A new Google research paper suggests breaking Bitcoin’s encryption may require significantly fewer resources than previously thought, partly due to the network's 2021 Taproot upgrade.
Back
Back
Google says 1 Bitcoin upgrade makes quantum attacks easier
New research from Google’s Quantum AI team found that breaking Bitcoin’s core cryptography may require fewer than 500,000 physical qubits, with the network’s 2021 Taproot upgrade potentially widening the attack surface for future quantum computers. The findings challenge long-held assumptions about the timeline for quantum threats, suggesting attackers could one day steal bitcoin from about 6.9 million already-exposed wallets.
“Breaking Bitcoin's blockchain with quantum computers may not be as difficult as once thought, and Bitcoin’s Taproot technology, which enables more efficient, private transactions, may be partly to blame,” Google's Quantum AI team said Monday in a blog post accompanying a new whitepaper. The team stressed that such attacks are not imminent but urged an earlier migration to post-quantum standards.
The paper outlines a real-time attack on in-flight transactions, where a quantum computer could derive a private key from a broadcasted public key in about nine minutes. With Bitcoin’s average 10-minute block time, an attacker would have a roughly 41 percent chance of success, redirecting funds before the original transaction confirms. This is a stark contrast to faster-finality chains like Ethereum, which may be less exposed to this specific vector.
The research puts a hard number on a threat many considered theoretical for another decade. Google’s own corporate deadline to make its systems quantum-resistant by 2029 lends weight to the urgency, creating an external timeline that Bitcoin’s decentralized governance structure is ill-equipped to meet. While Ethereum has an eight-year roadmap for the transition, Bitcoin’s response has been comparatively muted.
The Taproot Problem
The findings cast a new light on Taproot, Bitcoin’s most significant upgrade since 2017. While the upgrade introduced privacy and efficiency benefits by making complex transactions look like simple ones, it also made public keys visible on the blockchain by default. According to Google’s researchers, this design choice removes a layer of protection inherent in older address formats, potentially expanding the pool of wallets vulnerable to a future quantum attack.
Prior to Taproot, public keys were only revealed when a user spent from an address. Now, for many transactions, they are visible from the start, giving a potential quantum attacker a permanent, open target. This adds to the 6.9 million bitcoin—roughly one-third of the total supply—already sitting in wallets where public keys have been exposed through address reuse or use of older Pay-to-Public-Key formats.
A Tale of Two Blockchains
The divergent responses from the two largest cryptocurrency networks highlight a fundamental governance challenge. Spurred by warnings from co-founder Vitalik Buterin and others, the Ethereum Foundation has been actively working on a post-quantum transition since 2018. This week, it launched pq.ethereum.org, a dedicated hub for a detailed, multi-fork migration plan involving more than 10 client teams.
Bitcoin has no such coordinated effort. While proposals like BIP-360 for quantum-resistant addresses exist, there is no consensus, funding, or timeline for a network-wide upgrade. Prominent Bitcoin advocate Nic Carter of Castle Island Ventures called Ethereum’s strategy “best in class” while labeling Bitcoin’s approach “worst in class,” warning the lack of a coherent roadmap could harm the asset’s long-term standing.
“Elliptic curve cryptography is on the brink of obsolescence,” Carter wrote on X. “Whether it's 3 or 10 years, it's over and we need to accept that. The only thing that matters is how quickly blockchain developers recognize that they need to bake in cryptographic mutability into their networks.”
The question is no longer if, but when, quantum computers will pose a threat. Google, the Ethereum Foundation, and now even staunch Bitcoiners agree it’s a matter of years, not decades. As Casa co-founder Jameson Lopp noted, migrating a decentralized network could take five to 10 years alone. With Google’s 2029 deadline looming, the clock is ticking louder than ever.
This article is for informational purposes only and does not constitute investment advice.
[1] Watch out Bitcoin devs. Google says post-quantum migration needs to happen by 2029. - CoinDesk[2] Breaking Bitcoin with quantum may be easier than thought, with Taproot partly to blame, Google says[3] Google Says Quantum Breakthroughs May Be Closer: Should Crypto Holders Worry?[4] Google Sets 2029 Deadline to Deal With Quantum Threat—Is It a Problem for Bitcoin?[5] Breaking Bitcoin with quantum may be easier than thought, with Taproot partly to blame, Google says[6] Watch out Bitcoin devs. Google says post-quantum migration needs to happen by 2029.[7] Warren probes China-based Bitmain over US security concerns: Report[8] Google Confirms High-Risk Update For 3.5 Billion Chrome Users
