Google’s Quantum AI team has recently published findings suggesting that a future quantum computer could potentially derive a bitcoin private key from a public key in approximately nine minutes. This revelation has sparked significant discussion within the cryptocurrency community and raised concerns regarding the security of bitcoin transactions.
To understand the implications, it is essential to grasp how bitcoin transactions operate. When a user sends bitcoin, their wallet signs the transaction using a private key, a confidential number that verifies ownership of the coins. This signature also discloses the public key, which serves as a shareable address that is broadcast to the network. The transaction remains in a waiting area known as the mempool until a miner includes it in a block, a process that typically takes around ten minutes.
The relationship between the private and public keys is governed by a mathematical problem known as the elliptic curve discrete logarithm problem. Currently, classical computers are unable to reverse this relationship in a practical timeframe. However, a sufficiently advanced quantum computer utilizing an algorithm called Shor’s could potentially achieve this.
The nine-minute timeframe referenced in Google’s paper pertains to the ability of a quantum computer to be “primed” beforehand by pre-computing certain components of the attack that do not rely on specific public keys. Once a public key is visible in the mempool, the quantum computer would only require about nine minutes to derive the corresponding private key. Given that bitcoin transactions average ten minutes for confirmation, this scenario presents a significant risk, with an estimated 41% chance of successfully deriving the private key before the transaction is confirmed.
This situation can be likened to a thief constructing a universal safe-cracking device, which requires only minor adjustments when a new safe appears. While this theoretical attack is concerning, it is contingent upon the existence of a quantum computer that is not yet available. Google’s research estimates that such a machine would necessitate fewer than 500,000 physical qubits, whereas current quantum processors possess around 1,000 qubits.
More pressing is the vulnerability of approximately 6.9 million bitcoins, representing about one-third of the total supply, that are stored in wallets where the public key has already been exposed. This includes early bitcoin addresses from the network’s inception that utilized a format known as pay-to-public-key, which automatically reveals the public key on the blockchain. Additionally, any wallet that has reused an address exposes the public key for all remaining funds.
For these exposed coins, attackers would not face the nine-minute constraint. A sufficiently powerful quantum computer could systematically crack these keys without any time pressure, posing an immediate threat to the security of these assets.
The situation has been exacerbated by the 2021 Taproot upgrade, which altered address functionality to make public keys visible on-chain by default. This change inadvertently increased the number of wallets susceptible to potential quantum attacks.
Despite these vulnerabilities, the bitcoin network itself would continue to operate. Mining relies on a different algorithm, SHA-256, which quantum computers cannot significantly accelerate with current methodologies. Consequently, blocks would still be produced, and the ledger would remain intact. However, if private keys can be derived from public keys, the fundamental ownership guarantees that underpin bitcoin’s value would be compromised, leading to potential theft and a loss of institutional trust in the network’s security.
The proposed solution to these vulnerabilities lies in the development of post-quantum cryptography, which aims to replace the existing mathematical frameworks with algorithms that are resistant to quantum attacks. While Ethereum has been actively working towards this transition for eight years, bitcoin has yet to initiate similar efforts.
Google's recent research indicates that future quantum computers could pose a significant risk to bitcoin security by deriving private keys from public keys within minutes. This vulnerability affects millions of bitcoins already stored in exposed wallets, raising urgent concerns about the need for post-quantum cryptography.