Bitcoin’s quantum deadline just moved up

On Monday, two research pieces about quantum cryptography dramatically slas hed the hardware requirements for cracking private keys to vast sums of digital assets, including over a million bitcoin (BTC) owned by Satoshi Nakamoto. By some estimates, the deadline to fork Bitcoin to post-quantum cryptography has accelerated by two orders of magnitude.

In other words, both research teams described multiplicative, not additive, advancements to quantum computing. Although the two teams approached different layers of the quantum stack, their improvements compound.

To summarize in brief, the number of physical qubits required to crack the elliptic curve signatures protecting the private keys of exposed BTC public keys has collapsed from roughly 9 million to as few as 10,000.

Google Quantum AI’s whitepaper, co-authored with Stanford researcher Dan Boneh and Ethereum Foundation’s Justin Drake, showed that fewer than 1,200 logical qubits and 90 million Toffoli gates using Shor’s algorithm might be able to solve the Bitcoin protocol’s 256-bit Elliptic Curve Discrete Logarithm Problem (ECDLP). On a superconducting quantum computer, that translates to fewer than 500,000 physical qubits, executing in minutes. Google called the result a 20-fold reduction over prior estimates.

Hours later, Oratomic, founded by Caltech and Harvard faculty, released its own breakthrough. Using new error-correcting tactics on ‘neutral atom’ quantum hardware, this team showed Shor’s algorithm running at private key-breaking speed with as few as 10,000 physical qubits. A faster variant using 26,000 qubits could crack a BTC private key using only its public key within roughly 10 days.

Google’s quantum computer could break Bitcoin in two ways

The multiplicative insight

Even though both research papers describe theoretical key-cracking abilities in the future, the superconducting breakthrough multiplies the effects of the neutral-atom breakthrough. As a result, timeline estimates for when such hardware will actually exist have advanced by several years.

Whereas many Bitcoin security experts estimated the risks of an attack on Satoshi’s BTC well into the 2030s or 2040s, these new techniques could bring that threat into the next five years.

Generally speaking, the total physical qubit count for a quantum attack equals the logical qubits the algorithm requires, multiplied by the physical qubits needed per logical qubit for error correction. Error correction is a critical step in quantum computing, as outputs are often unpredictable at such tiny states of matter.

Anyway, Google’s research paper certainly seems to have laid out a timeline to compress the first number, logical qubits. Its circuit optimizations cut logical qubits for Bitcoin’s ECDLP-256 from roughly 2,330 (a 2017 baseline) to under 1,200.

Oratomic compressed the second factor, error correction. Standard surface codes demand roughly 400 physical qubits per logical qubit. Oratomic’s lifted-product codes achieved encoding rates near 30%, yielding a ratio closer to 10:1, some 160 times more efficient than surface codes at equal error performance.

The prior state of the art, a 2023 paper by Daniel Litinski, estimated roughly 9 million physical qubits.

A crypto research outfit summarized the trajectory of breakthroughs in reducing the number of quantum operations to break ECC-256 by roughly five orders of magnitude since 2012.

1 billion physical qubits in 2012
20 million in 2019
Under 1 million in 2025
Under 25,000 in 2026

Bitcoin’s developers are still working on quantum

Pro-Ethereum researcher Drake wrote that his confidence in a cryptographic break before the year 2032 has increased significantly. He estimated at least a 10% chance a quantum computer recovers a secp256k1 ECDSA private key from an exposed BTC public key by that date.

Millions of BTC worth hundreds of billions of dollars sit in quantum-vulnerable addresses. Estimates of quantum-vulnerable BTC include 1.7 million in ancient pay-to-public-key outputs, including Satoshi-era mining rewards.

Bitcoin Improvement Proposal (BIP) 360, a formal proposal for post-quantum Bitcoin signatures, has struggled to gain traction among Bitcoin’s most influential developers.

Other work on a hard fork of Bitcoin node software also continues.

quantum computing may threaten classical cryptography, including the crypto that powers bitcoin transactions

if there’s even a chance that’s true, the bitcoin community should work to prepare and mitigate

the good news is that bitcoin devs are indeed working on it pic.twitter.com/ZBf369mXOG
— Alex Thorn (@intangiblecoins) March 19, 2026

Aggressive timelines and assumptions

Of course, the papers carry legitimate caveats. Google refused to publish its actual quantum circuits, instead validating them through a zero-knowledge proof. Drake acknowledged that the Oratomic result, relying on exotic qLDPC codes not yet demonstrated at scale, deserves some skepticism.

All nine Oratomic authors are shareholders in the company that could benefit from a fundraise on the tails of the media coverage.

Moreover, the two papers use different hardware platforms. Google assumes superconducting qubits, while Oratomic uses neutral atoms on distinct hardware. Combining their headline numbers into one physical product oversimplifies the difficulties of chemical engineering.

None of this changes the trend in quantum threats to Bitcoin, which are accelerating by the month. Google’s own 2029 migration timeline for internal cryptographic authentication suggests the company takes its own research seriously.

The US National Security Agency (NSA) wants national security systems on quantum-safe algorithms by 2030. The National Institute of Standards and Technology (NIST) similarly wants all US agencies off quantum-vulnerable cryptography by 2035.

Got a tip? Send us an email securely via Protos Leaks. For more informed news, follow us on X, Bluesky, and Google News, or subscribe to our YouTube channel.