Cracking Bitcoin private keys in 9 minutes? A survival guide for blockchain under the quantum threat.

Biteye
Biteye
In-depth analysis of Google's new breakthrough in quantum computing: revealing the underlying logic of cracking private keys in 9 minutes, and the quantum-resistant self-rescue plan for 6.9 million high-risk Bitcoins.

Author: Changan I Biteye Content Team

A recent paper by Google's quantum AI team (TLDR) shows that a fault-tolerant quantum computer with 500,000 qubits could theoretically crack Bitcoin private keys in 9 minutes, threatening approximately 6.9 million Bitcoins with exposed public keys. While current technology is 446 times behind this goal and is expected to be achieved around 2029, it is no longer far-fetched science fiction. The Bitcoin community is pushing forward with quantum-resistant upgrades such as BIP-360 and SPHINCS+. Ordinary users do not need to panic at present, but should check their address formats (avoid long-term use of Taproot addresses starting with bc1p), adopt the habit of "one address, one transaction," and pay attention to subsequent updates from wallet vendors.

On March 31, 2026, an ordinary Monday, the crypto community suddenly exploded.

Google's quantum AI team published a paper stating that a quantum computer can crack a Bitcoin private key in just 9 minutes, while the average confirmation time for a Bitcoin block is 10 minutes.

Some say this is alarmist, others say it's a long way from reality, but this time it's Google that's issuing the warning.

Can quantum computers actually crack Bitcoin? Is the threat real or exaggerated? What should ordinary people do? This article attempts to clarify this issue.

I. What exactly did Google's paper say?

Previously, the general consensus in the industry was that a quantum computer would need millions of qubits to crack Bitcoin's encryption algorithm. This number was ridiculously large, so everyone thought it would be decades away. But this Google paper reduces that number to less than 500,000—a reduction of 20 times.

The paper presents a specific attack scenario: When you send a Bitcoin transaction, your public key is briefly exposed to the network, waiting to be included in a block. This window averages 10 minutes. According to Google's estimates, a sufficiently powerful quantum computer can deduce your private key from your public key in about 9 minutes, then forge a transaction with a higher miner fee, intercepting the money before your original transaction is recorded on the blockchain, with a success rate of approximately 41%.

Of course, the paper describes a fault-tolerant quantum computer with full error correction capabilities. Google's own Willow processor has only 105 physical qubits, while the paper requires 500,000. That's a difference of 446 times, so a quantum computer capable of cracking Bitcoin does not yet exist.

Google's own goal is to complete the migration to post-quantum cryptography by 2029, which to some extent indicates when they believe the threat will become a reality.

But if this machine is ever built, the cost of cracking Bitcoin will be much lower than you think.

II. What are the differences between quantum computers and ordinary computers?

But before we talk about what this means, we need to figure out one thing: what exactly is a quantum computer?

Ordinary computers process information using bits, and each bit has only two states: 0 or 1.

All computations involve operating on these 0s and 1s. A 256-bit private key means there are 2²⁵⁶ possible combinations: even with all the computing power in the world combined, it would take longer than the age of the universe to brute-force it using classical computers. This is why Bitcoin has been so secure for the past 15 years.

Quantum computers use qubits, and the magic of qubits lies in their superposition state: they can be both 0 and 1 simultaneously. Eight qubits don't just represent one state, but can simultaneously represent 256 states. The more qubits there are, the more exponentially the parallel processing capability increases.

However, parallel processing alone is not enough to pose a threat to Bitcoin. What truly makes quantum computers a threat to cryptography is "Shor's algorithm," invented in 1994 by MIT mathematician Peter Shor. This algorithm is specifically designed to factor large integers and solve the elliptic curve discrete logarithm problem, which are precisely the foundation of the security of Bitcoin and Ethereum private keys.

For example, a traditional computer is like trying to find the exit in a maze, where you can only try one path at a time; a quantum computer with Shor's algorithm is like someone giving you a top-down view of the maze, so you can tell where the exit is at a glance.

The signature algorithm used by Bitcoin is called ECDSA (Elliptic Curve Digital Signature Algorithm), which operates on the secp256k1 curve. This system is impenetrable to classical computers, but Shor's algorithm can specifically break the mathematical structure of elliptic curves.

III. How exactly do quantum computers steal your Bitcoin?

After understanding the principles of quantum computers, let's look at how they specifically threaten Bitcoin.

When a wallet is created, the system generates a private key, a random 256-bit number. The public key is derived from the private key, and then the wallet address is derived from the public key. This chain can only be followed sequentially; knowing the private key allows you to calculate the public key, but not vice versa.

When you send Bitcoin, your private key is used only to generate a digital signature, which is broadcast with the transaction to tell the entire network that you sent the money. The network verifies the signature, the transaction is confirmed, and the transaction is complete.

Shor's algorithm could theoretically break elliptic curve cryptography, the foundation of Bitcoin's private key security. However, nobody took it seriously because the computational power required to run this algorithm was simply beyond the capabilities of classical computers.

The problem is that quantum computers have really made progress in recent years. Once it's powerful enough, a quantum computer could simply take your public key, deduce your private key, forge your signature, and transfer your money.

This raises a crucial question: Has your public key been exposed?

There are two scenarios for exposing public keys.

The first type is long-term exposure, where the public key is permanently written on the blockchain and can be read by quantum machines at any time. There are two types of addresses that fall into this category:

  • The original address format used by Satoshi Nakamoto and early miners, in which public keys were stored directly in plaintext;

  • Addresses starting with bc1p were intended by Taproot to improve privacy and efficiency, but their design embeds the public key into the address itself, which has the opposite effect in the face of quantum threats.

The second type is short-term exposure. At the moment you send a transaction, in the traditional address format, the public key is hidden behind the hash value in the unspent state and cannot be seen by outsiders. However, every time you send a transaction, the public key enters the mempool along with the transaction and becomes visible to the entire network before being packaged into a block. This window averages 10 minutes.

In other words, no matter how careful you are in your daily operations, as long as you have issued a transaction, there is a possibility of being attacked.

Currently, the public keys for approximately 6.9 million bitcoins have been permanently exposed on the blockchain. Whether these bitcoins are in a personal wallet or a hot wallet on an exchange, as long as the address belongs to the high-risk type mentioned above, or if the address has ever sent a transaction, the public key has been compromised.

IV. What is the Bitcoin community doing?

On the day the Google paper was published, CZ (@cz_binance) responded on Twitter: There is no need to panic. Upgrading cryptocurrencies to quantum-resistant algorithms can solve the problem. The threat is real, but the industry is capable of dealing with it.

Vitalik Buterin, on the other hand, took a much more cautious approach. He warned about this issue a long time ago and gave an estimate that there is about a 20% chance that a quantum computer with true attack capabilities will appear before 2030.

Both individuals agree that the threat is real, but their assessments of its urgency differ. The Bitcoin developer community had not ignored this issue long before this paper, and currently four directions are being seriously discussed.

1️⃣ BIP-360, also known as Pay-to-Merkle-Root. While current Bitcoin addresses permanently store their public keys on the blockchain, BIP-360 completely removes the public key from the transaction structure, replacing it with a Merkle root. Quantum machines have no public key to analyze, thus eliminating the possibility of attacks.

This solution is already running on BTQ Technologies' testnet, with over 50 miners participating and processing over 200,000 blocks. However, it's important to clarify that BIP-360 only protects newly generated coins; the 1.7 million old addresses with exposed public keys remain a problem.

2️⃣SPHINCS+: Officially known as SLH-DSA, it is a post-quantum signature scheme based on hash functions. Its logic is straightforward: since Shor's algorithm is specifically designed for elliptic curves, let's replace elliptic curves with hash functions for signatures.

This scheme was standardized by NIST in August 2024. The problem lies in the signature size: currently, Bitcoin's ECDSA signature is only 64 bytes, while the SPHINCS+ signature exceeds 8KB, a size increase of more than 100 times, which will significantly increase transaction fees and block space requirements.

To address this, developers proposed optimization schemes such as SHRIMPS and SHRINCS, aiming to compress the signature size without sacrificing security.

3️⃣ Commit/reveal solution: Proposed by Tadge Dryja, co-founder of the Lightning Network, this solution addresses the short-term exposure risk in the mempool. It divides a transaction into two phases:

  • The first phase involves submitting a hash fingerprint, which does not contain any transaction information; it simply leaves a timestamp on the blockchain.

  • The real transaction is broadcast in the second phase, at which point the public key is exposed. Even if a quantum attacker intercepts the public key and deduces the private key in the second phase, their forged transaction will be rejected by the network because there is no corresponding record of the first phase pre-commit. The cost is an extra step per transaction, slightly increasing the overall cost.

This is seen by the community as a transitional solution to be used before a more complete quantum-resistant system is established.

4️⃣ Hourglass V2: Proposed by developer Hunter Beast, this solution specifically targets the 1.7 million old addresses whose public keys have been permanently exposed. The logic behind this solution is pessimistic but realistic: since the public keys of these addresses can no longer be hidden, these coins will eventually be stolen once quantum machines become powerful enough.

Hourglass V2 does not intend to prevent old addresses from being stolen, but instead limits the amount of Bitcoin that can be transferred from such addresses to one per block, just like limiting the daily withdrawal limit during a bank run.

This proposal is highly controversial because the Bitcoin community has a principle: no one has the right to interfere with your Bitcoin, and many people believe that even this limited restriction is going too far.

This isn't the first time Bitcoin has faced pressure to upgrade. The scaling debate in 2017 lasted for years, ultimately resulting in a fork in Bitcoin Cash. The Taproot upgrade in 2021 took nearly four years from proposal to activation. Each time, the community has to go through lengthy debates, tug-of-wars, and compromises to move anything forward. The response to the quantum threat will likely follow the same path.

V. What do ordinary users need to do now?

After all that, what can ordinary users do?

The answer isn't as complicated as you might think. Quantum computers can't crack your Bitcoin today, but there are a few things you can start paying attention to now.

1️⃣ Check your address format

Open your wallet and check the beginning of the receiving address. Addresses starting with "bc1p" are Taproot addresses, where the public key is embedded within the address itself by default, representing a high-risk format with long-term exposure. If your assets are held in such addresses and have never been touched, the risk is currently theoretical, but it's worth paying attention to the progress of BIP-360.

SegWit addresses starting with bc1q, and traditional addresses starting with 1, have their public keys protected by hashes when they are never spent, making them relatively secure. However, once a transaction is sent, the public key is permanently exposed on the blockchain.

2️⃣ Develop good hygiene habits at your address

Avoid repeatedly sending and receiving funds to the same address. Each transaction exposes the public key, and the previously used address no longer has hash protection. Most modern wallets generate a new address by default after each transaction; this feature should be left enabled.

3️⃣ Pay attention to wallet app updates.

Hardware wallet vendors like Ledger and Trezor will be a crucial part of resisting quantum upgrades. Once BIP-360 or post-quantum signature schemes are activated on the mainnet, wallets will need to synchronously support the new address format and signature algorithm. This process might only require users to update their firmware, but it could also necessitate migrating assets from old addresses to the new format. Currently, the best approach is to ensure your wallet comes from a vendor with continuous update capabilities and stay informed.

4️⃣ Assets held on exchanges

Exchanges don't require user intervention; technical upgrades are handled by their teams. Coinbase has already established a Quantum Advisory Committee, and other major exchanges will follow suit under regulatory pressure. For assets held on reputable exchanges, Quantum upgrades are transparent to you.

VI. In Conclusion

The claim that "quantum computers will crack Bitcoin" has been circulating for many years, and every time it appears, it's met with ridicule, but nothing ever happens. Over time, people have come to accept it as a false alarm.

This time, it was Google that issued the warning. Bitcoin developers are already seriously preparing countermeasures, and Ethereum's roadmap is also progressing. However, this matter has remained theoretical until now; whether quantum computers can truly crack Bitcoin's encryption algorithm remains uncertain.

Google says 2029, some say it will be decades from now, and others say it will never happen. Only time will tell.

The progress of quantum computing has never been uniform; the last major breakthrough occurred at an unexpected time, and the next one may be the same.

Share to:

Author: Biteye

Opinions belong to the column author and do not represent PANews.

This content is not investment advice.

Image source: Biteye. If there is any infringement, please contact the author for removal.

Follow PANews official accounts, navigate bull and bear markets together
Telegram Discussion Group
Telegram News Channel
@PANews
Recommended Reading
PA一线

PA一线

Bernstein: The quantum threat to Bitcoin is real but manageable; the industry has a three-to-five-year window for quantum-resistant upgrades.
白话区块链

白话区块链

With quantum attacks looming overhead, Bitcoin, worth hundreds of billions of dollars, may face its first "life-or-death test."
Biteye

Biteye

Biteye and PANews jointly released AI Layer1 research report: Finding fertile ground for DeAI on the chain
PA一线

PA一线

Google says quantum resources needed to crack Bitcoin may be 20 times less than previously estimated
PA日报

PA日报

PA Daily | FTX's next round of repayment distribution will begin on May 30; CZ will donate all tokens received in the wallet
交易时刻

交易时刻

OSL Trading Hours: Market caution heats up, short positions exceed long positions by $120 million

Popular Articles

Industry News
Market Trends
Curated Readings
Subscribe
PANews App
24/7 blockchain news tracking and in-depth analysis.
Download PANews App
App StoreGoogle Play
PANews APP
Dubai Virtual Asset Regulatory Authority Clarifies Three-Path Rules for Stablecoin and RWA Token Issuance
PANews Newsflash