Author: Justin Drake, Researcher at the Ethereum Foundation
Compiled by: Chopper, Foresight News
On March 31st, the Google Quantum AI team published a landmark paper on the Shor algorithm for elliptic curve cryptography. Technically, this paper represents a major breakthrough: the algorithm's efficiency was improved by a full factor of 10 compared to the previous best-known solution. The team chose the secp256k1 elliptic curve, which underpins Bitcoin and Ethereum signatures, for their optimization demonstration—serving both as a technical showcase and a stark warning to the blockchain industry.
However, the most intriguing aspect of this paper lies not in its technical content, but in its unprecedented release protocol. The research team did not follow the standard academic process of full public disclosure. The core optimization details were kept entirely confidential, with only a zero-knowledge proof (ZK) used to verify the validity of the optimization without leaking any technical specifics. Google's related blog post mentioned collaboration with U.S. government agencies during the project. This use of zero-knowledge proofs to enforce academic content control is a first in global academic history.
As one of the co-authors of this paper, I witnessed the events leading to this restricted publication firsthand. To be frank, I found several details of the entire process hard to reconcile with my principles. I firmly believe the public has a right to this information, but due to circumstances beyond my control, I cannot disclose the internal details. However, it must be stated that the Google team conducted itself with professionalism and rigor throughout, deserving recognition and praise.
Deliberate information control often backfires, and we are now witnessing the "Streisand effect" in action: the core optimization algorithm that Google sought to protect has already been independently recreated by French researchers. Even more unexpectedly, a crowdsourced, open-source challenge to crack the Shor algorithm has been launched. The website ecdsa.fail went live and broke the world record for Shor algorithm optimization within mere hours.
Algorithm Independently Recreated, Open-Source Challenges Proliferate
Just two months after Google's paper was published, French quantum expert André Schrottenloher was the first to decipher the core optimization logic. His paper, "Optimized Point Addition Circuits for Elliptic Curve Discrete Logarithms," was officially published on the arXiv preprint server today. Congratulations to André for leading the pack among top scholars working on this problem. Also publishing today, Craig Gidney, an authority in Shor algorithm optimization, revealed that he has known about this optimization approach for a full year but was prevented from publishing it due to control requirements.
While André's work recreates the main framework, it does not capture some of the subtle optimizations present in Google's original version and subsequent iterations. Significant optimization potential for the Shor algorithm remains, which is precisely the purpose of the ecdsa.fail challenge. The verification program originally built for the ZK proof was repurposed to automatically filter for effective optimization submissions. Currently, developers worldwide are continuously submitting detailed improvements. Measured by the product of logical qubit count and Toffoli gate count, the overall circuit has achieved an 8.4% efficiency improvement over Google's original version.
The participation in this research fervor has exceeded industry expectations, extending far beyond leading academics. Over the past few weeks, a large number of amateurs, inspired by the "self-research" approach advocated by figures like Karpathy (a top global AI scientist and OpenAI founding member), have used AI to iteratively optimize the Shor algorithm. Ironically, the verification program built for ZK proofs perfectly serves as the reward function for this AI-driven iteration. This new research model has a very low barrier to entry, with high-quality optimizations submitted even by non-professionals, including a teenager.
Neutral-Atom Quantum Tech Enters the Fray, Industry Predicts Q-Day Potentially Before 2032
The story doesn't end with Google. On the same day as Google's paper, the privacy startup Oratomic published its own research paper on the Shor algorithm, which quickly topped the trending chart on the academic rating site scirate.com.
Oratomic's conclusion is staggering: building upon Google's logical-layer optimizations and combining them with their own neutral-atom physical architecture optimizations, breaking secp256k1 cryptography using Shor's algorithm would require only ten thousand physical qubits—a number so low it颠覆s industry assumptions.
When I first read Oratomic's paper, I knew nothing about neutral-atom technology. Out of curiosity, I spent hundreds of hours in deep research, watching explanatory videos and interviewing multiple industry experts. My final conclusion: neutral-atom quantum technology is feasible and promising for practical implementation. Google's recent establishment of a neutral-atom quantum lab, a departure from its previous exclusive focus on superconducting qubits, is strong evidence. If you are concerned about Q-Day (the point when quantum computers can break commercial cryptography), the neutral-atom path cannot be ignored.
Interestingly, both the Google and Oratomic heavyweight papers completely avoid mentioning the practical impact of their findings on the timing of Q-Day, offering no predictions. However, the core purpose of white-hat cryptanalysis is precisely to assess the timeline for quantum decryption and help the industry prepare in advance, making this silence particularly unusual.
Drawing on Scott Aaronson's line of thought from his April 29th post, and combining publicly available information with non-public classified intelligence I am aware of, I offer this estimate: There is a 50% probability Q-Day arrives before 2032, and a 10% probability it arrives before 2030.
In contrast, the official U.S. government stance, led by the NSA and adopted by NIST (National Institute of Standards and Technology), sets a deadline of 2035, after which U.S. government agencies are prohibited from using cryptography vulnerable to quantum attacks. In hindsight, this estimate is severely disconnected from the pace of technological development and is largely obsolete. NIST will most likely be forced to significantly bring forward this deadline.
Post-Quantum Migration: Ethereum Plans Completion by 2029
While quantum risk warrants vigilance, there is no need for panic. Rushing to deploy immature post-quantum cryptographic systems could itself introduce security vulnerabilities. In my view, 2029 is a prudent migration window—about three and a half years from now. Google, the cloud service provider Cloudflare, and the Ethereum Foundation have all settled on this same timeframe.
Currently, most of my work involves coordinating with the Ethereum light client upgrade project to facilitate a smooth, end-to-end migration of Ethereum to post-quantum cryptography. The overhaul is massive: consensus-layer BLS signatures, data-layer KZG commitments, and execution-layer ECDSA signatures all need replacement. The entire upgrade plan is built upon hash-based cryptography and is thoroughly feasible.
Within the Ethereum Foundation, we have developed a tool called leanVM, powered by hash-based SNARKs. Thanks to the excellent work of Emile, Thomas, and others, its performance is well-proven. In terms of security, leanVM is a gem—it is a minimalist zkVM designed specifically for end-to-end formal verification and the highest level of security. Want to contribute? There are currently two $1 million programs. First is the Proximity Prize: solve a long-standing mathematical conjecture in coding theory to improve hash-based SNARKs and claim the million-dollar bounty. Second is the Poseidon Initiative: a $1 million prize for breaking Poseidon, a SNARK-friendly hash function.
