The crypto industry’s response was that a quantum computing threat was still far away when Google unveiled its Willow quantum chip in December 2024.
Bitcoin uses SHA-256 for mining and ECDSA for signatures, both of which are theoretically vulnerable to quantum decryption, but the consensus was that the threat would last for decades. Breaking the encryption requires millions of physical qubits (an information unit in quantum systems). Willow only had 105.
That story has changed marginally 16 months later, and Google isn’t rejecting anything.
The company announced this week that it is setting a 2029 deadline to migrate its authentication services to post-quantum cryptography, citing advances in quantum hardware, error correction and resource estimation factoring.
Google’s security team wrote that quantum computers “will pose a significant threat to current cryptographic standards, and specifically to encryption and digital signatures,” and that the threat to digital signatures specifically “will require the transition to PQC prior to a cryptographically relevant quantum computer.”
These risks are not theoretical. The Android 17 mobile operating system already integrates post-quantum digital signature protection. Chrome already supports post-quantum key exchange. Google Cloud offers post-quantum solutions to enterprise customers.
This is why it matters
Classical computers process information as bits, each a 0 or a 1, and solve problems by checking the possibilities one by one. Quantum computers use qubits that can exist as 0 and 1 simultaneously, a property called superposition, which allows them to explore large numbers of possibilities in parallel.
For most everyday tasks, the benefit is negligible. But for specific problems, such as factoring the large prime numbers that underlie modern encryption, a sufficiently powerful quantum computer could solve in minutes what would take a classical machine longer than the age of the universe.
Bitcoin uses ECDSA (Elliptic Curve Digital Signature Algorithm) to sign transactions, which is exactly the category of cryptography that Google has identified as requiring migration before a quantum computer arrives that can break it.
A sufficiently powerful quantum computer running Shor’s algorithm could derive private keys from public keys, allowing an attacker to spend any bitcoin whose public key has been released on the blockchain.
Shor’s is a quantum computing method that can crack the math that protects passwords and wallets exponentially faster than normal computers.
When CoinDesk wrote about Willow in December 2024, the math was reassuring. Chris Osborn, founder of the Solana ecosystem project Dialect, explained it clearly at the time: Roughly 5,000 logical qubits are needed to run Shor’s algorithm against current encryption, and each logical qubit requires thousands of physical qubits for error correction.
That meant millions of physical qubits, compared to Willow’s 105. The gap seemed enormous.
What has changed is not the number of qubits. It is the error correction process and the institutional response. Google went from demonstrating subthreshold error correction, meaning they could turn noisy physical qubits into usable logical qubits for the first time, to setting a corporate migration deadline of sixteen months.
When the company building the quantum computers urges developers to migrate by 2029, it’s a signal that the gap is closing faster than the public timeline suggests.
Ethereum co-founder Vitalik Buterin already called for urgency in October 2024, a month before Willow’s announcement.
“Quantum computing experts like Scott Aaronson have also recently begun to take much more seriously the possibility that quantum computers will actually work in the medium term,” Buterin wrote at the time.
“This has implications for Ethereum’s entire roadmap: it means that every part of the Ethereum protocol that currently relies on elliptic curves will need a hash-based or otherwise quantum-resistant replacement.”
How Ethereum and Bitcoin Developers Respond
The contrast with the way the two largest blockchain networks respond could not be greater.
The Ethereum Foundation took that as a guideline and built accordingly. Eight years of work, now visible in weekly shipping developments and a public roadmap with fork-level specificity.
Bitcoin’s governance model makes these types of coordinated responses structurally more difficult. There is no Ethereum Foundation that can fund and drive a multi-year technical effort.
Protocol changes require broad consensus among a decentralized developer community that has historically moved slowly and deliberately, a hallmark of stability but a risk when faced with a deadline.
Bitcoin’s last major cryptographic upgrade, Taproot, took years of discussion before being activated in 2021.
Ethereum this week launched pq.ethereum.org, a dedicated hub for its post-quantum security efforts that have been underway since 2018. The Ethereum Foundation’s post-quantum team, cryptography team, protocol architecture team, and protocol coordination team have spent eight years building a migration that touches every layer of the protocol.
More than ten client teams ship weekly development projects through what the foundation calls PQ Interop. The roadmap maps out specific milestones for four upcoming hard forks, from post-quantum key registration to full PQ consensus.
Bitcoin, on the other hand, has no equivalent effort. No coordinated road map. No multi-team engineering program. No fork milestones.
Nic Carter, one of Bitcoin’s most prominent proponents and co-founder of crypto fund Castle Island Ventures, said the quiet part out loud this week.
“Elliptic curve cryptography is on the brink of obsolescence,” he wrote on
Carter directly contrasted the two approaches. Ethereum’s approach, he said, was “best in class,” describing how the network “comes together and announces a specific, detailed PQ roadmap by 2029, sets it as a top strategic priority, merges PQ into an ongoing roadmap, detailed FAQs, no fear, just action.”
Bitcoin’s approach was “the worst in the class,” according to Carter. He noted that there is one group currently working on a quantum-related proposal that has received “no buy-in from top developers,” with developers pointing to isolated pieces of research as evidence of progress while having “no coherent strategy, no roadmap.”
“Everyone knows I’m a bitcoiner and would like to see bitcoin win,” Carter added. ‘I’m not saying this to hurt feelings. I say this to inspire action.”
However, the urgency is not universally shared.
Companies like CoinShares claim that fears of an impending quantum threat to Bitcoin are overblown, estimating that only about 10,200 $BTC is sufficiently concentrated in vulnerable legacy address types that its theft could cause ‘significant market disruption’.
The remaining exposed supply is approximately 1.6 million $BTC in legacy Pay-to-Public-Key addresses, is spread across more than 32,000 separate wallets, with an average of about 50 $BTC each, making them slow and unprofitable to crack individually, as CoinDesk reported at the time.
But the question is not whether quantum computing will ultimately threaten blockchain cryptography. Google, the Ethereum Foundation, NIST, and now prominent Bitcoin proponents all agree that this will be the case.
The question is whether three years is enough time to migrate a global, decentralized protocol that has no central authority to set deadlines, no coordinated technical team to implement them, and a culture that treats urgency with suspicion.
Ethereum’s answer is that eight years of preparation allowed it to perform the migration across four hard forks. Google’s response is that 2029 is the deadline and migration for its products is already underway.
Bitcoin’s answer so far has been silence. And as Carter warned, “ETHBTC will start to reflect the difference in priorities” if that silence continues.