Google's 2029 Post-Quantum Deadline: Bitcoin Has No Plan

Google's post-quantum cryptography 2029 deadline dropped this week and the crypto industry can't shrug it off the way it shrugged off Willow. Back in December 2024, when Google unveiled its Willow quantum chip with just 105 qubits, the consensus across Bitcoin and crypto circles was roughly: relax, we've got decades. The math backed it up — millions of physical qubits are needed to run Shor's algorithm against real-world encryption, and 105 barely registers. Sixteen months later, Google isn't relaxing. The company announced a firm 2029 target to migrate its authentication services to post-quantum cryptography, and the reasoning isn't hypothetical. It's happening in their products right now.

What Did Google Actually Announce?

The short version: Google post-quantum cryptography 2029 means the company is treating the quantum threat as an engineering project with a deadline, not a research problem for the distant future. Android 17 already ships with post-quantum digital signature protection baked in. Chrome already supports post-quantum key exchange. Google Cloud is offering post-quantum solutions to enterprise clients today. This is not a warning about what might happen — it's a migration already underway.

To understand why this matters for Bitcoin holders specifically, a quick explainer on what quantum computers actually threaten. Classical machines process bits — each one a 0 or a 1, checked one at a time. Quantum computers use qubits that exist as 0 and 1 simultaneously (superposition), letting them explore vast numbers of possibilities in parallel. For most tasks, the advantage is negligible. But for factoring the large prime numbers that underpin modern cryptography — the kind that protects your Bitcoin wallet — a sufficiently powerful quantum machine could crack in minutes what would take a classical computer longer than the age of the universe.

The specific risk to Bitcoin runs through Shor's algorithm. A quantum computer running Shor's could derive a private key from a public key — meaning any wallet whose public key has ever been broadcast on the blockchain becomes a target. Reused addresses, old Pay-to-Public-Key outputs, any address that has sent a transaction and exposed its public key. That's roughly 1.6 million BTC sitting in legacy address types, spread across more than 32,000 wallets averaging about 50 BTC each. And roughly 10,200 BTC is concentrated enough in specific vulnerable address types that its theft could, according to analysis from CoinShares, cause what they describe as 'appreciable market disruption.'

Bitcoin Uses ECDSA — The Exact Target

This isn't a general quantum concern that happens to touch crypto tangentially. Bitcoin ECDSA quantum vulnerability is the specific problem Google's migration is designed to address — Elliptic Curve Digital Signature Algorithm is precisely the category of cryptography Google flagged as requiring pre-emptive migration before a capable quantum computer arrives. Bitcoin uses ECDSA to authorize every single transaction on the network. That's not incidental. That's load-bearing.

When Ethereum co-founder Vitalik Buterin raised the alarm in October 2024 — notably a full month before the Willow announcement — he wasn't being alarmist for its own sake. He cited quantum computing experts including Scott Aaronson, who had started taking the medium-term possibility of functioning quantum computers far more seriously. Buterin's concern was the governance gap: the time between 'this is theoretically dangerous' and 'we have a working migration deployed' is long, especially for decentralized protocols.

Quantum computing experts such as Scott Aaronson have also recently started taking the possibility of quantum computers actually working in the medium term much more seriously.

Ethereum Has a Roadmap. Bitcoin Has Silence.

The comparison here is genuinely uncomfortable for Bitcoin advocates, and it deserves to be said plainly. Ethereum launched pq.ethereum.org this week — a public hub for a post-quantum security effort that has been running since 2018. Eight years of work. The Ethereum post-quantum roadmap maps specific milestones across four upcoming hard forks, from a post-quantum key registry to full post-quantum consensus. More than 10 client teams are shipping weekly devnets through what the Ethereum Foundation calls PQ Interop. The foundation's cryptography team, protocol architecture team, and protocol coordination team have all been embedded in this effort for years.

Bitcoin has none of that. No coordinated roadmap. No multi-team engineering program. No fork milestones. One group is working on a quantum-related proposal that has attracted essentially zero buy-in from the project's senior developers. Isolated research exists, but there's no coherent strategy around it. The last major cryptographic upgrade to Bitcoin — Taproot — took years of debate before it finally activated in 2021. That timeline doesn't fit a 2029 deadline particularly well.

Bitcoin's governance structure is the real obstacle. There's no Ethereum Foundation equivalent to fund and coordinate a multi-year, multi-team engineering push. Protocol changes require broad consensus across a decentralized developer community that has historically moved deliberately — a feature when stability is the goal, a liability when someone else just set a three-year clock.

Ethereum gets together and announces a specific, detailed PQ roadmap by 2029, sets it as top strategic priority, folds PQ into ongoing roadmap, detailed FAQ, no fear, just action.

Does Bitcoin Have Time to Catch Up?

Nic Carter — one of Bitcoin's most vocal and credible advocates, co-founder of crypto fund Castle Island Ventures — didn't sugarcoat his read of the situation this week. He called Bitcoin's approach 'worst in class' on quantum readiness and Ethereum's 'best in class.' He was careful to frame this as constructive criticism, not competitive sniping.

CoinShares and other firms have pushed back on the panic narrative. Their argument: the vast majority of exposed Bitcoin isn't concentrated enough to be worth a sophisticated attacker's resources. The 1.6 million BTC in legacy Pay-to-Public-Key addresses is scattered — more than 32,000 wallets averaging 50 BTC apiece. Cracking them individually would be slow, expensive, and arguably not worth the quantum compute cost. That math is reassuring until it isn't — because quantum hardware costs will fall, and the most concentrated wallets (those 10,200 BTC worth of high-density targets) would still move markets if compromised.

The honest answer to whether Bitcoin has time is: probably, but only if it starts now, and it hasn't started. Google's error correction progress — going from demonstrating below-threshold error correction for the first time to setting a corporate migration deadline inside 16 months — is the data point that should concentrate minds. The gap between 'theoretically possible' and 'practically deployable' is closing faster than the public roadmap suggests. When the company that builds the quantum computers tells you to migrate by 2029, that's not a press release. That's an insider signal.

Everyone knows I'm a bitcoiner and would like bitcoin to win. Not saying this to hurt feelings. Saying this to spur action.