Quantum Day may come earlier, by 2030.

Written by: Justin Drake, Ethereum Foundation researcher

Translated by: Chopper, Foresight News

On March 31, Google's quantum artificial intelligence team published a milestone achievement regarding Shor's elliptic curve cryptographic algorithm. From a technical perspective, this paper marks a significant breakthrough: the algorithm's efficiency has been improved by a full 10 times compared to the previous best solutions. The team optimized the calculations using the secp256k1 elliptic curve, which underpins the bitcoin and ethereum signature systems, serving not only as a technical demonstration but also as a wake-up call for the blockchain industry.

However, the most intriguing aspect of this paper lies not in the technology itself, but in the industry rules. The research team did not follow the conventional academic process for publicizing papers; they kept the core optimization details confidential and used zero-knowledge proofs (ZK) to certify that the optimization was valid without disclosing any technical details. Google's related blog mentioned that coordination with U.S. government agencies took place during the project. This use of zero-knowledge proofs for academic content control is unprecedented in global academic history.

As one of the co-authors of this paper, I have witnessed the circumstances surrounding this limited release of information. To be frank, many details of this situation are hard for me to agree with. I have always believed that the public should be informed about relevant information, but due to objective limitations, I am unable to disclose any insider details. However, one point must be made clear: the Google team has been professional and rigorous throughout, deserving of recognition and praise.

Deliberately controlling information often backfires, and now the "Streisand Effect" (the more deliberately one tries to conceal something, the more it attracts attention) is in full swing: the core optimization algorithm that Google kept confidential has already been replicated by French researchers. Even more unexpectedly, a nationwide collaborative open-source challenge to crack Shor's algorithm has officially launched, with the website ecdsa.fail setting a new world record for Shor’s algorithm optimization just hours after going live.

Algorithm independently replicated, nationwide open-source challenges flourishing

Just two months after the publication of Google's paper, French quantum expert André Schrottenloher became the first to decipher this core optimization logic, with a paper titled "Optimized Point Addition Circuits for Elliptic Curve Discrete Logarithms" officially published today on the preprint site arXiv. Congratulations to André for being the first among a number of top scholars researching this topic. Also publishing today, Craig Gidney, an authority in Shor algorithm optimization, revealed that due to confidentiality requirements, he has held this optimization idea for a full year but has been unable to publish it.

Although André's research replicates the main framework, it does not cover some subtle optimization spaces found in Google’s original version and subsequent iterations; thus, there remains significant optimization potential within Shor's algorithm, which is precisely the reason for the creation of the ecdsa.fail challenge. The validation program originally used for zero-knowledge proof verification has been repurposed to automatically filter valid optimization solutions. Currently, global developers continue to submit detailed improvements, using the product of the number of logical qubits and Toffoli gate count as a measurement standard, resulting in an 8.4% efficiency improvement in the overall circuit compared to Google’s original version.

The participants in this exciting flurry of research far exceed industry expectations and include more than just top scholars. In recent weeks, many amateurs have been inspired to emulate the self-directed research approach advocated by Karpathy (a leading AI scientist and founding member of OpenAI), leveraging artificial intelligence to iteratively optimize Shor's algorithm. Interestingly, the validation program originally created for ZK proofs just happens to serve as the standard for rewarding AI iterations. This new research model has a very low threshold, with numerous non-experts, even teenagers, contributing high-quality optimization proposals.

Neutral atom quantum technology enters the scene, industry predicts Quantum Day (Q-Day) may arrive before 2032

The story does not stop with Google. On the same day that Google released its paper, the privacy startup Oratomic published its own research paper related to Shor's algorithm, which quickly topped the most popular list on the academic rating site scirate.com.

Oratomic's conclusions are quite astonishing: based on Google’s logical layer optimization and combining it with their proprietary neutral atom physical architecture optimization, only 10,000 physical qubits are needed to run Shor's algorithm and crack the secp256k1 encryption, a figure low enough to disrupt industry perceptions.

When I first encountered Oratomic's paper, I knew nothing about neutral atom technology and invested hundreds of hours in deep research, exploring educational videos online and interviewing several industry experts. The final conclusion is that neutral atom quantum technology is genuinely feasible and implementable; Google’s recent establishment of a neutral atom quantum laboratory, shifting from its previous exclusive focus on superconducting quantum routes, is the best evidence of this. If you are concerned about the key date for quantum decryption, Q-Day (when quantum computers can break commercial encryption), the neutral atom route cannot be overlooked.

Interestingly, both Google's and Oratomic's heavyweight papers completely avoid addressing the actual impact of their research results on Q-Day, with no predictions of timeframes whatsoever. However, the core significance of white-hat cryptanalysis is to assess the quantum decryption timeline and help the industry prepare in advance; this silence is particularly unusual.

Referring to Scott Aaronson's thoughts from April 29, combined with the publicly available information and undisclosed classified intelligence I have, I make the estimation: the probability of Q-Day arriving before 2032 is 50%, and the probability of it occurring before 2030 is 10%.

In contrast, the official U.S. position led by the National Security Agency, along with the National Institute of Standards and Technology (NIST), cites the official timeframe as 2035, by which time U.S. government agencies will be prohibited from continuing to use encryption systems vulnerable to quantum attacks. Looking back, this estimate is severely disconnected from the pace of technological development, rendering it nearly useless; in the future, NIST will likely be forced to significantly advance its deadline.

Post-quantum migration: Ethereum plans to complete by 2029

While we need to be wary of quantum risks, there is no need for panic. A hasty introduction of an immature post-quantum cryptographic system may indeed create security vulnerabilities. In my view, 2029 is a prudent migration window, about three and a half years from now, a timeframe chosen by Google, cloud service provider Cloudflare, and the Ethereum Foundation.

Currently, most of my work involves coordinating with the Ethereum lightweight upgrade project to facilitate a smooth migration of the entire Ethereum chain to a post-quantum cryptography system, which requires significant restructuring: the consensus layer BLS signatures, data layer KZG commitments, and execution layer ECDSA signatures all need to be completely replaced. The entire upgrade plan is constructed based on the hash-based cryptography system, with ample feasibility.

Within the Ethereum Foundation, we have developed a tool named leanVM, which is driven by hash-based SNARKs. Thanks to the outstanding work of Emile, Thomas, and others, its performance has been fully ensured. In terms of security, leanVM is a gem, being a minimalist zkVM designed for end-to-end formal verification and maximum security. Want to contribute? Currently, there are two $1 million plans. The first is the Proximity Prize, awarded for solving a longstanding mathematical conjecture in coding theory and improving hash-based SNARKs. The second is the Poseidon Initiative, offering a $1 million bonus for cracking Poseidon (a hash function friendly to SNARK).