Google Urges Cryptocurrency Community to Transition to Post-Quantum Cryptography

Google is urging the cryptocurrency community to proactively adopt post-quantum cryptography, revealing new research that suggests existing security protocols could be vulnerable to future quantum computers with fewer resources than previously anticipated. A new whitepaper from Google Quantum AI details updated estimates for the quantum computing “resources” needed to break the elliptic curve cryptography underpinning many blockchains and other security systems; the research indicates this could be achieved with fewer than 500,000 physical qubits. Researchers have compiled quantum circuits implementing Shor’s algorithm for ECDLP-256 using less than 1,450 logical qubits and 70 million Toffoli gates, representing a roughly 20-fold reduction in required physical qubits. “We want to raise awareness on this issue and are providing the cryptocurrency community with recommendations to improve security and stability before this is possible,” said Ryan Babbush, Director of Research, Quantum Algorithms, and Hartmut Neven, VP of Engineering, emphasizing the need for a transition to post-quantum cryptography to ensure the long-term viability of digital currencies.

Google’s 2029 Post-Quantum Cryptography Migration Timeline

Google is actively addressing a looming threat to digital security: the advent of quantum computers capable of breaking current encryption standards. Researchers at Google Quantum AI have demonstrated that future quantum computers may compromise the elliptic curve cryptography safeguarding cryptocurrency and other systems with fewer computational resources than previously anticipated, prompting a proactive stance on mitigation. The company’s work, detailed in a new whitepaper, focuses on quantifying the quantum resources, qubits and gates, needed to crack the 256-bit elliptic curve discrete logarithm problem, the foundation of much current cryptographic security. This represents an approximately 20-fold reduction in the physical qubit count needed for such an attack, a significant refinement in algorithmic efficiency. The company has established a 2029 migration timeline, collaborating with organizations like Coinbase, the Stanford Institute for Blockchain Research, and the Ethereum Foundation, to prepare for this shift and ensure the long-term viability of cryptocurrencies.

Shor’s Algorithm Estimates: 1,200 Qubits & 70 Million Toffoli Gates

Recent advancements in quantum computing have prompted a reevaluation of the resources needed to compromise current encryption standards, specifically those underpinning cryptocurrency security. Google Quantum AI researchers have detailed updated estimates for executing Shor’s algorithm, a quantum algorithm capable of breaking the elliptic curve cryptography that protects digital assets, revealing a significant reduction in the computational demands previously understood. Their work, outlined in a new whitepaper, suggests that a quantum computer capable of cracking this encryption could require fewer qubits and gates than earlier projections indicated. These circuits, they estimate, could run on a superconducting qubit computer with fewer than 500,000 physical qubits in a few minutes, given current hardware assumptions. This represents a substantial optimization, as it is an approximately 20-fold reduction in the number of physical qubits required to solve ECDLP-256, and builds on a history of refining quantum algorithm compilation.

To responsibly share these findings, Google engaged with the U.S. government and developed a “zero-knowledge proof” to allow verification of their claims without revealing a blueprint for attack. The researchers advocate for transitioning blockchains to post-quantum cryptography, a method resistant to quantum attacks, and urge other teams to adopt similar responsible disclosure practices to safeguard users.

Zero-Knowledge Proofs Enable Responsible Vulnerability Disclosure

Google researchers are developing a novel approach to cybersecurity disclosure, moving beyond traditional methods to address the unique challenges posed by quantum computing. This method addresses a long-standing debate in computer security, balancing the need for transparency with the risk of providing instruction manuals for attacks. Google’s approach builds upon established principles of Responsible Disclosure and Coordinated Vulnerability Disclosure, but adds a crucial layer of protection against premature exploitation. As Babbush and Neven explain, unsubstantiated claims about quantum attacks can undermine confidence in blockchain technologies, creating a unique vulnerability. The zero-knowledge proof allows third parties to independently verify Google’s resource estimates for breaking ECDLP-256, the mathematical problem underpinning elliptic curve cryptography, without gaining access to the underlying quantum circuits. “We substantiate our resource estimates without sharing the underlying quantum circuits by publishing a state-of-the-art cryptographic construction called a ‘zero-knowledge proof’,” the researchers stated. Google urges other research teams to adopt similar practices, fostering a collaborative environment for responsible vulnerability disclosure and safeguarding the digital economy against future quantum threats.

Protecting Blockchains: Transitioning to Post-Quantum Cryptography (PQC)

The security underpinning many cryptocurrencies and blockchain technologies faces a growing threat from the anticipated arrival of large-scale quantum computers, prompting a proactive shift toward post-quantum cryptography. This represents a significant reduction in the scale of quantum hardware needed for an attack, accelerating the timeline for potential vulnerabilities. “PQC represents a well-understood path to post-quantum blockchain security, underwriting confidence in the long-term viability of cryptocurrencies and the digital economy in a world with CRQCs,” the researchers assert. The urgency stems from the fact that implementing viable solutions like PQC requires time, and proactive measures are essential to maintain trust in the digital economy.