The crypto industry’s reaction was that the threat of quantum computing was still distant when Google unveiled its Willow quantum chip in December 2024.
Bitcoin uses SHA-256 for mining and ECDSA for signatures, both of which are theoretically vulnerable to quantum decryption, but the consensus was that the threat was decades away. Breaking the encryption would require millions of physical qubits (a unit of information in quantum systems). Willow was only 105.
This story has changed slightly sixteen months later, and Google is not denying anything.
The company announced this week that it is setting a deadline of 2029 to migrate its authentication services to post-quantum cryptography, citing advances in quantum hardware, error correction and factorization resource estimation.
Google’s security engineering team wrote that quantum computers “will pose a significant threat to current cryptographic standards, and in particular to encryption and digital signatures,” and that the threat to digital signatures “specifically requires the transition to PQC before a cryptographically relevant quantum computer.”
These risks are not theoretical. The Android 17 mobile operating system already includes post-quantum digital signature protection. Chrome already supports post-quantum key exchange. Google Cloud offers post-quantum solutions to enterprise customers.
Here’s why it’s important
Classical computers process information in the form of bits, each a 0 or a 1, and solve problems by checking possibilities one by one. Quantum computers use qubits that can exist simultaneously as 0 and 1, a property called superposition, which allows them to explore a large number of possibilities in parallel.
For most everyday tasks, the benefit is negligible. But for specific problems like factoring the large prime numbers that underpin modern encryption, a sufficiently powerful quantum computer could solve in minutes what would take a classical machine longer than the age of the universe.
Bitcoin uses ECDSA (Elliptic Curve Digital Signature Algorithm) to sign transactions, which is exactly the category of cryptography reported by Google as requiring migration before the arrival of a quantum computer capable of breaking it.
A sufficiently powerful quantum computer running Shor’s algorithm could derive private keys from public keys, allowing an attacker to spend any bitcoin whose public key was exposed on the blockchain.
Shor’s is a quantum computing method that can solve calculations protecting passwords and wallets exponentially faster than normal computers.
When CoinDesk wrote about Willow in December 2024, the calculations were reassuring. Chris Osborn, founder of the Solana Dialect ecosystem project, made it clear at the time: around 5,000 logical qubits are needed to run Shor’s algorithm with current encryption, and each logical qubit requires thousands of physical qubits for error correction.
This meant millions of physical qubits, compared to Willow’s 105. The gap seemed huge.
What has changed is not the number of qubits. This is the trajectory of error correction and the institutional response. Google went from demonstrating “below threshold” error correction, meaning it could for the first time turn noisy physical qubits into usable logical bits, to setting a corporate migration deadline of 16 months.
When the company that builds quantum computers urges developers to migrate by 2029, it indicates that the gap is closing faster than the public timeline suggests.
Ethereum co-founder Vitalik Buterin was already calling for urgency in October 2024, a month before Willow’s announcement.
“Quantum computing experts such as Scott Aaronson have recently begun to take much more seriously the possibility that quantum computers will actually work in the medium term,” Buterin wrote at the time.
“This has implications for the entire Ethereum roadmap: it means that every element of the Ethereum protocol that currently relies on elliptic curves will need to be replaced by a hashing system or other quantum resistor.”
How Ethereum and Bitcoin developers are responding
The contrast with the reaction of the two largest blockchain networks could not be starker.
The Ethereum Foundation treated this as a directive and built accordingly. Eight years of work, now visible in weekly shipping devnets and a public roadmap with fork-level specificity.
Bitcoin’s governance model makes this type of coordinated response structurally more difficult. There is no equivalent Ethereum Foundation to fund and lead a multi-year engineering effort.
Protocol changes require broad consensus within a decentralized developer community that has always evolved slowly and deliberately, a characteristic of stability but a liability when faced with a deadline.
Bitcoin’s last major crypto upgrade, Taproot, required years of discussion before its activation in 2021.
Ethereum this week launched pq.ethereum.org, a platform dedicated to its post-quantum security efforts underway since 2018. The Ethereum Foundation’s Post-Quantum Team, Cryptography Team, Protocol Architecture Team, and Protocol Coordination Team spent eight years building a migration that touches every layer of the protocol.
More than 10 customer teams ship weekly devnets through what the foundation calls PQ Interop. The roadmap maps out specific steps in four upcoming hard forks, from a post-quantum key ledger to full PQ consensus.
Bitcoin, on the other hand, has no equivalent effort. No coordinated roadmap. No multi-team engineering program. No fork milestones.
Nic Carter, one of Bitcoin’s most prominent advocates and co-founder of crypto fund Castle Island Ventures, said the silent part out loud this week.
“Elliptic curve cryptography is on the brink of obsolescence,” he wrote on
Carter directly compared the two approaches. Ethereum’s approach, he said, was “best in class,” describing how the network “comes together and announces a specific, detailed PQ roadmap to 2029, sets it as a top strategic priority, integrates PQ into an ongoing roadmap, detailed FAQ, no fear, just action.”
Bitcoin’s approach, Carter said, was “worst in class.” He noted that there is currently a group working on a quantum-related proposal that has “received no buy-in from top developers,” with developers citing isolated pieces of research as evidence of progress while having “no coherent strategy, no roadmap.”
“Everyone knows I’m a bitcoiner and I’d like bitcoin to win,” Carter added. “Don’t say this to hurt feelings. Say this to incite action.”
The urgency, however, is not universally shared.
Firms such as CoinShares say fears of an imminent quantum threat to bitcoin are overblown and estimate that only about 10,200 BTC are concentrated enough in vulnerable legacy address types that their theft could cause “appreciable market disruption.”
The remaining exposed supply, around 1.6 million BTC in legacy Pay-to-Public-Key addresses, is scattered across more than 32,000 separate wallets averaging around 50 BTC each, making them slow and unprofitable to crack individually, as CoinDesk reported at the time.
But the question is not whether quantum computing will ultimately threaten blockchain cryptography. Google, the Ethereum Foundation, NIST, and now prominent Bitcoin advocates all agree on this.
It’s a question of whether three years is enough time to migrate a global, decentralized protocol that has no central authority to set deadlines, no coordinated engineering team to execute them, and a culture that treats urgency with suspicion.
Ethereum’s answer is that eight years of preparation put it in a position to execute the migration across four hard forks. Google’s response is that 2029 is the deadline, and the migration is already underway in its products.
So far, Bitcoin’s response is silence. And as Carter warned, “ETHBTC will begin to reflect the divergence in priorities” if this silence persists.
