Comcast Corporation
05/22/2026 | Press release | Distributed by Public on 05/23/2026 06:20
Is the Cryptography Sky Falling
Network & EngineeringMay 22, 2026
Is the Cryptography Sky Falling?
Not exactly but get your post-quantum umbrellas ready.
A recently released whitepaper from Google and Ethereum made headlines by suggesting that the widely used encryption algorithm Elliptic Curve Cryptography (ECC) could be broken sooner than expected. The paper focused on this breakthrough's impact on cryptocurrencies. However, it appears to have more far-reaching consequences on the broader cyber ecosystem, including communications infrastructure. For instance, the communications industry relies on Transport Layer Security (TLS), which uses ECC for key exchange and authentication. Like TLS, other ECC-based protocols are under threat by the algorithm proposed in the Google/Ethereum whitepaper and present challenges to companies as they transition to post-quantum cryptography ("PQC").
Since its release, the whitepaper has led many in the industry to argue that the timeline for post-quantum migration should be moved forward from 2035 to 2029. Even more worryingly, others are concerned that similar breakthroughs could advance this timeline even sooner. For those working to drive PQC transitions across their organizations and sectors, it raises an alarming question - is the cryptography sky falling?
Overview of Google/Ethereum's Claims
The researchers at Google and Ethereum proposed a new algorithm which uses 1,450 logical qubits with about 350 million two-qubit gates (estimated from 70 million Toffoli gates) with a likely 127× speedup1 for breaking ECC. Using this algorithm, they can break ECC with 256-bit keys in 18 minutes. This has an impact on cryptocurrencies; Bitcoin's average block time, for instance, is around 10 minutes.
Google has claimed that their algorithm reduces the need for physical qubits by 20-fold. To implement the algorithm, the researchers needed superconducting qubits with planar degree-four connectivity. The authors of the whitepaper assume that this hardware will be available by 2029 based on recent progress from Google Quantum AI. This has led Google to argue that post-quantum cryptography timelines need to be moved earlier. Let's examine these claims and their impact.
The Impact Beyond Cryptocurrencies
ECC is used as the primary algorithm across a suite of communications protocols, e.g., TLS and DNSSec. ECC is often preferred over alternatives due to shorter key sizes, faster encryption, and signing. The amount of time each distinct ECC-based protocol takes to complete its crypto-operations varies. For instance, a TLS handshake performs a key exchange in seconds. This leaves a far shorter active attack window for a quantum computer to exploit.
However, the possibility of passive attacks remains open. These types of attacks are part of what is more broadly termed as "harvest now, decrypt later" attacks. This may impact long-lived keys and associated artifacts. Long-lived authentication certificates, for example, could be at risk due to the ability of attackers to record them today and later break their associated private keys, enabling future impersonation. Thus, the impact of this result relies mainly on the availability of the necessary compute.
Unsteady Grounds for Hardware Assumptions
As of writing this post, Google's roadmap for quantum computing is not accompanied by a public timeline. Thus, we rely on IBM's timeline to make estimates on "Q-Day." We make this assumption because IBM has advanced to DARPA's Stage B selection on their R&D plan to build superconducting processors, the same class of quantum hardware required by the Google/Ethereum algorithm. According to IBM, this places an estimate on the availability of a viable quantum computer-that allows attackers to implement the Google/Ethereum algorithm-closer to 2033+.
However, accurately estimating quantum performance is not just about comparing numbers of qubits or gates; it also depends on the Quantum Processing Unit (QPU) architecture, or how those qubits are connected. The Google-Ethereum algorithm assumes a planar degree-four connectivity that future IBM systems may not use as they switch to multi-chip architectures. This means that while the algorithm could work in theory, it might fail on the real machines we expect even after 2033.
Related Stories
Deeper Concerns: Verification, Trust, and Scientific Rigor
Beyond hardware considerations, important questions about verification may arise. The paper relies on a zero-knowledge proof system to substantiate the claims. For this zero-knowledge system, the setup involved generating the verification key, a process carried out by a startup closely affiliated with the same companies publishing the work. This introduces an additional variable where the implicit trust assumption is not fully addressed.
Additionally, the paper does not include a formal proof of correctness for the proposed quantum algorithm, therefore leaving open questions on whether the algorithm can produce the expected results based on the inputs specified. Instead, it provides empirical validation techniques using fuzz testing. While these methods are valuable in software engineering, they are not a substitute for the mathematical rigor typically expected when evaluating claims that affect global cryptographic protocols.
Furthermore, key assumptions, such as strict requirements on qubit connectivity, are mentioned briefly but omitted from the formal statements of results. This omission is crucial to understanding the overall claims considering other results, including Oratomic's report published on the same day, which has a 50-fold reduction on number of physical qubits over the Google-Ethereum paper2 but assumes non-local connectivity.3 These omissions make it difficult to assess the true scope and applicability of the claims to the expected quantum hardware.
Conclusion
Our analysis suggests that the impact of Google/Ethereum's algorithm may be limited to cryptocurrencies, when it comes to active attacks. For passive attacks, Google/Ethereum's algorithm is constrained by compute. Based on publicly available information, it is unlikely that such compute would be available before 2033. Furthermore, lack of details in the paper makes it difficult to confirm certain claims. Without such confirmation, the call for moving post-quantum cryptography transition timelines earlier seems pre-mature.
A rapid transition to PQC, without adequate transition time, may lead to interoperability issues and impact the resilience of critical infrastructure. A responsible transition requires coordination across sectors and acknowledging the complexity of cryptography transitions. Organizations with well-established strategic PQC initiatives may, for now, breathe a sigh of relief and take it one day at a time as planned.
1 This is an over-estimate in speedup. We note that the Google/Ethereum result is obtained under more fault-tolerant assumptions rather than those used in the closest comparable paper from PsiQuantum. In more detail, the two works are technically incomparable based on released metrics since the works being compared differ in physical error rate. The PsiQuantum paper [Litinski'23] used in this comparison takes 38 hours but assumes a more conservative 10^-1 physical error rate compared with Google-Ethereum paper [Babbush+'26] which takes 18 minutes but assumes a 10^-3 physical error rate.
2 The two works are technically uncomparable based on released metrics, since the two papers use a different quantum hardware. The Google-Ethereum paper [Babbush+'26] uses fewer than half a million physical superconducting qubits where as the Oratomic paper [Cain+'26] uses 10,000 reconfigurable atomic qubits.
3 At the time of writing, the architecture required to implement Oratomic's proposal is not on my major quantum computing vendor's public timeline and thus is not critical to ongoing debates about Q-Day.
Comcast Corporation published this content on May 22, 2026, and is solely responsible for the information contained herein. Distributed via Public Technologies (PUBT), unedited and unaltered, on May 23, 2026 at 12:20 UTC. If you believe the information included in the content is inaccurate or outdated and requires editing or removal, please contact us at [email protected]