New breakthrough results for quantum attack resource estimates against 256-bit elliptic curves: most ECC-based applications including ECDSA and Bitcoin could be at risk way sooner than expected:

https://research.google/blog/safeguarding-cryptocurrency-by-disclosing-quantum-vulnerabilities-responsibly/

We estimate that these circuits can be executed on a superconducting qubit CRQC with fewer than 500,000 physical qubits in a few minutes [...] This is an approximately 20-fold reduction in the number of physical qubits required to solve ECDLP-256"

Interestingly, Google and friends did not release the blueprint for the attack circuit. In the name of "responsible disclosure", they only provided a zero-knowledge proof (ZKP) proving that the circuit works. This is, I think , a first in the realm of cryptanalysis disclosure.

The statement that our ZK proof demonstrates is the following: we possess a classical reversible circuit of a specified size which on most inputs correctly computes point addition on the elliptic curve secp256k. This is the primary bottleneck in Shor’s quantum algorithm

I have been saying this since the 2010s: quantum cryptanalysis is one of those non-linear technology progresses that will take everyone by surprise when it arrives. Qubits quality and numbers go up, error-correction and attacks improve, investments scale up accordingly. It's a perfect storm of compound factors. Folks didn't listen, now time is ticking.

#quantum #quantumcomputing #cryptography #security #cybersecurity #infosec #google #bitcoin #blockchain #ethereum #zkp #zeroknowledge