An analysis said it could take a quantum computer as little as 9 minutes to calculate a private key after a Bitcoin public key is exposed.

CoinDesk reported on Friday that Google Quantum AI recently presented in a paper a specific attack scenario targeting Bitcoin’s elliptic-curve cryptography.

Google Quantum AI designed 2 quantum circuits targeting the secp256k1 curve used by Bitcoin. One required about 1,200 logical qubits and 90 million T gates, and the other required about 1,450 logical qubits and 70 million T gates. Physical qubits were estimated at fewer than 500,000, about 20 times less than previous estimates in the millions.

The key is that it cut preparation time for an attack. Fixed parameter calculations for the elliptic curve, which are common to all Bitcoin wallets, can be completed in advance, allowing a quantum computer to wait after completing about half of the computation. If a target public key then appears in the mempool or has already been exposed on the blockchain, only the remaining calculations are needed. Google estimated this latter computation would take about 9 minutes.

Bitcoin’s average block finality time is 10 minutes. If a user broadcasts a transaction and the public key is revealed in the mempool, an attacker can calculate the private key in the meantime and submit a competing transaction to send the funds elsewhere. The paper put the chance of finishing before the original transaction at about 41 percent.

A bigger risk is wallets whose public keys already remain permanently on the blockchain. Such wallets hold about 6.9 million BTC, about 1/3 of total supply. In that case, an attack is possible without a time race. CoinDesk reported that Bitcoin moved after Taproot already has the public key visible, and coins at earlier addresses keep the public key hidden until they are spent, but once transferred a roughly 9-minute window opens.