In a significant development for quantum computing and cryptocurrency security, Justin Drake, Ethereum Foundation researcher and co-author of a landmark Google Quantum AI paper, has highlighted rapid advances in Shor’s algorithm optimizations targeting elliptic curve cryptography (ECC), specifically Bitcoin and Ethereum’s secp256k1 curve.
Drake’s detailed thread, published today, builds on the March 31, 2026, Google Quantum AI whitepaper, which demonstrated roughly a 10x improvement in resource estimates for solving the Elliptic Curve Discrete Logarithm Problem (ECDLP) on secp256k1. The paper estimated circuits requiring around 1,200–1,450 logical qubits and 70–90 million Toffoli gates.
Censorship, Rediscovery, and Open Challenges
A notable aspect of the Google paper was its use of a zero-knowledge (ZK) proof to disclose the existence of optimizations without revealing the full circuit details. This approach, reportedly involving U.S. government engagement, aimed at responsible disclosure but has sparked debate about academic transparency.
The “Streisand effect” appears to be in play. French quantum expert André Schrottenloher today published a paper on arXiv titled “Optimized Point Addition Circuits for Elliptic Curve Discrete Logarithms,” independently rediscovering key optimizations and achieving comparable or slightly improved Toffoli gate counts for secp256k1, with a minor increase in qubits.
Additionally, Craig Gidney (a Google researcher and Shor optimization expert) revealed he had identified similar improvements earlier but faced censorship constraints.
An open “Shor-at-home” challenge at ecdsa.fail has already yielded further gains, with an 8.4% improvement over Google’s circuit (measured by logical qubit count × Toffoli gate count) as of Drake’s post. The initiative leverages the ZK verifier and has attracted contributions from experts and amateurs alike, including AI-driven “autoresearch” efforts by non-experts and even a teenager.
Neutral Atoms and Revised Q-Day Timelines
Compounding the news, a coordinated release from startup Oratomic claimed that, combining logical optimizations with neutral-atom quantum hardware specifics, as few as 10,000 physical qubits could suffice for attacking secp256k1. Drake, after extensive research into neutral atoms, described the technology as “very real,” noting Google’s recent pivot to establish a neutral atom lab.
Drake updated his personal estimates for “Q-Day” (when a quantum computer could break production cryptography): 10% probability by 2030 and 50% by 2032. He contrasted this with the U.S. government’s 2035 timeline (adopted by NIST/NSA for phasing out vulnerable crypto), calling it outdated and likely to be accelerated.
Both Google and Oratomic papers notably avoided explicit Q-Day timelines.
Post-Quantum Migration: Ethereum’s Proactive Stance
Drake emphasized urgency without panic. He advocated for a 2029 migration target—aligned with Google, Cloudflare, and the Ethereum Foundation—and detailed Ethereum’s ongoing efforts to replace vulnerable primitives (BLS, KZG, ECDSA) with hash-based cryptography via leanVM, a minimal zkVM designed for formal verification.
He highlighted two $1M incentive programs: the Proximity Prize for coding theory breakthroughs and the Poseidon Initiative for attacking the SNARK-friendly hash function.
Bitcoin’s post-quantum roadmap was not addressed in the thread.
Context and Implications
These developments underscore the accelerating pace of quantum cryptanalysis. While no quantum computer today can execute these attacks at scale, the gap is narrowing faster than many expected. Experts stress the importance of measured, secure transitions to post-quantum cryptography (PQC) to avoid introducing new vulnerabilities.
Also Read: How the Top Blockchains Are Racing to Survive Q-Day
