Welcome back to the Project Eleven Bulletin. We’re excited to host an AMA (Ask Me Anything) with Steve Tippeconnic who recently used a quantum computer to crack a 6-bit cryptographic key. Steve will be taking questions on the Superpositions forum. It’s a rare chance to learn firsthand how quantum hardware can break encryption, what that means for blockchain security, and how to prepare for a post-quantum future in crypto. Join the discussion and ask your questions now!

The U.S. Securities and Exchange Commission’s Crypto Assets Task Force is considering a proposal to “quantum-proof” digital assets such as Bitcoin and Ethereum. A Post-Quantum Financial Infrastructure Framework (PQFIF) submitted to the SEC outlines a roadmap for transitioning blockchains to quantum-resistant cryptography. It warns about the “Harvest Now, Decrypt Later” threat where adversaries harvest encrypted blockchain data today to decrypt it once quantum computers mature, and recommends running automated vulnerability scans to find weak cryptography, prioritizing upgrades for critical systems (for example, exchange wallets), and migrating to NIST-approved post-quantum algorithms.

Encouragingly, the industry is moving as well. A recent BIP was proposed that would phase out vulnerable ECC addresses within about five years. This would eventually render them unspendable, swapping in quantum-safe signature schemes ahead of the Q-Day, the point when quantum machines can break today’s cryptography, which some experts warn could arrive as early as 2027. In short, regulators and developers now treat post-quantum readiness as essential to protecting investors and maintaining trust in crypto markets. The message is clear: upgrade blockchain security before quantum computers catch up.

While we prepare for future quantum threats, a major present-day risk surfaced: researchers uncovered an npm supply-chain attack that slipped malware into 18 widely used JavaScript libraries (including debug and chalk), exposing projects that see roughly 2 billion downloads per week. When imported, the code silently monitored Web3 activity and could redirect wallet transactions, an upstream compromise cascading across DeFi. Developers moved quickly to pull the affected versions, but the lesson stands: keep dependencies up-to-date and watch for tampering. As our VP of Engineering Conor Deegan notes, traditional malware leaves fingerprints; a quantum break wouldn’t. Signatures would still verify, so we must lock down the software supply chain today while planning post-quantum upgrades.

GitHub just took a forward-thinking step to protect developers from future quantum threats. The platform now supports a post-quantum-secure key exchange for SSH to GitHub repositories. When you interact with Github over SSH, the connection can negotiate a hybrid of classical and quantum-resistant protection. Specifically, GitHub introduced sntrup761x25519-sha512, combining Streamlined NTRU Prime, which is resistant to quantum attack, with the widely used X25519 elliptic-curve Diffie-Hellman. When a quantum computer breaks X25519, the NTRU Prime component still protects the session; meanwhile, security is at least as strong as classical methods.

Why it matters: Harvest Now, Decrypt Later. Adversaries can record encrypted traffic today (e.g. Git operations) and decrypt it years from now. GitHub’s move gives data in transit quantum protection now, reducing that risk. For the blockchain community, which relies heavily on GitHub for source code, this is a welcome upgrade. You don’t need to do anything except update to a Git/SSH client that supports the new algorithm.

NVIDIA has become a pivotal force in the latest wave of quantum computing investment. Through NVentures, the company backed three major startups in September 2025, QuEra (neutral atoms), Quantinuum (trapped ions), and PsiQuantum (photonics), each pursuing a different hardware path. NVentures expanded QuEra’s $230 million Series B; Quantinuum raised $600 million at a $10 billion valuation with NVentures participating; and PsiQuantum raised $1 billion at a $7 billion valuation, also with NVentures, alongside a new partnership to integrate NVIDIA chips with its photonic systems. 

NVIDIA’s stack is explicitly aimed at hybrid quantum. Classical computing: the DGX Quantum platform couples Grace Hopper systems with Quantum Machines control hardware, and the new Boston-based NVIDIA Accelerated Quantum Research Center will integrate partner quantum hardware with NVIDIA AI supercomputers. This level of investment will only bring Q-Day closer.

Finally, let’s circle back to our AMA guest, Steve Tippeconnic, and his quantum hacking experiment. Steve made headlines by using IBM’s 133-qubit quantum computer to crack a 6-bit elliptic-curve key. While six bits is small (just 64 possibilities and something a person could brute-force by hand in an afternoon) the interest here is how it was done: he ran a Shor-style circuit with 12 quantum-logic qubits (plus 6 ancilla) and roughly 340,000 gate layers. The circuit’s quantum Fourier transform recovered the secret (k = 42) from a simple elliptic-curve relation. The fact that IBM’s hardware could execute a circuit that deep and still produce the right interference pattern is a notable technical result.

We mentioned in Bulletin #12 Steve’s previous work where he cracked a 5-bit key. What this doesn’t mean is just as important: this is not a break of real-world ECC. Jumping from 6 bits to 256-bit curves (e.g., secp256k1) is astronomically harder and demands fault-tolerant, error-corrected quantum computing with vastly more resources. Still, the signal is meaningful: we’re seeing progress on the plumbing of long modular-arithmetic pipelines, error-mitigation strategies that actually land, and reproducible interference patterns at depth. If you’re tracking risk to blockchains, watch for movement from NISQ demonstrations to error-corrected logical qubits, verified modular-multiply layers at scale, and credible resource counts against community benchmarks (e.g., ECDLP ladders). In parallel, keep shipping PQ readiness: crypto-agile wallets, rotation paths for privileged keys, and hybrid channels. In other words, don’t sensationalize the demo, but don’t ignore it: it’s a crisp datapoint on the trajectory, and Steve’s AMA is a great place to dig into what would have to change for “toy” to become “threat.”

Get your questions answered over on Superpositions!

OQC’s quantum computer joins NYC quantum-AI data center – Oxford Quantum Circuits’ system will be integrated alongside Nvidia infrastructure at a New York facility serving Wall Street use cases like fraud detection and modeling

Bluefors inks lunar helium-3 deal to fuel quantum refrigeration – Cryo firm Bluefors agreed to buy large volumes of moon-mined He-3 from Interlune later this decade, highlighting supply-chain bets tied to scaling quantum hardware.

NERSC study: practical quantum for U.S. science within a decade – DOE’s supercomputing center outlines algorithmic and hardware trends and proposes a new SQSP benchmark as quantum moves toward real workloads

Booz Allen & SEEQC expand partnership on quantum engineering – The firms deepen collaboration to accelerate design and delivery of quantum solutions for government and enterprise programs

SEALSQ plans post-quantum satellite launch in November 2025 – The company says an on-orbit PQC platform will support quantum-resilient transactions and infrastructure experiments.

Quantum Source debuts ‘Origin’ photonic QC building block – Startup unveils a packaged photon-based module aimed at scaling practical photonic quantum computers

Until next time,

The Project Eleven Team
[email protected]