Google has raised the pressure on the cryptocurrency industry after warning that quantum computers may be able to break the cryptographic systems behind digital assets sooner than many expected, sharpening the case for a faster shift to post-quantum security across blockchain networks. The company’s latest research argues that the computing resources needed to attack elliptic-curve cryptography, which underpins many wallets and transactions, have fallen markedly in updated estimates, even though no machine exists today that can carry out such an attack at scale. The immediate significance lies less in an imminent breach than in a shrinking margin for preparation. On March 25, Google said it was setting a 2029 timeline for its own post-quantum cryptography migration, describing quantum computing as a significant threat to current encryption and digital signatures. It also said it had adjusted its threat model to prioritise authentication services, reflecting concern that long transition cycles, not just raw computing breakthroughs, could define the security risk.
At the centre of the debate is elliptic-curve cryptography, widely used across blockchain systems. In a March 31 research note, Google said its team had produced updated estimates for solving the 256-bit elliptic curve discrete logarithm problem, or ECDLP-256, using Shor’s algorithm. The company said one compiled circuit used fewer than 1,200 logical qubits and another fewer than 1,450, and that under its assumptions such circuits could run on a superconducting cryptographically relevant quantum computer with fewer than 500,000 physical qubits in a matter of minutes. Google said that amounted to an roughly 20-fold reduction in the physical qubits previously thought necessary for such an attack.
That does not mean Bitcoin, Ethereum or other networks are on the verge of collapse. The hardware challenge remains formidable, and outside specialists continue to argue that a cryptographically relevant quantum computer may still be years away, with some estimates stretching into the 2030s or beyond. Even so, the tone of the discussion has shifted. The question is moving from whether the threat is theoretical to how much time governments, cloud providers, software firms and decentralised networks will need to harden systems before the technology matures.
The wider security establishment has already been edging in that direction. NIST released its first three finalised post-quantum cryptography standards in August 2024 and has urged organisations to begin applying them now. Those standards, published as FIPS 203, 204 and 205, are intended to give industry and public institutions a common framework for replacing vulnerable public-key systems. NIST later selected HQC in March 2025 as an additional backup encryption algorithm, underlining that the migration effort is ongoing rather than settled.
Britain’s National Cyber Security Centre has taken a similarly long-range approach. In guidance issued in March 2025, it set milestone dates of 2028 for defining migration goals and discovery work, 2031 for early priority migrations, and 2035 for completing migration of systems, services and products to post-quantum cryptography. That framework sits later than Google’s 2029 internal target, but it reinforces the same message: the complexity of replacing cryptography across sprawling digital infrastructure means institutions cannot wait for a final proof-of-concept attack before acting.
For the crypto sector, the transition is especially awkward because blockchain systems are distributed, hard to amend and dependent on market confidence as much as mathematics. Google said post-quantum cryptography offers a practical route to protecting blockchains over the long term, but it also cautioned that such changes will take time to implement. The company highlighted near-term steps such as reducing exposure of vulnerable wallet addresses and considering policy responses for abandoned coins, signalling that the challenge is not only technical but also economic and governance-related.
The urgency extends beyond crypto trading. Google has begun folding post-quantum protections into Android 17, including ML-DSA support in Android Verified Boot, Remote Attestation and the Keystore, while Google Play is set to support hybrid signature blocks combining classical and post-quantum keys. That shows how the industry is trying to build migration pathways rather than wait for a clean break. For blockchain developers, custodians and exchanges, the lesson is similar: hybrid approaches, crypto agility and long lead times may matter more than dramatic predictions about a single “Q-Day”.
Another risk driving the timetable is the “store now, decrypt later” model, in which adversaries collect encrypted information today in the expectation that future quantum machines will be able to unlock it. Google has explicitly pointed to that danger in explaining why quantum threats are relevant before a fully capable machine exists. That matters for financial institutions, large token holders, custodians and anyone storing sensitive material linked to digital assets, because the exposure may begin long before the first successful high-profile quantum attack is seen in public.
Topics
Cryptocurrency