A quantum computer is a machine that uses quantum mechanical phenomena (superposition and entanglement) to solve problems that are impossible even for the most powerful supercomputers. Unlike classical computers that operate on bits (0 or 1), quantum computers use qubits that can be 0, 1, or a superposition of both. Thanks to this and quantum entanglement, these machines can perform certain types of calculations thousands of times faster. The main threat to cryptocurrencies is Shor’s algorithm, which can break the ECDSA cryptography securing Bitcoin and Ethereum. 2026 estimates show that breaking ECDSA may require only 10,000–26,000 physical qubits – bringing “Q‑day” much closer.
How a Quantum Computer Works: Principles and Fundamental Differences
Classical computers run on transistors that sequentially take the value 0 or 1. These units of information are called bits. A quantum computer uses quantum bits, or qubits – objects that can exist in states 0 and 1 simultaneously, i.e. in superposition.
🔬 Key Quantum Effects
| Effect | Description |
|---|---|
| Superposition | Ability of a qubit to exist in two states (0 and 1) at once. A classical bit is like a coin showing heads or tails. A qubit is like a spinning coin – it represents both possibilities at the same time. |
| Entanglement | Correlation between two qubits such that changing one instantly affects the other, no matter the distance. This allows quantum systems to process information in ways impossible for classical architectures. |
| Interference | Amplifies correct computational paths and cancels incorrect ones, steering the system toward the optimal answer via the wave‑like nature of quantum states. |
Because of superposition, a quantum computer does not brute‑force sequentially – it can perform many calculations in parallel. To double the power of a classical computer, you need twice as many transistors. For a quantum computer, adding just one qubit doubles its power.
⚛️ Physical Implementations of Qubits
Different companies and research groups are developing different physical realisations of qubits:
| Qubit type | Examples | Characteristics |
|---|---|---|
| Superconducting | Google Willow, IBM Condor | Require cryogenic cooling to ~15 mK. Fastest (error correction cycle ~1 μs) but need many physical qubits for error correction. |
| Trapped ions | IonQ Tempo, Quantinuum Helios | More stable than superconducting, 100–1000× slower, but require fewer physical qubits for logical operations. |
| Neutral atoms | Oratomic, Atom Computing | Encoded using hyperfine ground states. In 2025, a >6,100 qubit array was demonstrated, opening the door to a record low threshold (~10,000 physical qubits for breaking ECC). |
| Photonic | Chinese labs | Use light particles; require optical tables and single‑photon detectors. |
Current State of Quantum Computing in 2025–2026
Quantum computers have moved from lab experiments to commercial reality. Investments reached $17.3 billion, and leading companies have deployed systems with thousands of qubits.
📊 Leaders in the Quantum Race (2025–2026)
| Company/Organization | Processor | Qubits | Key achievement |
|---|---|---|---|
| IBM | Condor | 1,121 (deployed) / 433 (demo) | Error correction demonstration on Heron chip. November 2025: Loon experimental processor for fault‑tolerant computing. Targeting “quantum advantage” by end of 2026. |
| Willow | 1,000 | Error correction below threshold – a major milestone toward fault‑tolerant computing. March 2026: published a sensational whitepaper cutting required qubit estimates by 20×. | |
| Atom Computing | — | 1,225 | Highest commercial physical qubit count (neutral atoms). |
| IonQ | Tempo | 100 | Most stable qubits (100× longer coherence). |
| Quantinuum | Helios | 96 | Ion trap processor with fault‑tolerant architecture. |
| University of Science and Technology of China | Zuchongzhi 3.0 | 105 | Unveiled late 2024, one of the leaders in the race. |
| Russia (Rosatom) | — | up to 25 | Joined the global race in 2019 with a roadmap. Now developing a quantum data centre for chemical and financial computations. |
“The 15‑year trend continues: every 2–2.5 years, qubit count doubles, coherence time doubles, and error rates halve,” says Mikhail Kolchenko, chief expert at Rosatom Quantum Technologies.
🛠️ The Critical Role of Error Correction
Quantum states are so fragile that even cosmic radiation can disturb them, inevitably affecting accuracy. Consequently, errors used to occur every 100–1000 steps.
In 2025, a team from Oxford and Osaka University implemented an error correction system that resulted in only one error per 6.7 million operations. IBM also achieved a tenfold acceleration in fault‑tolerant computations.
What Is “Quantum Advantage” and When Will It Be Reached?
Quantum advantage is the point where a quantum computer solves a real‑world practical problem faster or more accurately than the best classical supercomputer.
📅 Stages of Quantum Computing Development
| Stage | Status (2026) |
|---|---|
| Quantum utility (2023) | Achieved: IBM’s 127‑qubit Eagle executed an algorithm beyond classical brute‑force. |
| Quantum advantage (2026) | IBM predicts by the end of 2026. |
| Fault‑tolerant quantum computer (2029–2030) | Planned by IBM as the third stage. |
IBM has tied the release of new chips (Nighthawk, Loon) to an initiative for transparent verification of quantum advantage claims. The company joined a new public quantum advantage tracker supported by Algorithmiq, scientists at the Flatiron Institute, and startup BlueQubit.
“We no longer look at the mid‑2030s; quantum computers of that scale could appear by the end of this decade,” said Haseeb Qureshi, managing partner at Dragonfly.
Shor’s Algorithm: The Main Threat to Cryptocurrencies
Developed by Peter Shor in 1994, Shor’s algorithm solves integer factorisation and discrete logarithms in exponentially less time than the best classical algorithms. Those very problems are the foundation of ECDSA encryption used by Bitcoin and Ethereum.
📉 Reduction in Qubit Estimates (2012–2026)
| Year | Estimated qubits required | Source |
|---|---|---|
| 2012 | ~1 billion | Early estimates |
| 2023 | ~10 million | Intermediate estimates |
| March 30, 2026 | <500,000 physical / 1,200–1,450 logical | Google Quantum AI whitepaper |
| March 30, 2026 | 10,000–26,000 physical (neutral atoms) | Oratomic (Caltech) |
Key takeaway: In 20 years, the estimated qubit requirement for Shor’s algorithm dropped by five orders of magnitude.
⏱️ Time to Break (2026 estimates)
| Scenario | Qubits | Time | Target addresses |
|---|---|---|---|
| Fast‑clock (superconducting) | ~500,000 physical | 9 minutes | Active transactions in mempool |
| Medium (superconducting) | <500,000 | ~9–23 minutes | Various architectures |
| Slow‑clock (neutral atoms) | ~26,000 | ~10 days | Dormant wallets with exposed public keys |
| RSA‑2048 | ~102,000 | ~97 days | Traditional encryption systems |
⚡ Fast‑Clock vs Slow‑Clock Architectures
The Google 2026 study highlighted a critical distinction:
- Fast‑clock (superconducting, photonic, silicon spins) – error correction cycles ~1 microsecond. High speed enables “on‑spend” attacks, where a private key is computed within Bitcoin’s 10‑minute confirmation window.
- Slow‑clock (neutral atoms, trapped ions) – error correction cycles 100–1000× slower (100 μs – 1 ms). Capable of “at‑rest” attacks on static balances, but not of intercepting mempool transactions.
Which Coins and in What Volume Are at Risk?
Not all coins are vulnerable – only those whose public keys are already exposed on the blockchain:
- P2PK addresses (Pay‑to‑Public‑Key) – early Satoshi‑era addresses, including coinbase outputs, where the public key is written directly into the blockchain and always visible.
- Addresses that have been spent from – reusing an address exposes its public key.
- Taproot addresses (Bitcoin) – public keys are visible by default.
💰 Volume of Vulnerable Bitcoin
| Source | Estimate of vulnerable BTC |
|---|---|
| Google Quantum AI whitepaper (March 30, 2026) | ~6.9 million BTC |
| BTQ Technologies | ~6.65 million BTC (including 1.9 million in P2PK addresses) |
| Galaxy Digital / Project Eleven | up to 7 million BTC |
At current prices, that is more than $600 billion of vulnerable assets in Bitcoin alone – not counting Ethereum and other cryptocurrencies.
The “Harvest Now – Decrypt Later” Attack
This is a strategy where attackers scan blockchains today and store every exposed public key. When a sufficiently powerful quantum computer becomes available, they simply take that pre‑harvested database and crack it.
The US Federal Reserve has warned that once quantum computers arrive, all historical transaction confidentiality could be irreversibly broken – with consequences for user identification, transaction graph analysis, and proof of ownership of funds.
What Is Post‑Quantum Cryptography and How Does It Help?
Post‑quantum cryptography (PQC) consists of encryption algorithms that are resistant to attacks from both classical and quantum computers. They are based on different mathematical problems (lattices, hash functions, error‑correcting codes) that Shor’s algorithm cannot solve.
📜 NIST‑Standardised Algorithms (2024–2025)
| FIPS | Algorithm | Type | Purpose |
|---|---|---|---|
| FIPS 203 | CRYSTALS‑Kyber (ML‑KEM) | KEM | Primary for encryption |
| FIPS 204 | CRYSTALS‑Dilithium (ML‑DSA) | DSA | Primary for signatures |
| FIPS 205 | SPHINCS+ (SLH‑DSA) | DSA | Backup (hash‑based) |
| FIPS 206 (expected) | Falcon (FN‑DSA) | DSA | Compact signatures |
| FIPS 207 (draft) | HQC | KEM | Backup for ML‑KEM |
Projects that have already implemented NIST‑approved PQC algorithms: Cellframe (since 2017, C core), BTQ Bitcoin Quantum Core (testnet Q4 2025, mainnet Q2 2026), Naoris Protocol (L1 mainnet since April 1, 2026).
What Happens After Q‑day If Nothing Changes?
When a quantum computer finally appears:
- Theft of vulnerable coins – attackers could steal millions of BTC from P2PK addresses and reused addresses.
- Massive dump of stolen coins would crash the market and undermine trust in cryptocurrencies as a store of value.
- Deanonymisation – the entire transaction history could be decrypted, revealing user identities.
- Regulatory prohibition – S&P Global Ratings and other regulators could ban institutional use of blockchains that have not migrated to PQC.
Glossary
| Term | Definition |
|---|---|
| Qubit (quantum bit) | Basic unit of quantum information; can be in superposition of 0 and 1 simultaneously. |
| Superposition | Ability of a quantum system to exist in multiple states at once. |
| Quantum entanglement | Correlation between two qubits where changing one instantly affects the other, regardless of distance. |
| Interference | Quantum effect that amplifies correct computational paths and cancels incorrect ones. |
| Shor’s algorithm | Quantum algorithm for integer factorisation and discrete logarithms – breaks ECDSA and RSA. |
| Q‑day | Hypothetical day when a quantum computer can break modern cryptography (RSA, ECDSA). |
| Quantum advantage | Point where a quantum computer outperforms classical supercomputers on a practical task. |
| Physical vs logical qubits | Physical – real qubits in a system. Logical – “corrected” qubits via error correction (require 100–1,000 physical per logical). |
| NIST | National Institute of Standards and Technology (USA). The primary authority approving post‑quantum algorithms. |
| PQC (Post‑Quantum Cryptography) | Algorithms resistant to quantum computer attacks. |
| Harvest now, decrypt later | Strategy of storing vulnerable public keys today for decryption after a quantum computer exists. |
| CRQC | Cryptographically Relevant Quantum Computer – a quantum computer capable of breaking modern cryptography at a practical scale. |
Summary
A quantum computer is not a replacement for classical computers – it is a specialised tool for certain problem classes. Its power comes from parallel processing via superposition and entanglement. In 2026, the technology has reached commercial deployment with systems up to 1,225 qubits.
The main threat to cryptocurrencies is Shor’s algorithm. Required qubit estimates have dropped five orders of magnitude in 20 years: today, breaking ECC‑256 may require only ~10,000–26,000 physical qubits (neutral atoms) or <500,000 (superconducting). Google Quantum AI’s March 30, 2026 whitepaper and Oratomic/Caltech research showed that cracking is possible in 9 minutes (fast‑clock) or ~10 days (slow‑clock). Around 6.9 million BTC ($600+ billion) on addresses with already exposed public keys are at risk.
The window for migrating to post‑quantum cryptography is shrinking rapidly. The threat is moving from theoretical to practical, and the crypto industry will have to respond – either through hard forks and migration of legacy blockchains, or through platforms that are already built on NIST‑approved PQC algorithms.
Top comments (0)