with a more pointed number attached to the warning.
In a new whitepaper and accompanying research note published Tuesday, Google said cracking the 256-bit elliptic curve discrete logarithm problem, the math behind widely used wallet security, may require far fewer quantum resources than previously assumed.
The company estimates that such an attack could be executed in a few minutes using fewer than 500,000 physical qubits, assuming hardware consistent with some of its own superconducting quantum systems.
A smaller qubit threshold and less room for delay
That matters because elliptic curve cryptography is deeply embedded in crypto infrastructure. Wallet signatures, key management and a broad chunk of blockchain security still rely on it.
Google said its updated circuits for Shor’s algorithm would need fewer than 1,200 logical qubits and 90 million Toffoli gates in one version, or fewer than 1,450 logical qubits and 70 million Toffoli gates in another.
The headline change is the reduction. Google said the new estimate represents an approximately 20-fold drop in the number of physical qubits needed to break ECDLP-256. That is not the same as saying a practical attack is around the corner, but it does bring the timetable into sharper focus.
Crypto’s post-quantum clock is ticking louder
Google is urging the industry to accelerate its migration to post-quantum cryptography, pointing to its own 2029 migration timeline and arguing that viable defenses exist, even if implementation will take time. The company also said it used zero-knowledge proofs to let third parties verify the research without exposing the underlying quantum circuits in full, a move meant to balance disclosure with caution.
For crypto, the implication is fairly plain. The debate is shifting away from whether post-quantum upgrades will be needed and toward how quickly chains, wallets and custodians can make them without breaking everything around them.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
