R
Link preview
Trail of Bits' latest quantum circuits move crypto closer to Q-Day, and why quantum-safe chains matter
Trail of Bits just released "trailmix," five new quantum circuits for the hardest step in Shor's algorithm: elliptic-curve point addition. They beat Google's and every prior published circuit on the efficiency frontier, including a new low-qubit record at around 1,066 logical qubits. Link: https://x.com/trailofbits/status/2062980523232805164 The attack comes down to running that point-addition step billions of times, so a cheaper step means a smaller, faster quantum computer can do the job. The curve being optimized, secp256k1, secures Bitcoin, Ethereum, and most coins, so every improvement is another tick toward "Q-Day," the day a large enough quantum computer exists. No machine can do it today; the point is how fast the gap is closing. Shor's exploits a one-way function. Your public key is derived from your private key in a way that is easy forward and effectively irreversible on a classical computer, but Shor's reverses it on a quantum computer by turning the secret into a hidden repeating pattern that interference surfaces all at once. Ordinary arithmetic then recovers the private key. Breaking ECDSA is not exotic. It is the textbook use case quantum computers were designed for, and the algorithm has been public for over thirty years. No further breakthrough is required. Once a large enough fault-tolerant, general-purpose quantum computer exists, breaking crypto is just running a known program on it: no new physics, no special crypto-breaking hardware, nothing left to invent. What is left is building the hardware and shrinking the circuit. That second part is already a public, ongoing effort: the open challenge at ecdsa.fail (https://www.ecdsa.fail) is a live leaderboard where contributors, including AI agents, compete to make the point-addition circuit leaner, and submissions have already pushed below Google's numbers. Once standard quantum hardware crosses the size threshold, configuring a circuit to break the key is the easy part; that piece is already well understood and getting leaner by the week. The risk to holders is direct. The moment a public key is exposed on-chain, by spending or reusing an address, it can be targeted, and coins already sitting behind an exposed key cannot be retroactively protected. It is the crypto version of "harvest now, crack later." The fix is quantum-safe signatures, hash-based or lattice-based schemes that Shor's has no shortcut against. NIST has already standardized them. One chain was built this way from the start. QRL has been quantum-safe since its 2018 genesis, using hash-based signatures Shor's cannot break. Its upcoming upgrade, QRL 2.0, extends that as a proof-of-stake, energy-efficient, EVM-compatible network where existing Solidity contracts port over with minimal changes. It signs with ML-DSA-87, NIST's highest post-quantum security tier (Level 5), and it is crypto-agile, able to adopt new post-quantum algorithms without a contentious fork; it has already moved its entire signature stack up to a stronger level in about two weeks. Testnet V2 has been live since March 2026, Halborn audited the cryptography library with no vulnerabilities found, and Trail of Bits is auditing the full protocol, with mainnet targeted for 2026 after the remaining audits. Its throughput benchmarks land in Ethereum's range even though post-quantum signatures run tens of times larger than ECDSA's. submitted by /u/alami9 [link] [Kommentare] reddit.com · reddit.com ↗
Trail of Bits just released "trailmix," five new quantum circuits for the hardest step in Shor's algorithm: elliptic-curve point addition. They beat Google's and every prior published circuit on the efficiency frontier, including a new low-qubit record at around 1,066 logical qubits. Link: https://x.com/trailofbits/status/2062980523232805164 The attack comes down to running that point-addition step billions of times, so a cheaper step means a smaller, faster quantum computer can do the job. The curve being optimized, secp256k1, secures Bitcoin, Ethereum, and most coins, so every improvement is another tick toward "Q-Day," the day a large enough quantum computer exists. No machine can do it today; the point is how fast the gap is closing. Shor's exploits a one-way function. Your public key is derived from your private key in a way that is easy forward and effectively irreversible on a classical computer, but Shor's reverses it on a quantum computer by turning the secret into a hidden repeating pattern that interference surfaces all at once. Ordinary arithmetic then recovers the private key. Breaking ECDSA is not exotic. It is the textbook use case quantum computers were designed for, and the algorithm has been public for over thirty years. No further breakthrough is required. Once a large enough fault-tolerant, general-purpose quantum computer exists, breaking crypto is just running a known program on it: no new physics, no special crypto-breaking hardware, nothing left to invent. What is left is building the hardware and shrinking the circuit. That second part is already a public, ongoing effort: the open challenge at ecdsa.fail (https://www.ecdsa.fail) is a live leaderboard where contributors, including AI agents, compete to make the point-addition circuit leaner, and submissions have already pushed below Google's numbers. Once standard quantum hardware crosses the size threshold, configuring a circuit to break the key is the easy part; that piece is already well understood and getting leaner by the week. The risk to holders is direct. The moment a public key is exposed on-chain, by spending or reusing an address, it can be targeted, and coins already sitting behind an exposed key cannot be retroactively protected. It is the crypto version of "harvest now, crack later." The fix is quantum-safe signatures, hash-based or lattice-based schemes that Shor's has no shortcut against. NIST has already standardized them. One chain was built this way from the start. QRL has been quantum-safe since its 2018 genesis, using hash-based signatures Shor's cannot break. Its upcoming upgrade, QRL 2.0, extends that as a proof-of-stake, energy-efficient, EVM-compatible network where existing Solidity contracts port over with minimal changes. It signs with ML-DSA-87, NIST's highest post-quantum security tier (Level 5), and it is crypto-agile, able to adopt new post-quantum algorithms without a contentious fork; it has already moved its entire signature stack up to a stronger level in about two weeks. Testnet V2 has been live since March 2026, Halborn audited the cryptography library with no vulnerabilities found, and Trail of Bits is auditing the full protocol, with mainnet targeted for 2026 after the remaining audits. Its throughput benchmarks land in Ethereum's range even though post-quantum signatures run tens of times larger than ECDSA's. submitted by /u/alami9 [link] [Kommentare]
Comments