Will quantum computing be the end of Bitcoin?

Originally published with Bitcoin Reserve

Translations: Norwegian 🇳🇴

Audio by @DelioPera, another by @ReadingBTC

It often comes up, as a lingering doubt even amongst Bitcoiners, that quantum computers may pose a threat to Bitcoin one day. Even I had a fearful jolt when I first heard about it. But ever since, I have thought about this a lot and can break it down and explain why it won’t be a problem.

Everybody calm down. Quantum Computing is not going to cause trouble for Bitcoin.

I am going to skip over explaining what Quantum Computers ARE, partly because it’s easy information to find, partly because it’s just facts and doesn’t require an opinion, and partly because I am not a QC expert – my focus is Bitcoin, and what QCs can DO to Bitcoin.

For now, QCs can solve very specific problems, very quickly – problems that are created to showcase the power of the current state of QCs.

But just like how someone with a photographic memory (a specific skill) is not necessarily highly skilled at creating music, so too it is with Quantum Computers – they are not good at being general computers, nor meant to be. We are many years away from that, if at all.

There are two broad ways the development of quantum computers can go:

  1. QCs are designed in secret, with progressive advancements made unknown to the public.
  2. QCs are designed with public awareness. Progressive discoveries are in published in scientific journals, while the responsible scientists bask in glory and receive further funding/investment to keep the research going. This way, the stepwise progress to a QC threat is observed by Bitcoin developers – and anticipated.

I would be more concerned about the first scenario, but note that it is also more unlikely than the other, as it goes against human nature, and the economics of progress – funding is required to keep the work going; and many people. If someone or some group creates a QC, what could they do? It is not just Bitcoin that can be exploited, but the whole world – all institutions, (including banks) – all encryption!

Bitcoin in the long run will be safe even if attention is specifically turned to it with a secret QC. “Safe”, as in Bitcoin won’t be stopped. It will be hurt, absolutely, potentially slowing adoption, but Bitcoin is CODE, and code can be changed to resist new attacks. Bitcoin would get stronger.

When Bitcoin is attacked, the most important thing to preserve is the distribution of coins – ie, who owns what. If this is disrupted going forward, as in, the record is preserved and only new transactions are hampered, Bitcoin can adapt and recover.

It may have to pause, get fixed, resist QCs with a new algorithm, and once designed, however long it takes, the ledger will continue from the point in time before it was disrupted. This is a huge nuisance but doesn’t kill Bitcoin. It should also be considered just how unlikely it is for events to play out in this way.

In the other scenario, where stepwise progress is made while the world observes, Bitcoin developers have plenty of time to upgrade the code in anticipation of a QC powerful enough to create a disturbance. At the moment, more important work on Bitcoin is being done, but if there was a perceived threat, attention can get diverted. Although this is the more likely of the two scenarios, it is still incredibly unlikely to happen.


I just discussed the two possible paths we may get to more advanced quantum computers. We’ll now turn our attention to what QCs can potentially do to threaten Bitcoin, and I will address each in turn.

Threat #1 – ECDSA

It is postulated that QCs may one day be sufficiently advanced that the Elliptic Curve Digital Signature Algorithm (ECDSA – the cryptography behind securing Bitcoin private keys) will be broken.

This could lead to the security of everyone’s bitcoins being compromised, or it may only be the coins where the public key has been revealed.

New methods resistant to QCs will have to be used. Once released, people would have to move their coins to new, more secure, addresses. Lost coins, and even Satoshi’s coins, may be up for grabs. This would increase the effective supply of Bitcoin, and yes it would hurt the price in the medium term… but doesn’t kill Bitcoin.

Threat #2 – SHA-256 (mining risk)

See my article on how SHA-256 and mining works.

With a QC, could the mining of Bitcoin be disrupted? Normally, mining is a brute force trial and error calculation attempting to find some text that makes the hash of the new block “work” and meet a target. Generally, the QC’s advantage over regular computers is related to its ability to calculate with minimal steps, not simply to be faster at calculating through the many steps normally required – it has no advantage in performing more attempts per second over any other computer. Rather, it’s the efficiency in computing calculation.

From analysing what a secure hash algorithm does, going backwards is not something that can be calculated at all (so efficiency to calculate is unhelpful). With a hash, there is loss of data that can not just be created from a clever calculation. For example, if every telephone book in the world, in every language, was combined, and hashed, you would start with an enormous amount of data, and end up with only a 64-digit hex number (or 256-bit binary number). No computer, no matter how clever, can “calculate” and reproduce all the telephone books from that small piece of information. It must guess. Many times. Very similar to what ASIC miners are doing now (ASICs are computers specifically designed to mine Bitcoin, which are much more efficient than regular computers).

For a moment, let’s allow our imaginations to run wild and accept that there is an unknown-unknown, and quantum computers do gain such unexpected powers. Then what?

An attacker may actually overpower the network with a QC, and can either:

  1. Earn income (the threat of which incentivises others to invent QCs for the same purpose), or try to damage Bitcoin. But, Bitcoin mining is competitive – as computers get better, they can both attack OR…
  2. Defend Bitcoin.

The game theory that Bitcoin is designed around doesn’t change just because computers get better. We have already seen this. Bitcoin used to be mined on personal computers, but then technology got better with the invention of ASICs. Did this kill Bitcoin? No. It made Bitcoin even harder to attack!

Allowing the market to sort this out, and let QCs fight as honest players is how the game theory predicts it will go.

But, there is also an “up-the-sleeve” option to change the Proof-of-Work algorithm to resist QCs. This would be a very last “nuclear” option. Modifying Proof-of-Work would cause a bit of a mess, no doubt, but it does not cause the death of Bitcoin.

Remember, the purpose of Bitcoin is not to maintain Proof-of-Work mining in its current state for its own sake. It’s the other way around. The purpose of PoW is to defend Bitcoin.

If this attack against mining is carried out, Bitcoin can “cut its leg off” (modify Proof-of-Work mining) to preserve its life, and carry on with an undamaged record of all transactions. Whether this is needed, and/or if Bitcoin returns to the original POW algorithm in the further future is unknowable. The point is, they are not threats to the idea of “money with no rulers”.

Bitcoin will live.


Static Lightning Address: dandysack84@walletofsatoshi.com

On-chain or Lightning