The first quantum computer to break encryption is just around the corner

A quantum computer capable of breaking the encryption that protects the internet appears to be just around the corner. Surprising revelations from two research groups show how that might happen, with one suggesting that the current quantum machine is already more than half the size it needs to be.

These two studies are related to an encryption method built around the elliptic curve discrete logarithm (ECDLP) problem. The details of how this mathematical problem is solved made it a good candidate for data encryption and made it widely accepted for storing many online transactions, including bank transactions, and almost every major currency, including bitcoin.

Elliptic curve-based encryption is very difficult for conventional computers to crack, but since the 1990s researchers have known that quantum computers will not have the same problem. Building a quantum computer large enough, however, was an engineering impossibility, so it seemed a distant concern.

In recent years, theory and engineering have progressed at an incredible pace, putting a lot of pressure on timelines. On the theoretical front, researchers have developed quantum hacking algorithms to reduce the actual amount of quantum computing power required. For example, in 2019, the best estimate of the size needed to open an encryption method called RSA-2048 was 20 million qubits – a qubit is the size of a traditional computer. In February of this year, that number was just 100,000 qubits.

Moreover, in 2019, the most advanced quantum computers did not exceed 50 qubits. Today’s largest quantum computers have more than 1000 qubits and the largest qubit array – which has not yet been used to perform calculations – has 6100 of them.

Now, Dolev Bluvstein at the Oratomic firm and his team believe that ECDLP can collapse into a machine with just 10,000 qubits. While this decryption process can take several years of quantum computer time, Ryan Babbush at Google’s quantum research arm and colleagues have separately stated how 500,000 qubits can do the same thing in 9 minutes.

“Today is an important day for quantum computing and cryptography,” Justin Drake of the Ethereum Foundation, who collaborated with Google researchers, wrote on X.

Bluvstein and his colleagues based their calculations on qubits made of very cold atoms controlled by lasers. Such qubits can be connected in many ways, and this greater connectivity accounts for the reduced qubit requirement.

Creating an array of 10,000 ultracold qubits could be possible within a year, says Bluvstein, but the real challenge will be to control them well and make them work quickly. There are no shortcuts, such as connecting multiple existing machines, as the qubits need to be able to interact well.

Bluvstein thinks a machine capable enough won’t be ready until the end of the decade. “There’s a lot of progress to be made, but it’s starting to become something that people can imagine building,” he says.

Crypto Concerns

The Google team reached its conclusions based on a different type of quantum computer made of superconducting circuits, which is generally considered a mature technology and which Google has been heavily supporting.

The researchers declined to comment publicly on the work, but in their paper they write that “device estimates can be significantly reduced by making strong assumptions about device capabilities”, suggesting that the 500,000-qubit estimate is conservative. Importantly, the researchers chose to leave out the full details of their decryption algorithm, citing security concerns.

They also write that such a quantum computer could be used to block cryptocurrency transactions and reroute funds — essentially stealing them — in the short term before they are recorded.

Given the two studies, bitcoin certainly looks more vulnerable to quantum attack than previously known, says Scott Aaronson at the University of Texas at Austin.

Stefano Gogioso of the University of Oxford said that both types of quantum computers face significant engineering challenges before the results can be implemented, especially the ultracold-atom method, which is a very unproven technology. But there is reason to worry about the safety of our digital world, he says.

Some of the networks already provide encryption that cannot avoid quantum attacks, so-called post-quantum encryption (PQC), and ordinary banks may be able to interrupt quantum attackers after the attack, but very weak cryptocurrency systems will be very vulnerable, says Gogioso. Google recently proposed a move to PQC by 2029, which Gogioso says looks even more necessary.

“This is why we started the PQC standards project ten years ago,” says Dustin Moody at the National Institute of Standards and Technology (NIST) in Maryland. “We’ve always known that as quantum devices improve, so will the algorithms.”

NIST has identified several PQC algorithms that could become the security standard in a future filled with efficient quantum computers, and the US federal government intends to move to using them by 2035. But Moody says that agencies should start their transition as soon as possible. “These papers reinforce the idea that the migration window is over and the time to act is now,” he says.