A quantum computer is a machine that uses quantum mechanical phenomena (superposition and entanglement) to solve problems that are impossible even for the most powerful classical supercomputers. Unlike classical bits (0 or 1), quantum bits – qubits – can be 0, 1, or both simultaneously, enabling parallel computation. The main threat to cryptocurrencies is Shor’s algorithm, which can break ECDSA – the security foundation of Bitcoin and Ethereum. According to Google (March 2026) and Caltech (April 2026), a quantum computer with 10,000–26,000 physical qubits could derive a private key from a public key in 9 minutes – comparable to Bitcoin’s block confirmation time. About 6.9 million BTC (nearly a third of all mined bitcoins) are directly at risk, including Satoshi‑era coins on P2PK addresses.
How a Quantum Computer Works
A quantum computer is a fundamentally different computing architecture based on the laws of quantum physics. It does not replace classical computers but solves specific problems that are impossible for conventional machines.
Classical computers run on transistors that sequentially take the value 0 or 1. These units of information are called bits.
A quantum computer uses qubits (quantum bits) – objects (ions, superconductors, photons) that can exist simultaneously in states 0 and 1. This is called superposition.
Superposition allows a quantum computer to process many possible solutions in parallel, rather than trying them one by one.
The key effects underlying quantum computers:
Superposition: a qubit can be 0, 1, or a combination of both at the same time. A system of 300 qubits can represent more states than atoms in the observable universe.
Quantum entanglement: correlation between two or more qubits such that changing one instantly affects the other, regardless of distance. This enables operations on many qubits as a single system.
Interference: a quantum effect that amplifies correct computational paths and cancels incorrect ones, steering the system toward the optimal answer.
To double the power of a classical computer, you need twice as many transistors. For a quantum computer, adding just one qubit doubles its power. Quantum computers are particularly good at optimisation, simulation, and cryptographic problems.
Current Technologies and the Qubit Race
In 2026, quantum computers have moved from lab experiments to commercial reality. Investments have reached tens of billions of dollars, and leading companies have deployed systems with thousands of qubits.
Several companies and countries are racing, using different physical implementations:
Superconducting qubits: developed by IBM, Google, and others. The most widespread approach, fast operations but require extremely low temperatures (~15 mK). IBM is working on systems with over 1,100 qubits.
Trapped ions: qubits are individual charged atoms held by electromagnetic fields. Their main advantage is record‑high computational accuracy.
Neutral atoms: a rapidly growing new approach that controls arrays of thousands of qubits. This technology inspired the re‑evaluation of estimates for breaking cryptocurrencies.
Photonic qubits: using light particles, developed by companies like PsiQuantum. Allows using traditional chip manufacturing technologies.
Google, long focused on superconducting qubits, announced in 2026 that it is expanding efforts into neutral‑atom systems. Hartmut Neven, founder and head of Google Quantum AI, stated that both technologies are seen as complementary paths to commercially significant quantum systems by the end of the decade.
In Russia, several research centres, including the Lebedev Physical Institute (FIAN), are working on a quantum computer. A 70‑qubit trapped‑ion computer was demonstrated there. As senior researcher Ilya Zalivako noted: “Inside this iron box is a vacuum chamber with an ion trap – the heart of a quantum computer.”
| Technology | Examples | Characteristics |
|---|---|---|
| Superconducting | IBM, Google | Fast, require cryogenic cooling |
| Trapped ions | IonQ, FIAN | High accuracy, difficult to scale |
| Neutral atoms | QuEra, Oratomic | Thousands of qubits, flexible connectivity |
| Photonic | PsiQuantum | Use light, integrate with semiconductors |
The Threat to Cryptocurrencies: Shor’s Algorithm
Using Shor’s algorithm, a quantum computer can solve integer factorisation and discrete logarithm problems in minutes – problems that are practically unsolvable for classical computers. Those very problems underpin the security of Bitcoin and Ethereum (ECDSA).
Shor’s algorithm, developed by Peter Shor in 1994, theoretically allows a quantum computer to break RSA and ECDSA. Until recently, it was believed that millions of physical qubits would be needed. However, in March–April 2026, research emerged that drastically lowered that threshold.
Google Quantum AI (March 30, 2026)
Google published a technical paper demonstrating that breaking Bitcoin and Ethereum cryptography could require fewer than 500,000 physical qubits or as few as 1,200–1,450 high‑quality logical qubits – a 20× improvement over previous estimates. Such a machine could derive a private key from a public key in about 9 minutes.
This is critical because Bitcoin’s average block confirmation time is about 10 minutes. Thus, a quantum adversary could intercept a transaction in the mempool with a success probability of roughly 41%.
Caltech (April 2026)
Simultaneously, an international team from Caltech published work showing that quantum computing on neutral‑atom platforms could reach cryptographically relevant levels with just 10,000–26,000 physical qubits. Thanks to parallelism and improved error correction, the discrete logarithm for the P‑256 elliptic curve could be computed in a few days on a 26,000‑qubit system.
Which Cryptocurrencies Are at Risk?
All blockchains using ECDSA are at risk – including Bitcoin, Ethereum, and the vast majority of other networks.
Google’s white paper states that about 6.9 million BTC are directly at risk. These are coins stored in wallets where the public key has already been exposed on the blockchain: either in legacy P2PK addresses (the Satoshi era) or due to address reuse. These 6.9 million BTC represent roughly 33% of circulating Bitcoin. Ironically, the Taproot upgrade, intended to improve privacy, now makes public keys visible by default, widening the quantum attack surface.
Ethereum is equally vulnerable: its public keys are used everywhere, including staking contracts, where public key exposure is constant. The Coinbase Advisory Council (including cryptographers Dan Boneh and Justin Drake) confirmed that the arrival of a “fault‑tolerant quantum computer” is becoming increasingly likely, and preparation must begin now.
Q‑day and the HNDL Attack
Q‑day is the hypothetical day when a quantum computer becomes powerful enough to break modern cryptography. The “harvest now, decrypt later” (HNDL) attack worsens the problem: attackers are already collecting public keys to crack them after a quantum computer becomes available.
In September 2025, the US Federal Reserve published an analytical paper warning that even timely post‑quantum cryptography adoption would not protect the privacy of historical data due to blockchain immutability. A quantum computer could mass‑recover private keys and determine which addresses belong to the same person.
Experts estimate that breaking one transaction would take a quantum computer about nine minutes – faster than Bitcoin’s average confirmation time.
How to Prepare: Post‑Quantum Cryptography
There is no direct patch to classical algorithms against quantum attacks. The only solution is a full migration to post‑quantum cryptography (PQC), which uses mathematical problems resistant to Shor’s algorithm.
NIST (National Institute of Standards and Technology) has already finalised the first post‑quantum standards in 2024, including lattice‑based and hash‑based signature schemes. Among these are CRYSTALS‑Dilithium, Falcon, and SPHINCS+, based on problems that even a powerful quantum computer cannot efficiently solve.
How Cellframe Addresses the Quantum Threat
Unlike most blockchains, which are only beginning to discuss migration plans, Cellframe was designed with post‑quantum protection from day one.
| What Cellframe uses | How it protects |
|---|---|
| CRYSTALS‑Dilithium (ML‑DSA) | Primary block signatures, resistant to Shor’s algorithm |
| Falcon (FN‑DSA) | Compact signatures for transactions |
| SPHINCS+ (SLH‑DSA) | Hash‑based backup algorithm (available in SDK) |
| Kyber 512 (ML‑KEM) | Post‑quantum key exchange for secure channels |
All these algorithms are based on lattice or hash problems – resistant to both classical and quantum attacks. Additionally, Cellframe can quickly deprecate or add new algorithms as PQC standards evolve and NIST recommendations are updated.
Comparison: Vulnerability of Bitcoin, Ethereum, and Others
| Blockchain | Cryptography | Vulnerable to Shor | Protection status (2026) |
|---|---|---|---|
| Bitcoin | ECDSA | Yes (fully) | BIP‑360/361 under discussion, migration not started |
| Ethereum | ECDSA | Yes (fully) | EIP‑8141, roadmap to 2029 |
| Cellframe | CRYSTALS‑Dilithium, Falcon | No | Fully ready, audit completed |
Glossary
| Term | Definition |
|---|---|
| Qubit | Basic unit of quantum information; can be in superposition of 0 and 1 simultaneously. |
| Superposition | Ability of a qubit to exist in multiple states at once. |
| Quantum entanglement | Correlation between qubits where measuring one instantly determines the state of another, regardless of distance. |
| Shor’s algorithm | Quantum algorithm that can factor large numbers and solve discrete logarithms in minutes – breaks ECDSA and RSA. |
| Q‑day | Hypothetical day when a quantum computer can break modern cryptography (RSA, ECDSA). |
| Post‑quantum cryptography (PQC) | Algorithms resistant to quantum computer attacks, running on classical hardware. |
Summary
A quantum computer is not a replacement for classical computers – it is a specialised tool for certain problem classes: optimisation, simulation, and breaking cryptography.
In 2026, the technology has moved from lab experiments to commercial development, and the required power for breaking cryptography has dropped by orders of magnitude. Google’s estimates (500,000 physical qubits, break in 9 minutes) and Caltech’s (10,000–26,000 qubits, break in days) mean that the threat is now so close that the industry has 3–5 years to prepare.
Bitcoin and Ethereum are at risk: their architectures were not designed with post‑quantum protection, and migration plans are only being discussed. Over 6.9 million BTC (~$600 billion) are already vulnerable to “at‑rest” attacks.
The solution is not panic but post‑quantum cryptography – algorithms resistant to Shor’s algorithm. Cellframe is one of the few platforms built from the ground up with PQC and already uses NIST‑approved CRYSTALS‑Dilithium, Falcon, and Kyber 512.
And when Q‑day arrives, Cellframe will not have to catch up – it is already there.
Top comments (0)