Google Says Bitcoin's Encryption Could Be Cracked. The Fix Isn't Simple When Nobody's in Charge.

Tick ... Tick ... Tick ...

Is it 2034 already? No. But should we be behaving like it is? That depends on how you feel about quantum computing, and 2034 is one of a range of dates being floated for when it could start mattering to crypto wallets.

Google recently released a paper titled "Securing Elliptic Curve Cryptocurrencies against Quantum Vulnerabilities" (arXiv, March 2026). It caused a lesser-known token to jump, Crypto Twitter to celebrate, and the rest of us mild dread. The paper assessed Bitcoin and Ethereum's elliptic curve cryptography as vulnerable to advancing quantum computers. Neither chain was commended for its current level of preparation.

One blockchain was recognized: Algorand. One of the only public chains to have deployed NIST-certified post-quantum signatures on its live mainnet. Google cited it 32 times as the model for how a blockchain should prepare. Teacher's pet territory, no apple required.

Google has said it wants its own systems quantum-safe by 2029 (CyberScoop, 2025). That's three years away. The difference between Google and Bitcoin is that Google has a management structure that can mandate a migration. Bitcoin does not. That gap is the real story.

What Elliptic Curve Cryptography Actually Is

Let's back up a level, because the specifics matter here.

Bitcoin and Ethereum use Elliptic Curve Cryptography, specifically a curve called secp256k1, to generate the public-private key pairs that secure every wallet. Your private key is a very large number. Your public key is derived from it using elliptic curve math. Your wallet address is derived from your public key. The whole thing is a one-way function: trivially easy to go from private key to public key, computationally impossible (for classical computers) to go in reverse.

The security assumption underpinning all of this is the difficulty of computing elliptic curve discrete logarithms. In plain language: given a point on the curve that's derived from your private key, there's no efficient classical algorithm to work backwards and find the original private key. The math is hard in a way that scales well with key size: 256-bit ECC provides security roughly equivalent to 3,072-bit RSA, which is why it became the cryptographic standard for Bitcoin, Ethereum, TLS, and most of the modern internet.

Quantum computers change the hardness assumption.

What Shor's Algorithm Actually Does

In 1994, before there was a single quantum computer capable of running it, mathematician Peter Shor published an algorithm that could factor large numbers exponentially faster on a quantum computer than any classical algorithm.

That matters because ECC security rests on a related mathematical problem. A quantum computer running Shor's algorithm could, in principle, derive a private key from a public key. Which means it could forge a valid transaction signature. Which means it could drain any wallet whose public key it could observe.

The practical constraint today is that running Shor's algorithm against 256-bit ECC would require a quantum computer with millions of stable, error-corrected logical qubits. Current state-of-the-art quantum processors are in the low thousands of physical qubits, with error rates that make sustained complex computation unreliable. We are not there yet. We are not close to being there yet.

But "not close yet" and "not worth preparing for" are different things, especially when the preparation timeline for a decentralized network is measured in years, not weeks.

The Timeline Question: Why It's Slippery

"Quantum Day 0" (sometimes called Y2Q) is the moment a quantum computer becomes powerful enough to break real-world cryptographic standards. Estimates vary widely: academic consensus puts a machine capable of breaking 256-bit ECC somewhere between 2030 and 2040. Anyone citing a precise date with high confidence is probably oversimplifying.

What's not uncertain is the preparation timeline. Migrating Bitcoin or Ethereum to post-quantum standards requires changes affecting every wallet, node, exchange, hardware wallet manufacturer, and custodian in the ecosystem. The last comparable effort, SegWit, took two years of contentious debate before activating in 2017. Post-quantum migration is orders of magnitude more complex.

If the quantum timeline is 2034, meaningful protocol work needs to start well before 2030. Which means the conversation has to become serious now.

FALCON, Algorand, and What Post-Quantum Actually Means

FALCON is a lattice-based digital signature scheme. Lattice problems are a different class of mathematical hard problems from the ones that Shor's algorithm attacks. They're believed to be hard even for quantum computers, which is why NIST, after a six-year evaluation process, selected FALCON as a post-quantum cryptographic standard in 2022 (NIST, July 2022).

Lattice-based cryptography works by embedding security in high-dimensional geometric structures where finding the shortest vector is computationally intractable. It's a different mathematical foundation from the discrete logarithm problem, and Shor's algorithm doesn't apply to it.

Algorand integrating FALCON signatures on its live mainnet means that transactions on Algorand can already use quantum-resistant cryptographic signatures (though Algorand's consensus mechanism still relies on classical Ed25519 signatures for now). That's not a test, not a proposal. It's running in production. Google's paper citing Algorand 32 times reflects genuine technical acknowledgment that Algorand is ahead of the curve here. For a blockchain that most people outside the ecosystem have never heard of, that's a significant moment.

Bitcoin and Ethereum, for all their market cap dominance, are nowhere near this point.

The Governance Problem: Why You Can't Just Patch Bitcoin

Here's where it gets genuinely complicated, and where the comparison to Google's 2029 post-quantum target breaks down.

Google can set a migration deadline and enforce it. Google has a leadership structure, engineering teams, and the ability to mandate software updates across its infrastructure. When Google says it will be quantum-safe by 2029, that's a project with an owner.

Bitcoin has no such owner. Ethereum has a more active development community but still operates on rough consensus. The CFTC chair's framing of blockchain as critical internet infrastructure is relevant here: essential infrastructure that nobody controls is a governance problem as much as a technical one. Protocol changes require miners (Bitcoin) or validators (Ethereum) to run updated software, node operators to upgrade, wallets and exchanges to adapt. Even changes with near-universal support can take years to activate.

The Bitcoin upgrade process specifically requires something close to a supermajority of economic consensus: miners, nodes, businesses. Contentious changes can fork the chain or simply fail to activate. SegWit is the benchmark case: proposed in 2015, activated in August 2017, with significant political drama in between.

Post-quantum migration would be far more contentious. It touches the fundamental cryptographic assumptions of the protocol. It would require wallets to adopt new key formats. It raises deep questions about backward compatibility with existing addresses.

The Sleeping Coin Problem

Some BTC has been untouched for a decade or more. Satoshi-era wallets, lost wallets, early adopter addresses. The public keys for many of these are visible on-chain, because spending from P2PK outputs exposes the public key directly.

If a quantum computer can derive private keys from public keys, those dormant wallets become targets. The cleanest technical response, freezing old UTXOs after a cutoff date, is politically explosive. It amounts to confiscating coins from owners who may have simply lost access, died, or chosen to hold long-term.

There's no clean answer. And the Bitcoin community hasn't agreed on the framing of the problem, let alone the solution.

What You Should Actually Do Right Now

For most BTC and ETH holders: not much, yet. The threat is real but it isn't 2026's crisis.

Best practice for new funds is to use newer address formats (native SegWit / bech32 for Bitcoin) and avoid reusing addresses. Your public key isn't exposed on-chain until you spend from an address, so unspent addresses give a quantum attacker nothing to work backwards from.

The signals worth watching: IBM or Google reporting sustained error-corrected computation at 1,000+ logical qubits; NIST or major national security agencies issuing urgent migration guidance; or Bitcoin and Ethereum developer communities formally prioritizing post-quantum proposals. None of those signals have fired yet. But the time to notice is before they become obvious. For a broader look at how DeFi infrastructure handles (and mishandles) governance challenges, the cross-chain bridge story is instructive.