Trail of Bits generated a test that appeared to surpass Google’s metrics, but without real progress.
Google patched the code and confirmed that its scientific conclusions are not affected.
The security firm Trail of Bits published a report in which it revealed that it had found multiple vulnerabilities in the code that Google used to support its paper on quantum computing and Bitcoin, published March 30. The Trail of Bits team exploited these flaws to generate a falsified test that apparently exceeds the metrics of the paper of Google in all indicators.
Google, according to what Trail of Bits said in its report shared today, April 17, has already patched the code and confirmed that its scientific claims are not affected. He paper Google estimated that a quantum computer could compromise Bitcoin cryptography with less than 500,000 physical qubits, a nearly 20-fold reduction from previous estimates.
However, Google decided not to publish the specific quantum circuit that supports that estimate, so as not to provide an attack blueprint to malicious actors. Instead, used a zero knowledge proof (ZK proofs), a cryptographic mechanism that allows proving that something is true without revealing the information that proves it.
Specifically, it used a zero-knowledge virtual machine (zkVM) that runs a program and generates verifiable proof that that program ran correctly with certain parameters.
What did Trail of Bits find?
According to your reportTrail of Bits identified two vulnerabilities in the Rust code that Google used as a checker:
- The first allowed you to skip the counter Toffoli doorsan indicator of the computational cost of a quantum circuit, without altering the result of the calculation. In simple terms, Google’s code accepted a type of invalid operation that executed the calculation correctly but did not record it in the counter, like an employee doing his job without clocking in.
- The second vulnerability allowed the same variable to be simultaneously input and output of an operation, which violates the principles of reversibility of quantum circuits but which Google’s verifier did not detect.
Exploiting both flaws, Trail of Bits built a circuit that, based on the generated test, would require zero Toffoli gates, 8.3 million total operations, and 1,164 qubits to compromise Bitcoin crypto, surpassing Google metrics in all indicators.
That means that, if that evidence were legitimate, would imply that breaking Bitcoin crypto is even easier than Google estimated. But it is not. Those numbers do not come from any real advances in quantum computing but from exploiting flaws in the verification software so that the system accepts false data as if it were valid.
Revealingly, the falsified proof was cryptographically indistinguishable from a legitimate proof using Google’s unpatched code and would have been unknowingly accepted by any third-party verifier.
Why doesn’t this invalidate the paper from Google?
The central question is whether the Trail of Bits finding refutes the conclusions of the paper from Google on quantum risk for Bitcoin. The answer is no.
The vulnerabilities found were in the verification software, not in the quantum circuit or the algorithms that Google developed. Google patched the code and explicitly confirmed that its scientific claims, including the estimate of less than 500,000 physical qubits needed to compromise Bitcoin, are not affected.
What the incident does reveal is a limitation of the chosen disclosure mechanism. According to Trail of Bits, zkVMs are not a magic wand that eliminates the need for trust: they simply redistribute it from scientific experts to programming languages, compilers, and test systems. An error in any of these components can compromise verification without the scientific result being incorrect.
He paper of Google was one of the triggers for the most intense post-quantum debate that the Bitcoin ecosystem has experienced in recent weeks.
The finding of Trail of Bits does not change Google’s numbers or the debate they generated, although it warns that using zkVM as a responsible scientific dissemination mechanism does not eliminate the risk of manipulationit simply moves you from the scientific content to the code that verifies it. If that code is flawed, a fake test can circulate as valid without anyone detecting it.