In the white paper published by Google’s Quantum AI team, it was pointed out that the quantum computing capacity required to decipher the encryption used by cryptocurrency networks such as Bitcoin and Ethereum may be lower than thought. The team stated that although the Taproot update made the network more efficient and private, it may have contributed to the system being vulnerable to quantum attacks.
How close are quantum computers?
In the research, the number of physical quantum bits (qubits) required for a quantum attack that could threaten the security of Bitcoin was determined to be much less than previous predictions. While it was previously stated that millions of qubits were required, it was revealed that this figure was reduced to less than 500,000. Additionally, two attack models that can be prepared with high-quality 1,200 to 1,450 qubits were also considered.
It is known that Google previously saw 2029 as the turning point for “usable” quantum systems. The figures presented by the research indicate that the risk of attack for the crypto asset ecosystem may emerge sooner than thought.
Quantum computers, unlike classical computers, can solve much more complex problems. This ability provides an advantage in breaking the types of encryption that secure crypto wallets. Although this capacity has not yet been fully achieved in practice, the magnitude of the threat potential increases investor concern.
Risk increases in real-time transactions
The researchers emphasized that in practice, an actor who wants to carry out an attack can act in real time during transactions, rather than targeting wallets in the past. In Bitcoin transfers, when the public key in the recipient’s address is revealed for a short time, a fast quantum computer can calculate the private key based on this data. Thus, it may be possible to redirect funds to the new owner before the transaction is completed adding to the blockchain.
According to the Google team’s simulation, some of the calculations required for the attack can be prepared before the process. After the transfer is made, the attack can be completed in approximately nine minutes. Considering that Bitcoin transactions are processed into the blockchain within ten minutes on average, it was stated that the probability of the attacker having the transaction confirmed before the original is around 41 percent.
Similar risks were also evaluated for other cryptocurrencies. It has been revealed that Ethereum is less vulnerable to such attacks, especially since it verifies transactions much faster.
Another important finding was that approximately 6.9 million Bitcoins, almost a third of the total supply, are currently held in wallets whose public keys have somehow been compromised. This amount includes approximately 1.7 million Bitcoins from the early years of the network and assets affected by address reuse. Previous market analyzes by different institutions suggested that there were fewer wallets that would increase the risk of cyber attacks than expected.
Google’s researchers evaluated: “Due to the Taproot design choice, the number of wallets vulnerable to quantum-based attacks may increase.”
The expert team also stated that sharing of sensitive information was limited in the disclosure of the research. Instead of step-by-step technical details to prove the analysis findings, verification was made with the zero-knowledge proof method. Thus, accuracy was confirmed and the risk of abuse was minimized.
