This week saw two significant publications within 24 hours of each other. The first article, by researchers from Oratomic, Caltech and Berkeley, was published on 30 March 2026 on arXiv. The second article, announced by Google Research on their blog on 31 March 2026, is a joint paper by researchers from Google, Ethereum and the universities of Berkeley and Stanford. For conciseness, we will refer to them as the Google paper and Oratomic paper, respectively.
The Oratomic and Google papers
So what is the deal with these two papers?
As a reminder, one of the main applications of quantum computing is to obtain a cryptographically relevant quantum computer (CRQC), which is a quantum computer able to break widely deployed cryptography. Building and exploiting a CRQC can be broken down in four steps:
- Physical: Build physical qubits with good properties
- Architectural: Given physical qubits, build logical qubits with good properties
- Algorithmic: Given logical qubits, build an algorithm solving a cryptographic problem (for example the Elliptic Curve Discrete Logarithm Problem (ECDLP) underlying elliptic curve cryptography).
- Exploitation: Exploit the existence of an algorithm solving a cryptographic problem (for example ECDLP).
The Oratomic paper focuses on Step 2 (Architectural). It shows how to build better logical qubits (and crucially, how to compute on them) from neutral atom physical qubits. There exist several methods to build physical qubits (Step 1 – Physical), such as superconducting qubits, photonic qubits, trapped ions and neutral atoms. The Oratomic paper relies on neutral atoms, which have attracted a lot of attention recently as they simultaneously achieve two desirable properties: (i) the ability to scale to large qubit counts, and (ii) non-local connectivity (you can rearrange atoms to connect any pair). That combination is exactly what you need for high-rate qLDPC codes, one of the key techniques used in the paper.
The Google paper is complementary to the Oratomic paper, as it focuses on Steps 3 and 4. Regarding Step 3 (Algorithmic), it claims to have a more efficient quantum circuit for solving ECDLP over the secp256k1 curve. As is typical in the literature, efficiency is measured by the number of qubits and Toffoli gates required. Notably, the paper does not reveal the circuit itself, but provides a cryptographic proof that they possess a circuit with the claimed properties – allowing verification without disclosure.
| Algorithm | Logical qubits | Toffoli gates |
|---|---|---|
| Litniski (2023) | 3000 | ~ 109 million |
| Chevingard et al. (2026) | 1098 | ~ 290 billion |
| Google paper (few qubits) | 1200 | ~ 90 million |
| Google paper (few Toffoli gates) | 1450 | ~ 70 million |
Regarding Step 4 (Exploitation), the Google paper discusses the ramifications of the existence of an ECDLP-solving algorithm on the cryptocurrency ecosystem. Interestingly, the severity of the attacks depends both on the architecture of the CRQC (“slow-clock” or “fast-clock”) and the exact context (“on-spend”, “at-rest”, and “on-setup” attacks). In particular, some attacks are out of scope for “slow” CRQCs, and they are mainly suitable for attacking high-value, long-lived keys.
What does it mean for PQC?
The Oratomic and Google papers move the needle towards building a CRQC and enabling future quantum attacks on real-world systems. We will still need to see more of these breakthrough results before we actually have a CRQC, but with each breakthrough the likelihood goes up.
It is notable that one week prior to publishing their paper, Google announced in a blog post that they were advancing their post-quantum cryptography (PQC) timeline to a 2029 deadline. Simultaneously, Google announced in another blog post that they also started investing in neutral atom quantum computers, pursuing this in parallel with the superconducting quantum computers they had been pursuing thus far. This may indicate that quantum computers are being taken with sufficient urgency at Google to impact their near-term roadmap, and that architectures based on neutral atoms may play an important role.
These results are a reminder that any organization relying on elliptic curve cryptography should transition to PQC as soon as possible. This migration takes years, not months – protocols, software and hardware implementations all need to be updated. Fortunately, NIST standards are ready to be deployed. PQShield can help organizations in their transition to post-quantum cryptography, both with off-the-shelf, secure and efficient hardware and software implementations, and through consulting on hard migration problems.
Authors: Dr Thomas Prest is a co-submitter of FALCON, a NIST PQC finalist. He leads the Advanced Cryptography Protocols team at PQShield and holds a PhD degree from ENS Paris. Dr Thomas Wiggers obtained his PhD with distinction in early 2024 from Radboud University, The Netherlands. His thesis was titled Post-Quantum TLS and discussed how we can secure connections on the web. He is known for the KEMTLS proposal for post-quantum authentication in TLS. Thom’s main research interests include making post-quantum cryptography work in cryptographic protocols and standardization of PQC.