Google says 1,200 qubits could break Ethereum accounts

Google revised its estimate to about 1,200 logical qubits to break Ethereum accounts, a 20-fold cut. Ethereum Foundation formed a Post‑Quantum Security team and targets 2029 readiness.

Google published a paper in March 2026 that reduced its estimate of the quantum hardware needed to derive Ethereum private keys from exposed public keys to roughly 1,200 logical qubits, about 20 times fewer than earlier estimates. Google set an internal deadline of 2029 to migrate its own systems after concluding the revised figure was credible. The Ethereum Foundation set a similar public target for full protocol readiness by 2029 and created a dedicated Post‑Quantum Security team in January 2026, led by Thomas Coratger.

The risk stems from Ethereum’s use of the elliptic curve digital signature algorithm (ECDSA). When an account sends a transaction, its public key appears on‑chain. A large enough quantum computer running algorithms such as Shor’s could derive the corresponding private key and move funds. Current quantum hardware cannot perform that attack, but an estimate of about 1,200 logical qubits places the threat within engineering planning horizons. Earlier work had put the requirement at tens of thousands of logical qubits.

The Foundation is publishing its work at pq.ethereum.org and has launched initiatives to support migration. It announced the Poseidon Prize, a $1 million award for research on hash‑based cryptographic primitives. The protocol change EIP‑8141, which would introduce native account abstraction so accounts can choose quantum‑resistant signature schemes, is under consideration for the Hegotá hard fork planned for the second half of 2026.

A Foundation privacy project, Kohaku, provides tools for users to deploy quantum‑resistant smart accounts without a hard fork. Kohaku lead Nico posted that account protection can be implemented today at low cost, and that a quantum‑resistant smart account can be deployed on Layer 1 testnet for about $0.07. “Ethereum can begin preparing accounts for the post‑quantum era today for roughly $0.07,” the post said.

The exposure affects more than simple wallets. About 0.1% of Ethereum’s dormant funds are in accounts that have already revealed public keys and are technically vulnerable now. Validator signatures, data availability commitments and the cryptography used in many rollups and zero‑knowledge proofs also rely on mathematical assumptions that could be weakened by future quantum hardware.

Other major blockchains that use ECDSA, including Bitcoin and Solana, have not publicly announced comparable dedicated post‑quantum teams or roadmaps. Engineers face two main tasks: building quantum hardware with enough logical qubits and designing migration paths that protect funds during and after any upgrade. Ethereum’s public timeline and Google’s internal plan both use 2029 as an approximate readiness goal.

Post‑quantum cryptography offers alternative algorithms designed to resist quantum attacks; several standards were finalized by NIST in 2024 and Ethereum’s work builds on those selections.

Articles by this author