I had some free time these days and did a rough study on the impact of quantum computers on the blockchain ecosystem. It involves a lot of background knowledge in cryptography. Without going into too much detail, I’ll share a few points:
1) In the past, the academic consensus was that cracking 256-bit elliptic curve encryption would require roughly millions of physical qubits and about 6000 logical qubits. However, in this new paper published by Google, they didn’t introduce any groundbreaking new technology. Instead, they recompiled the execution of Shor’s algorithm on quantum circuits, reducing the required logical qubits to just 1200.
What does that mean? It means the computational cost has been reduced by nearly 20 times. This is the fundamental reason why the quantum threat is being hotly debated now. What we once thought was absolutely impossible has now started to have a "countdown".
2) Google has set this countdown deadline for the year 2029. This means that before this time, encryption methods including HTTPS, SSL bank certificates, SSH remote login, as well as the underlying ECDSA signature systems of public chains like BTC and Ethereum, must all undergo a "quantum-resistant" overhaul. Otherwise, they could face catastrophic consequences.
Regarding this point, 2029 is only about 3 years away, which I think is overly exaggerated. After all, there's still a significant gap from pure theory to practical implementation. But it at least indicates one thing: the time window for upgrading to quantum-resistant encryption algorithms has opened. It's not imminent, but it absolutely cannot be taken lightly;
3) If many people still don’t have a clear concept of the quantum threat, here are a few more specific attack surfaces:
1. Currently, about 25%-35% of addresses on the BTC chain have their public keys exposed. This includes early addresses from the Satoshi era that used the P2PK format, as well as all addresses that have been reused or have conducted transactions. These addresses are all within the scope of attack. For other addresses that haven’t conducted transactions, as long as a transaction is initiated after quantum computers mature, it could be intercepted and attacked within the 10-minute window of Mempool processing, effectively paralyzing the entire network.
2. The crisis facing Ethereum is even more direct. When an ETH EOA account sends its first transaction, the public key is exposed on-chain through the signature. Coupled with the data availability sampling mechanism after EIP-4844 and the consensus network that relies on PoS signature verification, the Ethereum public chain isn’t just facing the problem of whether private keys can be cracked. If the signature algorithm isn’t upgraded, the entire network becomes virtually useless.
3. Crucially, because blockchain transaction histories are traceable and permanently stored on-chain, even though quantum computer attack conditions aren’t mature yet, all past and present transactions with exposed public keys are recorded and become potential targets for attack, waiting for quantum machines to gradually become available.
4) Of course, since there is still a window for technological breakthroughs and time regarding quantum attacks, theoretically, as long as a "quantum-resistant" overhaul is completed within the next few years, self-rescue is possible.
Ethereum has long been making "engineering" optimizations to prepare for quantum threats. This includes promoting account abstraction to allow EOA addresses to directly switch signature schemes at the application layer, and moving validator signatures toward PQC encryption algorithms (Post-Quantum Cryptography, a new generation of encryption standards specifically designed to resist quantum attacks). These can strengthen quantum resistance from the underlying structure. Ethereum’s greatest strength is its ability to "refuel while flying"—its dynamic upgrade特性. Since the direction is clear, quantum resistance is only a matter of time.
Bitcoin has chosen to introduce BIP-360, which will incorporate post-quantum signature algorithms like FALCON or CRYSTALS-Dilithium. Technically, it’s not complex, but the difficulty lies in reaching consensus. Remember, the Bitcoin community argued for years over a block size fork. Expecting them to quickly compromise on a quantum-resistant hard fork is hard to be optimistic about. But once the threat becomes more "certain," even the most laid-back development community will have to bite the bullet and implement this self-rescue patch.
That’s all.
Finally, an interesting point: Google used zero-knowledge proofs (ZK) to disclose this potential quantum threat, consciously allowing it to have a "soft landing" from the start. After all, if it spirals out of control, it wouldn’t just be blockchain—it would be devastating for internet civilization. Additionally, there are Ethereum Foundation researchers involved in the Google Quantum AI team. Perhaps quantum resistance will become a mainstream narrative for blockchain in the future. After all, its natural基因 is cryptographic technology. Such a new mission is very Crypto!
