SHA

CryptoMaximalist

Monero's CPU mined RandomX and Bitcoin's ASIC mined SHA256 would not have any crossover in hashrate capabilities. Bitcoin would also be at least 20x more expensive to attack

pop-1988

It doesn't affect Bitcoin in practice because there are no Bitcoin miners close to 50% The mechanism being discussed - secretly mining a series of blocks and releasing them all as a "surprise" to replace the chain tip - is useful for a few reasons 1. it defeats Satoshi's white paper mining risk calculations, because those calculations assume competition for each block, one block at a time. See section 11 "Calculations" 2. it defeats the double-spend victim's "wait 6 blocks" strategy if the replacement chain tip is more than 6 blocks long The definitive example of this method is the 2020 BTG double-spend attack https://gist.github.com/metalicjames/71321570a105940529e709651d0a9765 The theft works by depositing BTG to an exchange, buying BTC, withdrawing BTC - all during the regular miners making 6 blocks per hour. At the same time, the thief uses 51% mining hashes rented on NiceHash to mine 2 hours of blocks faster than the regular miners, and in these 14 blocks spending the same BTG to themselves instead of depositing it to the exchange. Then release the 14 blocks to the BTG node network. The nodes automatically replace that much of the chain tip because the new tip is a longer chain The thief gets to keep the BTG, and also keep the BTC bought on the exchange This worked on BTG because * BTG is not SHA256, not ASIC-mined, is only GPU mined * GPU mining hashes are available for rent on NiceHash and similar hash broker sites * BTG's price and hash rate means it only costs $1700 per hour to rent 51% hash rate for BTG * the exchange (Binance) wasn't smart enough to wait 30 blocks after receiving the BTG deposit (now they are) None of those conditions apply to BTC, but it's possible in the future, after the BTC price bubble bursts --- To clarify the Monero discussion, it's not possible there either, because Qubic doesn't control enough miners' hashes, and because its miners will switch from Qubic to another pool to prevent Qubic having 51% The pool only controls its miners' blocks if the miners don't switch pools. Qubic's malicious attempt drives away its miners Also Monero is CPU mined, not GPU mined, costs much more than a few thousand per hour to overtake the network, and because Monero CPU hashes are not easy to rent on NiceHash (at least, it's not possible to rent 51%)

Tip-Actual

there's also an infamous CME gap at $9.6k , yes that's $9.6k from back in 2020 ! Maybe we will close that once Quantum computers break SHA256 and BTC tanks...

Blockchainauditor

The process of mining is solving a "math" problem approximately every 10 minutes. "Proof-of-work involves scanning for a value that when hashed, such as with SHA-256, the hash begins with a number of zero bits." \- [https://bitcoin.org/bitcoin.pdf](https://bitcoin.org/bitcoin.pdf) As such, your washing machine or garage door will likely not be "mining" themselves, although they might contribute cycles to a processing pool. They tend not to have the oomph to assemble transactions into a block, iterate through nonces, and come up with the compliant hash. That's not to say that solo miners haven't won block awards recently, or that your smart refrigerator might not somehow come up with a hash with the necessary number of leading zeroes before anything else.

rockpaperbanana

[https://www.bitaddress.org/bitaddress.org-v3.3.0-SHA256-dec17c07685e1870960903d8f58090475b25af946fe95a734f88408cef4aa194.html](https://www.bitaddress.org/bitaddress.org-v3.3.0-SHA256-dec17c07685e1870960903d8f58090475b25af946fe95a734f88408cef4aa194.html)

Illustrious-Boss9356

Yes, banks would not be able to operate anywhere close to the way they do today. But my point was they have an easy fix, due to their centralization of authority, to fix the problem presented by the poster above. Bitcoin doesn't have an easy fix due to its decentralized nature. There are definitive advantages centralized systems have over decentralized ones. There are also disadvantages. I'm just pointing out that banks ending because of the above scenario is not the case. Bitcoin is much more exposed to quantum computing risk (less so the SHA2 function but more the ECDSA used for public/private keys) than banks are.

longonbtc

Mining bitcoin is only worth it if you have access to very cheap electricity. You want to be paying less than 10 cents per kilowatt-hour. And then you need to buy at least one efficient SHA-256 hashing ASIC. For example, the [Bitmain Antminer S21 Pro](https://shop.bitmain.com/product/detail?pid=000202504181244499833ha86cWe068B) is an efficient SHA-256 hashing ASIC that is relatively affordable.

edwardblilley

Sorta but not really. I asked grok and chat gpt for fun and this is their answer(skip to conclusion for tldr): Quantum computers pose a potential threat to Bitcoin's security, but the situation is nuanced and depends on the state of quantum technology and Bitcoin's response to it. Key Points: 1. **Bitcoin's Cryptographic Algorithms**: - Bitcoin uses **ECDSA (Elliptic Curve Digital Signature Algorithm)** for securing private keys and signing transactions, and **SHA-256** for mining and hashing. - Quantum computers could theoretically exploit weaknesses in ECDSA using **Shor's algorithm**, which can efficiently solve the discrete logarithm problem. This could allow an attacker to derive a private key from a public key, potentially compromising wallets if quantum computers become powerful enough. - SHA-256, used in Bitcoin's proof-of-work, is considered more resistant to quantum attacks. While **Grover's algorithm** could theoretically speed up hash cracking (reducing the time to find a hash collision by a factor of the square root), the impact on mining or double-spending attacks is less immediate and would require an infeasible number of qubits and error correction. 2. **Current Quantum Computing Limitations**: - As of August 10, 2025, quantum computers are far from capable of breaking Bitcoin's cryptography. Current quantum computers have limited qubits (e.g., IBM's largest systems have around 1,000 qubits, while breaking ECDSA would require millions of high-quality, error-corrected qubits). - Error rates, coherence times, and scalability remain significant hurdles. Estimates suggest it could take 10–20 years (or more) for quantum computers to reach the scale needed to threaten Bitcoin. 3. **Bitcoin's Defenses and Adaptability**: - Bitcoin's protocol can be upgraded via **soft forks** or **hard forks** to adopt quantum-resistant cryptographic algorithms, such as **post-quantum cryptography** (e.g., lattice-based or hash-based signatures). The NIST has already standardized some post-quantum algorithms (e.g., CRYSTALS-Dilithium, FALCON) that could be integrated. - Many Bitcoin wallets use addresses derived from public keys only when spending, meaning private keys are not exposed until a transaction occurs. This limits the window for quantum attacks unless public keys are reused (a practice discouraged by best practices). - The Bitcoin community is aware of the quantum threat and could implement changes proactively if quantum advancements accelerate. 4. **Practical Risks**: - Even with a sufficiently powerful quantum computer, hacking Bitcoin would require targeting specific high-value wallets with exposed public keys, which is a targeted rather than systemic attack. - A quantum computer capable of running Shor's algorithm effectively would also threaten other cryptographic systems (e.g., RSA, HTTPS), making Bitcoin one of many potential targets. - Economic and logistical barriers (e.g., the immense cost of building and operating such a quantum computer) may deter attackers, especially if Bitcoin adapts. 5. **Timeline and Speculation**: - Experts estimate that quantum computers capable of breaking ECDSA are at least a decade away, likely beyond 2035, based on current progress (e.g., IBM, Google, and others' roadmaps). - Posts on X and web sources (as of my last data) reflect mixed opinions: some alarmist claims suggest Bitcoin is at risk soon, while technical analyses (e.g., from cryptography experts) emphasize that quantum computers are not yet a practical threat and Bitcoin has time to adapt. - For example, a 2023 analysis by the Quantum Resistant Ledger team estimated that a quantum computer with ~10 million qubits would be needed to break ECDSA in a reasonable timeframe, far beyond current capabilities. Conclusion: Quantum computers could theoretically hack Bitcoin by breaking ECDSA, but this is not feasible with current or near-future technology (as of 2025). Bitcoin's community can mitigate this risk by adopting quantum-resistant algorithms before quantum computers become a threat. For now, Bitcoin remains secure, but vigilance and protocol upgrades will be crucial in the long term. If you want me to dive deeper into quantum algorithms, post-quantum cryptography, or specific X posts on this topic, let me know!

CBpegasus

Grover gives a quadratic advantage on reversing hash and breaking symmetric encryption. But still it is unlikely it would "break" most algorithms. SHA-256 for example - the classic search can reverse a hash in about 2^256 steps, Grover's improves that to 2^128 - but that is still unfeasible, it would take more time than the age of the universe to run. Now the main thing SHA-256 is used for in Bitcoin is the PoW mechanism (mining) and the quadratic advantage of Grover's can throw a wrench into that - but that would only be relevant when there is a single quantum computer (can't really join forces with other quantum computers as Grover's doesn't parallelize) that can run Grover's steps as fast as about a square root of the hash rate of the entire Bitcoin mining network... That would take a while to reach. Shor's algorithm on the other hand can break the ECDSA signature scheme used by Bitcoin and go from public key to private key. That is somewhat mitigated by the fact that modern addresses don't have their public keys on the chain until you spend funds, but still old Satoshi-era wallets can become loot, and even modern wallets can be attacked on the time window between sending a transaction and when it is finalized. This might also take decades to be feasible, I really don't know. But is a much more real concern than Grover's.

ulam17

SHA-256 and BIP39 are “quantum safe” if you’re talking about what quantum computers are capable of at this moment. But if quantum computers become what they’re projected to eventually become, no cryptographic standard that currently exists is safe, and saying buzz words you heard on a brocast isn’t going to change that.

sluuuurp

What does that mean? If you’re talking about a superposition, no, it will quick collapse. If you’re talking about switching to a quantum-safe hash algorithm, that does make sense, but I think SHA-256 is already pretty quantum-safe as far as we know.

pop-1988

If you extract a list of all the addresses from the Bitcoin blockchain, it's quick to check whether each address for each derivation path is in this list, especially since the two main BTC derivation paths have the same RIPEMD160(SHA256(pubkey)) hash, stored slightly differently in the blockchain TXO There's a free app called BTCRecover. As well as brute forcing seed phrases, wallet passphrases and individual private keys, it implements the database shortcut described above

anon1971wtf

Bitcoin's decentralization at all time high. Meaning most people ever have closest proximity to buy ASICs to run all over the world and they obviously do, and next porential ASICs being produced are closer than ever to physical optimum of converting energy into SHA256 hashes - of current material science

CoinNerds

Well, either SHA-256 will become re-enforced for quantum computing, potentially an upgrade for the mining suite and the miners will give a consensus to upgrade the network hash. Or we will see a AI dystopian world where the first person to unlock it will be able to competently do a 51% attack and destroy the network by front running all the data and being able to program the hash out and front run the transfer location and drain any transactions that occur on the block that is being solved with Quantum Computing. Its a catch 22 scenario, we just need to pray who ever gets the GPU is not a tyranical fiat driven over-seer... Oh wait...

Zenedarr

Im very used to ppl having very irrational and hostile views when it comes to bitcoin. They just cant wrap their head around it, probably because they never really tried. It been declared dead 100s of times by the news media, and portrayed as a scam. Yet, it continues to do its job. Every 10 mins another block. Bitcoin is a scam for people that never took the time to read (and understand) the white paper. If you haven't, at least read it and try to understand it (I cant understand it for you). This will be difficult w/o fairly significant technical knowledge of computing/cryptography/math/distributed systems. Doubters of bitcoin wouldn't know (or care) what SHA256, Secp256k1, or ECDSA is referring to. They wouldn't know what a derivation path is, how to sign an address, or what the mempool is. They wouldn't know what a BIP is or the purpose of running your own node. Anyone that says bitcoin is a scam, is ironically just scamming themselves by failing to learn how lucky we are to have such a robust decentralized network that anyone can use to transfer value. We are lucky BTC was the first crypto and that it had time to get strong. It has secured its spot as the #1 crypto and the network effect will ensure this holds true. A shame people cant find the value of such a freedom serving protocol. In our ever increasing digital age you'd think this would be viewed as an obvious positive for the populace. Time will do that though. Bitcoin is here to stay. You Live You learn.

---Imperator---

The whole internet relies on SHA256. If it's cracked, there will be chaos

ThinCrusts

Hal Finney also published Reusable Proof of Work system in 2004.. I wouldn't put it past the NSA/CIA being somehow involved (department level or people who worked there) too as they have published papers relating to electronic decentralized cash pre 2000 and NSA having created SHA-256. I favor it being Hal and some of his colleagues/friends though.

ChillerID

I guess that he can control the narrative by asking the "right" questions. I wonder what Grok would have said about ECDSA instead of SHA-256.

ScampiGrinder

SHA 256 (on which the Blockchain is based on) is not really threatend. The real threat comes from shor algorithm by reversing a known public key to the corresponding private key. Which than exploit all funds on that specific address-public/private key combination

KarateKid84Fan

🔐 Estimating the Probability of Quantum Computing Cracking SHA-256 Let’s clarify what’s involved: ⸻ ⚙️ SHA-256 in a Nutshell • A cryptographic hash function widely used in Bitcoin, blockchain, and digital signatures. • It’s designed to be one-way, meaning you can’t feasibly reverse or “crack” it with classical methods. • Output: 256-bit hash (2²⁵⁶ possibilities ≈ 1.16 × 10⁷⁷). ⸻ ⚛️ What Quantum Computing Can (and Can’t) Do ✅ Quantum Advantage: • Grover’s Algorithm can search an unstructured space of N possibilities in √N time. • For SHA-256, that brings the effective security level from 256 bits to 128 bits. • This is still extremely strong — as strong as AES-128, which is still considered secure. ❌ Quantum Limitations (as of 2025): • Grover’s Algorithm doesn’t “crack” SHA-256 — it only speeds up brute force guessing. • SHA-256 is not broken by Shor’s Algorithm (which is used for breaking RSA/ECC). • A quantum computer capable of attacking SHA-256 with Grover’s Algorithm would need: • Around 10⁶ – 10⁷ logical qubits (not physical qubits — those are much more error-prone). • Millions of quantum gates per query • Extremely low error rates and fault-tolerant architecture. Current state-of-the-art quantum computers (as of 2025): • Have hundreds of physical qubits, not logical qubits. • No current machine can run Grover’s algorithm at SHA-256 scale. ⸻ 🧠 Bottom Line: SHA-256 is quantum-resistant for now. A quantum computer cracking it with Grover’s Algorithm would still take 2¹²⁸ operations, which is still infeasible for the foreseeable future. Estimated probability today (2025): 0% If your application uses SHA-256 (e.g., Bitcoin), it is currently safe from quantum attacks — but future-proofing (e.g., post-quantum cryptography) is worth monitoring for long-term planning.

choicehunter

Some major government or corporation will recover it someday in the future. I expect that the way this will play out is as follows: Sometime in the next decade or two, Bitcoin will transition to have quantum resistant wallets. Everybody will be recommended to move all of their Bitcoin from the legacy wallets to the new quantum resistant wallets before quantum computers advance to the point that SHA256 is at risk. Over a period of time, most people who are alive were active. Well have migrated. They're stacked to a quantum resistant wallet. Some years later, maybe even decades later. Who knows. Quantum computing will be be advanced enough that it can break SHA256. It won't be affordable by individuals, but there will be some major corporations, some governments, etc. That will have some. I expect that some of these will find all of the "lost" legacy addresses that never migrated to the new quantum resistant wallets, and they will retrieve them for themselves or their government or charity or whatever. I could totally see that happening in the very distant future. It's totally possible that "lost" Bitcoin won't be lost forever, but will Just be scavenged by large organizations with super quantum computers many decades from now. Basically like sunken treasure from a shipwreck. It might be Microsoft or Google or China or the US government that ends up "finding" This guy's "lost" Bitcoin stash. 🤯

cyclicalwand

If an address has never sent a transaction then the private key would not be exposed as incoming transaction is secured by a public key hash. Quantum computers would first have to break the hash function (RIPEMD-160 combined with SHA-256), which is currently considered quantum-resistant.

Ayrko

You are correct. After further research, it seems the bigger vulnerability lies in Bitcoin’s use of ECDSA (Elliptic Curve Digital Signature Algorithm) for transaction signatures. A sufficiently powerful quantum computer could break a 256-bit ECDSA key in hours or days, whereas breaking SHA-256 would take much, much longer. A post-quantum signature scheme such as hash-based or lattice-based signatures would definitely be the way to go.

No-Tradition4622

Ok, p2pk only consisted of the first 50-100 blocks before p2pkh was introduced. The VAST majority of Satoshi’s coins are locked behind p2pkh double hashed with RIPEMD-160 and SHA-256. They are MUCH more secure than most people think. Which is why corporations and governments are buying. They have geniuses to explain this to them. Follow the smart money my bros.

SShiney

Quantum got mad they cant hack SHA. Spiteful hobbit.

kadinshino

The only thing that scares me about the future is how seriously quantum computing is already being discussed. Cryptographers warn that RSA-2048 and similar asymmetric algorithms could be broken by cryptographically relevant quantum computers (CRQCs) as early as 2030, though most experts consider that timeline optimistic. In contrast, symmetric cryptography like SHA-256 holds up better: under Grover’s algorithm, its effective security is halved to \~128 bits, which NIST currently considers acceptable. The bigger short-term risk lies in asymmetric systems like RSA and ECDSA — the cryptographic foundations of Bitcoin, TLS, and digital identity. If IBM, Google, or other players achieve faster-than-expected quantum milestones, there’s a 10–20% chance of viable threats by 2035. Quantum mining, though speculative, could pose another risk. If Grover’s algorithm or future quantum acceleration techniques are applied to Bitcoin mining, entities with access to advanced quantum hardware, e.g., governments, tech giants, could vastly outperform classical miners. This could disrupt Bitcoin’s difficulty adjustment and further centralize mining power. AI compounds this. It's accelerating quantum hardware design, optimizing quantum error correction, and shortening time-to-deployment. Some forecasts (e.g., McKinsey) project a $72B quantum industry by 2035, with AI acting as a force multiplier. If Bitcoin hasn’t transitioned to post-quantum-safe signatures like Dilithium by then, it may be vulnerable. How possible is this actually I'm not sure.... Even using AI myself and seeing how far it's advanced since 2023 is just mind-boggling. Willsmith and the spegetti becoming hyper realistic from generated nightmare fuel.....

Larry_the_Kiwi

Well, SHA3 is as quantum-resistant as SHA2. We don't know of a "total break" as the quantum algorithm breaking, say RSA or Diffie-Hellman, is usually phrased. Hashfunctions are quite resistant against quantum computers and seem to remain secure when the hash value is long enough (not crazy long, 512 bits is perfectly fine). That's actually awesome. Hash functions are well studied and we know how to build asymmetric cryptographic primitives such as digital signatures from it. Meaning, we know how to build quantum computer resistant digital signature schemes :-))

superdagr

Here is chatgpt's take on this Yes, quantum computers could pose a threat to Bitcoin, but not immediately. The concern revolves around two main areas of Bitcoin’s security model: ⸻ 1. ECDSA Signature Vulnerability Bitcoin uses the Elliptic Curve Digital Signature Algorithm (ECDSA) to secure transactions. The public key is used to verify that a transaction was signed with the corresponding private key. • Quantum Threat: Shor’s algorithm (which runs on a sufficiently powerful quantum computer) can break ECDSA by deriving a private key from a public key. • Impact: • If a quantum computer can break ECDSA before a transaction is confirmed, it could steal the Bitcoin by forging a new transaction. • However, most Bitcoin addresses only reveal the public key once funds are spent, so unused addresses are safe for now. ⸻ 2. Hash Function Resistance Bitcoin mining uses SHA-256 hashing. • Quantum Threat: Grover’s algorithm can reduce the complexity of brute-force searching by a factor of √n. • Impact: • This gives only a quadratic speedup, not an exponential one, meaning quantum computers won’t break SHA-256 anytime soon. • Quantum advantage here is relatively minor compared to the ECDSA threat. ⸻ When Could This Be a Real Threat? Estimates vary, but breaking Bitcoin’s cryptography would likely require a fault-tolerant quantum computer with millions of qubits — something that may still be 10–20+ years away, depending on technological progress. ⸻ Can Bitcoin Be Upgraded? Yes. Bitcoin could migrate to quantum-resistant cryptography, such as: • Lattice-based cryptography • Hash-based signatures (e.g., Lamport, XMSS) • Multivariate cryptography This would require a soft or hard fork in the protocol — controversial but technically feasible. ⸻ Conclusion • Not a current threat. • Future risk, especially to spent addresses. • Mitigations are possible through protocol upgrades and best practices (e.g., using a new address for each transaction). Let me know if you want to see a timeline or technical breakdown of upgrade paths.

kallebo1337

public keys are SHA256 then RIPEMD160 hashed, checksum is double hashed. so yeah?

SmoothGoing

Double hashing is mining, yeah. No it's not to prevent exposure of any keys. SHA256(SHA256(Block_Header)) The second hash has something to do with mitigating length extension attacks.

UnderstandingLow3162

The only thing I can think of is if you figured out how to reverse-engineer a SHA256 hash in under 10 minutes (1hr+ at times) you could 'mine' the next block. By my understanding these quantum simulations are so theorhetical as to be completely un-useful. As for hacking a private key, yeh that's a totally separate challenge because of the elyptic curve, but you don't have the same time constraint, at least. For now, I sleep very easy at night.

CBpegasus

To the best of our knowledge and expectations, quantum computers won't "crack" SHA-256 at all. That doesn't mean the quantum threat does not exist - the main issue is ECDSA. The scenario grok refers to as "cracking" SHA-256 is being able to run Grover's search on it, which gives a quadratic advantage in search. That means that to fully reverse a hash (find a preimage that hash to a specific hash) you need to do around 2^128 steps instead of 2^256 - but that is still unfeasible to do, will take more than the age of the universe even if we assume the QC is as fast as the fastest processors today. The problem of finding collisions (two preimages that hash to the same thing) is a bit easier, takes 2^128 steps classically and 2^64 with Grover's search - that is still mostly unfeasible, but not quite "age of the universe" level and could maybe be done if we get quantum computers *very* fast. But even in this case, it's easy to just move to SHA-512. The issue which is unique to Bitcoin is mining. In mining the miners do a partial reversal of SHA-256 (trying to hit a range of preimages) which is just hard enough for the whole network to do it in 10 minutes. A quantum computer gets a quadratic advantage on that partial reversal too, and since mining is competetive it won't need to be extremely powerful to dominate. Still you would need a much more powerful quantum computer than we currently have or expect to have in the coming decades, and you can't even effectively "join forces" from several quantum computers because Grover's search doesn't parallelize well. So it looks like this isn't a concern for a while, but when it is it looks like it would change the landscape of mining significantly (much more than the CPU->GPU->ASIC transition), mostly for the worse it seems for decentralization and robustness. It's unclear if any kind of proof-of-work we know can work well with quantum. Anyway the real problem which is more pressing is the ECDSA signature scheme, which is what is used in Bitcoin to sign transactions using a private key, such that they can be verified with the public key. This signature scheme is thought to be possible to crack with quantum computers - going from public key to private key. Now there are modern algorithms which are thought to be quantum resistant, but there are some issues with moving Bitcoin to use them - you need people to willingly migrate to a quantum resistant wallet, as they need a new private key from the new algorithm. It's of course tough to rally everyone and for some it would not even be possible as they lost access to their keys. Quite a few of the early wallets whose public key is exposed would become "quantum loot" and there is some discussion over whether to let it be stolen or freeze those finds. Another issue is that the signatures in quantum resistant algorithms are much larger, and that's an issue with block space already being a premium.

CBpegasus

SHA-256 is not an encryption but a hash function, and it already is something that quantum computers cannot crack (to the best of our knowledge and expectations). The scenario grok refers to as "cracking" SHA-256 is being able to run Grover's search on it, which gives a quadratic advantage in search. That means that to fully reverse a hash (find a preimage that hash to a specific hash) you need to do around 2^128 steps instead of 2^256 - but that is still unfeasible to do, will take more than the age of the universe even if we assume the QC is as fast as the fastest processors today. The problem of finding collisions (two preimages that hash to the same thing) is a bit easier, takes 2^128 steps classically and 2^64 with Grover's search - that is still mostly unfeasible, but not quite "age of the universe" level and could maybe be done if we get quantum computers *very* fast. But even in this case, it's easy to just move to SHA-512. The issue which is unique to Bitcoin is mining. In mining the miners do a partial reversal of SHA-256 (trying to hit a range of preimages) which is just hard enough for the whole network to do it in 10 minutes. A quantum computer gets a quadratic advantage on that partial reversal too, and since mining is competetive it won't need to be extremely powerful to dominate. Still you would need a much more powerful quantum computer than we currently have or expect to have in the coming decades, and you can't even effectively "join forces" from several quantum computers because Grover's search doesn't parallelize well. So it looks like this isn't a concern for a while, but when it is it looks like it would change the landscape of mining significantly (much more than the CPU->GPU->ASIC transition), mostly for the worse it seems for decentralization and robustness. It's unclear if any kind of proof-of-work we know can work well with quantum. Anyway the real problem which is more pressing is the ECDSA signature scheme, which is what is used in Bitcoin to sign transactions using a private key, such that they can be verified with the public key. This signature scheme is thought to be possible to crack with quantum computers - going from public key to private key. Now there are modern algorithms which are thought to be quantum resistant, but there are some issues with moving Bitcoin to use them - you need people to willingly migrate to a quantum resistant wallet, as they need a new private key from the new algorithm. It's of course tough to rally everyone and for some it would not even be possible as they lost access to their keys. Quite a few of the early wallets whose public key is exposed would become "quantum loot" and there is some discussion over whether to let it be stolen or freeze those finds. Another issue is that the signatures in quantum resistant algorithms are much larger, and that's an issue with block space already being a premium.

Self_Blumpkin

Unless the new hashing algorithm is compatible with SHA-256, miners will absolutely not “quickly upgrade”. The first company to put out a new ASIC for the hashing algorithm will be rich though. As long as they don’t use it all to mine themselves like Bitmain did for so long with their BTC ASICs.

qrcjnhhphadvzelota

Hashes like SHA are not the weak point of crypto currencies. Asymmetric cryptography like RSA, Elliptic curve used for signing of transaction is. If i can issue transactions by pretending to be someone else, then i dont need to break the hashing. i just issue a transaction like any other transaction.

Odd_Lengthiness_2175

ECDSA is a much easier target than SHA-256 is. Mining and the mempool are not the immediate targets, Satoshi's wallets are. There's no easy fix - you either burn the old coins and coins with known public keys (by making them inaccessible if not moved by some migration date) or you do nothing and allow those old wallets to be drained. It's actually a massive controversy and the one thing I think could potentially end BTC's dominance in the crypto space.

Th3Zed

Let’s forget about the improbability of SHA-256 getting compromised, bitcoins ability to evolve beyond it and the fact that all financial institutions are also screwed in the event that it happens. Bitcoin is unique in that the moment it is cracked it becomes worthless. Congrats, you stole satoshis 1M bitcoin, or all 21M for that matter… and now there is no one to sell it to. Would require a Joker-like character to do it - any sane profit-focused criminal is better off trying to steal nearly anything else

f3lixtb

If quantum computer breaks the bitcoin cryptography or SHA-256, everything else will scramble, not just “crypto” or bitcoin… it applies equally to fiat. In such an extreme event, the centralized institutions managing fiat (central banks, governments, payment networks) would be severely disrupted. Just as Bitcoin would be inaccessible, fiat would be unusable without the structures that give it legitimacy. In both cases, value collapses when the supporting system collapses. Also, even if quantum computers eventually become powerful enough to mine faster, they wouldn’t be able to just mine all the remaining Bitcoin in a few days. The protocol is designed to adjust the difficulty every 2,016 blocks (roughly every 2 weeks), so if blocks start getting mined too quickly, the network would respond by making mining harder. That prevents anyone from speeding through the rest of the supply like that. And if something like that ever did start to happen, the network could fork, upgrade the protocol, or switch to a quantum-resistant algorithm. Bitcoin core algorithm isn’t static, it can adapt, like it has in the past with SegWit, Taproot, etc. So overall, it’s not really a realistic threat, and ironically it would hurt the attacker just as much as anyone else. The most realistic threat would be using quantum to break the ECDSA signatures and steal coins from previously-used wallets. But that’s not something current quantum tech can do… again, we’re probably decades away from it. Even if it happened, the community could fork the protocol to stop the damage, blacklist stolen coins, or move to quantum-safe cryptography. Another idea is that someone could mine way faster than the rest of the network and try to mess with block timings or reorganize the chain. That might cause temporary chaos, but the protocol would adjust the difficulty, and devs/miners would respond fast. Same with flooding the network with junk blocks, Bitcoin’s already been through a lot of those kinds of attacks and adapted. The thing is, if someone actually had that much quantum power and used it just to break Bitcoin, it would pretty much prove to the world that it’s time to move on to quantum-resistant tech. so in a weird way, it would accelerate Bitcoin’s evolution rather than kill it. So yeah, they could definitely create panic or crash the price short-term, but wiping out Bitcoin completely would be a lot harder than people think.

synthia331

Is there some form of encryption that we can use which is superior to SHA256 that quantum computing cannot crack?

Complex_Entropy

Grover's algorithm cannot realistically crack SHA-256, as it only gives a quadratic speedup from 2²⁵⁶ operations to 2¹²⁸, which is still very large. This is good because bitcoin does not have any ideal mechanisms to deal with a broken block hash function. Shor's algorithm, on the other hand, can crack ECSDA, but this is fixed by P2QRH and similar proposals.

re_use_me

He's asking the wrong question, it's not SHA256 that is vulnerable to quantum computers, but ECDSA. Forging signatures allows you to spend other people's coins and that's what Bitcoin must worry about

dmigowski

And bitcoin uses SHA256 twice to calculate the next block. That means, after you cracked a single SHA256 you can start over now and build your computer 100s times bigger.

SnooMachines7409

People here are dumb. Grover's algorithm theoretically improves the speed at which hashes can be found since Grover's algo reduces the search space of hashes from 2^256 to 2^128. It does not break SHA-256. This means miners using quantum computing will have an edge over ASIC miners.

False-Practice-6474

Also, if SHA-256 were meaningfully broken, the community could coordinate a soft or hard fork with a stop-date consensus, transitioning to a quantum- or AI-resistant encryption algorithm. It wouldn't be easy, but Bitcoin’s governance has handled forks before.

Solnse

Well, the people that didn't upgrade year values to 4-digits ran their own risks of unpredictable behavior. Those that don't upgrade to SHA-2 would be exposing their wallets to potential hacks at that point. In other words why *wouldn't* every node accept the upgrade to protect a multi-trillion dollar network?

phincster

Im not an expert in any of this, but this is my understanding of it all. The password that bitcoin uses is basically a math problem, SHA-256. The math problem is what bitcoin uses for its password verification. And not just bitcoin uses this encryption. For a modern computer to actually solve this math problem and break the code, it would take a longer time then the universe has existed. In theory though, quantum computers would be able to do computations at the quantum level where all of the computations could be done simultaneously. Time would no longer be a factor. If successful, it would mean a quantum computer could break any password or encryption. This would have huge ramifications for not just bitcoin, but everyone. As encryption of anything at all could no longer be guaranteed. Imagine a world where any password anything online cannot be guaranteed and no messages could be guaranteed to be secure.

Slav3k1

This. If the SHA is broken, bitcoin is least of our worries ...

United_Afternoon_824

We’re starting to drift outside the realm of my expertise, but my general understanding is SHA-512 is more secure. How much more I couldn’t really say. SHA-256 is faster and uses less resources which I think was a big part in why it was chosen.

lockduck1

No trying to sound stupid, but how more secure would SHA-512? And why is not already done?

soundssarcastic

SHA- 512 Ez fix

United_Afternoon_824

I don’t think you understand how SHA256 works.

realtag2025

Grok predicts that by 2035 the quantum computers will still not be able to crack SHA256 encryption that is used by Bitcoin(and a lot of other stuff) within a reasonable amount of time.

Get_the_nak

http://bicoin.dev/SHA-257_is_on_the_way/s

Leungal

I think you misread? They match each mnemonic word against the BIP-39 wordlist to retrieve its index (ranging from 0 to 2047), then convert each index into an 11-bit binary value. These 11-bit chunks are concatenated to reconstruct the full bitstream, which consists of the original entropy plus an 8 bit checksum derived from the SHA-256 hash of that entropy. Optionally the passphrase is then added and the whole thing is fed to PBKDF2 to derive the final 512-bit seed. In practice though, all you ever need when storing a BIP39 seed is the first 4 letters of each word, because they are all entirely unique and all you need to find the index in the wordlist. I was just trying to simplify it conceptually to the OP.

YRUbitchmade

Well Im glad someone on reddit knows. Refreshing to see actual facts. I always thought it was fishy the government created the SHA-256.

Pfdtup

With the cold card you can: Determine the 23 words with dice throws Enter them in the coldcard and it will calculate your checksum and give you the choice between 8 (24th possible words) With Ledger this is not possible, you have to calculate the checksum yourself. In my opinion it is impossible to calculate the checksum by hand because it requires the SHA256 of the 256 bits. You must therefore do this with a PC or smartphone offline... and not make any mistakes to avoid leaking the 256 bits determined with the dice. If the calculation of the checksum is false the seedphrase will be invalid because it does not comply with BIP39.

Skarial

SHA-256 is a cryptographic hash function designed to be one-way, meaning that, even with massive means, one cannot reverse a fingerprint (find the original message), nor find two different messages producing the same fingerprint (collision). It has resisted all known attacks for more than 20 years. And if a genius came up with a theoretical attack tomorrow, it would still take years for it to be applicable in practice. If SHA-256 were to be weakened, the community could very well replace it with another more robust algorithm, via a soft fork or a clean hard fork. Alternatives already exist (SHA3, BLAKE3, etc.).

the_rodent_incident

BTC got completely owned by big money. It's just a semi-regulated tech stock now. "Hijacking Bitcoin" book explains it pretty well. Everything else keeps slowly degenerating to nothingness, with an occasional scam pump. Crypto failed as P2P cash, and that is now more than obvious. Because it's too hard to on/off ramp it, or too volatile to be used as daily cash or even short term checking account. Some projects are clinging on, like XMR, but these are an anomaly, not the norm. Governments started to buy crypto. This will only end in tears. Someone will have to repay all these debts once BTC crashes to zero because some math genius kid or a quantum computer broke SHA256, or some contentious soft fork breaks the chain. A baby born today, will be adult in 2043. How much Bitcoin will this young person be able to buy? Forever growth is a myth. You eventually run out of resources, or fools to buy your bags.

SmoothGoing

SHA-256? Algo for bitcoin keys is ECDSA.

Admirable_Ice3247

A Base58Check-encoded address showing consistent partial matches across many attempts would be statistically improbable if it were happening beyond pure chance. But here's the thing: Bitcoin addresses aren't raw outputs of ECC or SHA-256 alone; they go through multiple layers, including SHA-256, RIPEMD-160, a version prefix, a checksum, and finally Base58Check encoding. So a “33% match” in address characters might feel significant, but it doesn’t necessarily imply proximity in key space. Base58 encoding isn't linear, and small character overlaps don’t mean the inputs are mathematically close. If your AI is consistently getting partial matches better than chance across millions of samples, then yes, that would be noteworthy. But you need to verify that your dataset is truly random and not biased; for example, if you’re sampling from a narrow subset of keys, burn addresses, or vanity address prefixes, the character distributions might not reflect the true address space. It’s also important to compare your results against a statistical baseline for random attempts, and ensure your parsing of Base58Check addresses is correct. Some characters appear more frequently than others due to the checksum and version byte structure, which can skew superficial comparisons. If the anomaly holds under careful scrutiny, but chances are this is due to random noise, encoding quirks, or flawed assumptions in the match criteria. Still, it's good you're probing it; asking these kinds of questions.

sciguy96

I think you may be not understanding what NP hard problems are…it’s referring to how much computation is required as it scales. As it becomes more complex, it will take longer. If you’re saying it solved it quickly, scale the complexity. You’ll find it will take muuuch longer.  With how complex the computation is for bitcoin (SHA-256), it would take a VERY long time for an AI to guess a correct key.  I see this concern all the time…and it’s just a reflection on the under estimation how hard bitcoin is to reverse engineer. AI, quantum computing, it really is not a threat to Bitcoin.  AI doesn’t magically know how to reverse engineer SHA-256. It would involve creating new math that AI isn’t capable of doing. 

Admirable_Ice3247

This is interesting, but just to clarify for others reading — cracking Bitcoin wallets isn’t just a matter of finding matching characters in addresses. Bitcoin’s security is based on two cryptographic pillars: Elliptic Curve Cryptography (ECC) and SHA-256, and both are extremely robust. ECC (specifically secp256k1) is used to generate public keys from private keys via one-way elliptic curve multiplication. The process is mathematically irreversible with current computing power — even with AI — due to the difficulty of solving the elliptic curve discrete logarithm problem. Then SHA-256 (followed by RIPEMD-160 and Base58Check encoding) is used to turn public keys into wallet addresses. SHA-256 is a secure, one-way hash function designed to be patternless and collision-resistant. Matching a few characters in a Bitcoin address doesn’t get you any closer to recovering the private key or even the full address. Unless your AI can reverse either ECC or SHA-256 (which would be a global cryptographic breakthrough), matching partial characters is statistically insignificant. You’re likely just seeing noise from brute force attempts.

Raphae1

It is not irrational to choose the most widely used and accepted cryptocurrency, which is the most decentralized and secured by an amount of work (SHA256-hashing) unmatched by any competitor.

pop-1988

The main reason is the Satoshi justification in the white paper - there's more value in mining fairly than there is in attacking The actual history of real 51% attacks (especially BTG) exposes a flaw in Satoshi's one block at a time calculations. The BTG attack stole money from Binance by mining a shadow chain tip for two hours - not one block at a time But SHA256 mining (BTC, BCH) is organized into mining pools. Pools are not miners. They're a reward distribution service to their members (miners). So they have a reputation to protect, not to use their members' hashes for crime BTG is small enough that a single miner could rent 51% hashpower for 2 hours - no pools anywhere in that scam BSV (SHA256) is famous for a period of having a single miner 51% attacking - for disruption, not for personal gain. Pools aren't supporting BSV

SherbetFluffy1867

Ok, I'm going to assume your situation is this: you don't really understand the Bitcoin protocol and network well and if the US government didn't create the software then you are wondering why haven't they tried to kill it. I think, assuming that is your position, that they tried in the beginning to find Satoshi Nakamoto after Bitcoin began being used to backdoor funds to WikiLeaks and Julian Assange. He went into hiding and they were never able to identify him/her/them. Since the software was open source and released to the world free and decentralized it was already too widespread to contain. This is just conjecture since we don't really know. As far as ways to attack Bitcoin, here is a ChatGPT generated list of vectors and ways it could be done. To date I'm unaware of any nation states ever being accused of attacking the network or protocol. The cool thing about Bitcoin is that it pretty much is always more profitable to expend resources to participate rather than attack it. Here's a succinct list of the main known attack vectors against the Bitcoin protocol as of July 2025: --- 1. Consensus-Level Attacks 51% Attack: Control >50% of hash rate to double-spend or censor transactions. Selfish Mining: Withhold blocks to gain disproportionate mining rewards. Timejacking: Manipulate node clocks to affect network time and block validity. Invalid Block Relay: Attempt to propagate invalid blocks to disrupt nodes (mostly mitigated). --- 2. Network Attacks Eclipse Attack: Isolate a node by controlling all its peers, enabling manipulation. Sybil Attack: Flood the network with fake nodes to disrupt communication or voting. Partitioning: Physically or virtually split the network (e.g. BGP hijack). Denial of Service (DoS): Target nodes or the mempool with spam or malformed data. --- 3. Mempool/Transaction-Level Attacks Fee Sniping: Reorg to claim high-fee transactions from past blocks. Transaction Malleability: Alter txIDs before confirmation (mostly mitigated via SegWit). Dust Attacks: Send tiny amounts to trace UTXO linkages and deanonymize. Pinning Attacks: Use low-fee unconfirmed parent transactions to prevent replacements. --- 4. Mining Attacks Block Withholding: Join a pool but never submit valid blocks—wastes pool's effort. Pool-Hopping: Switch between pools to maximize short-term gain, harming others. ASIC Manufacturer Attacks: Ship underperforming or backdoored devices. --- 5. Economic/Game-Theory Attacks Fee Market Manipulation: Spam or suppress transaction fees to affect block space market. Exchange Collusion: Coordinate withdrawals to manipulate mempool or price signals. Miner Bribing: Pay miners off-chain to reorg or censor certain transactions. --- 6. Protocol-Level Exploits Consensus Bugs: Software bugs causing chain splits (e.g. CVE-2018-17144). Inflation Bugs: Exploits that allow creation of extra coins. Soft Fork Exploits: Abuse of partial upgrade adoption to split or confuse nodes. --- 7. Social & Governance Attacks Social Engineering: Trick developers or maintainers to accept malicious proposals. Governance Capture: Influence devs/miners/users to support self-serving forks or changes. Fork Wars: Create confusion through competing chain splits (e.g. BCH/BSV history). --- 8. Cryptographic Attacks (Theoretical/Future) Quantum Attacks: Break ECDSA to steal funds (Post-quantum planning underway). Hash Collision: Break SHA-256 (currently infeasible). RNG Attacks: Exploit poor key generation to steal private keys.

Pristine_Cheek_6093

More importantly, btc is easier to fork to SHA-512 than every other institution in the world. In other words, bitcoin is the most quantum-proofable

Cyhawk

Traditional currency has a lot of potential protections, done by humans to mitigate that to a large extent. Cryptocurrency doesn't. traditional banking would just go back to pre-electronic methods. That said, we're still fucked if SHA-256 is broken for a variety of reasons.

IInsulince

Rather, it is a reason not to buy bitcoin, however, there’s much bigger problems if that happens so it’s not worth worrying about. If quantum breaks SHA-256, Bitcoin will be compromised but we also won’t care because the world will be on fire.

Own_Condition_4686

If Quantum breaks SHA-256, every bank, every government secret, every digital everything is compromised. It is not a reason to not buy BTC

HighlySuccessful

There are quantum algoorithms to reverse RSA but there aren't any to reverse a SHA hash, especially that large. You'd need a lot of quantum compute to make it happen, like millions of qubits, and in the last couple year we're up from 30 to like 50 qubits?

masteratrisk

i have asked it about quantum computing breaking SHA-256 encryption and it also says no chance in our lifetime, everyone else seems to see it as a threat though

YoungMoose71

BTC isn't the only chain that uses SHA256. So the ASIC's could still have some value. Additionally buying / temporarily controlling 51% of hash power producing equitment is still a lot cheaper than 51% of a PoS crypto like ETH (which you may actually need over 66% due to consensus mechanisms and slashing)

cryptoripto123

This is why you should use a password manager. I know many disagree here, but you can't believe in Bitcoin and its SHA-256 hashing and somehow thing password managers are a scam.

cyclicalwand

If an address has never sent a transaction then it should be quantum resistant. In order to receive a transaction then this is locked behind public key hash not a public key. Quantum computers could reverse engineer a public key to get the private key but the public key is only revealed the first time an address sends a transaction. Quantum computers would first have to break the hash function (RIPEMD-160 combined with SHA-256), which is currently considered quantum-resistant.

Kemilio

> a fork ready to go that prevents it How exactly would a fork “prevent” quantum computers from cracking SHA-256?

conceiv3d-in-lib3rty

It’s a nothingburger. When quantum gets even remotely close to the level of being able to crack SHA-256, Bitcoin will already have a fork ready to go that prevents it and will reach full consensus to do it. There’s wayyy too much riding on it to just let it get cracked at this point. It’s never going to happen.

SmoothGoing

>Your Bitcoin password aka the private key, or seed phrase and the network itself is protected by SHA-256 No >Meaning it has the entropy of 2\^256 bits. Means that there are 2\^256 possibilities of your password. No

ConfuciusYorkZi

There are two sides to your question. 1, People usually buy it off an Exchange like Binance or Strike, then send it to their own Cold Wallet. Exchanges can collapse then your Bitcoin is gone. So get if off Exchanges. 2. Will Bitcoin be hacked? No. Bitcoin is surrounded by a digital shield created by the miners. Bitcoin is the largest computer network on earth. Miners use Asic chips to mine Bitcoin. Basically, downloading software and trying to guess the right nonce. Mining is very complicated, and I don't understand all of it. But on a high level, there are currently 10\^21 of hashes running per second to secure the bitcoin network. This is the bitcoin hash rate. It shows how many "guesses" computers are doing to mine the next Bitcoin block every 10 mins. The amount of power that this shield generates is around 20 GW. So 20+ nuclear reactors running at full speed every single second. To dominate the network, you need 51% of all hash power. also called the 51% attack. Quite impossible. As you also need millions of asic chips with that energy to dent the network. It's more realistic that they will join in than rather try to dent the network that will get them nowhere. From here, some may argue that Bitcoin saves the world, bc people will always resort to clean energy to maximize profits. The next side of Bitcoin is its cryptography process. Your Bitcoin password aka the private key, or seed phrase and the network itself is protected by SHA-256. SHA-256 is a one-way cryptographic hash function, it is irreversible. Meaning it has the entropy of 2\^256 bits. Means that there are 2\^256 possibilities of your password. Even the best computers in the world will take a lifetime of the universe to guess yours. The main takeaway i guess is to not store your Bitcoin on exchanges and use a cold wallet.

abidakos

I was literally on a 30-minute deepdive on techslang definiton breakdowns of SHA-256 bit whatever bullshit when I came across the detail of 21 million being available. literally froze in my tracks lol

carsonthecarsinogen

I think we’re both on the right path. I don’t think it’s entirely backed by energy alone, but I think it is a main factor. All of gold’s properties that make it valuable don’t boil down to being protected in vaults. Not all gold is protected by guns in a vault but it’s still valuable. All BTC is protected by energy, but its whole value proposition is not based on that security. It’s also verifiable thanks to SHA256, its lightweight and transportable due to it not being physical, borderless thanks to its protocol. I’m sure there’s more to it, but I think you are correct to say “it’s not ONLY backed by energy”, but I’d argue that energy is a major component of BTCs backing.

jawni

>You are posting "crypto" links on the quantum problem, do you honestly believe that they will say "hey guys we are done"? ;) I figured this would be your comeback, although it's a pretty terrible one. You obviously didn't really think it through. Yes, it is from a venture fund who does crypto investments, but they have nothing to gain about lying about their thoughts on quantum computing and the effect on crypto. If they thought quantum computing was a more pressing threat, they'd say so, and then they'd seek out projects to fund that are more proactively aiming for quantum-proofing. And there is also a lack of QPC crypto projects, you'd think there would be an excess of them if it was as imminent as you think, no? They experts are also just research advisors to the venture fund, they're not getting paid to shill and have no incentive to lie as they get paid for their expertise and lying would harm their credibility. Lying about the threat of quantum computing really doesn't make any sense if you give it even two seconds of thought beyond the obvious connection. >Read here: https://postquantum.com/post-quantum/breaking-rsa-quantum-hyp >https://arxiv.org/abs/2212.12372 >https://quantumcomputingreport.com/significant-theoretical-advancement-in-factoring-2048-bit-rsa-integers At the quickest these still suggests a timeframe of 5-10 years. A million qubits in 2030? Still need to 100x that number. >Quantum breakthroughs are driven by hardware physics, which evolve slowly but suddenly (see superconducting qubit scaling), but PQC relies on software standards and adoption, which historically lag. NIST finalized PQC algorithms only in 2024, but global rollout could take decades, just look how long it took to retire SHA-1. 😉 That's true but generally advances at a somewhat predictable pace. Just saying it's slow with sudden bursts doesn't really quantify how you think the timeline would be orders of magnitude faster than the ones I presented, and they actually provided their thought process on coming to that timeline. IDK where you learned about crypto, but a global rollout to update the network will not take anywhere close to decades. Network wide updates typically are done within hours, that's one of the strengths of these networks, they can coalesce and coordinate very fast. Likely the hardest part will be getting to the consensus needed with a solution that the majority can agree on, no the actual rollout. >Freezing wallets is an option, but the one that comes with a loss of trust in the bitcon ecosystem. It breaks Bitcoin’s core promise: that “code is law” and coins are always spendable with the right key. That's what detractors say, the people within the network agreeing to this, they obviously wouldn't care because they know the importance of social consensus. To say "code is law" implying that the code cannot change is just wholly ignorant of that. Even networks as entrenched as Bitcoin have changed the code when the majority felt it necessary. >Many technologies do have intrinsic usefulness because they provide value even without external consensus or infrastructure. Bitcoin, however, offers no utility without network participation. That's the difference between, say solar panel, e-mail client and bitcoin. 😉 lol the fact that you'd use one software protocol as an example of a difference to another software protocol is just a terrible way to try to show a difference. And putting winking emojis or ;) at the end of each line is just terribly cringe, you're not as clever as you think you are. It's pretty clear you're not giving any sort of real consideration to anything I said and just want to get your piece across, and this is all very theoretical so there isn't any conclusive "correct answer", so you can respond if you want, but I won't bother any further. Seems like 5-10 is the fast timeline, 15-20 is the slower timeline, a decade would be right in the middle, which would align with what I said. Let's just set reminders to check again in 5 years, see how close we are. RemindMe! 5 years

KeySpecialist9139

You are posting "crypto" links on the quantum problem, do you honestly believe that they will say "hey guys we are done"? ;) Read here: https://postquantum.com/post-quantum/breaking-rsa-quantum-hyp https://arxiv.org/abs/2212.12372 https://quantumcomputingreport.com/significant-theoretical-advancement-in-factoring-2048-bit-rsa-integers This is a hardware milestone, not a fantasy and current quantum labs are progressing faster than most crypto forums are willing to admit. 🤔 Freezing wallets is an option, but the one that comes with a loss of trust in the bitcon ecosystem. It breaks Bitcoin’s core promise: that “code is law” and coins are always spendable with the right key. Quantum breakthroughs are driven by hardware physics, which evolve slowly but suddenly (see superconducting qubit scaling), but PQC relies on software standards and adoption, which historically lag. NIST finalized PQC algorithms only in 2024, but global rollout could take decades, just look how long it took to retire SHA-1. 😉 Many technologies do have intrinsic usefulness because they provide value even without external consensus or infrastructure. Bitcoin, however, offers no utility without network participation. That's the difference between, say solar panel, e-mail client and bitcoin. 😉

rogpar23

No, i understand alright let me explain. I was talking about all these big miningfarms having bought thousands of asic miners that mine on SHA-256. If a different working protocol or algoritm is chosen for bitcoin to be quantum proof, then these asics have the risk of being obsolete if the quantum proof algorithm isn’t implementable in the asic chip. It all depends on the chosen security in the future (as an example look at this proposal from 2017: https://arxiv.org/abs/1708.04955) it works in a completely different way.

sgtslaughterTV

I think you misunderstand. This is out of the hands of bitmain. There are many mining algorithms: scrypt (litecoin, dogecoin), SHA-256 (BTC, BCH, BSV), RandomX (monero), X11 (for some obscure coin called Dash) and tons more. Of these, I'm not sure which ones are quantum resistant. Bitmain already makes devices that use these algorithms to mine the coins I previously mentioned. But, for the sake of argument, let's say bitcoin devs propose using a new, tried and true quantum-proof mining algorithm - let's call it QP-256 (Quantum-Proof-256). They don't immediately make SHA-256 irrelevant overnight, and they could implement some kind of period of time where miners can use SHA-256 devices and QP-256 devices to accumulate bitcoin for (for example) 2 years before blocking out SHA-256 completely.

ltr27

I think they mean very few people here can explain the technical aspects of BTC which makes it superior to other crypto/forms of money. It’s pretty rare to see any technical discussion in this sub amongst all the memes and shitposting. When you say you can simplify any part they don’t understand I think you’ve missed their point and the nuance of BTC by oversimplifying things too much by just using a bunch of word-salad buzzwords. Maybe include things like SHA256, Nakamoto consensus, PoW, ECDSA. Out of interest, do you know how to review the source code yourself? If you’re going to tell people to do that you’d want to be able to at least do it yourself.

Money-Society3148

Old heads are making the money moves. It's just a fact. When I say "old heads" I just mean age. There are plenty of older people who are intelligent enough to understand tech because sometimes they were part of it's development. I mean how far deep do you want to go down the roots of tech. The transistor? The CPU? The Internet? Ethernet? SHA-256? A lot of tech was created by older engineers. Now, I do agree with what you said about old folk not so quick to accept new technology. That caution is because of experience where an unproven tech has cost millions of dollars. Most of the time the stubbornness from old folk comes from the financial side. A lot of old people worked very hard for their money to just toss it out on an unproven technology. The dotcom bubble siphoned out a lot of older people's money and that experience made them cautiously skeptical. It's just the experience talking really - don't take it personal.

Kunrush

These ppl have no idea what “quantum computing” is lol. If some groundbreaking otherworldly tech were to emerge to break 2 pass SHA256 encryption then guess what... The entire bitcoin block history is preserved. Humans will deploy an update to bitcoin to account for this, and it will have the same difficulty adjustment mechanism in place.

Numerous_Wonders81

Just use Algorand. That’s what real quantum-safe systems should be modeled after. It’s built on pure proof-of-stake with post-quantum cryptography already on the roadmap. While most DLTs still rely on outdated mechanisms like SHA256 and clunky consensus models, Algorand is using VRFs (verifiable random functions) and has no leader nodes — removing central points of failure. Scalability? Finality in seconds. Security? Backed by Silvio Micali, a Turing Award-winning cryptographer. Algorand already delivers high TPS, low fees, and energy efficiency — upgrading security on Algorand isn’t just easier, it’s already ahead of the curve.

longonbtc

SHA-256 hashing application specific integrated circuits. Like these: https://shop.bitmain.com/?coin=antminer

longonbtc

You can't use an app on your phone to mine bitcoin. You need to use an SHA-256 hashing application specific integrated circuit to mine bitcoin. And if you want it to be profitable, then you also need access to cheap electricity.

Mechanical_Potato

Why the obsession? and are you sure it's not misdirected? Kaspa uses KHeavyHash as its hashing algorithm for its ASICs Bitcoin uses SHA256 I'd say Grok isn't credible due to recent developments, and especially if it's not providing sources like in this post. ASICs joined the Kaspa network when 60-70% of the supply was already in the hands miners with consumer hardware like CPUs and GPUs.

berenice_npsolver

It's just one branch of the main study, so perhaps saying p=np is very risky, but it creates a theorem which, in exploratory implications, is working, always with my simple netbook, but if the TSP is satisfiable and finding a pattern in an SHA-256 problem means that it's not as secure as they think, academic bias tends to leave many cracks that we can explore! Best regards.

berenice_npsolver

Thanks for your comment. This is actually part of an exploratory phase. My main work focuses on large-scale combinatorial optimization, especially the Traveling Salesman Problem (TSP), where I’ve already outperformed classical solvers like CPLEX by solving routes with over 31,000 nodes using a self-organizing neural architecture. Regarding SHA, my goal is not to replace or invert the hash function. I’m exploring whether a visual model can detect local structures or dynamic behavior within the hash space. I'm not claiming to predict outputs, but rather investigating whether subtle statistical signals exist—ones that traditional tools may miss especially using techniques like Grad-CAM. So no, I'm not using AI instead of statistics. I'm using it to expand the toolkit, to observe areas we usually assume to be opaque. If you're more interested in complexity theory, my strongest results are in NP problems. This hash exploration is just one piece of a much broader research path.

berenice_npsolver

I get the skepticism , but let me clarify, this isn’t about "breaking" SHA-256 or predicting hashes like magic. That’s not how cryptography or AI works. What this model does explore is whether we can extract any statistical signal from how inputs relate to outputs, especially using visualization tools like Grad-CAM. Not to guess exact hashes, but to understand the structure of the hash space, the difficulty dynamics, or even to generate hypotheses for further research. It’s a research tool, not a mining shortcut. If you’re expecting a silver bullet to invert SHA-256, this isn’t it — but if you’re curious about what happens when deep learning meets cryptographic functions, this is unexplored territory. I’m not claiming miracles — I’m building tools to see deeper. Happy to hear solid critique, but let’s keep the conversation constructive.

berenice_npsolver

Great question! But no the model is not computing hashes, not even in an inefficient way. Instead, it’s trained on thousands of input-output examples (like binary headers and their corresponding hashes) to learn statistical patterns. Then, with Grad-CAM, it visually highlights which input bits most influence the output. It's not a miner and not a SHA-256 solver — think of it more like a microscope that reveals how changes in the input affect the output, useful for: education research auditing mining dynamics or difficulty changes Thanks for asking! Happy to share a sample heatmap if you're curious🤙

berenice_npsolver

Here's why someone might use it and what they could get from it: For researchers or devs: It gives a new way to visualize how input bits impact hash outputs, which can be valuable for understanding sensitivity, entropy distribution, or even debugging mining simulations. For educators: It’s a teaching tool. It helps students "see" the effects of bit changes in high-entropy functions like SHA-256 using Grad-CAM — something very few tools do today. For blockchain analysts: It could be extended to audit or visualize difficulty adjustments over time, or test how various nonce strategies behave visually. It's not built for "business" in the classic sense — it’s like an x-ray machine for hash behavior. Maybe niche, but powerful for those who care. If you have ideas to turn this into a more direct business application, I’d love to brainstorm with you. Collaboration > criticism.

berenice_npsolver

You're absolutely right AI cannot anticipate or invert SHA-256. But that’s not the goal here. This project doesn’t try to break SHA-256 or mine blocks directly. Instead, it analyzes input-output patterns visually and learns statistical cues useful for research, teaching, or even auditing difficulty dynamics. Think of it as a microscope, not a miner. I’m always open to critique ,if you have ideas to improve the approach or explore other visualizations, I’d love to hear!

berenice_npsolver

Thanks for your comment! I totally understand the skepticism this isn't about replacing traditional mining or solving SHA-256 directly. The project is exploratory, aiming to show that AI can learn statistical patterns in hash outputs and visualize the impact of inputs using Grad-CAM. It’s more of a research and educational tool than a mining rig. I’d love feedback or thoughts from others who’ve experimented in similar areas!

superminingbros

Can AI anticipate a SHA256 hash…. No.

Desperate-Low5201

SHA 256 To break it or simply match somebody else's 12 words would require the ability to guess heads or tails 256 times in a row