Quantum threat to elliptic curve cryptography, CEO warns

Alex Pruden, CEO of Project Eleven, warned that advances in quantum computing could break elliptic curve cryptography, the math that secures many web connections, digital signatures and blockchains. He cited recent research and company comments suggesting fewer qubits than earlier estimates may be needed to attack public key systems.

Elliptic curve cryptography (ECC) is used for digital signatures and key exchange because it provides strong security with relatively short keys. Quantum algorithms such as Shor’s algorithm can, in principle, solve the mathematical problems ECC relies on if run on a sufficiently powerful quantum computer.

Pruden urged organizations to begin migrating to post-quantum methods, which he described as postmodern cryptography. He recommended that firms that manage keys and critical internet services catalogue where ECC is used and plan testing and migration. He has worked on migration tools, including a product called Yellow Pages for Bitcoin, intended to help protect digital assets from quantum attacks.

Pruden highlighted artificial intelligence as a factor that could speed attacks or lower the technical barrier for exploitation. He warned: “Recent research indicates that quantum computing poses a more imminent threat to elliptic curve cryptography than previously understood.”

Migrating blockchains presents technical challenges because addresses and signature schemes are embedded in long chains of data. He noted that moving a live chain to a different cryptographic scheme requires coordination and engineering work. Pruden also observed a split in the Bitcoin community over the timeline and scale of the quantum risk, with some treating it as distant and others urging preparatory steps now.

Some internet traffic already uses hybrid cryptography that combines classical and post-quantum algorithms so a system remains secure even if one element is broken. Experts recommend phased actions: identify where ECC is used, deploy hybrid solutions where feasible, and monitor developments in quantum hardware and post-quantum standards.

Pruden added: “The reliance on modern public key cryptography makes financial systems vulnerable to quantum computing threats.” He warned that if foundational public key systems were broken, impacts could include compromised transaction integrity, risks to interbank messaging and the potential for recorded encrypted traffic to be decrypted later.

Standards bodies are working to select and standardize post-quantum algorithms. Pruden said the recent findings on qubit requirements should prompt planning and testing rather than immediate alarm.