Author: Justin Drake, Ethereum Foundation Researcher
Compiler: Chopper, Foresight News
On March 31st, the Google Quantum AI team published a landmark paper on the Shor elliptic curve cryptography algorithm. From a technical perspective, this paper is a significant breakthrough: the algorithm's efficiency has improved by a factor of 10 compared to the previous best solution. The team's choice to demonstrate the optimized calculations using the secp256k1 elliptic curve, which underpins Bitcoin and Ethereum signatures, serves both as a technical demonstration and a stark warning to the blockchain industry.
However, the most intriguing aspect of this paper lies not in its technology, but in its approach to industry norms. The research team did not follow the conventional academic publication process; the core optimization details were kept confidential throughout. They only used zero-knowledge proofs (ZK) to verify that the optimization scheme was valid without revealing any technical specifics. Relevant Google blogs mentioned that the project involved coordination with U.S. government agencies. Using zero-knowledge proofs to achieve academic content control is unprecedented in global academic history.
As one of the co-authors of this paper, I have witnessed the cause and effect of this restricted publication firsthand. To be honest, many details of the entire incident are difficult for me to accept. I have always believed that the public should have access to relevant information, but due to objective constraints, I cannot disclose the inside story. However, it must be stated that the Google team maintained a professional and rigorous approach throughout, worthy of recognition and praise.
Deliberately controlling information often backfires, and now the 'Streisand Effect' is in play: the core optimization algorithm that Google kept secret has been reproduced by French researchers. Even more unexpectedly, an open-source challenge for the public to collaboratively crack the Shor algorithm has been officially launched. Within just hours of the website ecdsa.fail going live, it broke the world record for Shor algorithm optimization.
Algorithm Independently Reproduced, Open-Source Public Challenge Flourishes
Just two months after the release of Google's paper, French quantum expert André Schrottenloher was the first to decipher this core optimization logic. His paper, titled 'Optimized Point Addition Circuits for Elliptic Curve Discrete Logarithms,' was officially published on the preprint site arXiv today. Congratulations to André for being the first among the top scholars studying this topic. Also publishing today, Craig Gidney, an authority in Shor algorithm optimization, revealed that due to control requirements, he had held this optimization approach for a full year without being able to publish it.
Although André's research replicated the main framework, it did not cover some of the subtle optimization space present in Google's original version and subsequent iterations. There remains significant untapped potential for optimizing the Shor algorithm, which is precisely the purpose of the ecdsa.fail challenge. The verification program originally used for zero-knowledge proof validation was repurposed to automatically filter effective optimization proposals. Currently, global developers are continuously submitting detailed improvements. Using the product of logical qubit count and Toffoli gate number as the metric, the entire circuit has achieved an 8.4% efficiency improvement compared to Google's original version.
The participants in this research fervor far exceed industry expectations, extending beyond top scholars. Over the past few weeks, a large number of enthusiasts, inspired by the self-guided research approach proposed by Karpathy (a globally top-tier AI scientist and OpenAI founding member), have used artificial intelligence to iteratively optimize the Shor algorithm. Ironically, the verification program originally built for ZK proofs perfectly serves as the reward evaluation standard for AI iterations. This new research model has an extremely low barrier to entry; many non-professionals, even a teenager, have submitted high-quality optimization proposals.
Neutral Atom Quantum Technology Enters the Arena, Industry Predicts Q-Day Could Arrive Before 2032
The story doesn't stop with Google. On the same day as Google's paper, the privacy startup Oratomic released its own related paper on the Shor algorithm, which topped the trending list on the academic rating website scirate.com upon release.
Oratomic's conclusion is astonishing: based on Google's logical-layer optimizations and combined with their own neutral atom physical architecture optimizations, only ten thousand physical qubits would be needed to run the Shor algorithm and crack secp256k1 cryptography. This number is shockingly low,颠覆ing industry perceptions.
When I first saw Oratomic's paper, I knew nothing about neutral atom technology. Out of curiosity, I invested hundreds of hours in deep research, watching online educational videos and interviewing multiple industry experts. The final conclusion is: neutral atom quantum technology is viable and promising for implementation. The best evidence is Google's recent establishment of a neutral atom quantum lab, shifting from its previous focus solely on the superconducting quantum路线. If you are concerned about the key date Q-Day (the point in time when a quantum computer can break commercial cryptography), the neutral atom approach cannot be ignored.
Interestingly, both the heavyweight papers from Google and Oratomic entirely avoided mentioning the practical impact of their research findings on Q-Day, offering no timeline predictions. However, the core purpose of white-hat cryptanalysis is precisely to assess the quantum cryptanalysis timeline and help the industry plan ahead. This silence is particularly反常.
Referring to the思路 in Scott Aaronson's April 29th post, combined with the public information I have and the classified intelligence not disclosed publicly, I provide an estimate: There is a 50% probability that Q-Day will arrive before 2032, and a 10% probability before 2030.
In contrast, the official U.S. stance, led by the National Security Agency and followed by the National Institute of Standards and Technology (NIST), sets the official deadline at 2035, after which U.S. government agencies are prohibited from continuing to use quantum-vulnerable cryptographic systems. In hindsight, this estimate is严重脱离 the pace of technological development and its参考价值 is essentially null. NIST will most likely be forced to significantly提前 the deadline in the future.
Post-Quantum Migration: Ethereum Plans Completion by 2029
While quantum risks must be警惕ed, there is no need for恐慌. Hastily implementing immature post-quantum cryptographic systems could反而埋下 security vulnerabilities. In my view, 2029 is a稳妥 migration window, about three and a half years from now. Google, cloud service provider Cloudflare, and the Ethereum Foundation have all selected the same timeframe.
Currently, most of my work involves collaborating with the Ethereum light client upgrade project to advance the smooth migration of the entire Ethereum stack to post-quantum cryptography. The改造工作量 is繁重: the consensus layer's BLS signatures, the data layer's KZG commitments, and the execution layer's ECDSA signatures all need complete replacement. The entire upgrade plan is built on a hash-based cryptographic system and is sufficiently feasible.
Within the Ethereum Foundation, we have developed a tool called leanVM, powered by hash-based SNARKs. Thanks to the excellent work of Emile, Thomas, and others, its performance is well-guaranteed. In terms of security, leanVM is a gem; it is an extremely minimalist zkVM designed specifically for end-to-end formal verification and最高安全性. Want to contribute? Currently, there are two $1 million initiatives. First is the Proximity Prize: solve a long-standing mathematical conjecture in coding theory to improve hash-based SNARKs and win a million-dollar prize. Second is the Poseidon Initiative: offer a $1 million prize for cracking Poseidon, a SNARK-friendly hash function.
