Paper from Google/UC Berkeley/Ethereum Foundation/Stanford cuts qubits needed to attack 256-bit elliptic-curve cryptography by 20x, but withholds the circuit using a zero-knowledge proof.
Key Takeaways
New quantum circuit factors 256-bit elliptic-curve signatures using fewer than 1,200 logical qubits and 90 million gates, down from prior 1,098-qubit but 2^38-gate approaches.
~500,000 physical qubits required; IBM Condor has 1,121, so practical attack is still roughly 500x away in memory alone.
Researchers used SP1 (a RISC-V zero-knowledge VM producing STARKs) to prove circuit correctness without releasing the circuit, then compressed via Groth16 SNARKs for efficient verification.
The zero-knowledge proof uses SHA-256-seeded PRNG to prevent cherry-picking test inputs, then folding/FRI-style polynomial commitments to certify the simulation results.
This is the first quantum-computing paper to use this style of zero-knowledge proof in place of publishing the actual artifact.
Hacker News Comment Review
No substantive HN discussion yet; only observation is that withholding a cryptographic breakthrough via ZK proof is a novel and clever precedent for responsible disclosure in quantum research.
