Ethereum Foundation Researcher: “Quantum Day” Is Coming—Post-Quantum Migration Planned for Completion by 2029
TechFlow Selected TechFlow Selected
Ethereum Foundation Researcher: “Quantum Day” Is Coming—Post-Quantum Migration Planned for Completion by 2029
Quantum Day may be advanced to 2030.
Navigating Web3 tides with focused insightsBy Justin Drake, Researcher at the Ethereum Foundation
Translated by Chopper, Foreisght News
On March 31, Google’s Quantum AI team published a landmark result on Shor’s algorithm for elliptic-curve cryptography. Technically, this paper represents a major breakthrough: it improves algorithmic efficiency by a full order of magnitude (10×) over the previous best-known approach. The team optimized the computation specifically for the secp256k1 elliptic curve—the same curve underlying Bitcoin and Ethereum signatures—serving both as a technical demonstration and a stark warning to the blockchain industry.
Yet the most intriguing aspect of this paper lies not in its technical content, but in its implications for academic norms. Rather than following standard academic practice of open publication, the research team withheld all core optimization details, disclosing only zero-knowledge proofs (ZK) to verify correctness without revealing any technical specifics. As noted in Google’s related blog post, the team coordinated with U.S. government agencies during the project. Using zero-knowledge proofs to enforce academic content restrictions is unprecedented in global academic history.
As one of the paper’s co-authors, I witnessed firsthand the circumstances leading to this restricted release. Frankly, several aspects of the episode are deeply troubling to me. I firmly believe the public deserves access to such information—but due to objective constraints, I am unable to disclose internal details. That said, I must emphasize that Google’s team conducted itself with exceptional professionalism and rigor throughout, and deserves full credit and commendation.
Information control often backfires—and the “Streisand effect” (where attempts to suppress information trigger greater attention) is now unfolding in real time: Google’s closely guarded core optimization has already been independently reproduced by French researchers. Even more unexpectedly, a global open-source challenge to optimize Shor’s algorithm has officially launched; within hours of its launch on ecdsa.fail, the site had already broken the world record for Shor’s algorithm optimization.
Independent Reproduction and Proliferation of Open-Source Challenges
Just two months after Google’s paper appeared, French quantum expert André Schrottenloher successfully reverse-engineered the core optimization logic. His paper, “Optimized Point Addition Circuits for Elliptic Curve Discrete Logarithms,” was published today on the preprint server arXiv. Congratulations to André—he has outpaced many top-tier researchers working on this problem. In a parallel development, Shor-optimization authority Craig Gidney revealed today that he had possessed this optimization idea for a full year but was barred from publishing it due to restrictive controls.
While André’s work reproduces the main framework, it does not fully capture certain fine-grained optimizations present in Google’s original implementation—or in subsequent iterations—leaving substantial room for further improvement in Shor’s algorithm. This untapped potential is precisely why the ecdsa.fail challenge was created. The verification program originally built for ZK proofs has been repurposed to automatically screen submitted optimizations. Developers worldwide are now submitting incremental improvements, measured by the product of logical qubit count and Toffoli gate count; the current best circuit achieves an 8.4% efficiency gain over Google’s original.
The surge in participation far exceeds industry expectations—not only elite academics are involved. Over recent weeks, numerous hobbyists have drawn inspiration from Karpathy (a globally renowned AI scientist and founding member of OpenAI), adopting his model of self-directed scientific exploration to iteratively optimize Shor’s algorithm using AI. Ironically, the very verification program originally designed for ZK proofs now serves perfectly as a reward signal for AI-driven optimization. This new research paradigm has extremely low barriers to entry: many non-specialists—and even teenagers—have produced high-quality optimization submissions.
Neutral-Atom Quantum Technology Enters the Fray; Industry Forecasts Q-Day Before 2032
The story doesn’t end with Google. On the same day Google released its paper, privacy startup Oratomic simultaneously published its own Shor-related paper—immediately topping scirate.com’s “hottest papers” list.
Oratomic’s conclusion is astonishing: combining Google’s logical-layer optimizations with Oratomic’s proprietary neutral-atom physical architecture reduces the required number of physical qubits to just 10,000 for running Shor’s algorithm to break secp256k1—a figure that upends conventional industry wisdom.
When I first read Oratomic’s paper, I knew virtually nothing about neutral-atom quantum technology. Out of curiosity, I invested hundreds of hours diving deep—watching every available explainer video online and interviewing multiple domain experts. My conclusion: neutral-atom quantum technology is not only theoretically sound but practically viable and near-term deployable. Google’s recent establishment of a dedicated neutral-atom quantum lab—marking a strategic pivot from its prior exclusive focus on superconducting qubits—is the strongest possible validation. If you’re tracking Q-Day (the moment quantum computers break production-grade cryptography), neutral-atom approaches cannot be ignored.
Interestingly, both Google’s and Oratomic’s landmark papers carefully avoid discussing their findings’ practical implications for Q-Day—offering no timeline forecasts whatsoever. Yet the central purpose of white-hat cryptanalysis is precisely to assess the quantum break timeline and help industry prepare proactively. This silence is highly anomalous.
Drawing on Scott Aaronson’s April 29 analysis and combining publicly available data with classified intelligence I am authorized to access, here is my assessment: There is a 50% probability Q-Day occurs before 2032, and a 10% probability it arrives before 2030.
In contrast, official U.S. government guidance—led by the NSA and adopted by NIST—sets the official deadline at 2035, when U.S. government agencies will be prohibited from continuing to use quantum-vulnerable cryptographic systems. In hindsight, this estimate is grossly disconnected from the actual pace of technical progress; its practical value is essentially nullified, and NIST will almost certainly be forced to move this deadline forward significantly.
Post-Quantum Migration: Ethereum Targets Completion by 2029
While quantum risks warrant vigilance, panic is unwarranted. Rushing immature post-quantum cryptography into production would introduce new security vulnerabilities. In my view, 2029 represents a prudent migration window—roughly three and a half years from now—aligned with timelines adopted by Google, Cloudflare, and the Ethereum Foundation.
Much of my current work supports Ethereum’s lightweight upgrade initiative, driving the full-stack transition to post-quantum cryptography across Ethereum. The scope is massive: consensus-layer BLS signatures, data-layer KZG commitments, and execution-layer ECDSA signatures all require replacement. The entire upgrade plan is built atop hash-based cryptography, ensuring strong feasibility.
Within the Ethereum Foundation, we’ve developed a tool called leanVM, powered by hash-based SNARKs. Thanks to outstanding work by Emile, Thomas, and others, its performance is robust. From a security standpoint, leanVM is exceptional: it is a minimal zkVM, expressly designed for end-to-end formal verification and maximum security. Want to contribute? Two $1M initiatives are currently active. First is the Proximity Prize: solve a long-standing mathematical conjecture in coding theory to improve hash-based SNARKs and claim the $1M award. Second is the Poseidon Initiative: earn $1M for cryptanalyzing Poseidon—a SNARK-friendly hash function.
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News
@drakefjustin
