On April 24, Project Eleven honored Giancarlo Lelli with its Q-Day Prize for using publicly available quantum hardware to extract a 15-bit elliptic curve private key from a public one. This marks the largest demonstration of an attack type that might someday threaten systems like Bitcoin and Ethereum secured by similar cryptography. The prize was awarded in Bitcoin.
Lelli’s achievement, however, is far from breaking Bitcoin’s security, which relies on a 256-bit key. Presently, no known quantum computer can compromise actual Bitcoin wallets. This demonstration gains significance against the backdrop of Google reducing its ECDLP-256 resource estimates and setting a migration deadline for 2029.
Lelli employed a variant of Shor’s algorithm to recover the private key from a public one within a search space of 32,767. The Q-Day Prize competition required entrants to tackle the largest ECC key on a quantum computer without classical shortcuts or hybrid methods. Lelli’s 15-bit result was the best by the deadline and represented a substantial leap over previous demonstrations.
The winning machine reportedly had around 70 qubits, with independent verification from researchers at the University of Wisconsin-Madison and qBraid. The demonstration is akin to picking a toy lock using methods that could one day threaten more secure vaults; it shows progress but not imminent danger.
The significance lies in making the quantum threat tangible rather than hypothetical, without overstating its current impact on Bitcoin security. Lelli’s method aligns with those relevant to Bitcoin’s cryptographic foundations, although not directly applicable at present scales.
Project Eleven emphasized that this achievement marks a 512-fold improvement over previous demonstrations and underscores an advancing public demo frontier. However, the leap from a 15-bit key to Bitcoin’s 256-bit security is vast.
Google has recently published new estimates indicating potential quantum computing advancements by 2029, with some architectures suggesting feasible execution of Shor’s algorithm at relevant scales. Yet, these are theoretical projections as such machines don’t yet exist.
Bitcoin wallets remain exposed due to the visibility of public keys in older or reused addresses and transactions. Project Eleven notes that a significant number of BTC is vulnerable under quantum attack scenarios. This has prompted Bitcoin governance to propose changes aimed at reducing this vulnerability.
Two potential futures are outlined: one where migration becomes routine before any threat materializes, maintaining market confidence; the other where technical progress outpaces governance adaptation, leading to rushed migrations and increased risk exposure.
The UK’s National Cyber Security Center and organizations like Google have set migration targets for 2029. The Ethereum Foundation underscores that decentralized protocols require early preparation against threats. Bitcoin now faces a migration race dependent on its decentralized nature, with the real challenge being coordination rather than technical capability.