When Google unveiled its Willow quantum chip in December 2024, the crypto industry’s reaction was that the threat of quantum computing was still far off.
Bitcoin uses SHA-256 for mining and ECDSA for signatures, both theoretically vulnerable to quantum decryption, but the consensus was that the threat was decades away. Breaking the encryption would require millions of physical qubits (a unit of information in quantum systems). Willow had just 105.
Sixteen months later that story has changed a bit, and Google isn’t ruling anything out.
The company announced this week that it is setting a 2029 deadline for moving its authentication services to post-quantum cryptography, citing advances in quantum hardware, error correction and factoring resource estimates.
Google’s security engineering team wrote that quantum computers “will pose a significant threat to current cryptographic standards, and encryption and digital signatures in particular,” and that the threat to digital signatures in particular “requires a transition to PQC before cryptographically relevant quantum computers can be deployed.”
These risks are not theoretical. The Android 17 mobile operating system is already integrating post-quantum digital signature security. Chrome already supports post-quantum key exchange. Google Cloud provides post-quantum solutions to enterprise customers.
Here’s why it matters
Classical computers process information as bits, each bit being either a 0 or a 1, and solve problems by examining possibilities one at a time. Quantum computers use qubits that can simultaneously exist as both 0 and 1, a property called superposition, which lets them explore large numbers of possibilities in parallel.
For most everyday tasks, the gain is negligible. But for specific problems like the factorization of large primes that underlie modern encryption, a sufficiently powerful quantum computer can solve in minutes what a classical machine would take longer than the age of the universe.
Bitcoin uses ECDSA (Elliptic Curve Digital Signature Algorithm) to sign transactions, which is a class of cryptography that Google has flagged as requiring migration before quantum computers arrive.
A sufficiently powerful quantum computer running Shor’s algorithm can derive the private key from the public key, allowing an attacker to spend any Bitcoin whose public key is exposed on the blockchain.
Shorse is a quantum computing method that can crack passwords and the mathematics that protect wallets faster than ordinary computers.
When CoinDesk wrote about Willow in December 2024, the math was convincing. Chris Osborne, founder of the Solana ecosystem project Dialect, put it clearly at the time: Running Shor’s algorithm against current encryption requires about 5,000 logical qubits, and each logical qubit requires thousands of physical qubits for error correction.
This meant millions of physical qubits compared to Willow’s 105. This difference seemed huge.
What has changed is not the qubit count. This is the error correction trajectory and institutional response. Google went from demonstrating “below threshold” error correction, meaning they could turn noisy physical qubits into usable logical ones for the first time, to setting a corporate migration deadline of 16 months.
When a company making quantum computers urges developers to migrate by 2029, it’s a sign that the gap is closing faster than the public timeline suggests.
Ethereum co-founder Vitalik Buterin was already calling for urgency in October 2024, a month before the Willow announcement.
“Even quantum computing experts like Scott Aaronson have only recently begun to take more seriously the possibility of quantum computers actually working in the medium term,” Buterin wrote at the time.
“This has consequences for the entire Ethereum roadmap: it means that every piece of the Ethereum protocol that currently relies on elliptic curves will need some hash-based or otherwise quantum-resistant replacement.”
How Ethereum and Bitcoin developers are reacting
The contrast couldn’t be more stark than how the two largest blockchain networks are reacting.
The Ethereum Foundation treated this as a directive and built accordingly. Eight years of work, now visible in a public roadmap with weekly shipping devnets and fork-level specs.
Bitcoin’s governance model makes this type of coordinated response structurally difficult. There is no Ethereum Foundation equivalent to fund and direct a multi-year engineering effort.
Protocol changes require broad consensus among the decentralized developer community that has historically moved slowly and deliberately, a convenience for stability but a liability when facing deadlines.
Bitcoin’s last major cryptographic upgrade, Taproot, was discussed for several years before its activation in 2021.
Ethereum this week launched pq.ewhereum.org, a dedicated hub for the post-quantum security effort that has been running since 2018. The Ethereum Foundation’s post-quantum team, cryptography team, protocol architecture team, and protocol coordination team have spent eight years working toward a migration that touches every layer of the protocol.
More than 10 customer teams are shipping weekly DevNets using what the Foundation calls PQ Interop. The roadmap maps out specific milestones across the four upcoming hard forks, from a post-quantum key registry to full PQ consensus.
Bitcoin, on the other hand, has no equivalent efforts. No coordinated roadmap. No multi-team engineering programs. No fork, no milestone.
Nick Carter, one of Bitcoin’s most prominent proponents and co-founder of crypto fund Castle Island Ventures, said the quiet part out loud this week.
“Elliptic curve cryptography is on the verge of obsolescence,” he wrote on X.
Carter directly compared the two approaches. Ethereum’s approach, he said, was “best in class”, describing how the network “come together to announce a specific, detailed PQ roadmap to 2029, set it as the highest strategic priority, tie PQ into the ongoing roadmap, detailed FAQs, no fear, just action.”
Bitcoin’s outlook was “worst in class,” Carter said. He said a group is currently working on a quantum-related proposal that “has received zero buy-in from top developers”, with developers pointing to isolated pieces of research as evidence of progress, while “there is no coherent strategy, no roadmap.”
“Everyone knows I’m a Bitcoiner and would like Bitcoin to win,” Carter said. “I am not saying this to hurt sentiments. I am saying this to inspire action.”
However, the urgency is not universally shared.
Firms such as CoinShares argue that fears of an impending quantum threat to Bitcoin are exaggerated, and they estimate that only 10,200 BTC is concentrated enough in vulnerable legacy address types that the theft could cause “considerable market disruption.”
The remaining exposed supply, about 1.6 million BTC in old pay-to-public-key addresses, is scattered across more than 32,000 different wallets at an average of 50 BTC each, making it slow and unprofitable to crack them individually, CoinDesk reported at the time.
But the question is not whether quantum computing will ultimately threaten blockchain cryptography. Google, the Ethereum Foundation, NIST, and now prominent Bitcoin supporters all agree that it will.
The question is whether three years is enough time to transition to a global, decentralized protocol with no central authority to set deadlines, no coordinated engineering team to execute them, and a culture that treats urgency with skepticism.
Ethereum’s answer is that eight years of preparation have put it in a position to execute the migration to four hard forks. Google’s answer is that 2029 is the deadline, and migration is already underway in its products.
Bitcoin’s answer, so far, has been silence. And as Carter warned, “if this silence continues ETHBTC will begin to reflect differences in priority setting”.