Written by: jsai@金财经

Is quantum computer really coming?

Recently, Google published two blog posts warning that the quantum era is coming, and all industries must seriously respond to quantum threats.

Key points of Google’s two announcements

1. Formulate a post-quantum cryptography migration timetable with the goal of completing it in 2029

Google officially announced in a blog on March 25, 2026 that it will significantly advance its internal Post-Quantum Cryptography (PQC) migration deadline to the end of 2029.

As for the reason for the advance, Google stated that based on its own progress in quantum computing (including the quantum error correction technology breakthrough of the Willow 105 qubit chip), the rapid development of quantum hardware, the optimization of error correction algorithms, and the significant reduction in quantum factorization resource estimates (for example, the qubits required to crack 2048-bit RSA have dropped from the previously estimated 20 million to about 1 million), it believes that the quantum Q-Day threat is coming faster than originally expected.

Q-Day refers to the moment when future quantum computers can effectively crack the current mainstream public key encryption systems (RSA and elliptic curve encryption ECC/ECDSA). Once it happens, existing encryption will face the risk of "instant cracking", affecting almost all confidential data in banks, governments, military and the Internet.

Google said that quantum computers would pose a significant threat to current encryption standards, especially encryption and digital signatures. Encryption faces existing threats, such as "store first, decrypt later" attacks; digital signatures are future threats that require a transition to PQC before deployment to cryptographically relevant quantum computers (CRQC). As a result, Google has adjusted its threat model to prioritize PQC migration of authentication services - an important component of network security and digital signature migration.

2. Cryptography-related quantum computers (CRQC) are gradually approaching reality

Future quantum computers may require fewer qubits and quantum gates than ever before to break the elliptic curve cryptography used to protect cryptocurrencies and other systems, according to a March 31, 2026 blog post and accompanying white paper.

In the white paper, Google shared its latest estimate of the quantum computing "resources" (i.e., qubits and quantum gates) needed to crack the 256-bit elliptic curve discrete logarithm problem (ECDLP-256, the basis of elliptic curve cryptography). Google expresses resource estimates in terms of the number of logical qubits (error-correcting qubits made up of hundreds of physical qubits) and Toffoli gates (expensive basic operations on qubits that are the main driver of execution time for many algorithms). Specifically, two quantum circuits (a series of quantum gates) implementing Shor's algorithm were written to crack ECDLP-256: one circuit used less than 1,200 logical qubits and 90 million Toffoli gates, and the other circuit used less than 1,450 logical qubits and 70 million Toffoli gates. Google estimates that these circuits can be executed in minutes using superconducting qubit CRQC with fewer than 500,000 physical qubits under the assumption that hardware performance meets the standards of some of Google's flagship quantum processors. This is about 20 times less than the number of physical qubits needed to solve ECDLP-256.

Google stated that with the continuous advancement of science and technology, Cryptography-related quantum computers (CRQC) are gradually approaching reality, which requires a transition to PQC. This is why Google recently launched a 2029 migration schedule.

Google’s two blog posts mark that the technology giant has officially moved the quantum threat from a “theoretical vision” to a “realistic engineering task within sight.”

What does this mean for BTC and ETH?

The core signature algorithms of Bitcoin and Ethereum are both ECDSA (based on secp256k1 elliptic curve), and the public key is usually exposed in transactions/addresses (especially traditional addresses and Taproot scenarios).

Once a quantum computer reaches a cryptography-related quantum computer (CRQC), it can reverse the private key from the public key to achieve fund theft or forged transactions. This poses a direct threat to addresses with "exposed public keys" ("harvest now, decrypt later" risk).

The common impacts are:

1. Fund security risk: Cold wallet/unspent UTXO is relatively safe if the public key is not exposed, but most of the assets on the chain have been exposed. After Q-Day, addresses that have not been upgraded may be stolen by quantum attacks.

2. Trust and adoption impact: Institutional investors may avoid "quantum insecure" chains, causing capital outflows or price fluctuations.

3. "Harvest Now, Decrypt Later": Attackers can collect encrypted data/public keys now and crack them when the quantum computer matures.

Although Bitcoin and Ethereum both face common threats, their responses differ significantly. The reasons may be rooted in their community culture.

BTC has higher risks and is slow to respond

The Bitcoin community is more conservative and decentralized. Upgrading requires the consensus of the entire network (soft fork/hard fork), and currently lacks a coordinated roadmap. Google's move is seen as "a wake-up call to Bitcoin developers." Many members of the Bitcoin community still believe that 2029 is too radical and the quantum threat has been exaggerated. However, Google's hardware progress has caused some people to re-evaluate.

Current status: There is no official network-wide PQC migration plan, and progress is slow. There are already proposals such as BIP 360 that provide partial quantum protection against Taproot's critical path costs, but a complete upgrade still requires community consensus.

Possible paths: introducing new opcodes/address types through soft forks to support PQC signatures; or developing quantum-safe wallet/address formats. Some developers are already discussing it, but the decentralized nature makes coordination difficult and time-sensitive.

Challenges: The Bitcoin community has widely divided opinions (many people believe that quantum computers cannot reach scale in the short term). If no action is taken before 2029, it may face "existential threats" and a loss of institutional confidence.

ETH is relatively more prepared and the roadmap has been formulated

Ethereum has been laid out eight years in advance, and the Post-Quantum Ethereum roadmap recently released by the Ethereum Foundation (EF) is highly aligned with the Google 2029 timeline.

EF believes that quantum "cryptography-related" threats may be 8-12 years away, but "work must start now."

Roadmap: EF has launched a dedicated website (pq.ethereum.org) and a "Strawmap"/four-phase (or seven-hard fork) roadmap, with the goal of completing Layer 1 protocol-level upgrades (including validator signatures, accounts, data storage, and certification systems) by 2029. Subsequent full migration of the execution layer may take several more years.

Specific measures: Use STARK-based or PQC signatures; gradually implement through multiple hard forks (such as "I", "J", etc.); have run the test network. Vitalik Buterin and others have publicly discussed quantum defense many times.

Advantages: The upgrade of the smart contract platform is more flexible, with a clear timetable and resources, and the progress is far beyond that of Bitcoin.

Conclusion

Regardless of BTC or ETH, users should pay attention to quantum-safe wallets (such as hardware wallets that support PQC signatures) as early as possible and migrate assets after the protocol is upgraded.

Google’s announcement has accelerated the quantum defense process in the entire encryption industry - Ethereum is already taking action, and Bitcoin needs to follow suit as soon as possible, otherwise the risk will be significantly amplified.

In the next few years, PQC compatibility will become the "standard feature" of blockchain.

If quantum hardware continues to advance at its current pace, 2029 will become an important watershed in the history of cryptocurrency security.