Mentatcurated
Search /
‹ Stream
Quantum Computing high · first-party

The 9-minute window

When you spend Bitcoin, the transaction broadcasts your public key to the network for about nine minutes before it confirms — long enough, this paper argues, for a future quantum computer to derive your private key and steal the coins mid-transaction.

paper Google Quantum AI, Stanford & the Ethereum Foundation · 2 min read

The standard quantum worry about cryptography is patient: an adversary records encrypted traffic now and decrypts it years later, once the hardware arrives. This paper, from Google's quantum group with Stanford cryptographer Dan Boneh and the Ethereum Foundation's Justin Drake, describes a faster theft. The moment you broadcast a Bitcoin transaction, it sits unconfirmed in the public queue with your public key attached. A fast enough quantum computer wouldn't need to store anything — it would read the key, compute the matching private key, and rush a competing transaction that sends your coins to itself into the same block. The authors put the odds of winning that race at roughly two in five.

The threat isn't that someone decrypts your past — it's that they out-race your present.

The resource estimate underneath it is the part the field has been watching collapse. Cracking the elliptic-curve math that guards Bitcoin and Ethereum would take fewer than 1,200 logical qubits and, on the right superconducting hardware, under half a million physical ones, running in minutes — about a twentieth of what earlier estimates demanded. It's the third paper in a few months to cut the bill for an attack like this, and the first aimed squarely at cryptocurrency rather than older encryption standards.

The catch is the same one the headlines keep dropping: no such machine exists. The largest quantum computers today hold a few thousand qubits, none of them error-corrected to the standard the estimate assumes, and only fast-clock designs could win the nine-minute race at all — the slower neutral-atom and ion-trap machines couldn't, at any qubit count. The exposure is also narrower than 'all of Bitcoin': only coins whose public key is already visible — reused addresses, in-flight transactions, the oldest dormant wallets — are reachable. Which is why the paper's strangest passage is a policy proposal: a framework for quietly recovering or destroying long-abandoned, quantum-vulnerable coins before someone with the machine seizes them first.

The lenses

Novelty 3
Impact · breadth 3
Impact · depth 3
Actionable 1
Substance 5
Hype 4

The facts

Resource estimateUnder 500,000 physical qubits, running in minutes — roughly 20x lower than prior estimates
Reality gapThe largest quantum computers today hold a few thousand qubits, none error-corrected to the assumed standard
What's actually exposedOnly coins with a visible public key — reused addresses, unconfirmed transactions, oldest wallets — not all holdings

Concepts

Quantum computingPost-quantum cryptographyNeutral-atom qubits
Open arxiv.org →

More in Quantum Computing

paper
The TSMC of quantum
IBM + U.S. Department of Commerce
 paper
The qubit count just collapsed
Caltech + Oratomic (Cain, Bluvstein, Preskill et al.)
 paper
The qubit drop that mostly isn't
Iceberg Quantum (Webster et al.)

How this connects

Tap a node to open it

The 9-minute windowQuantum ComputingGoogle Quantum AIQuantum computingPost-quantum cryptographyNeutral-atom qubitsArtificial IntelligenceGoogle ResearchAlphabetIBMThe qubit count just collapsedMicrosoftAnderonThe qubit drop that mostly isn'tIceberg QuantumThe TSMC of quantumOratomic