Yesterday, Google Quantum AI published a significant new whitepaper: Securing Elliptic Curve Cryptocurrencies against Quantum Vulnerabilities. Co-authored with researchers from the Ethereum Foundation and Stanford, it offers updated resource estimates for breaking elliptic curve cryptography. Elliptic curve cryptography is the mathematical foundation underlying the digital signatures used by Bitcoin, Ethereum, and virtually every major blockchain today.
This is a rigorous, responsibly disclosed piece of research. Here is what it means for our customers, and where Fireblocks stands.
What Google found and what it actually means
The core finding is this: a cryptographically relevant quantum computer (CRQC) capable of breaking the 256-bit elliptic curve discrete logarithm problem – the math behind secp256k1 signatures used in Bitcoin – requires fewer quantum resources than previously estimated. The paper presents two circuit variants for running Shor’s algorithm against secp256k1: one using ≤ 1,200 logical qubits and ≤ 90 million Toffoli gates, and another using ≤ 1,450 logical qubits and ≤ 70 million Toffoli gates.
Two technical concepts are worth unpacking here: qubits and Toffoli gates.
Logical vs. physical qubits
The distinction between logical and physical qubits matters here. Logical qubits are abstract, error-corrected units that the algorithm operates on. Physical qubits are the real hardware qubits, and because they are noisy and error-prone, it takes many physical qubits working together to reliably encode a single logical one. The exact ratio depends on the hardware architecture and error correction scheme, but it is always substantially greater than one. This is the critical distinction that much of the commentary around this paper misses: when people hear “1,200 qubits to break Bitcoin” and look at today’s quantum processors, which already have 1,000+ physical qubits, they may think we are close. We are not. Those are noisy physical qubits. Translating 1,200 logical qubits into real hardware requires nearly 500,000 physical qubits operating with sustained, fault-tolerant error correction. This is a capability that does not yet exist.
Toffoli gates
The gate count in the paper of 70 to 90 million Toffoli gates is a measure of computational work, not hardware components. A Toffoli gate is a specific three-qubit operation used as a building block in quantum circuits, roughly analogous to a logic gate in classical computing. Running 90 million of them in sequence, with error correction active throughout, requires the kind of sustained, high-fidelity quantum computation that is far beyond what any existing machine can do.
This is an important scientific result. It narrows the gap between where quantum hardware is today and where it needs to be to pose a real threat.
However, context matters. There is no CRQC of this scale today. Current state-of-the-art quantum processors operate in the hundreds to low thousands of physical qubits, with error rates that remain far too high for the kind of sustained, fault-tolerant computation the paper describes. The path from today’s hardware to a machine capable of breaking secp256k1 (the specific elliptic curve used by Bitcoin, Ethereum and other chains for public key cryptography) still requires sustained engineering breakthroughs across qubit quality, error correction, thermal management and scale. These breakthroughs are measured in years, not months.
The paper itself distinguishes between two attack scenarios:
- “At-rest” attacks – targeting exposed public keys on old or reused addresses, where an attacker has extended time to compute a private key. This is the nearer-term risk.
- “On-spend” attacks – intercepting a transaction in the mempool and forging a redirect before it is confirmed. This requires a much faster quantum computer, likely on fast-clock architectures like superconducting qubits, and represents a more distant but more disruptive threat model.
The research is a credible, evidence-backed signal to accelerate preparation. It is not a signal of imminent threat.
What this means for Fireblocks customers today
Your assets are not at immediate risk.
No quantum computer exists today that can break the cryptography protecting blockchain transactions. The work described in this paper is theoretical resource estimation. It is the cryptographic equivalent of calculating how tall a ladder would need to be before one has been built.
That said, we take the direction of travel seriously. The paper confirms what we’ve been tracking internally: the timeline for quantum threats to blockchain might be shortening, and the migration design to post-quantum cryptography (PQC) must begin now. Not because the threat is here, but because migrations at blockchain scale take years.
Our current address types provide meaningful near-term protection.
Fireblocks uses P2WPKH by default for Bitcoin, which hides public keys until the moment of spending. The Google paper explicitly notes that this type of address is resilient to at-rest attacks, since the public key is not exposed until spend time. This is already best practice and it’s our default.
The key hygiene principle that follows: do not reuse addresses. Once an address has been used to spend funds, its public key is on-chain. Continued deposits to that address after a spend remove the hash-based protection. This is not a Fireblocks-specific issue; it’s a fundamental property of Bitcoin but worth reinforcing in the context of quantum risk.
Customers using the Fireblocks Network already benefit from this in practice. Network connections can be configured to generate a fresh deposit address for each incoming transfer, and when addresses rotate, Fireblocks remaps them automatically without requiring counterparties to reshare or reconnect. This is meaningful quantum hygiene available today, built into how the Network works.
This matters most as an interim measure. The real long-term solution is the ecosystem migrating to PQ-safe addresses, accounts, and signatures at the protocol level. Once that happens and funds are migrated before a CRQC exists, the entire class of ‘harvest now, decrypt later’ attacks on those funds is neutralized. While address hygiene reduces exposure, PQ migration eliminates the threat.
What Fireblocks is doing about post-quantum cryptography
We want to be direct about where we are: PQC is a strategic priority, and we are actively building our roadmap and conducting research work. For more information, please see our related blog posts:
- Part 1: Quantum Risk in Crypto – What Institutions Need to Know
- Part 2: How Blockchains Will Evolve for the Quantum Era
We are not waiting for a crisis to act. Here is what that work looks like:
Blockchain-layer readiness
The most fundamental dependency in PQC for institutional custody is what blockchains themselves will adopt. On-chain signature verification is a protocol-level decision. Integrating a PQC signing scheme into our co-signers is only meaningful when the underlying network will accept and verify it. We are closely tracking developments across Bitcoin (including BIP 360 / P2MR), Ethereum, Solana, and other major networks, and engaging directly with their foundations on timelines.
MPC protocol research
Our research team is proactively mapping candidate PQC signature schemes. Not just the NIST-finalized standards (ML-DSA, SLH-DSA, FN-DSA), but also the additional candidates currently in Round 2 of NIST’s Additional Digital Signature Schemes evaluation. Some of these, particularly code-based and multivariate constructions, may be more naturally suited to multi-party computation, which is the architecture that underpins Fireblocks’ co-signer model. Our goal is to have MPC constructions ready when blockchains converge on specific schemes, not to start from scratch at that moment.
Internal cryptographic stack
PQC is not only about blockchain signing. We are auditing our full internal cryptographic infrastructure – certificates, encrypted data at rest, authentication mechanisms, TLS, and third-party integrations – against post-quantum readiness requirements.
Industry engagement
As one of the largest institutional signing infrastructure providers globally, we have operational insight that few others can offer: what key management at scale actually looks like, what signing latency requirements are non-negotiable, and what hardware constraints exist in practice. We are bringing this perspective into ecosystem discussions and standards bodies to help the industry converge on PQC schemes that are not just theoretically sound, but operationally viable.
The honest picture
Post-quantum cryptography for blockchains is a hard, multi-year, ecosystem-wide transition. The difficulty is not primarily technical since PQC algorithms exist and are being standardized. The difficulty is coordination: every wallet, every protocol, every infrastructure provider, and every user will need to migrate in a sequence that doesn’t break the network or strand assets.
Google’s paper is a useful, credible contribution to that coordination process. It sharpens the urgency. It also, importantly, avoids catastrophism by explicitly noting areas where cryptocurrencies are resilient. For instance, Bitcoin’s proof-of-work is immune to quantum attacks via Grover’s algorithm. It also highlights successful PQC migration examples elsewhere.
We share that measured view. The quantum threat to blockchain is real and advancing. It is also manageable if the entire ecosystem (infrastructure providers, protocol teams, wallet providers, and institutions alike) acts with appropriate urgency and coordination.
Fireblocks is committed to leading that work for our customers. We will be sharing a full PQC strategy document later this year covering the complete scope of our readiness roadmap.
Contact our team to learn more.
