Ива Иванова

We awarded the Q-Day Prize today to Giancarlo Lelli for breaking a 15-bit elliptic curve key on a publicly accessible quantum computer. They derived a private key from its public key using a variant of Shors across 32,767 candidates on cloud-accessible hardware. This is the largest public demonstration of this attack class to date. The reason we created this prize a year ago was that there has never been an objective public measurement of where quantum attacks on ECC actually stand. The state of the art has been inferred from whitepapers, conference slides, and whatever could be triangulated from rumour or private disclosures. What we know publicly is now grounded in a reproducible result on real hardware. Whatever comes next has to exceed 15 bits under those same conditions, and anyone can verify it. The most common response to a result at this scale is that 15 bits is nowhere near 256 bits and therefore <insert_cryptocurrency_you_hold> is fine. That reasoning is wrong (unfortunately not FUD/alarmist just physics). The distance from 15 to 256 bits is not a linear slog. Shors algorithm is polynomial in the number of bits being attacked. The logical qubit requirement grows roughly linearly with key size, and once you have fault-tolerant logical qubits the limiting factor is manufacturing and error-correction overhead rather than any new physics. Progress is gated by thresholds and not by brute-forcing the search space one bit at a time. The intuition people borrow from classical key search does not apply here and it is the single biggest source of confusion we encounter. Looking at the research, Googles recent paper put breaking 256 bit keys at under 500,000 physical qubits. The subsequent Caltech and Oratomic paper dropped that down to roughly 10,000 in a neutral-atom architecture. The remaining gap is increasingly an engineering problem rather than a fundamental physics problem. I am not claiming anyone is about to break Bitcoin next week and the uncertainty on the timeline is genuine but the trajectory is objectively clear. Around 6.9 million Bitcoin sit in wallets with exposed public keys. Google and Cloudflare have committed to being quantum-secure by 2029. The rational response to an objective measurement like this one is to stop arguing about whether the threat is real and start moving keys