AI News CryptoTRADE THE NEWS
Tabar argues quantum risk could reprice Bitcoin vs. Ethereum on governance speed
Crypto
Bitcoin
Ethereum
Trading

Tabar argues quantum risk could reprice Bitcoin vs. Ethereum on governance speed

He cites a late-March Google/Stanford/Ethereum Foundation estimate and a May 18 Citi note on shortened attack timelines.

By AI News Crypto Editorial Team6 min read

An opinion column by Samir Tabar argues that recent quantum-computing estimates and a May 18 Citi research note sharpen a relative security-risk gap between Bitcoin and Ethereum. The piece frames Bitcoin’s spend-time public-key exposure and slower upgrade path as the core vulnerabilities, while portraying Ethereum as already executing a post-quantum migration roadmap.

Key Takeaways

  • A late-March Google Quantum AI collaboration with Stanford University and the Ethereum Foundation is described as cutting the estimated resources to break Bitcoin cryptography by about 20x, with a scenario of deriving a private key in roughly nine minutes using fewer than 500,000 physical qubits.
  • A Citi research note dated May 18, 2026 warned that quantum advances have shortened the timeline for practical attacks on digital assets and concluded Bitcoin faces significantly greater quantum risk than Ethereum.
  • The Bitcoin-specific exposure mechanism highlighted is spend-time public-key revelation on-chain under ECDSA, creating a potential Shor’s-algorithm attack window if quantum hardware becomes capable.
  • Ethereum is portrayed as tying post-quantum work to NIST PQC standards finalized in August 2024, with Pectra (May 2025, EIP-7702), a Hegotá hard fork planned for 2H 2026, and Ethereum Foundation milestones targeting core infrastructure around 2029.

Citi and Google Quantum Estimates Reignite the BTC vs. ETH Security Narrative

The latest quantum-risk debate is back in the tape because it now has two ingredients traders tend to respect: a named “major lab” estimate and a sell-side framing that turns a long-horizon tail risk into a relative-value narrative.

In the column, Samir Tabar points to a Citi analyst note published May 18, 2026 that warned quantum computing advances have shortened the timeline for practical attacks on digital assets. Citi’s conclusion, as presented, is that bitcoin faces “significantly greater quantum risk than Ethereum,” with the gap attributed to both technology and governance.

Tabar ties that to a late-March paper from Google Quantum AI in collaboration with Stanford University and the Ethereum Foundation. The paper is described as finding the computing resources required to break bitcoin’s foundational cryptography are approximately 20 times lower than previously estimated, and that a sufficiently advanced quantum computer with fewer than 500,000 physical qubits could derive a bitcoin private key from its public key in roughly nine minutes. The column also notes such a machine does not exist today.

That combination can matter even without near-term feasibility. It gives institutions and macro allocators a cleaner way to express “quantum risk” as BTC-versus-ETH positioning rather than as an immediate protocol panic.

The Claimed Bitcoin Attack Window: Public-Key Exposure, ECDSA, and Shor’s Algorithm

The column’s BTC-specific risk framing hinges on a narrow but concrete surface area: the moment a spend reveals a public key.

Bitcoin’s security relies on elliptic curve digital signature algorithms (ECDSA). When BTC is spent, the public key is briefly exposed on-chain. Under classical computing, reversing a public key into a private key is infeasible. Under the scenario described, a quantum computer running Shor’s algorithm could, in principle, derive the private key from the public key during the broadcast window and redirect funds.

Tabar also cites Nic Carter, co-founder of Coin Metrics, who called quantum computing “the biggest long-term risk to bitcoin's core cryptography” and accused developers of “sleepwalking towards collapse.” Carter is cited as estimating elliptic curve cryptography could be meaningfully broken as early as 2028, and that approximately 6.9 million BTC could be vulnerable at sufficient quantum scale, including legacy wallets and Taproot outputs. Taproot outputs are described as representing more than 21% of all bitcoin transactions in 2025.

Upgrade Velocity as Risk: SegWit/Taproot Timelines vs. Draft PQ BIPs

The governance argument is the second leg of the trade. Tabar’s case is that even if Bitcoin can upgrade “in theory,” its conservative, consensus-driven process makes rapid signature migration hard to execute under time pressure.

As examples, the column cites SegWit taking roughly 8.5 years from conception to widespread adoption and Taproot taking approximately 7.5 years. It also states that quantum-related proposals BIP-360 and BIP-361 were still at the draft or early testnet stage as of 2026.

Ethereum is positioned as having a clearer migration story because the roadmap is anchored to NIST post-quantum cryptography standards finalized in August 2024. The column says Ethereum’s Pectra upgrade shipped in May 2025 and introduced EIP-7702 as a step toward account abstraction, with the architectural claim that individual accounts can choose signature verification and voluntarily switch to quantum-safe signatures rather than requiring a single synchronized network-wide migration.

For institutional risk committees, that roadmap visibility can be the point. The column also frames quantum readiness as a compliance-adjacent issue, citing an April 2026 deadline for U.S. federal agencies to submit PQC transition plans under National Security Memorandum 10, a G7 Cyber Expert Group financial-sector roadmap published in January 2026, and an EU 2030 quantum-resistance target for critical infrastructure.

Milestones That Could Move the Narrative Next

The immediate constraint is verification. The column excerpt does not include the underlying Citi note or the full Google Quantum AI/Stanford/Ethereum Foundation paper, so the market is trading a narrative that rests on secondhand presentation of key assumptions.

Primary-source access to the May 18, 2026 Citi research note would clarify what “shortened timeline” means in practice and how Citi defines the BTC-versus-ETH differential. The same applies to the late-March quantum paper, where the 20x resource reduction and the fewer-than-500,000 physical qubits and roughly nine-minute scenario need to be read alongside constraints and caveats.

On the protocol side, the next tangible signal for Bitcoin is whether BIP-360 and BIP-361 move beyond draft or early testnet status during 2026. For Ethereum, the real milestone is execution risk: whether the planned 2H 2026 Hegotá hard fork stays on track and whether the Ethereum Foundation’s stated ~2029 post-quantum infrastructure milestones continue to show concrete progress.

Treat Quantum as a Narrative Catalyst, Not a Countdown Timer

I don’t treat the “nine minutes” and “500,000 physical qubits” framing as a countdown clock without the primary paper in hand, and the column itself flags that the machine does not exist today. But the setup is still tradable as a relative-risk story because it pairs a major-lab estimate with a sell-side conclusion that explicitly ranks BTC versus ETH.

The threshold that matters is whether the Citi note and the Google/Stanford/Ethereum Foundation work, once examined directly, hold up as more than headline numbers. If that holds, the setup starts to look structural rather than narrative-driven, because governance velocity and roadmap credibility become inputs to institutional sizing, not just technical trivia.

Sources