Ethereum Foundation Researcher: The Quantum Day is approaching, with plans to complete the post-quantum migration by 2029

Article by: Justin Drake, Researcher at the Ethereum Foundation

Compiled by: Chopper, Foreisght News

On March 31, Google’s Quantum Artificial Intelligence team announced a milestone achievement regarding the Shor elliptic curve cryptography algorithm. From a technical perspective, this paper is a groundbreaking breakthrough: compared to the previous optimal solution, the algorithm efficiency has improved tenfold. The team used the secp256k1 elliptic curve, which underpins Bitcoin and Ethereum signatures, to perform optimized calculations, serving both as a technical demonstration and as a warning to the blockchain industry.

But the most intriguing aspect of this paper isn’t the technology itself, but the industry rules it reveals. The research team did not follow the conventional academic publication process; the core optimization details were kept completely confidential, only verified through zero-knowledge proofs (ZK) to confirm the optimization scheme’s validity without revealing any technical specifics. Google’s related blog mentioned that during the project, they engaged with U.S. government agencies. Relying on zero-knowledge proofs to control academic content is, to our knowledge, the first such case in global academic history.

As one of the co-authors of this paper, I personally experienced the reasons and consequences of this restricted content release. Frankly, many details of the incident are difficult for me to accept. I have always believed that the public should be informed of relevant information, but due to objective conditions, I am unable to disclose insider details. However, one point must be clarified: the Google team was professional and rigorous throughout, deserving of recognition and praise.

Deliberate information control often backfires; today, the “Streisand Effect” (the more one tries to hide, the more attention it attracts) is unfolding: the core optimization algorithm that Google strictly guarded has been reproduced by French researchers. Even more surprisingly, an open-source challenge to collaboratively crack the Shor algorithm has officially launched, and the official website ecdsa.fail broke the world record for Shor algorithm optimization within just a few hours of going live.

Algorithm independently reproduced, open-source challenge thriving

Just two months after Google’s paper was published, French quantum expert André Schrottenloher was the first to decode this core optimization logic. His paper titled “Optimized Point Addition Circuits for Elliptic Curve Discrete Logarithms” was officially published today on the preprint site arXiv. Congratulations to André, who outperformed many top scholars researching this topic. Also published today, Craig Gidney, an authority in Shor algorithm optimization, revealed that due to confidentiality requirements, he has had this optimization approach in hand for a full year but has been unable to publish it.

André’s research replicated the main framework but did not cover some of the subtle optimization spaces from Google’s original version and subsequent iterations. There remains significant potential for further optimization of the Shor algorithm, which is precisely the purpose of the ecdsa.fail challenge. The verification procedures used for zero-knowledge proof validation were reused to automatically filter effective optimization solutions. Currently, global developers are continuously submitting detailed improvements, measuring the efficiency gains by the product of logical qubits and T-gate counts, achieving an 8.4% efficiency improvement over Google’s original circuit.

This wave of research enthusiasm has exceeded industry expectations, attracting not only top scholars. Over the past few weeks, many amateurs have been inspired to emulate Karpathy (a top AI scientist and OpenAI co-founder)’s approach to autonomous research, using AI to iteratively optimize the Shor algorithm. Interestingly, the verification procedures originally designed for ZK proofs can also serve as reward evaluation standards for AI iterations. This new research model has very low barriers to entry; many non-professionals, even teenagers, have submitted high-quality optimization solutions.

Neutral atom quantum technology enters the scene, industry predicts a “Quantum Day” (Q-Day) before 2032

The story doesn’t end with Google. On the same day as Google’s paper, privacy startup Oratomic also released a paper on their self-developed Shor algorithm, which immediately topped the most popular list on the academic scoring site scirate.com.

Oratomic’s conclusion is astonishing: based on Google’s logical layer optimization and combined with their own neutral atom physical architecture, only 10,000 physical qubits are needed to run Shor’s algorithm and break secp256k1 encryption. This number is so low that it overturns industry perceptions.

When I first saw Oratomic’s paper, I knew nothing about neutral atom technology. Driven by curiosity, I spent hundreds of hours studying, watching online science videos, and interviewing industry experts. The final conclusion is: neutral atom quantum technology is genuinely feasible and promising for practical deployment. Google recently established a new neutral atom quantum lab, marking a shift from their previous focus solely on superconducting qubits, which is the best evidence. If you are concerned about the critical date for quantum decryption, Q-Day, neutral atom approaches should not be ignored.

Interestingly, both Google and Oratomic’s major papers avoid mentioning the actual impact of their research on Q-Day, with no specific timeline predictions. However, the core purpose of white-hat cryptanalysis is to assess the timeline for quantum decryption and help the industry prepare in advance. This silence is quite unusual.

Based on Scott Aaronson’s April 29 post and combining publicly available information with classified intelligence I have access to, I estimate a 50% probability of Q-Day occurring before 2032, and a 10% chance of it happening before 2030.

In contrast, the official U.S. stance, led by the NSA and the National Institute of Standards and Technology (NIST), sets the timeline at 2035, when U.S. government agencies are expected to cease using vulnerable cryptographic systems. Looking back, this estimate is far from the actual technological development pace and is largely invalid; NIST will likely be forced to significantly accelerate its timeline in the future.

Post-quantum migration: Ethereum plans to complete by 2029

While quantum risks should be taken seriously, panic is unnecessary. Rushing to deploy immature post-quantum cryptography systems could introduce security vulnerabilities. In my view, 2029 is a safe window for migration—about three and a half years from now—Google, Cloudflare, and the Ethereum Foundation have all chosen this same timeline.

Currently, most of my work involves supporting Ethereum’s lightweight upgrade project, promoting a smooth transition of the entire Ethereum network to post-quantum cryptography. The scope of this upgrade is extensive: replacing consensus layer BLS signatures, data layer KZG commitments, and execution layer ECDSA signatures. The entire upgrade plan relies on hash-based cryptography, which is feasible.

Within the Ethereum Foundation, we developed a tool called leanVM, driven by hash-based SNARKs. Thanks to the excellent work of Emile, Thomas, and others, its performance is well assured. In terms of security, leanVM is a gem—a minimal zkVM designed for end-to-end formal verification and maximum security. Want to contribute? Currently, there are two $1 million programs: first, the Proximity Prize, which offers a million dollars for solving a long-standing mathematical conjecture in coding theory to improve hash-based SNARKs; second, the Poseidon Initiative, which offers $1 million for cracking Poseidon, a hash function optimized for SNARKs.