By Mackenzie Tatananni
An investment in quantum computing is popularly held as an investment in the future. Large-scale, highly performant systems are expected to arrive in the next few years, bringing with them transformative potential as well as new risks. Don't get too comfortable, Google says.
The Alphabet-owned subsidiary is working toward advancing its own quantum ambitions. Its Willow chip has been credited with kicking off much of the quantum hype at the end of 2024, bringing the nascent technology further into the spotlight.
Now, Google researchers have published a white paper indicating that Q-Day -- the point where quantum computers can crack the encryption protecting much of the world's data -- isn't a distant threat. And the company has pinpointed an exact year by which it's urging the public to prepare for this event.
The paper, uploaded to Cornell University's arXiv this week, focuses specifically on cryptocurrency. Crypto transactions rely on two keys: one private, one public. A private key is a very large, random, secret number that allows you to manage and access your funds. A public key, its complement, is shared openly in order to receive crypto.
The security of Bitcoin and other digital currencies relies on something called elliptic-curve cryptography. The assumption here is that existing computers are unable to reverse-engineer a private key from a public key. Fair enough -- classical computers wouldn't be able to do this in a feasible amount of time.
However, quantum computers are different. As Barron's previously reported, machines of the future may be able to execute something called Shor's algorithm: a quantum algorithm that can factor large numbers into their prime components.
The paper highlights a specific use case for Shor's algorithm called an "on-spend attack." When you send Bitcoin, your public key is briefly revealed to the network while the transaction sits in a memory pool waiting to be confirmed. The process takes roughly 10 minutes.
Researchers found that an optimized Shor's algorithm running on a "fast-clock" quantum computer, or one using a certain type of quantum architecture, could derive a private key from that public key in just nine to 12 minutes.
Crucially, researchers estimate that breaking the elliptic curve cryptography protecting Bitcoin and most major cryptos could require fewer than 500,000 physical qubits on a superconducting quantum computer. That's a roughly 20-times reduction from earlier estimates.
Researchers noted that up to 6.9 million Bitcoin are held in addresses where the public key is already exposed. As these keys are already public, a quantum system wouldn't be limited by the 10-minute window; it could use Shor's algorithm to crack into these wallets at any time.
Justin Drake, one of the paper's co-authors, remarked on social media that his confidence in Q-Day arriving by 2032 had "shot up significantly." Drake anticipates at least a 10% chance that a quantum system recovers a private key from an exposed public key by that year.
"I expect a narrative shift and a further R&D boost toward post-quantum cryptography," Drake wrote. While he conceded that he wasn't a "quantum expert," and that time was needed for the results, which weren't peer-reviewed, "to be properly vetted," he believes Google's estimates to be conservative based on interactions with the research team.
Consensus estimates generally place the event sometime in the 2030s, but Google expects Q-Day to arrive even sooner. In the company's view, a cryptographically relevant quantum computer could compromise most major blockchains by 2029.
Coincidentally, that timeline lines up with the date most quantum developers are targeting for the advent of large-scale, commercial-grade quantum computers. International Business Machines, widely held as Google's rival in quantum, aims to deploy a fault-tolerant supercomputer by that date.
In a blog post last week, Google encouraged enterprises to bulk up their cybersecurity measures to avoid getting left behind. "The threat to encryption is relevant today with store-now-decrypt-later attacks, while digital signatures are a future threat," the company wrote.
Google specifically is pushing for a transition to post-quantum cryptography, or the use of new, quantum-resistant algorithms to secure data against future attacks.
Write to Mackenzie Tatananni at mackenzie.tatananni@barrons.com
This content was created by Barron's, which is operated by Dow Jones & Co. Barron's is published independently from Dow Jones Newswires and The Wall Street Journal.
(END) Dow Jones Newswires
April 01, 2026 17:51 ET (21:51 GMT)
Copyright (c) 2026 Dow Jones & Company, Inc.
Comments