Quantum computers need vastly fewer resources than thought to break vital encryption

Source: Ars Technica

Overview

Building a utility‑scale quantum computer that can crack one of the most vital cryptosystems—elliptic‑curve cryptography (ECC)—doesn’t require nearly the resources anticipated just a year or two ago, according to two independently written whitepapers.

• Paper 1 – Researchers demonstrated the use of neutral atoms as reconfigurable qubits that have free access to each other. Their results suggest a quantum computer could break 256‑bit ECC in 10 days while using 100 × less overhead than previously estimated.
• Paper 2 – Google researchers showed how to break ECC‑securing blockchains (e.g., Bitcoin and other cryptocurrencies) in under nine minutes, achieving a 20‑fold resource reduction.

Taken together, the papers are the latest sign that cryptographically relevant quantum computing (CRQC) at utility scale is making meaningful progress. The advances are driven by:

1. New quantum architectures developed by physicists and computer scientists, aiming for machines that operate correctly even in the presence of errors caused by qubit‑environment interactions.
2. More efficient algorithms that supercharge Shor’s algorithm—the 1994 breakthrough proving that quantum computers can break ECC and RSA in polynomial time (specifically cubic time), far faster than the exponential time required by classical computers.

“The research community continues to make steady progress on both the physical qubits and the quantum algorithms necessary to realize an efficient and practical CRQC,” said Brian LaMacchia, a cryptography engineer who oversaw Microsoft’s post‑quantum transition from 2015 to 2022 and now works at Farcaster Consulting Group. “I don’t think either paper gives us a new, hard date for when we’re going to have a practical CRQC (which, of course, we’ve never had), but they both provide evidence that we are continuing to march down the road to a realizable CRQC and progress toward that goal is not slowing down.”

Neither paper has been peer‑reviewed.

Trapping Atoms in “Optical Tweezers”

The paper that is getting the most attention takes a relatively new approach to creating fault‑tolerant quantum computing (FTQC) that can reduce the number of physical qubits required to break ECC by a factor of 100. Unlike the more common superconducting approaches, the researchers built physical qubits out of neutral atoms. By using lasers to cool atoms, they trap individual atoms in tightly focused beams of light known as optical tweezers—each tweezer captures a single atom. With optical multiplexing, large arrays of these trapped atoms can be assembled.

Why Optical‑Tweezer Qubits Matter

• All‑to‑all connectivity – Every physical qubit can interact with any other qubit. This “non‑local” communication is a major departure from superconducting qubits, which are arranged on a 2‑D grid and can only interact with their four nearest neighbours.
• More efficient error correction – Non‑local interactions allow far‑more thorough fault checks, dramatically improving the efficiency of error‑correction protocols.

Key Results

• The researchers’ paper, “Shor’s algorithm is possible with as few as 10,000 reconfigurable atomic qubits” (arXiv: 2603.28627), claims that a quantum computer needs fewer than 30 000 physical qubits to break ECC‑256 in 10 days—orders of magnitude fewer than previous estimates.
• A separate team (Nature, 2025) demonstrated neutral‑atom trapping arrays exceeding 6 000 qubits. Combined with advances in large‑scale, high‑fidelity quantum operations, neutral atoms appear poised to enable FTQC.

“While substantial work is needed to integrate these advances into a complete apparatus and scale system sizes to the required levels, our analysis indicates that appropriately designed neutral‑atom architectures could support cryptographically relevant implementations of Shor’s algorithm,” the researchers wrote.
“This finding underscores the importance of ongoing efforts to transition widely deployed cryptographic systems to post‑quantum standards designed to be secure against quantum attacks.”

Logical Code Performance and Architecture

Figure: Block error rates per cycle for several lifted‑product codes and surface codes (blue fit: (y = a x^{b}), (a = 14.6 \pm 0.7), (b = 7.1 \pm 0.4)). The layout shows memory blocks, teleportation to the processor, sequential PPMs for mid‑circuit measurements, and gate teleportation of magic states. (Credit: Cain et al.)

References

1. Shor’s algorithm is possible with as few as 10,000 reconfigurable atomic qubits – arXiv: 2603.28627.
2. Large‑scale neutral‑atom arrays – Nature, 2025. DOI: 10.1038/s41586-025-09641-4.
3. Cain, et al., Logical code performance and architecture, 2026. (Image credit)

Google Is Looking Out for the Crypto Bros

A separate paper released by Google researchers shows progress in using Shor’s algorithm to break ECC‑256, specifically over secp256k1, the elliptic curve that underpins Bitcoin and other blockchain cryptography. The researchers claim they have devised improvements to Shor’s algorithm that make it possible to crack the public key in a Bitcoin address in under 10 minutes with resources 20 × smaller than those required in the 2003 research cited here.

Technical Details

• Google compiled two quantum circuits that solve the elliptic‑curve discrete logarithm problem.

• The authors wrote:

  “The escalating risk that detailed cryptanalytic blueprints could be weaponized by adversarial actors necessitates a shift in disclosure practices.”
  “Accordingly, we believe it is now a matter of public responsibility to share refined resource estimates while withholding the precise mechanics of the underlying attacks.”
  The researchers, who consulted with the U.S. government in forging the new policy, added that “progress in quantum computing has reached the stage where it is prudent to stop publishing details of improved quantum cryptanalysis to avoid misuse.”

The move, recently advocated by influential researcher Scott Aaronson, marks a stark reversal from the strict 90‑day disclosure policies pioneered by Google’s Project Zero two decades ago. Other experts have already criticized the lack of detail.

“I think it’s alarmist to claim an immediate security risk from an algorithm that requires a computer that doesn’t exist,” said Matt Green, a cryptography professor at Johns Hopkins University. “Given that the stakes here are so low (for the same reason) I’d classify it as less harmful, and more on the hype side. I think it’s more of a PR trick than a serious concern anyone has.”

Google is also being scrutinized for focusing on the threat CRQC (cryptographic‑ready quantum computers) poses to cryptocurrencies—an issue championed by vocal influencers and the current White House—rather than on broader applications such as TLS implementations, DocuSign signatures, digital certificates, or other systems that affect far larger populations.

“While CRQCs certainly do pose a threat to blockchain‑based technologies that rely on classical ECC algorithms, they are just one of many systems that need to transition quickly to post‑quantum cryptography (PQC),” said LaMacchia. “I am dumbfounded that Google is concentrating on policy frameworks for problems that seem unique to the cryptocurrency space (e.g., salvaged digital assets) instead of the general threat CRQC poses to all our public‑key cryptography.”

About the Author

Dan Goodin is Senior Security Editor at Ars Technica, where he oversees coverage of malware, computer espionage, botnets, hardware hacking, encryption, and passwords. In his spare time he enjoys gardening, cooking, and following the independent music scene. He is based in San Francisco. Follow him on Mastodon here and on Bluesky here. Contact him on Signal at DanArs.82.

24 Comments