In the early 2020s, quantum computing hit the public eye as a potential threat to Bitcoin. Relying on the SHA-256 cryptographic hash function for its proof-of-work network consensus, Bitcoin's value depends on computing power.
If there is a technology that can circumvent the traditional binary system of 0s and 1s for units of information, it has the potential to destroy encryption as we know it. But is that risk too much?
Could quantum computing one day turn Bitcoin into a worthless piece of code? Let's start by understanding why Bitcoin depends on cryptography.
Bitcoin bits and hashing
When we say that an image is 1 MB in size, we are saying that it contains 1,000,000 Bytes. Since there are 8 bits in each Byte, this means that there are 8,388,608 bits in an image. Like the binary (bit), it is the smallest unit of information, either 0 or 1, that makes up the entire edifice of our digital age.
In the case of an image, bits in a 1MB file will give each pixel a color, making it readable to the human eye. In the case of a cryptographic function like SHA-256 (256-bit Secure Hash Algorithm), developed by the NSA, it would produce 256 bits (32 Bytes) as a fixed length hash from an input of arbitrary size .
The main purpose of a hash function is to convert a sequence of letters or numbers into a result of a fixed length. This obfuscation combination makes it ideal for compact storage and anonymous signatures. And since the hashing process is a one-way street, hashed data is effectively irreversible.
Therefore, when we say that SHA-256 provides 256-bit security, we mean that 2256 hashes can be considered for reversal. When Bitcoin payments are made, each Bitcoin block has its own unique SHA-256-generated transaction hash. Each transaction within the block adds to this unique hash as they create the merkle rootas well as the timestamp, nonce value and other metadata.
A blockchain attacker would have to recalculate hashes and extract the necessary data not just for that block containing the transactions, but for all subsequent blocks attached to it. Suffice it to say, the 2256 capacity load is an almost impossible computational effort, requiring a large expenditure of energy and time, both of which are very costly.
But couldn't this be more true with quantum computing?
A New Quantum Paradigm for Computing
Moving away from bits like 0s and 1s, quantum computing involves qubits. By taking advantage of the observed matching property, these units of information can be not only 0 or 1 but both at the same time. In other words, we are moving away from deterministic computing to indeterministic computing.
Because qubits can be in a state that is entangled and covered, until it can be seen, calculations become difficult. And since there are more states than always 0 or 1, a quantum computer has the ability to compute parallel because it can process 2 states at the same time.
A classical binary computer would have to run a function for each possible 2n state, which the quantum computer could evaluate simultaneously. In 1994, mathematician Peter Shor developed an algorithm with this in mind.
Shor's Algorithm combining Quantum Fourier Transform (QFT) and Quantum Phase Estimation (QPE) techniques to speedup pattern detection and theoretically break all cryptography systems, not just Bitcoin.
However, there is one big problem. If quantum computing is reliable, how reliable is it?
Stabilizing Coherence in Quantum Computing
When qubits are said to be flipped, this is like seeing a coin flip. While it is in the air, one can imagine that the two states are at the bottom – heads or tails. But once it lands, the state is resolved in one outcome.
Likewise, when qubits are entangled, their state collapses into the classical state. The problem is that a modern algorithm like Shor's needs many qubits to maintain their position for a long time to interact with each other. Otherwise, the necessary, useful calculations are not completed.
In quantum computing, this refers to quantum decoherence (QD) and quantum error correction (QEC). Furthermore, these problems must be solved across many qubits for complex calculations.
According to the Millisecond Coherence in a Superconducting Qubit paper released in June 2023, the longest coherence time of a qubit is 1.48 ms at an average gate fidelity of 99.991%. The last percentage refers to the overall reliability of the QPU (quantum processing unit).
At the moment, the most useful and powerful quantum computer appears to be from IBM, known as Quantum System Two. A modular system ready for scaling, Quantum System Two should perform 5,000 operations with three Heron QPUs in a single cycle by the end of 2024. By the end of 2033, this should increase to 100 million operations.
The question is, would this be enough to make Shar's algorithm work and break Bitcoin?
QC Success Risk
Due to problems of coherence and fault tolerance, quantum computers do not yet pose a serious threat to encryption. It is not clear whether it is even possible to achieve a fault tolerant quantum system at a scale when such a high level of environmental purity is required.
This includes electron-phonon emissionphoton emissions and even electron to electron interactions. In addition, the larger the number of qubits, which is necessary for Shor's algorithm, the larger the offset.
However, although these may appear to be insurmountable problems inherent in quantum computing, significant progress has been made in QEC techniques. Case in point, Deltaflow 2 at Riverlane Method performs real-time QEC on up to 250 qubits. By 2026, this method should lead to the first viable quantum application with a million real-time quantum operations (MegaQuOp).
To break SHA-256 within one day, 13 million qubits would be needed, according to the AVS Quantum Science article released in January 2022. Although this would threaten Bitcoin wallets, much more qubits, at around 1 billion, would be needed to 51% attack you have Bitcoin reputation.
When it comes to implementing Grover's algorithm, designed to accelerate QC to search unstructured databases (special hash), a research paper published in 2018 that it would not be possible to implement any quantum computer until 2028.
Image credit: Ledger Journal
In fact, the hashrate of the Bitcoin network has increased significantly since then, and QC has to deal with imbalance as a major obstacle. But if QEC roadmaps eventually become reliable quantum systems, what can be done to combat the QC threat to Bitcoin?
Anti-Quantum Computing
There are several proposals to protect Bitcoin holders from quantum computers. Since a 51% QC attack is very unpredictable, the focus is mainly on hardening wallets. After all, if people cannot rely on their BTC holdings to be secure, this would cause an exodus from Bitcoin.
Then, the price of BTC would drop and the hashrate of the network would decrease significantly, making it much more vulnerable to QC than previously thought. One such hardening is the implementation of Lamport signatures.
With Lamport signaturesa private key would be generated in pairs, 512 bitstrings from a 256-bit result. A public key would be generated by a cryptographic function to each of the 512 bitstrings. Each BTC transaction required a one-time Lamport signature.
Since Lamport signatures do not rely on elliptic curves over finite fields in the Elliptic Curve Digital Signature Algorithm (ECDSA), which is used by Bitcoin and can be used by the Shar algorithm, but on hash functions, this makes them a quantum resistant alternative.
The downside of Lamport signatures is their larger size, up to 16KB, and one-time use. In fact, simply transferring addresses and keeping BTC in cold storage, thus avoiding private key disclosure, can prevent QC from being effective.
Another approach to possible QC attacks is the implementation of lattice-based cryptography (LBC). Unlike ECDSA, LBC avoids finite patterns by relying on discrete points in an n-dimensional lattice space (grid) that extends infinitely in all directions. Due to this feature, a quantum algorithm was still developed that could break LBC.
However, in order to implement a new type of cryptography, Bitcoin had to go through a hard fork. In that situation, it seems that many signs would have to indicate that a major advance in quantum computing, especially in qubit counting and fault tolerance, is to come.
Base line
It is safe to say that the Bitcoin mainnet itself is not threatened by quantum computing, either in the future or far away. However, if QC were to compromise Bitcoin encryption – rendering SHA-256 and ECDSA obsolete – it would have a major impact on confidence in the digital currency.
This confidence is essential, as shown by major companies such as Microsoft and PayPal, which have accepted Bitcoin payments, attracted by up to 80% savings compared to card transactionszero back taxes, and total cash control. With over 300 million holders worldwide, Bitcoin's appeal as both a secure asset and a cost-effective payment option remains strong.
In the end, the value of Bitcoin is maintained by the capital and the confidence behind it. There is a historical variability shows how events – between Elon Musk's tweets and PayPal's integration with the ETF launch and the fall of FTX – have affected market sentiment. A fundamental risk to Bitcoin encryption could lead to panic selling, miner withdrawals, and a reduced mining problem, which could open the door to a 51% QC attack with fewer qubits.
To prevent such a situation, Bitcoin holders and developers would do well to keep abreast of QC developments.
This is a guest post by Shane Neagle. Their views are entirely theirs and do not necessarily reflect the views of BTC Inc or Bitcoin Magazine.
