Willow Quantum Chip: Will It Disrupt Blockchain Security?

Google’s latest quantum computing chip, Willow, has garnered widespread attention in the technology community. This groundbreaking advancement not only showcases the latest achievements in the field of quantum computing but also sparks in-depth discussions about its potential impact on the security of blockchain technology. The security foundation of blockchain technology is built upon complex cryptographic challenges, and the development of quantum computing could pose a threat to this foundation. This article delves into how Google’s quantum chip "Willow" might affect blockchain security.

Overview: Quantum Chip Willow

According to official announcements【1】, Google released the latest quantum computing chip, Willow, this week, announcing two major breakthroughs.

Firstly, Willow achieved a significant reduction in error rates by increasing the number of qubits, overcoming a critical quantum error correction problem that has remained unsolved in the quantum computing field for nearly 30 years.

Secondly, Willow completed a standard benchmark computation in less than five minutes. In contrast, one of the world’s fastest supercomputers currently would take approximately $10^{25}$ years to complete the same task, a timeframe far exceeding the age of the universe.

Let’s analyze these achievements in detail. Setting aside the first point regarding "quantum error correction technology", the second point alone demonstrates that "Willow" completed a computational task that would take a supercomputer $10^{25}$ years in just five minutes. For comparison, consider how long a classical computer would take to brute-force RSA2048. According to Professor John Preskill【2】’s estimate, a household classical computer would require about $10^{16}$ years to crack RSA2048.

From an order-of-magnitude perspective, since Willow can complete a supercomputer’s $10^{25}$ -year task in five minutes, completing a household classical computer’s $10^{16}$-year task seems trivial. Does this imply that the integer factorization problem in cryptography is no longer secure? Similarly, does this reasoning suggest that the discrete logarithm problem on elliptic curves has also been broken? These implications seem to hint that the security of blockchain could collapse instantaneously.

However, is this truly the reality of the situation? Let’s delve deeper into this question. Let’s explore this issue further.

What Kind of Quantum Computer Is Needed to Crack Blockchain Private Keys?

Quantum computers can be used to solve classical cryptographic challenges such as large integer factorization and discrete logarithm problems. But what specific quantum computing capabilities are required to break these cryptographic problems? Let us analyze the following questions in detail:

1. Given the RSA2048 public key, perform large integer factorization.
2. Given a public key on the elliptic curves Secp256k1, Secp256r1, or Ed25519, compute its private key.

For classical computers, both of these problems are difficult to solve. Considering specific security parameters, the latter is slightly more challenging than the former. However, research by Martin et al.【3】reveals that for quantum computers, the situation is exactly the opposite: the former is slightly more difficult than the latter. For simplicity, this article treats these two problems as having approximately the same difficulty, assuming that the quantum computers required to break them have essentially equivalent performance. The following analysis will focus primarily on question 2.

Secp256k1, Secp256r1, and Ed25519 are elliptic curves widely adopted in blockchain technologies. The discrete logarithm problem on these curves forms the security foundation for all blockchain assets, including Bitcoin. If this problem is broken, it means attackers can freely forge transactions on the blockchain. Clearly, whether this problem can be cracked directly affects the survival of blockchain security.

Martin et al.【3】point out that to break the discrete logarithm problem defined on elliptic curves of prime order (with the order’s bit-length being nnn bits), the required quantum computer needs:

• $9n + 2\lceil \log_2(n) \rceil + 10$ qubits,
• A quantum circuit implementation using $448n^3 \log_2(n) + 4090n^3$ Toffoli gates.

For example, for the NIST-standardized curve P-256, the point addition quantum circuit simulation requires 2,330 logical qubits, while implementing Shor’s algorithm on this curve fully requires approximately $1.26 \cdot 10^{11}$ Toffoli gates.

In short, a quantum circuit composed of just 2,330 high-quality logical qubits and $1.26 \cdot 10^{11}$ Toffoli gates is sufficient to undermine the foundational security of blockchain.

The Crux of Quantum Computing—High-Quality Logical Qubits

The reason quantum computers based on quantum chips can compute much faster than classical computers lies in their core advantage: quantum computing no longer relies on linear computation methods but utilizes quantum superposition and quantum parallelism to perform complex computations through qubits. However, the uniqueness of qubits also brings significant challenges. Qubits are highly susceptible to environmental noise and external interference, making their states very unstable and prone to losing their quantum properties (i.e., decoherence). In practice, nearly every step involving qubits can encounter errors, including initialization, state maintenance, quantum gate operations, and result reading. These errors can cause quantum algorithms to produce incorrect results or lose their effectiveness. Therefore, maintaining the stability and accuracy of qubits and obtaining high-quality qubits is one of the core challenges in the development of quantum computers.

To address this challenge, a key method is to construct logical qubits to reduce error rates. Logical qubits are composed of multiple physical qubits and use quantum error-correcting codes (such as surface codes or Cartesian codes) to detect and correct errors, thereby enhancing system robustness and reliability. In reality, each logical qubit typically requires dozens to thousands of physical qubits for support. Although implementing logical qubits significantly improves the fault tolerance of quantum computers, it comes at the cost of requiring a large number of physical qubits and complex error-correcting algorithms.

The development of quantum error correction has also encountered a disheartening problem. Researchers initially hoped to improve the accuracy of logical qubits by sacrificing additional physical qubits, but reality contradicted this expectation. Due to the inherently high error rates of physical qubits($10^{-1}$ ~ $10^{-3}$), previous studies found that sacrificing additional physical qubits not only failed to reduce the error rate of logical qubits but actually increased it beyond that of physical qubits. This situation can be aptly described as "incompetence causing more harm than good; the more people involved, the more chaos ensues." In the context of quantum error correction, this means that the high error rates of physical qubits lead to worsening errors as more qubits are added.

Therefore, without high-quality logical qubits, constructing practical quantum computers is unfeasible.

Revisiting the Quantum Chip Willow

With a sufficient background understanding, let us re-examine Willow’s achievements.

Firstly, Willow achieved a historic "turnaround" in quantum error correction by increasing the number of qubits and employing surface code【4】【5】technology. This means that by deploying multiple physical qubits, researchers successfully obtained a logical qubit with a lower error rate. Specifically, in "Willow," as the qubit array expanded from a 3×3 surface code to 5×5 and 7×7, the encoded error rate decreased by a factor of 2.14 each time, achieving an exponential reduction in error rates, as shown in Figure 1. This breakthrough gives humanity hope on the path to constructing high-quality logical qubits and is considered a significant achievement.

Secondly, Willow completed Random Circuit Sampling (RCS), a standard benchmark computation, in under five minutes. RCS testing is a widely used method for evaluating the performance of quantum computers. However, it is important to note that the astonishing performance gap between quantum and supercomputers in this test is partly due to the fundamental differences between quantum and classical computing.

To better understand this, consider an imperfect analogy: comparing the speed of a satellite in space to that of a car on the ground. Additionally, RCS currently lacks practical application scenarios.

When Will Willow Be Able to Crack Classical Cryptographic Problems?

The figure above illustrates Google’s six-stage roadmap for quantum computing development【7】, showcasing the key path from experimental breakthroughs to large-scale practical applications.

First Stage (2019): Using the Sycamore processor, the team demonstrated quantum computing’s ability to surpass traditional computing by completing a task in 200 seconds that would take a classical supercomputer 10,000 years, laying the foundation for quantum supremacy. This stage’s goal has been achieved, with the quantum computer possessing 54 physical qubits.

Second Stage (2024): Willow demonstrated the first prototype of logical qubits, proving that quantum error correction can reduce error rates. This breakthrough paves the way for building large-scale practical quantum computers and enables Near-Term Intermediate-Scale Quantum (NISQ) applications. This stage’s goal has also been met, with the quantum computer featuring 105 physical qubits and a logical qubit error rate of $10^{-3}$.

Third Stage: The goal is to construct long-lived logical qubits, achieving an error rate of less than one in a million operations. This requires more advanced quantum error correction techniques and scalable hardware architectures. Quantum computers at this stage are expected to have $10^3$ physical qubits and reduce the logical qubit error rate to $10^{-6}$.

Fourth Stage: Focus on implementing low-error logical quantum gate operations, enabling true quantum error-corrected applications. Quantum computers in this stage are anticipated to have $10^4$ physical qubits, maintaining the logical qubit error rate at $10^-6$.

Fifth Stage: System scale expands to 100 logical qubits with high-precision gate operations, expected to unlock more than three error-corrected quantum applications. Quantum computers at this stage are projected to possess $10^5$ physical qubits, maintaining the logical qubit error rate at $10^{-6}$.

Sixth Stage: The ultimate goal is to control and connect 1,000,000 qubits, constructing large-scale error-corrected quantum computers with widespread applications in medicine, sustainable technologies, and more than ten different applications, transforming multiple industries. Quantum computers at this stage are expected to have $10^6$ physical qubits and reduce the logical qubit error rate to $10^{-13}$.

As mentioned before, cracking the discrete logarithm problem on widely used elliptic curves in blockchain requires approximately 2,330 high-quality logical qubits and a quantum circuit composed of $1.26 \cdot 10^{11}$ Toffoli gates. Since logical qubits require quantum error correction, each logical qubit typically needs multiple physical qubits for support. For example, the "Willow" chip has an encoding distance of 7, meaning each logical qubit requires $7^2 = 49$ physical qubits, totaling approximately 114,170 physical qubits. However, this estimate is overly optimistic. As the scale of quantum computations and circuit depth increase, the error rate requirements for logical qubits become more stringent. In reality, the current logical qubit error rate of the "Willow" chip is about $10^{-3}$, far from the level required to crack such problems.

According to research by Craig et al.【6】, to solve the RSA 2048 problem, which has a similar difficulty to the discrete logarithm problem on elliptic curves, the logical qubit error rate must be reduced to $10^{-15}$ corresponding to an encoding distance of at least 27. This means each logical qubit would require $27^2 = 729$ physical qubits, totaling over 1,698,570 physical qubits. Additionally, the logical qubit error rate needs to reach $10^{-15}$, which is not only significantly lower than the "Willow" chip’s $10^{-3}$ but also two orders of magnitude lower than the logical qubit error rate anticipated in Google’s sixth-stage quantum computer blueprint.

In summary, according to Google’s development roadmap, the capability to crack the discrete logarithm problem on elliptic curves will only be achievable after quantum computing technology advances to the sixth stage. Achieving this goal requires significant improvements in the quality of logical qubits while addressing the efficient control and error correction of a massive number of physical qubits.

Assuming a five-year interval between the first and second stages, a steady development trajectory suggests that it will take approximately 15 to 20 years before Willo" or its successors have the capability to break classical cryptographic problems. Even with optimistic estimates, it will take at least ten years to possibly reach the necessary level.

The Future of Blockchain Security

Once quantum computers achieve sufficient computational power, they can leverage their asymmetric advantages to rapidly break the core security mechanisms of cryptocurrencies, steal users’ private keys, and control their assets. In such scenarios, existing cryptocurrency networks would face systemic collapse risks, and the security of user assets would be compromised.

However, Google’s Willow quantum chip is still in the early stages of quantum computing research and cannot yet solve cryptographic challenges like large integer factorization and discrete logarithms. Therefore, it does not pose a substantive threat to blockchain security at this time. In fact, developing truly practical quantum computers still faces numerous technical challenges, marking it as a formidable and long-term endeavor.

Despite current quantum computing technology not posing a direct threat to encrypted assets, its development momentum cannot be ignored. According to trends in technological advancements, quantum computers are expected to overcome several key technical bottlenecks within the next ten years, gradually approaching the critical point where they threaten traditional cryptography.

Facing this potential challenge, the blockchain community needs to take proactive measures, develop long-term plans, and prepare for the technological impacts that the quantum era may bring. To ensure the long-term security and stability of blockchain, the following three measures are particularly important:

1. Accelerate Research and Standardization of Post-Quantum Algorithms: Actively advance research on post-quantum cryptographic algorithms (such as lattice-based theories) and strive to promote their standardization and global application. This is the primary task in addressing quantum threats and is crucial for the future security of blockchain.
2. Proactively Deploy Post-Quantum Cryptographic Technologies: Begin establishing robust post-quantum cryptographic infrastructures to lay a solid technical foundation for the long-term security of blockchain networks. This will ensure that the system can effectively respond to potential quantum threats and maintain stable operations.
3. Deeply Explore the Innovative Potential of Quantum Computing: Investigate the application value of quantum computing in areas such as on-chain computation optimization, resource scheduling efficiency improvement, and enhanced privacy protection, injecting new growth momentum into blockchain technology.

Although the comprehensive application of quantum computers has not yet been realized, their advent is inevitable. In this context, traditional cryptographic-based blockchain security frameworks will gradually be replaced by security assurances based on post-quantum cryptography. Safeheron has already begun collaborating with academic institutions to lay the groundwork for research on post-quantum algorithms, ensuring thorough preparation for the technological evolution of digital asset security. Furthermore, public blockchains incorporating quantum-resistant attack algorithms have already emerged within the blockchain ecosystem. This progressive development trend alleviates the need for excessive concern.

The development of quantum computing not only presents potential security challenges to blockchain technology but also offers opportunities for technological advancement and efficiency improvements. Only by proactively addressing these challenges and embracing change can blockchain technology thrive in the future wave of technological innovation, achieving higher levels of maturity and innovation.

References

【1】Meet Willow, our state-of-the-art quantum chip
【2】John Preskill – Introduction to Quantum Information (Part 1) – CSSQI 2012
【3】Quantum Resource Estimates for Computing Elliptic Curve Discrete Logarithms
【4】Suppressing quantum errors by scaling a surface code logical qubit
【5】Quantum error correction below the surface code threshold
【6】How to factor 2048 bit RSA integers in 8 hours using 20 million noisy qubits
【7】Google’s quantum computing roadmap