Sponsored announcement

With [Debifi](https://debifi.com/) you gain access to immediate fiat liquidity without giving up your bitcoin.

[Debifi](https://debifi.com/) is a Bitcoin-only and non-custodial lending platform. You deposit your bitcoin as collateral in a 3-of-4 multisig escrow: the keys are distributed between you, the lender, an authorized key holder, and Debifi. 3 of 4 signatures are needed to move funds - no one can touch your bitcoin unilaterally.

The code is [open source](https://gitlab.com/debifi-public/debifi-app): you can verify everything.

*Forget the nightmare of 33% capital gains taxes from selling bitcoin: a loan is not a taxable event!_

Choose the duration of the loan, the LTV (the share of bitcoin you commit compared to what you receive in fiat) and receive the loan in euros, dollars, or stablecoins. [Debifi](https://debifi.com/), never sell your bitcoin again!

*Request your first loan here: [https://debifi.com](https://debifi.com/)_

On Monday, March 30, Google Quantum AI published a [57-page paper](https://quantumai.google/static/site-assets/downloads/cryptocurrency-whitepaper.pdf) signed by eight researchers - six from Google, one from the Ethereum Foundation, one from Stanford. The title speaks of "quantum vulnerabilities in cryptocurrencies", the estimates mention half a million physical qubits to break elliptic curve cryptography that protects Bitcoin, with an execution time of approximately nine minutes. Twenty times fewer resources than what was estimated until the day before.

You know the script that followed: [headlines on CoinDesk](articles on Bloomberg(apocalyptic threads on X(announcing its own(https://decrypt.co/355798/ethereum-foundation-forms-post-quantum-team-security-concerns-mount) post-quantum roadmap with suspicious timing. "Bitcoin cracked in 9 minutes" became the week's mantra.

I had [already discussed this at Fermata #101](https://www.bitcointrain.it/p/fermata-101-la-minaccia-del-quantum), when IBM announced the goal of 100,000 qubits by 2033. At the time I wrote that you could sleep soundly. Three years later, the numbers have changed - but the substance has not.

The paper's target is ECDLP-256, the mathematical problem underlying the elliptic curve cryptography used by Bitcoin and much of the Internet.

In simple terms: given a point on a curve and the result of a multiplication, you need to work back to the original number. Classical computers cannot do this in useful timeframes. A sufficiently powerful quantum computer, using [Shor's algorithm](https://en.wikipedia.org/wiki/Shor%27s_algorithm), could potentially succeed.

Google's team compiled two quantum circuit variants: one using 1,200 logical qubits and 90 million Toffoli gates, the other 1,450 logical qubits and 70 million gates. On a superconducting qubit architecture with an error rate of 10^-3 and planar connectivity, they estimate that execution would require fewer than 500,000 physical qubits and approximately 9 minutes.

Eyes glazing over? No worries.

Logical qubits are those that perform the actual computation. Physical qubits are the real ones, which largely serve to correct the errors of the former. Think of it this way: to have a single worker who works without making mistakes (logical qubit), you need hundreds of assistants who check and correct their every move (physical qubits). The ratio is approximately 1 to 400.

The 20-fold reduction compared to previous estimates - which required millions of physical qubits - comes from the combination of more efficient circuits and more compact error correction techniques (the so-called "yokes" in the surface code). A significant algorithmic improvement, no dispute there.

The paper classifies three types of attack.

1. "At-rest" attacks target public keys already exposed on the blockchain - the old P2PK addresses from the Satoshi era (approximately 1.7 million BTC) and, due to a regression introduced by Taproot, P2TR addresses.

2. "On-spend" attacks intercept transactions in the mempool, extracting the private key before the block is mined - and this is where the nine minutes come into play.

3. "On-setup" attacks concern more complex protocols like the [trusted setup ceremonies](https://vitalik.eth.limo/general/2022/03/14/trustedsetup.html) of Zcash, and do not affect Bitcoin.

A detail that the headlines buried: the paper itself dedicates an entire section to explaining why quantum attacks on mining via Grover's algorithm "remain impractical for the coming decades". Proof-of-Work is safe. The network continues to function. The threat, if it ever arrives, will concern digital signatures, not consensus.

Google's estimates describe what a quantum computer that does not exist today could do. And the difference between "could" and "can" is quite important.

The current record for entangled logical qubits is approximately 96 - demonstrated by Google itself with the [Willow](https://blog.google/innovation-and-ai/technology/research/google-willow-quantum-chip/) chip. The paper requires 1,200 as a minimum. It also requires error rates of 10^-3 maintained stably across half a million physical qubits with planar connectivity. To understand the scale: the Willow chip has 105 physical qubits.

5,000 times as many are needed.

[Giacomo Zucco](0.001%(https://atlas21.com/bitcoin-and-quantum-computing-fud-courtesy-of-google-and-the-ethereum-foundation/). One qubit. Not 1,200.

The paper itself, in the section on the evolution of offensive quantum capabilities, admits that quantum computing is still in the "ferment era" - a phase characterized by competing architectures without a dominant design, where progress arrives in discrete jumps and linear metrics (such as physical qubit count) do not adequately capture the real state of the technology.

Then there's the fact that the 20x reduction is a reduction in theoretical estimates, not a reduction in practical distance. Going from "10 million physical qubits are needed" to "500,000 are enough" is progress. But if you have 105, the difference between 10 million and 500,000 is academic.

That said, a concrete proposal to protect Bitcoin already exists: [BIP-360](https://github.com/bitcoin/bips/blob/master/bip-0360.mediawiki), which introduces a new address type (P2MR, Pay-to-Merkle-Root) resistant to quantum attacks. It's on testnet. The protocol is preparing itself, as it always does: quietly, without press releases, without panic-driven fundraising.

The paper has eight authors. Seven work in academia or for Google. One does not.

Justin Drake is listed as affiliated with the Ethereum Foundation, based in Zug, Switzerland. Drake is the architect of Ethereum's post-quantum roadmap - the same project advertised on [pq.ethereum.org](https://pq.ethereum.org/) and accompanied by a \$2 million research initiative announced one week before the paper's publication. Drake co-signs a study that quantifies the threat while simultaneously designing and promoting the solution proposed by Ethereum. The judgment is yours to make.

But the most glaring case isn't in the paper. It's on Wall Street.

Nic Carter, founding partner of Castle Island Ventures, led the [\$20 million Series A round](https://www.theblock.co/post/385583/project-eleven-series-a-funding-crypto-quantum-threats) in Project Eleven, a startup valued at \$120 million whose entire business model is selling protection from the quantum threat. Carter sits on the company's board. The flagship product is called Yellowpages: it generates post-quantum keys to associate with your Bitcoin addresses - an insurance policy against an event that requires 1,200 functioning logical qubits, when, according to Zucco, the probability of having even just one by 2030 is 0.001%.

We will probably see humans on Mars first, thanks to SpaceX.

The sequence is linear. Carter [publicly declares](https://www.coindesk.com/tech/2025/10/20/quantum-computing-is-biggest-risk-to-bitcoin-says-coin-metrics-co-founder) that the quantum threat is "the biggest risk to Bitcoin" and that 1.7 million BTC are at risk. He invests millions in a company that profits from that fear. Then he defends himself by invoking transparency.

Adam Back, CEO of Blockstream and inventor of Hashcash, didn't take it well. On X he wrote that Carter "[makes uninformed noise and tries to move the market](https://x.com/adam3us/status/2002049157662753197?s=20)".

There's also a final irony. Project Eleven launched the [Q-Day Prize](https://www.qdayprize.org/): 1 BTC to anyone who manages to break an elliptic curve cryptographic key using Shor's algorithm on a quantum computer. The deadline is April 5, 2026. After a year of open competition, with quantum laboratories from around the world potentially in the race, no one has claimed the prize.

The same company telling you to be afraid has launched a challenge that demonstrates there is still nothing to be afraid of.

The pattern is old. Jamie Dimon, CEO of JPMorgan, spent years defining Bitcoin as "[a Ponzi scheme](a pet rock(shut it down(buying shares(exploring cryptocurrency trading for institutional clients(https://www.axios.com/2025/12/22/jpmorgan-chase-jamie-dimon-crypto).