The 2025 Nobel laureate and Qolab co-founder warns that elliptic curve cryptography — the backbone of Bitcoin's security — is among the easiest targets for a sufficiently powerful quantum computer, giving the network a five-to-ten-year window to prepare.
John Martinis, the physicist who led Google's 2019 quantum supremacy experiment and won the 2025 Nobel Prize in Physics for demonstrating macroscopic quantum tunnelling, has issued one of the most credible warnings yet about the vulnerability of Bitcoin's cryptographic foundations. Speaking in an interview published by CoinDesk on Monday, Martinis argued that breaking elliptic curve cryptography — the specific mathematical problem that secures every Bitcoin private key — is "one of the easier applications for quantum computing, because it's very numeric."
The claim carries weight that most quantum-threat headlines do not. Martinis shared the Nobel with his doctoral advisor John Clarke and Michel Devoret for work that proved quantum mechanical effects could operate at the scale of electrical circuits, not just subatomic particles. He now serves as co-founder and CTO of Qolab, a startup building utility-scale superconducting quantum computers. This is not a theorist speculating from a lectern; it is a hardware engineer describing a machine he intends to build.
The specific vulnerability Martinis highlighted concerns the window between when a Bitcoin transaction is broadcast and when it is confirmed on-chain. During that interval, the transaction's public key becomes visible on the network. A quantum computer powerful enough to run Shor's algorithm at the required scale could, in principle, derive the corresponding private key from that public key before the transaction settles — redirecting the funds entirely. A recent Google research paper that Martinis endorses laid out the theoretical pathway for such an attack, a publication he said generated "waves globally."
Martinis does not claim the threat is imminent. Building a quantum machine capable of cracking Bitcoin's 256-bit elliptic curve keys remains, by his own admission, "one of the hardest engineering challenges today." His estimate places the timeline at five to ten years — long enough to act, short enough to worry. "It's not something that has zero probability," he said. "People have to deal with this."
The challenge for Bitcoin is structural. Traditional financial systems — banks, payment networks, government infrastructure — can migrate to post-quantum cryptographic standards through centralised mandates. The National Institute of Standards and Technology finalised its first set of quantum-resistant algorithms in 2024, and enterprises are already beginning the transition. Bitcoin has no such luxury. Its decentralised governance model means any change to the protocol's cryptographic scheme requires broad consensus among developers, miners, and node operators — a process that has historically taken years even for far less contentious upgrades.
Algorand's recent surge following a Google Quantum AI paper that endorsed its FALCON signature scheme illustrates the market's sensitivity to quantum narratives, but also the distance between academic validation and deployed infrastructure. Bitcoin's installed base is orders of magnitude larger, and the stakes of a botched migration — chain splits, lost funds, broken compatibility — are proportionally higher.
The quantum-resistant blockchain space is moving, albeit slowly. PostQuant Labs launched the first quantum-classical hybrid testnet last week with D-Wave hardware and 13,000 enrolled researchers. But a testnet is not a production network securing hundreds of billions of dollars in value; the gap between research and deployment remains vast.
Some in the Bitcoin community argue the threat is overblown — that quantum computers capable of breaking elliptic curve cryptography at scale are perpetually "ten years away." Martinis has heard the objection. His response is that the physics is settled; only the engineering remains. That is a meaningful distinction. The laws of thermodynamics did not prevent the internal combustion engine — they just made it hard to build.
The uncomfortable reality is that Bitcoin's security model rests on a computational assumption: that deriving a private key from a public key is practically impossible with classical hardware. Quantum computing does not merely chip away at that assumption; it promises to obliterate it. Whether the timeline is five years or fifteen, the direction of travel is not in dispute. The question is whether Bitcoin's governance can move fast enough to matter — and on that point, the historical record offers more cause for concern than comfort.
