Google’s research significantly reduces quantum computer resources needed to break RSA-2048 encryption
Google’s quantum computing team has published research showing that factoring a 2048-bit RSA integer, essential for securing data online including financial transactions and cryptocurrency wallets, requires considerably fewer quantum resources than previously estimated.
Quantum Researcher Craig Gidney estimated that an adversary could potentially factor a 2048-bit RSA key using less than a million noisy quantum bits (qubits) over less than a week. Previously, using older research methods, the estimate was up to 20 million qubits for an 8-hour operation.
Gidney attributed the 20-fold reduction to “better algorithms and smarter error correction,” which improved modular exponentiation speed by a factor of two and increased the density of logical qubits.
Impact on Cryptocurrency Security
These findings have significant implications for cryptocurrency security. Bitcoin relies on elliptic curve cryptography (ECC), which, like RSA, is vulnerable to attacks from sufficiently powerful quantum computers running Shor’s algorithm.
While 256-bit ECC keys used in Bitcoin are currently too long to break with existing quantum computers, the significantly reduced resource estimate raises concerns that the timeline for a potential threat may be shorter than feared.
Researchers at Project 11 (quantum computing research group) have explicitly funded a bounty program offering nearly $85,000 for anyone to break simplified Bitcoin “wallet seed keys.” This serves as a benchmarking effort to track progress.
“Bitcoin’s security relies on elliptic curve cryptography. Quantum computers running Shor’s algorithm will eventually break it,” Project 11 stated. “We’re testing how urgent the threat is.”
Broader Security Implications & Countermeasures
The reduced estimates prompt a reevaluation of timelines for migrating to quantum-resistant (post-quantum) cryptography adopted by major organizations.
According to Google, adversaries are likely collecting encrypted data now to decrypt it later when large-scale quantum computers become available.
“Planning the transition to quantum-safe cryptosystems requires understanding the cost of quantum attacks,” Gidney emphasized.
Google is actively migrating its systems to post-quantum cryptographic standards, such as the ML-KEM algorithm. The National Institute of Standards and Technology (NIST) has also released these standards (last year), recommending phasing out vulnerable systems by 2030. However, recent analyses suggest this migration may need to accelerate.
Notable quantum computing companies outline ambitious roadmaps:
- IBM: Plans for a 100,000-qubit quantum computer by 2033.
- Quantinuum: Aims for a fully fault-tolerant quantum computer by 2029.
Despite these advances, Gidney’s estimate still indicates that a million-qubit machine requiring continuous operation for days with near-perfect accuracy remains beyond current capabilities. Quantum computers today maintain coherence only briefly.
In response to the accelerating threat, various stakeholders are taking action:
- Solana developers proposed implementing quantum-resistant “vaults” using hash-based signatures.
- Ethereum co-founder Vitalik Buterin suggested potentially forking existing blockchains.
Balancing these migration efforts, experts caution that a hard fork to implement quantum resistance might occur before the first quantum hack on a major blockchain.
