Google pulls the timeline forward

Google has published a new white paper that narrows the gap between today’s quantum computers and the kind of machine that could break the cryptography protecting bitcoin, ether, and other major cryptocurrencies. According to Google Quantum AI researchers, cracking the public-key encryption behind those systems may require fewer than 500,000 physical qubits, roughly 20 times less than earlier estimates.

That is not a small adjustment. It is the kind of revision that makes the future look inconveniently closer.

One of the paper’s co-authors, Justin Drake, says the result has made him much more confident that “Q-Day” could arrive by 2032. Q-Day is the hypothetical point at which a quantum computer becomes powerful enough to defeat the public-key cryptography that underpins much of modern digital security, including cryptocurrencies.

“My confidence in Q-Day by 2032 has shot up significantly. IMO there's at least a 10% chance that by 2032 a quantum computer recovers a secp256k1 ECDSA private key from an exposed public key,” Drake wrote on X.

Why the qubit count is not the whole story

The headline number is the estimated qubit count, but that figure is only part of the picture. Google’s most advanced quantum device today is the 105-qubit Willow chip. IBM’s Condor processor was the first superconducting qubit processor to pass 1,000 qubits, reaching 1,121.

That sounds straightforward until it isn’t. Raw qubit totals can be misleading because not all qubits are equal. Google says Willow’s strength comes from quality as much as quantity, with fidelities of 99.97% for single-qubit gates, 99.88% for entangling gates, and 99.5% for readout across the full 105-qubit array.

In other words, a machine with 1,000 noisy qubits can lose to one with 100 much better ones. The industry is therefore moving toward logical qubits, or error-corrected groupings of physical qubits, as a more useful measure of real capability. Science remains committed to making the easy metric the misleading one first.

What Q-Day would actually break

Q-Day does not mean the immediate death of all encryption. It mainly concerns public-key cryptography, the kind that depends on problems such as factoring large numbers or solving discrete logarithms. Quantum computers could attack those systems with Shor’s algorithm.

That is the core concern for bitcoin and similar systems.

By contrast, symmetric encryption and hashing, such as AES and SHA-2, would not be wiped out in the same way. Those tools are vulnerable to Grover’s algorithm, which effectively reduces their security strength rather than obliterating it. Under that model, AES-256 would be pushed down to something closer to AES-128 security. Using longer keys would restore much of the protection.

So Q-Day would be less a universal blackout for encryption and more a very bad day for public-key systems, followed by a long and awkward migration to stronger keys and post-quantum alternatives.

Why cryptocurrencies are especially exposed

Google’s paper, titled Securing Elliptic Curve Cryptocurrencies against Quantum Vulnerabilities, argues that cryptocurrencies are unusually exposed because of how their systems are built.

As Forbes reported, the paper says blockchains rely on elliptic curve keys that are almost an order of magnitude smaller than RSA keys at similar security levels, which means a smaller quantum computer could break them. Traditional finance also has layers of safeguards that blockchains do not.

That matters because, unlike a bank transfer, a forged blockchain transaction is not something you can easily unwind. One fake signature could mean irreversible theft.

That also changes the tone of Google’s recent comments about preparing for what it has called the “quantum apocalypse.” The company said it plans to move to post-quantum security measures by 2029, which now looks less like a distant cleanup job and more like a deadline with opinions.

Still a prediction, not a working machine

For now, this remains a forecast. No one has built a quantum computer anywhere near the reduced qubit count Google now says may be enough.

But unlike some future technologies that politely stay far away, Q-Day appears to be moving in the wrong direction for anyone relying on current cryptographic systems. The threat is still theoretical. It is just becoming a more specific theory, which is often how trouble starts.