A team of Google researchers just set a new date for post-quantum cryptography migration:
the year 2029. Among other things, this means that Bitcoin, as well as many other cryptocurrencies, needs to adopt new cryptographic techniques that are resilient to quantum attacks within three years.
Google announced the new timeline in a blog post. "Quantum computers will pose a significant threat to current cryptographic standards, and specifically to encryption and digital signatures," the post said.
In terms of actual science, two important papers were published on 30 March. One is signed by Google researchers, the other by a startup called Oratomic (with ex-Googlers and Caltech folks on board). The papers are a dense read for anyone who's not an expert in cryptography, but can be simplified to this: They describe new ways to break some very important cryptographic systems using quantum computers, with far fewer resources (10x) than previously thought.
This is relevant for Bitcoin because it makes it far more likely that someone can build a quantum computer capable of deriving a Bitcoin private key from a Bitcoin public key. In fact, so much more likely that Google decided not to show the actual quantum circuits they used to do this, instead showing a mathematical proof that this is possible.
Justin Drake, one of the researchers that co-signed the Google paper, has a good overview. "A superconducting quantum computer, the type Google is building, could crack keys in minutes," he wrote.
Important point: As Adam Back, an important Bitcoin expert, pointed out, Bitcoin (the network) does not use encryption. What Google has found doesn't mean someone can intercept transactions on the Bitcoin network; instead, they could crack someone's private key, and when you have someone's private key, you have their coins.
In fact, it's a bit more complex than that. The two papers above reference Shor's algorithm, a quantum algorithm developed by Peter Shor back in 1994, that makes it a lot faster to break certain types of encryption with quantum computers.
Shor's algorithm could be used to derive a Bitcoin private key from a public key, but only in certain cases. This includes some old Bitcoin addresses, including those used by Bitcoin's elusive creator Satoshi Nakamoto himself; this is notable, as these addresses hold over one million bitcoins, meaning that the potential prize for someone cracking them is in the tens of billions of dollars (not to mention the havoc it would cause on the network as everyone scrambled to figure what's next).
Newer addresses can also be cracked, but not until they're broadcasted within a transaction, meaning there's a short (typically 10-minute long) window in which someone could use Shor's algorithm to get that private key. No known quantum computer that could do this exists right now, even considering the optimizations found by Google and Oratomic researchers. But it's not unfathomable that someone builds it in the future.
Bitcoin is traditionally slow to make any changes. Adam Back, in particular, advised in 2025 that "some quantum readiness" should be added in the next five years, though he said he's not expecting it to be used "in a few decades."
In contrast, the new papers demonstrate that the quantum threat for Bitcoin is much closer than that, and that serious action should probably be taken now.
What can be done? Google's paper suggest ways in which blockchains (including Bitcoin) could mitigate the issue. This includes simple steps such as moving coins from old addresses to new ones if possible, but also updating protocols to include post-quantum cryptography. This process is not easy for large, established cryptocurrency networks, and it may take years to even agree on a best solution (an internal strife over block size on Bitcoin's network took about two years to resolve), let alone implement it.
