A 29/30-line patch replacing the IBM Quantum backend in the Q-Day Prize submission with /dev/urandom recovers all reported ECDLP private keys at identical rates.
Key Takeaways
The patch leaves circuit construction, ripple-carry oracle, extraction pipeline, and d*G == Q verifier byte-for-byte unchanged – only the sampler is swapped.
For 4-bit through 10-bit challenges, shots/n ratios of 1.9x to 1,170x guarantee classical recovery; the submission’s own README predicts this at line 210.
The 17-bit key (the 1 BTC prize winner on IBM ibm_fez) is recoverable ~40% of urandom runs on a laptop with no IBM account, token, or network.
Theoretical success probability P(>=1 hit) = 1 - (1 - 1/n)^S under uniform sampling matches empirical urandom results exactly across all challenge sizes.
The engineering – CDKM ripple-carry adders, heavy-hex topology mapping, semiclassical phase estimation with mid-circuit measurement – is non-trivial; only the cryptanalytic claim is invalid.
Hacker News Comment Review
Commenters broadly read this as a Project Eleven submission-validation failure, not a quantum computing failure; 17-bit ECDLP key recovery is classically trivial by brute force and should never have passed review.
A quantum computing researcher tied this to a known failure mode: when a circuit exceeds hardware coherence time, the QC degrades into a random number generator, causing Shor’s algorithm to “succeed” on small-n problems for the wrong reason.
“Dequantization” is a legitimate quantum information research method for probing the quantum/classical boundary; a separate dequantization result (arxiv 2604.21908) appeared the same week.
Notable Comments
@croemer: The prize winner’s own bio lists enterprise software and cloud GTM work with no quantum computing background mentioned.
@int32_64: Flags a broader pattern: attach ML-DSA branding to a coin, market it as quantum-safe, pump and unload on low-information retail buyers.
