IBM quantum run recovers 15-bit ECC key; devs call it noise

On April 24, 2026, independent researcher Giancarlo Lelli ran a two‑register variant of Shor’s algorithm on IBM Quantum Heron r2 processors, including ibm_torino and ibm_fez, and recovered a 15‑bit elliptic‑curve private key. Project Eleven awarded Lelli its 1 BTC Q‑Day Prize, roughly $78,000 at the time, and published the submitted code and execution logs on GitHub.

Project Eleven described the result as the largest public demonstration of its kind and said it represented a 512‑fold increase in search‑space complexity compared with a 6‑bit ECC break on IBM hardware in September 2025. The prize covers reproducible experiments targeting ECC key sizes between 1 and 25 bits.

Bitcoin developers and independent researchers examined the submission and reported the quantum outputs were statistically indistinguishable from random noise. Former Bitcoin Core maintainer Jonas Schnelli analyzed the circuit, which ran about 98,000 gates at roughly 99.5% per‑gate fidelity, and reproduced the key recovery in roughly 20 lines of Python using random bits.

Researcher Yuval Adam replaced the IBM backend with the system random generator /dev/urandom and obtained the same recovered key. Coinkite founder Rodolfo Novak described the demonstration as “theater” and wrote that the experiment applied a classical verification filter that effectively narrowed candidate keys before the quantum circuit ran.

Project Eleven founder Alex Pruden acknowledged the criticisms in a follow‑up thread, writing that the run was “not Q‑Day” and that noisy intermediate‑scale quantum experiments commonly require classical assistance. Pruden added the entry is reproducible on public hardware and recommended that teams plan for long‑term migration to post‑quantum algorithms.

Project Eleven is backed by Coinbase Ventures, Castle Island Ventures, Variant and Balaji Srinivasan. The company issued a press release with the award and noted that approximately 6.9 million BTC held in wallets with exposed public keys could face long‑term risk; the company also offers post‑quantum cryptography tools.

Technical details put the experiment in context. A 15‑bit private key has a search space of 32,767 possible keys, a size small enough for classical verification of candidates to find a match quickly. Bitcoin’s standard curve, secp256k1, provides 256‑bit security; the difference between 15 bits and 256 bits equals a factor of 2^241 in search difficulty.

Recent research, including a paper published by Google in April 2026, estimates that breaking 256‑bit elliptic‑curve cryptography would require on the order of hundreds of thousands of physical qubits, a scale larger than current public quantum hardware. Developers and cryptographers maintained that present public machines do not offer a practical path to breaking standard Bitcoin keys.