Quantum Computer Canary
Introduction
In the previous article, we estimated the resources required to break Ethereum’s cryptography using quantum computing. The numbers were staggering–around 2,330 logical qubits and 1.23 billion circuit depth–far beyond anything today’s hardware can handle.
But what happens if quantum hardware starts creeping toward those numbers?
In this article, we’ll compare those resource estimates with the current state of quantum hardware and ask a question: What breakthroughs would signal that Ethereum’s cryptography is actually in danger? Think of it as canaries in the coal mine–early warnings that quantum computers are getting uncomfortably close.
Where Are We Now?
Let’s put our ECDLP-breaking estimates with what today’s machines can do.
We won’t mention logical qubits here–they’re not directly implemented yet and are instead simulated or protected by error correction. T gate counts are also aren’t typically reported, so we’ll focus on physical qubit scale and circuit depth.
| Metric | Estimate | Current | Estimate / Current |
|---|---|---|---|
| Physical Qubits | ~1.5 million | 1,121 | ~1,340x |
| Circuit Depth | ~1.23 billion | 10,000 | ~123,000x |
IBM’s Condor currently leads the world with 1,121 physical qubits. Meanwhile, their Fez chip (part of Heron family) has achieved a depth of 10,000 on a 100-qubit system (source).
Sure, that’s impressive, but we’re still many orders of magnitude away from crypto-breaking levels.
Which Hardware Is Likely to Get There First?
Today, superconducting qubits–used by IBM, Google, and others–are the most mature and best-supported platform. We discussed them in this article.
They offer fast gates, good error rates, and decent scalability in 2D grids. But even they face serious challenges.
But Is It Enough?
Probably not–at least, not without some serious breakthroughs. Here’s why:
- Thermal constraints: Superconductors must be kept near absolute zero, making dense scaling physically difficult.
- Crosstalk and Routing: As you add more qubits, keeping them quiet and well-connected becomes exponentially harder.
- T gate bottlenecks: Building scalable magic state factories for fault-tolerant T gates is still an open problem.
Then What?
If someone does eventually build a crypto-breaking quantum computer, it might come from a different platform:
- Photonic qubits offer room-temperature operation and modular scaling, though they’re still noisy and less mature.
- Topological qubits could eliminate much of the error-correction overhead entirely–but they’re still in the lab-theory stage.
The “Dead Canary” List
We’re not there yet, but we need to keep an eye on developments that could signal that quantum computers are getting dangerously close to breaking Ethereum’s cryptography. These are the “dead canaries” that would indicate that Ethereum’s cryptography may not be safe for much longer.
⚠️ One million physical qubits under surface code
This would push us into the range where ECDLP-breaking becomes feasible. If a lab demonstrates this, it’s no longer theoretical.
→ Threat level: Critical
⚠️ Scalable Magic State Factories
If someone solves the T gate bottleneck with efficient, modular magic state distillation, that could slash the time and space cost of Shor’s algorithm.
→ Threat level: High
🤔 Room-temperature superconductors
Not directly about gates–but if superconducting qubits can operate without deepgg cryogenics, hardware scaling becomes much easier. Still, controlling noise in a “hotter” environment is no small task.
→ Threat level: Moderate
🤔 Optimized Modular Arithmetic Circuits
Algorithmic improvements–like those in Häner et. al.–can trim down number of qubits and gates required for ECDLP. They won’t change the asymptotics (for example, Häner et. al. reduces the qubit count for breaking 256-bit ECDLP from 2330 to 2124–not a game changer), but they still lower the bar.
→ Threat level: Moderate
🪦 Full Shor Execution on RSA-3072
RSA-3072 is harder to break than ECDSA-256 (what Ethereum uses). If Shor’s algorithm is demonstrated on RSA-256 using a fault-tolerant quantum computer, that’s it. The threat is real.
→ Threat level: EXTREMELY CRITICAL
Closing Thoughts
We’re still far from a world where quantum computers can break Ethereum–but “far” doesn’t mean “never”. The goals are clear, and they’re getting closer every year.
By watching for these canary signals, we can stay ahead of the curve and maybe even update our cryptography before it’s too late. In the next article, we’ll explore the other side of the story: quantum-resistant cryptography.
The Image in this article were generated by ChatGPT.
Leave a comment