Breaking Bitcoin’s blockchain with quantum computers may not be as difficult as previously thought, and Bitcoin’s Taproot technology, which allows for more efficient private transactions, may be partly to blame, Google’s Quantum AI team said Monday in a blog post and newly published white paper.
The team said the computing power required to break Bitcoin’s security could be much lower than previously thought, raising new questions about how quickly quantum threats could become a reality.
In a new white paper, researchers found that cracking the cryptography used by Bitcoin and Ethereum could require fewer than 500,000 physical quantum bits, or qubits, well short of the “millions” often cited in recent years.
Google has already discussed 2029 as a potential milestone for useful quantum systems, saying the migration must happen before then, making the paper’s conclusion that attacks could require less computing power more significant.
Quantum computers use qubits instead of traditional bits and can solve certain problems much faster than current machines. One of these problems is breaking the type of encryption that protects crypto wallets.
Google said it has designed two potential attack methods, each requiring around 1,200 to 1,450 high-quality qubits. That’s just a fraction of previous estimates and suggests the gap between current technology and a viable attack may be smaller than investors think.
The study also shows how such an attack could work in practice.
Rather than targeting legacy wallets, a quantum attacker could attack real-time transactions. When someone sends Bitcoin, a piece of data called a public key is briefly revealed. A sufficiently fast quantum computer could use this information to calculate the private key and redirect funds.
Under Google’s model, a quantum system could prepare part of the calculation in advance, then complete the attack in about nine minutes once a transaction appears. Confirmation of Bitcoin transactions typically takes around 10 minutes, giving an attacker around a 41% chance of canceling the initial transfer.
Other cryptocurrencies like Ethereum may be less exposed to this specific risk because they confirm transactions more quickly, leaving less time for an attack.
The paper also estimates that about 6.9 million bitcoins, or about a third of the total supply, are already in wallets where the public key has been exposed in some way. This includes approximately 1.7 million bitcoins from the network’s early years, as well as funds affected by address reuse.
This figure is much higher than CoinShares’ recent estimates that only about 10,200 bitcoins are concentrated enough to move markets significantly if stolen.
The Taproot Problem
The results also shed new light on Taproot, Bitcoin’s 2021 upgrade. While Taproot improved privacy and efficiency, it also made public keys visible on the blockchain by default, removing a layer of protection used in older address formats.
Google researchers say the design choice could increase the number of wallets vulnerable to future quantum attacks.
Google is also changing how it shares security-sensitive searches. Rather than divulge step-by-step details on how to break cryptosystems, the team used a technique called zero-knowledge proof to prove their findings are correct without exposing the method itself. This allows others to verify the results while limiting the risk of the research being misused.
The takeaway for investors is not that quantum computers are on the verge of breaking crypto, but that the timeline could be shorter and the risks broader than previously thought.
