SHA

Financial-Nature5745

I get it… but quantum computers won’t actually “break” SHA-256. The real vulnerability lies with **ECDSA (Elliptic Curve Digital Signature Algorithm)** ...jd that’s what secoures Bitcoin’s private-public key pairs. So, technically, **only addresses that have already revaeled their public keys** (like old walets, early miner addreses, and even Satoshi’s coins) are exposed if quantum supremacy ever becomes real. SHA-256 itself remains solid… it’s ECDSA that could be craked to derive private keys from public ones. In that sense, whoever achieves true quantum supremaycy could, in theory, **claim or steal** those old, untouched coins. But once that happens, the rest of the network will just migrate to **quantum resistant cryptography**, leaving those few early addresses as the only real casualties. So yeah… the first one to reach quantum supremacy might get “rewarded”(ethically wrong in my opinion but thats how the world works I guess)… but the rest of Bitcoin will evolve and survive...so nothing to worry,, and this assumes that we truly achieved quantum supremacy which is exciting as it will be aweesome,, more cool inventions...

Wonderful_Writer_133

The article doesn't specifically mention bitcoin and talks about encryption security where messages are made unreadable without a decryption key. If you want to see the current state of the future quantum computing concern run some searches on your favorite AI: What is the difference between encryption and cryptography? Follow ups: What cryptographic method does Bitcoin use? Will Bitcoin's use of ECDSA and SHA-256 for authentication and blockchain security have vulnerabilities to attacks using quantum computing in the future?

Axe_Raider

do you think it takes 2^2 bits to solve SHA-2? mining is just brute-forcing operations until you find one with a sufficient number of 0 bits. it's not like you are factoring a number. you're just generating sha sums as fast as possible. 2^256 is the number of possible outputs. there are an infinite number of inputs. is a quantum computer really going to find inputs that generate all possible 2^256 outputs?

TheGreatMuffin

That's above my paygrade, tbh. From what I understand, the current consensus seems to be that there is no sufficiently strong algorithm to reverse SHA256 functions, that's why it's considered quantum safe. There's Grover's algorithm, but it's not considered to be powerful enough. For ECDSA there's Shor algorithm, which can be used with quantum computing. Can't claim to understand much about it though, so if you have more knowledge, I'm happy to learn :)

Turbulent_Progress_4

# 🧑‍💻 Satoshi Nakamoto still being alive **Odds:** Plausible but uncertain — maybe a **few percent** chance. * If Satoshi was middle-aged when active (2008–2011), they’d likely be in their 40s–60s today, so survival is not inherently improbable. * The disappearance could’ve been voluntary — a desire for privacy, legal caution, or ideological consistency — not death. * There’s also no direct evidence of their death; no known PGP keys revoked, no coins moved, etc. So while unlikely we’ll ever *hear* from them again, it’s very reasonable to think they could still be alive and silent. # ⚛️ Quantum computing “cracking” crypto this year **Odds:** Essentially **zero** for 2025. * Breaking Bitcoin (e.g., cracking SHA-256 or ECDSA) would require a *fault-tolerant* quantum computer with **millions** of stable qubits. * As of late 2025, the largest demonstrated quantum systems are still in the **hundreds to low thousands of qubits**, and none are close to the required error correction scale. * Even the most optimistic public roadmaps (Google, IBM, IonQ, etc.) talk about *post-2030* before achieving that level of fault tolerance. So: > If you want a rough numeric intuition: * Satoshi alive: 1 in 10 to 1 in 50 * Quantum crack this year: 1 in a billion (or lower)

TheGreatMuffin

SHA256 is considered quantum safe, it's about ECDSA being vulnerable to a (potential) quantum attack. The larger targets that you mentioned are centralized and can update their systems much faster than bitcoin, or simply roll back changes (banks). > why would they target Satoshi’s Bitcoin first and announce they have the capability? Good point, perhaps the random coins have been exhausted or they just want to be greedy, or want to make some point of "being able to", who knows.

warblade7

If someone had the ability to break cryptography with quantum computing why would they target Satoshi’s Bitcoin first and announce they have the capability? More likely they would target random Bitcoin if even Bitcoin at all. Breaking SHA256 means there are far larger targets to be had (govt systems, banking systems, military systems etc).

kitkatmentat

Granted it's poorly worded, but his "supercomputer" worry is still a valid concern, no? I'm assuming he was referring to the fear that SHA-256 could eventually get cracked

Numerous_Wonders81

You’re mixing two different questions: attack cost and who can control the rules. Both PoW and PoS can be attacked and censored if a majority colludes—the mechanisms and costs are just different. 1) “PoW can’t be censored” → not true. A miner (or cartel/pool) with majority hash can absolutely censor by simply refusing to include certain txs and by reorging blocks that do. That’s textbook 51% behavior. PoW’s defense is miner diversity and the cost to sustain that majority—not an impossibility of censorship. 2) Cost model (why the incentives differ): PoW = OPEX/rentable. Majority can be rented or redirected (hash from other SHA-assets, NiceHash, etc.). It’s pay-as-you-go; you can attack, leave, and there’s no in-protocol penalty for the attacker. Defense is social fork / user-activated rules. PoS = CAPEX/illiquid. To sustain censorship you must own or control the stake over time. In slashing systems you get burned; in no-slashing systems (Algorand/Cardano) your stake value is directly tied to the chain you’re attacking (you nuke your own bag) and the community can socially fork you out. Either way, it’s expensive to hold the attack. 3) “Even tiny PoS chains haven’t been taken over” vs “many PoW 51%’s.” We’ve seen multiple PoW 51% reorgs on mid-caps. For larger PoS networks, the attack vector is not “attacking yourself for fun,” it’s acquiring enough stake and holding it—which is hard, public, and illiquid. That’s why you don’t see easy smash-and-grab reorgs on serious PoS either. 4) Control vs rules: Neither PoW nor PoS lets an attacker unilaterally rewrite monetary rules without the social layer (nodes, exchanges, users) following. A PoW cartel changing block limits or supply fails if users reject their chain. Same for PoS. Ultimate governance is social consensus in both models. 5) Concrete trade-offs (useful framing): PoW: strong history, simple model; attacks are rentable, censorship possible with pool/cartel; no slashing, relies on fee/issuance “security budget.” PoS (Algorand/Cardano): attacks require stake control over time; censorship needs ongoing majority participation; Algorand adds private VRF committees + deterministic finality; Cardano uses probabilistic finality with a big, diverse SPO set. So the real question isn’t “PoW can’t be censored and PoS can.” It’s: Do you prefer a security budget paid in external energy (rentable) or in internal capital (stake that’s costly to hold and visible)? Both depend on decentralization of their respective power centers (pools/ASICs vs stake custody/pools), and both ultimately answer to users.

Kindly-Inspector1131

Jesus Christ man what is wrong with you? I’m sorry do you not do any research at all? Seriously!! I don’t understand how stupid this world has become!! Just bloody research it man!!! For Gods sake! Sha256 is a NSA project from the fucking 90’s!! This is decades old shit! Ecash is decades old! You think bitcoin is the first one and only? No!!! It’s been done before. America was always going to fail eventually. Most empires last around 250 years or so. You can’t keep printing money to no end. We’ve seen that play out before. So China and Russia and Indian are joining forces which makes it very bad financially for America. Saudi Arabia had a contract with America for the last 75 years. It was the petrodollar contract. That’s what kept America so powerful. The contract ended last year. Trump wanted to renew it. The Saudi said no. Do you understand the level of impact that had?? A 75 year contract ended. Now all trades will be done in local currency. This is all public knowledge, there’s no weird hidden secret here. The dollar has lost significantly over the past few decades and now it’s spiralling out of control. America can not keep printing money. We are at 38 trillion. If China decides to stop dealing with America, then it’s done. USA will crash completely. There will be riots and civil unrest. America needs the world to use their money to stay alive and rich. America does not provide the majority of the world with anything. Asians and Arabs can deal with everything they need from their side of the world. America is a useless country to the rest of the world. That’s a fact. China India Russia can provide all of their neighbours with everything. We have all the oil on our side. We have everything we need here. The only reason America is in Middle East was the petrodollar contract. That’s done. That’s why trump is flip flopping with tariffs! He knows that they can afford to lose him now. They don’t need America. China is 1000x better than America in every single way. They’ve just made the fast car on Earth. And it’s electric. China will provide Asia will all the new tech. Cars. Computers. Ai. Medical. You name it. America is done. You guys will have to lick each others asses now and eat hamburgers all day. By the way why do you think he’s attacking South America. America needs it to survive. This is ALL PUBLIC KNOWLEDGE. Ecash was the first peer to peer exchange. It didn’t work out. Bitcoin is the second version. SHA256. This runs on the NSA NETWORK. They created it. It’s public fucking knowledge! Who created SHA256??? If you don’t know what that is then you are far from home. And I can’t help you. Grow up. Also while you’re doing for research…find out what satoshi nakamoto actually translates to from Japan to English. If that doesn’t wake you up well then goodluck in your bubble. THIS IS ALL PUBLIC KNOWLEDGE.

RetiredAvocado

Network hashrate is not a value that can just be read. It is estimated. So when estimate says 1.2 ZH/s, is it counting sha256 hashes, or is it counting the entire operation SHA256(SHA256(Block_Header))? The latter would imply there are actually twice as many sha256 hashes done to equate to reported network hashrate of 1.103 ZH/s.

platinumarks

The only thing he understands about SHA-256 is that the number is 250 above the age of people he likes to "hang around with."

riscten

Exactly. They're already thinking of making fusion cheaper by generating gold as part of the process. Gold would basically be waste that they'd dump on the market to help offset the costs of running a fusion plant. Not only is there's a much clearer path to this process being viable than there is to breaking SHA-256 with QC, but Bitcoin can adapt to QC, while gold can't fight against excess supply. https://www.marathonfusion.com/

jgupdogg

If quantum can crack SHA256 encryption we are all fucked. Not just bitcoin

mordeng

Gotcha. Mixed up SHA-xxx with RSA and asymetrical procedures (which SHA is not)

CatatonicMan

Uh... no. I don't think you understand just how much more difficult 512 is than 256 (or 1024 than 512). Grover's Algorithm has the advantage of finding a SHA collision in the square-root of the input length - so it will only take, on average, 2^(128) operations to crack SHA-256, a massive speed up. But it will still take 2^(256) operations to crack SHA-512. That's not *twice* as hard as SHA-256; that's *3.4 \* 10**^(38)* times as hard.

CatatonicMan

The difference between "secure" and "insecure" is, fundamentally, the time it takes to crack something. For SHA specifically, a quantum computer will halve the bit length for the purposes of similar security. So a QC could crack SHA-256 in the time it would take an equivalent conventional computer to crack SHA-128 (and SHA-512 like SHA-256, etc.). So the takeaway is that if you throw enough bit-length at SHA, it'll be secure even against quantum computers.

mordeng

I call bullshit. How's any SHA quantum-safe? Just adding multiple layers on top just makes it a little bit harder

TedW

[Here's their claim for dice](https://duel.com/fairness?returnTo=/dice): >Before each round begins, our house games generate a: Server seed - a random string provided by us Client seed - a random string provided by you Nonce - a number that increases with each bet We then send you the hex-encoded SHA-256 hash of our server seed before you place your bets, to prove we won’t change our minds. Then we combine all of these values to generate a random result for each round: Fair result = Server seed + Client seed + Nonce By allowing you to include your own client seed, players can have a direct impact on the outcome of the game. I couldn't find example values to test these, but off the top of my head I wonder: 1. Are we sure the client seed is really from the client? 2. Can we run the "fair result" calculation ourselves (without using their site)? 3. Do they always use the same calculation (not just 95% of the time or some nonsense like that)? 4. Are they pig butchering? Or making money from data collection and ads? On the [verify page](https://duel.com/fairness/verify?returnTo=/dice) they have a snippet of JS that looks ok at a glance (just math, no API calls or libraries), and might be used to satisfy #2. Note: I'm a skeptic and not a gambler, so I naturally look for scams at sites like this.

Alfador8

The advantage is that quantum resistant algorithms are not nearly as battle tested as SHA256. The longer we wait, the more reasonable it is to believe the quantum resistant algorithms are secure, because more time will have passed without them being broken.

Pagan6187

# Missed Bitcoin at $1? Here’s Something Different # Most of us have heard the stories about Bitcoin back when it was under a dollar — a time when almost nobody believed it would matter. That era is long gone, and no one expects it to come back. But there’s a new project that’s taking a similar path from the very beginning: **BC2 (Bitcoin II).** It’s built from the same base code as Bitcoin, using **SHA-256 Proof-of-Work**, the same **21 million limit**, and the same **halving schedule.** No meme branding, no shortcuts — just a clean restart of the original idea. Right now it’s trading around $0.95, roughly the price of a coffee. What’s interesting is that BC2 isn’t trying to replace Bitcoin or reach its price. It’s not about competing — it’s about revisiting what made the first network special in the first place: fairness, simplicity, and transparency. The community is small but active, with miners, developers and early holders helping shape the network from the ground up. Everything’s transparent; you can check the explorer and live dashboard at bitcoin-ii.org. It’s already listed on **CoinEx**, so it’s more than just a whitepaper idea. No one here is pretending this will become the next Bitcoin — that’s not the goal. The point is to rebuild the same foundations, start fresh, and see what can grow when things are still open enough for individuals to make a real impact. bitcoin-ii.org

Pagan6187

Missed Bitcoin at $1? Here’s Something Different Most of us have heard the stories about Bitcoin back when it was under a dollar — a time when almost nobody believed it would matter. That era is long gone, and no one expects it to come back. But there’s a new project that’s taking a similar path from the very beginning: **BC2 (Bitcoin II).** It’s built from the same base code as Bitcoin, using **SHA-256 Proof-of-Work**, the same **21 million limit**, and the same **halving schedule.** No meme branding, no shortcuts — just a clean restart of the original idea. Right now it’s trading around $0.95, roughly the price of a coffee. What’s interesting is that BC2 isn’t trying to replace Bitcoin or reach its price. It’s not about competing — it’s about revisiting what made the first network special in the first place: fairness, simplicity, and transparency. The community is small but active, with miners, developers and early holders helping shape the network from the ground up. Everything’s transparent; you can check the explorer and live dashboard at bitcoin-ii.org. It’s already listed on **CoinEx**, so it’s more than just a whitepaper idea. No one here is pretending this will become the next Bitcoin — that’s not the goal. The point is to rebuild the same foundations, start fresh, and see what can grow when things are still open enough for individuals to make a real impact. bitcoin-ii.org

Pagan6187

Missed Bitcoin at $1? Here’s Something Different Most of us have heard the stories about Bitcoin back when it was under a dollar — a time when almost nobody believed it would matter. That era is long gone, and no one expects it to come back. But there’s a new project that’s taking a similar path from the very beginning: **BC2 (Bitcoin II).** It’s built from the same base code as Bitcoin, using **SHA-256 Proof-of-Work**, the same **21 million limit**, and the same **halving schedule.** No meme branding, no shortcuts — just a clean restart of the original idea. Right now it’s trading around $0.95, roughly the price of a coffee. What’s interesting is that BC2 isn’t trying to replace Bitcoin or reach its price. It’s not about competing — it’s about revisiting what made the first network special in the first place: fairness, simplicity, and transparency. The community is small but active, with miners, developers and early holders helping shape the network from the ground up. Everything’s transparent; you can check the explorer and live dashboard at bitcoin-ii.org. It’s already listed on **CoinEx**, so it’s more than just a whitepaper idea. No one here is pretending this will become the next Bitcoin — that’s not the goal. The point is to rebuild the same foundations, start fresh, and see what can grow when things are still open enough for individuals to make a real impact. bitcoin-ii.org

Notrustjustverify

Well but at the same time if you’re talking about quantum computing breaking SHA256 encryption, BTC is the last thing you’ll worry about.  That level of quantum will collapse world economies, and also everything related to military and space (which will be a war scenario) and also to mention NO single bank or encryption service has any defense against quantum yet, so yeah.

Own_Yogurtcloset7234

Quantum computing cracking SHA-256 will mean the entire world is in trouble. Bear cases that are similar to the zombie apocalypse or aliens invading will be troublesome because that risk applies to everyone... APPLE, GOOGLE, AMAZON, GOVERMENTS, etc. So that risk isn't valid to counterargue BTC, as all tech is under fire. And we live in a tech world I personally think quantum computing is not a worry, we are very far away from that finishing development which is what I gather from what I have researched into it

RetiredAvocado

Bitcoin keys use ECDSA. SHA is used primarily for mining. It has nothing to do with "seizing" or "cracking" bitcoin keys.

TheGreatMuffin

All of those are centralized and can roll out updates very quickly, compared to the bitcoin ecosystem. Or even reverse changes. So not a great comparison. However, OP being concerned about SHA256 is not relevant either, since SHA256 is considered to be quantum resistant. The more interesting issue is the ECDSA algorithm, which is *not*.

Choice-Biscotti8826

Yup. That’s the issue. In Satoshi’s time SHA-256 PoW itself seemed amazing. He assumed as everyone did that Moore’s law would stay in effect allowing decentralization of mining to happen naturally. Basically he thought that in 2020 the computers would be to 2000 as 2000 was to 1980. Oh boy was he wrong.

binary_quasar

Lmao the people worried about quantum have to either be too young to understand that if SHA-256 gets cracked, the entire internet would break. Not just crypto, but banks, governments, wall street, hedge funds, literally almost everyone would be at risk because most of the internet cryptography is SHA-256. Or they have to be too old and are just parroting anything they hear that sounds smart and edgy. Quantum resistant cryptos might be necessary someday, but investing in them now is like investing in a future where the entire infrastructure of the internet must be changed to continue operating securely. It's a doomer bet. The reality is that even if quantum computers could Crack SHA-256, literal governments would have interest in stopping it until they figure out a quantum resistant solution based on data and evidence and not just their cryptography algo they *think* will be robust enough to be quantum resistant.

ChillerID

I wouldn’t say that. Depends on what encryption is in use. ECDSA will be cracked first. SHA-256 will be broken but it will happen later. When it comes to most cryptocurrencies, the lowest hanging fruit for quantum computers is ECDSA. For example, around 25% of all Bitcoin would be in immediate danger, including Satoshi’s coins. The concern is that those wallets could be compromised and the coins dumped on the market. El Salvador recently moved its holdings to new wallets that are better protected, though not quantum resistant in the long term. It’s worth noting that quantum resistant cryptocurrencies already exist. For instance, QRL, which was mentioned in the article, is designed to be secure from the first block, built entirely around quantum safe cryptography. All future crypto must be or become quantum resistant in one way or another.

crunchyeyeball

I've not tried running your code, but what's your implementation giving you? In what way is it failing? Every time I've played around with block hashing, it's been byte ordering & big-endian versus little-endian representation which has most often tripped me up, so that's something to double check. Also, mempool.space has a useful API for getting block data, e.g.: https://mempool.space/api/block/000000000019d6689c085ae165831e934ff763ae46a2a6c172b3f1b60a8ce26f/header ...returns the block header for the genesis block: 0100000000000000000000000000000000000000000000000000000000000000000000003ba3edfd7a7b12b27ac72c3e67768f617fc81bc3888a51323a9fb8aa4b1e5e4a29ab5f49ffff001d1dac2b7c ...which gives the original block hash of (reverse byte order): 6fe28c0ab6f1b372c1a6a246ae63f74f931e8365e15a089c68d6190000000000 ...after applying SHA(SHA()).

TheGreatMuffin

No, GPUs are completely worthless for bitcoin mining, as it cannot compete with ASICs (very "dumb" chips which are optimized for one and only one purpose: to find "correct" SHA256 hashes)

coinfeeds-bot

tldr; The Monero GUI 0.18.4.3 'Fluorine Fermi' has been released, offering enhanced protection against spy nodes when using a local node. Key updates include support for Ledger Flex, Qt 5.15.17, and P2Pool v4.11, along with minor bug fixes. The release involved contributions from four developers and includes 18 commits. Binaries are available for Windows, macOS, and Linux, with verification guides provided. Users are encouraged to verify downloads using SHA256 hashes and GPG signatures to ensure authenticity. *This summary is auto generated by a bot and not meant to replace reading the original article. As always, DYOR.

Left_Pool1557

Probably yes! Chinese are actively working on Quantum Computing to break SHA256 codes, there is a reason for massive green limitless energy

hunnus1

IONQ reached 64 qbits earlier than expected and their roadmap is aggressive they expect to read 2,000,000 qbits in 2030s. The companies they bought out are really interesting from satellite quantum internet to diamond lenses used for stabilizing the ions. QRL has been quantum resistant since 2018 and the whitepaper was established in 2016. Since genesis of QRL its quantum resistant. Oddly the price movement of quantum stocks and QRL price have been comparable. It’s not the SHA-256 people need to worry about it’s the ECDSSA that’s used in majority of all blockchains.

Budo00

Bitcoin is not backed by a government, a physical asset like gold, or a central bank. Instead, its value is maintained by a combination of a decentralized network, a fixed supply, and its technological security. Decentralized network No central authority: The Bitcoin network operates on a global, peer-to-peer network of computers called nodes. This distribution means no single person or entity, such as a government or corporation, has control over it. This decentralization makes the network resistant to censorship and shutdowns. Rules and incentives: Participants in the network—both miners who secure it and users who run nodes—are incentivized to follow the network's rules. Adhering to the protocol is profitable, while attempting to cheat or alter the rules is not, as a majority of the network would reject the changes. Fixed and scarce supply Hard cap of 21 million: The Bitcoin protocol has a hard-coded limit of 21 million bitcoins that can ever be created. Predetermined issuance schedule: New bitcoins are issued on a predictable, fixed schedule. The rate of new supply is cut in half approximately every four years in an event known as "the halving," which is enforced by the code and publicly verifiable. Scarcity and demand: This predictable and finite supply, combined with adoption and demand, is a key driver of its value. Some compare this feature to the scarcity of physical gold. Cryptographic security and energy consumption Secure transactions: Bitcoin uses cryptographic algorithms, such as SHA-256, to protect ownership and validate every transaction on the network. This makes it virtually impossible for someone to forge a transaction. Energy-backed security (Proof-of-Work): "Miners" compete to validate new blocks of transactions by expending vast amounts of computing power and electricity in a process called "Proof-of-Work". This energy expenditure secures the network and makes it extremely difficult and expensive to attack. Immutable ledger: All transactions are recorded on a public, distributed ledger called a blockchain. Because each new block of transactions is linked to the previous one with a cryptographic hash, altering any past transaction would require re-mining every subsequent block, which is computationally infeasible.

CUbuffGuy

So funny people constantly bring this up… we can migrate to quantum safe encryption long long LONG before we are able to crack SHA256. The way encryption schemes work is that it is always trivially easy to increase complexity, while going backwards is always magnitudes of complexity larger. The downside is that it generally slows down whatever process you are running encryption on. By the time we have computers that can break SHA256, we will have more than enough compute to perform well on quantum safe encryption. The methods already exsist, they are just cumbersome in our current age.

Romanizer

Yes, we have about 20-30 years left for SHA256 until the best quantum computers have a chance to crack it. They need to increase their qubits from currently 100 to about a million times more than that. If public keys are exposed, this may happen earlier. But yeah, Bitcoin works with currently available, good encryption mechanisms. If mechanisms come along that are orders of magnitudes better, they need to be incorporated.

1ncehost

Bitcoin is great, but a sufficient number of qubits on a quantum processor is theorized to reduce the complexity of cracking SHA256 to the point that it can be done in a reasonable timeframe. We are many orders of magnitude of qubits away from doing that, but the fact that algorithmic complexity is a solvable problem fundamentally makes Bitcoin an incomplete solution.

brandonholm

SHA256 isn’t what you need to worry about, it’s already considered relatively quantum secure (ie: a quantum computer wouldn’t be able efficiently compete with classical ASICs at finding valid nonces). What you need to worry about is the elliptic curve cryptography used in signing transactions.

cryptolulz

It's as secure as SHA-256 gets brother 

longonbtc

That's not how Bitcoin works. 51% of the hashrate cannot agree to increase the maximum supply of BTC or change any of the other consensus rules. The maximum supply of BTC would not change even if 99% of the hashrate wanted to increase the maximum supply of BTC. Increasing the maximum supply of BTC would require a hard fork and that would create a new altcoin with its own separate blockchain, but only as long as some cryptocurrency miners are willing to mine this separate altcoin. Bitcoin would still exist with its own separate blockchain and nothing about Bitcoin would have been changed. In fact, this has already happened many times. There have already been more than a hundred altcoins that have been created by forking off from Bitcoin. You've heard of a 51% attack before and you came up with this incorrect idea in your head that it only takes 51% of the hashrate to agree to change the consensus rules or increase the maximum supply of BTC. That's just not how Bitcoin works. A single miner and node can change the consensus rules, it doesn't take 51% of the hashrate, but that wouldn't change Bitcoin. It would create an altcoin that has forked off from Bitcoin. And this has already happened many times. A 51% attack does not enable the attacker to change the consensus rules. A 51% attack would be pointless because a successful 51% attack would only enable them to reverse their own transactions and double spend their own coins. This would be temporary and it would cause them to waste a fortune on electricity because they wouldn't even receive the block reward or transaction fees. And an attacker would need an incredible amount of SHA-256 hashing ASICs to control at least 51% of Bitcoin's hashrate. They would need far more SHA-256 hashing ASICs than are available to purchase.

Severe-Masterpiece61

Because mining blocks is memory-less. You apply SHA-256 to strings until one works, but previous attempts don't help you for future attempts. That's why it's called memory-less. And memory-less phenomena follow exponential laws

Maybe_Factor

Unfortunately, that's not the way that bitcoin is vulnerable to quantum computing. You could only do this if you'd cracked SHA-256, which isn't known to be vulnerable to quantum computing. The actual way quantum threatens bitcoin is by calculating private keys from public keys. So insta-mining is a no-go, but stealing from Satoshi's wallet is entirely feasible.

dezorg

Wouldn’t we just fork? With … 4 ROUNDS OF SHA-256 THIS TIME !! HA HA!!

dangerzone2

SHA-256 is already dubbed quantum safe. A bunch of coins already use it. HBAR is one of them.

Pfdtup

The 25th words are calculated with the SHA256 of 3 random bits + the 253 bits represented by the first 23 words. We convert the first 2 exadecimal characters of the hash into decimal and that gives the order on BIP39 Since the 253 bits of the first 23 words are frozen, only the 2^3 possibility of 3 random bits remains to try, so 8 possibilities A python script can give these 8 possibilities if we give it the first 23 words.

jqs1337

Billion dollar bounty and you think no one gonna try and break it. SHA256 cracking is only a matter of time. Let’s see what happens in the future.

jqs1337

Brute forcing is the SHA256 encryption break; specifically used with a quantum computer.

jqs1337

Lots of old wallets coming to life after being dead for quite some time. If SHA256 encryption was broken this is what it would look like.

balaena7

there are two components: 1. the mining procedure to find blocks relies on hashing (compiling a block, incrementing a nonce until enough leading zeros)... currently this is relying on SHA256... this is inherently not in danger in terms of quantum computing... and it can also be updated easily.. 2. signing transactions, verifying ownership... this relies on elliptic curve digital signature algorithm (ECDSA) and is not quantum safe... it could be updated to new ECDSA algorithms that are post quantum ... so new addresses would actually be safe... for everyone who is capable of moving funds to a PQ-ECDSA address this would be a good solution... the problem: what about addresses that do not transfer to PQ-ECDSA addresses, they would be looted by quantum computers at some point...

balaena7

there are two components: 1) the mining procedure to find blocks relies on hashing (compiling a block, incrementing a nonce until enough leading zeros)... currently this is relying on SHA256... this is inherently not in danger in terms of quantum computing... and it can also be updated easily.. 2) signing transactions, verifying ownership... this relies on elliptic curve digital signature algorithm (ECDSA) and is not quantum safe... it could be updated to new ECDSA algorithms that are post quantum ... so new addresses would actually be safe... for everyone who is capable of moving funds to a PQ-ECDSA this would be a good solution... the problem: what about addresses that do not transfer to PQ-ECDSA, they would be looted by quantum computers at some point...

stellarfirefly

Heard about the estimated 3-4 million lost $BTC that people already say exist? That's what happens when keys are lost or forgotten. Those satoshis are basically lost forever, barring a QC cracking SHA-256. But it also means greater scarcity and thus greater valuation for the $BTC that are not lost.

Heypisshands

It is now seen as a store of value to many and it might still be seen this way long into the future. In the near future, quantum attacks could force alot of global databases to run on a DLT, there are other cryptos that could faciitate this. The other cryptos would need to be really secure and would also need to be exceptionally efficient. Only one crypto is both the most secure (aBFT, SHA384) and at the same time it is the most effiicient, 1 billion transactions uses only 3000kwh. As the digital world evolves there could be a few cryptos that succeed for a long time.

Suitable-Brother-433

Have you ever heard that satoshi might be the NSA, who invented the SHA256 8 years before Bitcoin was born by a mysterious creator never known.

crunchyeyeball

> when sha encryption is finally breached SHA is not encryption. It's a hash function.

CBpegasus

With modern pay-to-public-key-hash (as opposed to the old pay-to-public-key) addresses, it is indeed the case that the act of receiving funds does not expose the public key on chain, only its SHA256 hash which is the address - and SHA256 hashes are not thought to be reversible by quantum computers. So yeah theoretically if you only receive funds you'd be safe - but you will want to spend eventually. Despite hodl culture, Bitcoin is only worth something if you're able to eventually use it. When you do use it, the public key does get exposed on chain. Now it is common wallet behavior to move any unspent funds to a new address, which is mostly meant to help with privacy but actually can help a bit with quantum security as the new address is again an address which only ever received funds and doesn't have its public key exposed. The issue though is the in-between period between sending the transaction out with the public key, until it is finalized - which is at least 10 minutes but can be more. In that time period a quick enough quantum computer could crack the key and try to get a different transaction accepted, say transferring all funds to a wallet owned by the QC's owner. It would be a while until quantum computers that are powerful enough exist, but we'll probably get there eventually and if Bitcoin doesn't change its signature scheme by then, no one will be able to transfer funds safely.

blueriverbear23

Yep one exploded and SHA259 is now unencrypted.

Pannycakes666

Did the bombs print more Bitcoin? Did they crack SHA256? Did they change Bitcoin in any fundamental way?

Sure_Hedgehog4823

There’s actually 0 evidence it was any of them. They were all involved but 0 evidence it was them. And they’ve all denied it lol. Not sure why CIA or government involvement gets people so worked up. In my opinion that is most logical considering NSA connections with SHA256.

GIGAbtcHodl

Quantum computers might crack Bitcoin’s ECDSA signatures someday, but a real threat is 10+ years away. Bitcoin can upgrade to quantum-resistant algorithms via soft forks, and hashing (SHA-256) is tougher to break. The network adapts - it won’t go to zero!

Particular-Edge-7666

you should probably be more concerned about the nuclear control systems that are also using SHA-256... i don't think it's going to be a problem.. encryption will evolve w/ it it goes both ways... But yeah if that hypothetical scenario were true, then all the nuclear missle control systems that are using it might be a bigger concern, the fact no one is worried about that tells me it's not actually realistic FUD it's just noise...

northernguy

You're getting down votes, but I [think.you](http://think.you) are exactly correct. You make a SHA cracking computer or whatever and immediately go rob a bank? FBI knocks on your door and you go to jail. If you don't tell anyone else, though and pick off a few wallets here and there, you become a trillionaire, but will need to convert to gold quickly before the news gets out.

TaxPossible5575

Quantum computing is definitely a valid concern, but it’s not a “BTC goes to zero” scenario. A few key points: 1. Quantum breaks a lot more than Bitcoin. If quantum computers could easily break current cryptography, it wouldn’t just be BTC—it’d be the entire internet: banking, military comms, SSL/TLS, credit cards, government secrets, everything. That’s a much bigger incentive for society to move fast on quantum-resistant cryptography long before it threatens Bitcoin specifically. 2. Bitcoin is adaptable. The cryptography used today (ECDSA, SHA256) could be upgraded via soft or hard forks to quantum-resistant algorithms (lattice-based, hash-based, etc.). Bitcoin has already upgraded critical parts of its protocol before (SegWit, Taproot). Changing signature schemes is technically challenging but very possible—especially if the alternative is obsolescence. 3. Quantum isn’t “right around the corner.” Practical, large-scale quantum computers that could break Bitcoin’s cryptography aren’t expected anytime soon. Estimates vary from decades away to potentially never. And cryptographers are already preparing post-quantum standards (NIST has finalists ready to deploy). 4. Economic game theory matters. Even if quantum computers existed, miners, devs, and users have every incentive to coordinate a rapid migration to post-quantum crypto. Bitcoin’s decentralization and network effects make that possible. So Bitcoin doesn’t just instantly go to zero in that world—it evolves. The real risk would be for anyone who reuses addresses or leaves coins in exposed public keys, but even that can be mitigated if upgrades are rolled out before quantum breaks become practical. TL;DR: Quantum is a threat to all modern cryptography, not just Bitcoin. Bitcoin has the adaptability, incentives, and lead time to transition to quantum-safe algorithms if/when needed.

snakefighting

I already had this debate so here are some facts that I’ve kept for these purposes: What quantum actually threatens: * **Elliptic Curve Digital Signature Algorithm (ECDSA)** Bitcoin uses ECDSA (over secp256k1) for wallet signatures. * **Quantum threat:** Shor's algorithm could, in theory, recover a private key from a public key in polynomial time. * This matters *only after* a public key has been revealed (e.g. when you spend coins). Funds at addresses that have never been spent from (hashes of pubkeys) are safer, since SHA-256 and RIPEMD-160 aren't easily broken by quantum at practical scale. ### 2. What Bitcoin can do * **Upgrade to quantum-resistant signatures** The main defense is to migrate from ECDSA to a post-quantum signature scheme (e.g. lattice-based like Dilithium, hash-based like XMSS, or multivariate/ quaternionic systems). * Bitcoin has a precedent: Taproot introduced Schnorr signatures via a soft fork. Similar governance and consensus could transition to PQ signatures. * Migration could be done gradually: wallets update, miners enforce, and eventually the network accepts only PQ signatures. * Current quantum hardware is nowhere close to breaking Bitcoin. Estimates suggest you'd need millions of stable qubits to run Shor's algorithm against secp256k1 in the necessary time window - far beyond 2025 capabilities. * Cryptographers assume at least a 10-20 year window before "large-scale" quantum exists, if ever. Bitcoin governance tends to move slowly, but it's widely acknowledged that a PQ upgrade will eventually be necessary. Yes, Bitcoin can defend itself. The primary move would be transitioning from ECDSA to a post-quantum signature scheme through a soft fork or similar upgrade. Until then, the best practice is to avoid reusing addresses. Quantum isn't an imminent threat, but the ecosystem is already preparing for post-quantum cryptography.

neiped

Why create the anti-dollar cryptocurrency as the government? Just because they were able to come up with the SHA-256 algorithm to upgrade the previous cryptography algorithms, doesn’t mean they have a monopoly on ideas to apply it or that they would do so in a way that Trojan horses the dollar.

Shift_Tex

I was researching SHA256 algorithm which was developed by the NSA. Why not go a step further if you’re the government?

nyetsub

Not yet. The algorithm isn't there yet. Shor's is only for finding factors. There's no algorithm for reversing the irreversible SHA because SHA is hashing (not encryption). Double SHA makes the impossible even harder.

sluuuurp

Pretty sure it’s impossible to avoid typing your passphrase into any electronic device, unless you’re running SHA256 by hand for every transaction. If you mean internet connected device, then yeah I kind of agree.

Alarming_Copy_4117

Quantum computing cracking the SHA-256

allnightscroller

Thanks for the response, but ignoring well-documented historical context around Bitcoin’s origins is, in itself, a form of selective propaganda. Bitcoin didn’t emerge in a vacuum. As early as 1996, the NSA published a paper titled “How to Make a Mint: The Cryptography of Anonymous Electronic Cash”, outlining most of the core principles Bitcoin would later use — anonymous transactions, proof-of-work, public key cryptography, and decentralized clearing mechanisms. Even SHA-256, Bitcoin’s foundational hash function, was developed by the NSA. That’s not a coincidence — it’s a familiar pattern: first military-grade innovation, then "public release" and civilian adoption. It happened with GPS, the internet, Tor — and now Bitcoin. Bitcoin’s whitepaper didn’t invent these ideas from scratch. It’s built on technologies like Hashcash (Back), b-money (Wei Dai), and Bit Gold (Szabo) — all either directly linked to government-funded cryptographic research or operating within adjacent academic-military spaces. Add to that the fact that “Satoshi” never revealed their identity, disappeared immediately after launch, and left their coins untouched to this day — this has all the hallmarks of a well-structured op, not a rogue genius coder. Bitcoin wasn’t a spontaneous revolution. It was a carefully deployed protocol. Not to destroy the system — but to back it up.

loupiote2

Not sure what you mean by password. Was it a wallet using a private key obtained by hashing a password through SHA256? Was it a wallet using a website or service?

Sammas41

You are confusing hashing and cryptography. SHA-256 is a hashing function, not a cryptographic one. Also SHA-256 is quantum resistant, quantum computers provide only a small speed boost if you are searching for collisions. Quantum computers break ECSDA which is the cryptographic algorithm used to sign transactions in Bitcoin. Anyway, raw public keys are not used anymore as Bitcoin addresses, now they used a different protocol to produce those addresses which involves ECDSA and hashing functions. Even if someone was able to break ECDSA, your bitcoin would still be safe because no one knows how to invert SHA-256 and quantum computers won't help you to do that, only very old wallets which used raw public keys addresses are in danger

waxwingSlain_shadow

Physical qubit counts have been roughly doubling every year or two, and are on track to “break cryptography”, specifically SHA-256, by about 2030. Except breaking SHA-256 requires *logical* qubits, too, which are growing or progressing or scaling whatever in the opposite direction; the pace is slowing. The development of *logical* qubits is such that it will never break SHA-256.

pop-1988

> In a deliberate effort not to pick blockchain favorites, the department put out Thursday's data via Bitcoin, Ethereum, Solana, TRON, Stellar, Avalanche, Arbitrum One. Polygon PoS and Optimism, identifying the transaction hashes for each in its announcement But Coindesk has some policy about not linking to the announcement. Here is the announcement, complete with txID hashes for each blockchain https://www.commerce.gov/news/press-releases/2025/08/department-commerce-posts-2nd-quarter-gross-domestic-product-blockchain For example, Bitcoin ... https://blockstream.info/tx/fcf172401ca9d89013f13f5bbf0fc7577cb8a3588bf5cbc3b458ff36635fec00?expand They didn't publish the PDF on blockchains. The published the SHA256 hash of the PDF. Immutable? Sure. But that won't stop El Presidente from firing any official who posts honest numbers

Txalata

In case it helps, I recovered an old Bitcoin Core wallet by guessing the password. A friend hadn't been able to access it for years because he forgot it. He gave me the SHA256 hash of the password, which can be obtained from the same file. The password is the one that can be generated by that hash, and that's what you have to guess. I spent a weekend with Hashcat and my RTX3070, several dictionaries and rule files, and a special dictionary completed by my friend with words that could be at least part of the password. First thing Monday morning, Hashcat found it :)

Crazy-Intern6500

"Сатоши Накамото" это те же люди что создали протокол шифрования SHA, загугли и сразу станет все понятно кто всем рулит

TheAudacityofHopium

I actually agree with you to an extent. It will take many decades before we have a quantum computer with enough stable qubits to be able to crack anything, including SHA256. But yeah - you should definitely refrain from being rude when someone disagrees with you. It makes more sense to just provide an explanation why they are wrong, and a source or a few sources to back it up. It doesn't need to be a verbose explanation, just enough to bolster your points.

MarketFireFighter139

Bitcoin uses cryptography, SHA256? That algorithm is what does the hashing of the network so we can all verify our transactions on blocks.

Heypisshands

I dont, i concentrate on the most likely to succeed long into the future. The most efficient (tiny amounts of power usage per transaction) combined with the most secure ( aBFT, SHA384) means you only need one token in your portfolio. Can you guess what it is yet?

the_fattest_mitton

This. 1. ‘Omg quantum computers’. Yea… but once QCs can break SHA-256, Bitcoin upgrades to SHA-512 and the chase continues. 2. If QCs are able to break SHA-256, we’ve got bigger problems than money. Breaking SHA-256 could mean hacking into almost anything. Nuclear warheads, nuclear power plants, the electric grid, hydropower, communications, GPS, security systems, everything. At that point, why take people’s money when you can deactivate an entire nation effectively removing them from global society.

Nefiji

Most cryptocurrencies are based on the secure hash algorithm, specifically SHA-256 or higher, which is still incredibly secure as of todays standards. Maybe quantum computers will make it obsolete one day, but blockchains will also be able to upgrade their protocols in time, too. So worrying about this now is like worrying about how your current computer OS will be outdated in 10 years from today. Duh, that's why we upgrade stuff.

Alfador8

Yes. You're right. The problem is that it would require a hard fork, and there isn't enough motivation (for good reason) currently to fork the network. Also, the quantum resistant algorithms are much less battle tested than SHA256. Why switch to an algorithm that is relatively unproven before it's necessary? By the time it becomes a more pressing issue, the quantum resistant algorithms will have had more time to prove themselves secure.

modrobert_

There is no advantage using quantum computers to brute force vanity SHA-256 hashes in Bitcoin, it's not related to symmetric ciphers. Securing the blocks in the chain relies on a one-way hash which has been brute forced to include leading zeroes (aka Bitcoin mining) by changing a nonce value. The more leading zeroes in the hash, the higher the mining difficulty.

modrobert_

There is no advantage using quantum computers to brute force vanity SHA-256 hashes in Bitcoin, it's not related to symmetric ciphers. Securing the blocks in the chain relies on a one-way hash which has been brute forced to include leading zeroes (aka Bitcoin mining) by changing a nonce value. The more leading zeroes in the hash, the higher the mining difficulty.

modrobert_

There is no advantage using quantum computers to brute force vanity SHA-256 hashes in Bitcoin, it's not related to symmetric ciphers. Securing the blocks in the chain relies on a one-way hash which has been brute forced to include leading zeroes (aka Bitcoin mining) by changing a nonce value. The more leading zeroes in the hash, the higher the mining difficulty.

bongosformongos

Because it's bs. Bitcoi. Can be updated too. It would need a fork to replace SHA but it's absolutely possible. And who the fuck wouldn't support a fork to keep their money secure? So there won't be that much of a hassle to get consensus.

zxr7

Here's one. But again, technicalities cannot be explained within a paragraph. OP needs to read the above books. It will take hours to get enlightened as it involves number if fields like: --Computer Science --Economics --Finance --Cryptography --Game Theory --Law --Philosophy --Ethics --Political Science --Cybersecurity --Software Engineering #### Here's a step-by-step explanation of how a Bitcoin transaction works from beginning to end, going from a simple view to more technical depth, one paragraph per topic: 1. How transactions are created and signed with private/public keys: When Alice wants to send 1 BTC to Bob, she uses her Bitcoin wallet (software) to create a transaction. Her wallet references previous transactions (called UTXOs — unspent transaction outputs) as the source of her funds. To authorize the transaction, Alice signs it using her private key. This signature proves ownership of the funds without revealing the private key. Bob’s public key (or more commonly, his hashed public key, i.e., his Bitcoin address) is used as the recipient in the transaction. The digital signature ensures the transaction is authentic and unalterable, and anyone can verify it using Alice's public key. 2. How transactions are broadcast to the network and stored in the mempool: Once Alice’s wallet creates and signs the transaction, it is broadcast to the Bitcoin network — essentially sent to nearby full nodes over the peer-to-peer (P2P) protocol. Each node that receives the transaction verifies it (e.g., checks that inputs are unspent and signatures are valid) and, if valid, stores it in a temporary area called the mempool (memory pool), which holds all pending transactions waiting to be confirmed. Transactions remain in the mempool until a miner includes them in a block. 3. How miners pick transactions and form a block: Miners are specialized nodes that gather transactions from their mempool to include in a new block. They typically prioritize transactions offering higher fees (satoshis per byte). A miner creates a block candidate that includes: a list of chosen transactions, a reference to the previous block (via its hash), a timestamp, and a special transaction called the coinbase transaction which pays the miner the block reward. The miner also prepares a block header, which will be used for the mining (Proof of Work) process. 4. How the nonce is generated and tested against the target difficulty: The miner’s main job is to find a value called a nonce (a random 32-bit number) such that, when hashed with the rest of the block header using SHA-256 twice, the resulting hash is less than a network-defined target value. This is what Proof of Work means. Miners iterate the nonce rapidly, hashing the block header each time, until they find a nonce that produces a hash lower than the target. Because the hash function is unpredictable, finding such a nonce is trial and error, requiring immense computational effort. 5. Who decides/assigns this target value (and how difficulty adjusts): The target value is not set arbitrarily; it’s derived from the network difficulty, which is adjusted every 2,016 blocks (roughly every 2 weeks). The goal is to keep the block time around 10 minutes. If blocks were mined too quickly in the last period, the difficulty increases (i.e., target becomes smaller); if too slowly, it decreases. This adjustment is automatic and calculated by all nodes based on timestamps in recent blocks. Thus, no central authority controls difficulty — it's algorithmically enforced by consensus. 6. How Proof of Work ensures consensus: Proof of Work ensures that only nodes which have done real computational work can propose new blocks. This discourages spam or malicious attempts to alter history. When a miner finds a valid nonce and broadcasts the block, other nodes quickly verify the work (easy to check, hard to do). The longest chain (most cumulative work) is considered the valid one. This decentralized, cost-intensive process makes it extremely difficult for any single entity to rewrite the blockchain, as they would need to redo the work of the majority. 7. How the block is validated by other nodes and added to the chain: Once a miner broadcasts a new block, other full nodes receive it and perform several checks: Is the hash valid (below the target)? Are all transactions valid? Does it properly reference the previous block? If the block passes validation, the node adds it to its local copy of the blockchain and removes the included transactions from its mempool. Then, the node propagates the new block to its peers. This ripple effect keeps the entire network synchronized with the latest agreed-upon chain. 8. How immutability is maintained (e.g., why changing one block breaks the whole chain): Each block contains the hash of the previous block in its header. This means that if you change anything in an old block (even a single bit), its hash changes, and thus the next block (which references that hash) becomes invalid. This effect cascades — you'd have to recompute the Proof of Work for that block and every subsequent block, which is computationally infeasible unless you control over 50% of the network’s hashing power (a 51% attack). This cryptographic linking makes the blockchain tamper-resistant and immutable. #####

pblokhout

Ha! I was about to write the exact same thing about the pen and paper until I read your comment. One thing though, doing SHA-256 by hand [is not easy](https://armantheparman.com/sha256/)!

alsoilikebeer

Quantum is usually not talked about as breaking the mining, as the difficulty is self regulated. Even if the entire world went to mine bitcoin with futuristic technologi it just turns up the difficulty. Quantum hacking to access old walleets is something that is talked about, but SHA256 that bitcoin uses is really really good and better than most of the worlds central banks and goverments use, so I would expect society to fall apart in other places before BTC. Bitcoin Core has also been developing quantum security for a while so I imagine it will be ready in good time.

CryptoMaximalist

Monero's CPU mined RandomX and Bitcoin's ASIC mined SHA256 would not have any crossover in hashrate capabilities. Bitcoin would also be at least 20x more expensive to attack

pop-1988

It doesn't affect Bitcoin in practice because there are no Bitcoin miners close to 50% The mechanism being discussed - secretly mining a series of blocks and releasing them all as a "surprise" to replace the chain tip - is useful for a few reasons 1. it defeats Satoshi's white paper mining risk calculations, because those calculations assume competition for each block, one block at a time. See section 11 "Calculations" 2. it defeats the double-spend victim's "wait 6 blocks" strategy if the replacement chain tip is more than 6 blocks long The definitive example of this method is the 2020 BTG double-spend attack https://gist.github.com/metalicjames/71321570a105940529e709651d0a9765 The theft works by depositing BTG to an exchange, buying BTC, withdrawing BTC - all during the regular miners making 6 blocks per hour. At the same time, the thief uses 51% mining hashes rented on NiceHash to mine 2 hours of blocks faster than the regular miners, and in these 14 blocks spending the same BTG to themselves instead of depositing it to the exchange. Then release the 14 blocks to the BTG node network. The nodes automatically replace that much of the chain tip because the new tip is a longer chain The thief gets to keep the BTG, and also keep the BTC bought on the exchange This worked on BTG because * BTG is not SHA256, not ASIC-mined, is only GPU mined * GPU mining hashes are available for rent on NiceHash and similar hash broker sites * BTG's price and hash rate means it only costs $1700 per hour to rent 51% hash rate for BTG * the exchange (Binance) wasn't smart enough to wait 30 blocks after receiving the BTG deposit (now they are) None of those conditions apply to BTC, but it's possible in the future, after the BTC price bubble bursts --- To clarify the Monero discussion, it's not possible there either, because Qubic doesn't control enough miners' hashes, and because its miners will switch from Qubic to another pool to prevent Qubic having 51% The pool only controls its miners' blocks if the miners don't switch pools. Qubic's malicious attempt drives away its miners Also Monero is CPU mined, not GPU mined, costs much more than a few thousand per hour to overtake the network, and because Monero CPU hashes are not easy to rent on NiceHash (at least, it's not possible to rent 51%)

Tip-Actual

there's also an infamous CME gap at $9.6k , yes that's $9.6k from back in 2020 ! Maybe we will close that once Quantum computers break SHA256 and BTC tanks...

Blockchainauditor

The process of mining is solving a "math" problem approximately every 10 minutes. "Proof-of-work involves scanning for a value that when hashed, such as with SHA-256, the hash begins with a number of zero bits." \- [https://bitcoin.org/bitcoin.pdf](https://bitcoin.org/bitcoin.pdf) As such, your washing machine or garage door will likely not be "mining" themselves, although they might contribute cycles to a processing pool. They tend not to have the oomph to assemble transactions into a block, iterate through nonces, and come up with the compliant hash. That's not to say that solo miners haven't won block awards recently, or that your smart refrigerator might not somehow come up with a hash with the necessary number of leading zeroes before anything else.

rockpaperbanana

[https://www.bitaddress.org/bitaddress.org-v3.3.0-SHA256-dec17c07685e1870960903d8f58090475b25af946fe95a734f88408cef4aa194.html](https://www.bitaddress.org/bitaddress.org-v3.3.0-SHA256-dec17c07685e1870960903d8f58090475b25af946fe95a734f88408cef4aa194.html)

Illustrious-Boss9356

Yes, banks would not be able to operate anywhere close to the way they do today. But my point was they have an easy fix, due to their centralization of authority, to fix the problem presented by the poster above. Bitcoin doesn't have an easy fix due to its decentralized nature. There are definitive advantages centralized systems have over decentralized ones. There are also disadvantages. I'm just pointing out that banks ending because of the above scenario is not the case. Bitcoin is much more exposed to quantum computing risk (less so the SHA2 function but more the ECDSA used for public/private keys) than banks are.

longonbtc

Mining bitcoin is only worth it if you have access to very cheap electricity. You want to be paying less than 10 cents per kilowatt-hour. And then you need to buy at least one efficient SHA-256 hashing ASIC. For example, the [Bitmain Antminer S21 Pro](https://shop.bitmain.com/product/detail?pid=000202504181244499833ha86cWe068B) is an efficient SHA-256 hashing ASIC that is relatively affordable.

edwardblilley

Sorta but not really. I asked grok and chat gpt for fun and this is their answer(skip to conclusion for tldr): Quantum computers pose a potential threat to Bitcoin's security, but the situation is nuanced and depends on the state of quantum technology and Bitcoin's response to it. Key Points: 1. **Bitcoin's Cryptographic Algorithms**: - Bitcoin uses **ECDSA (Elliptic Curve Digital Signature Algorithm)** for securing private keys and signing transactions, and **SHA-256** for mining and hashing. - Quantum computers could theoretically exploit weaknesses in ECDSA using **Shor's algorithm**, which can efficiently solve the discrete logarithm problem. This could allow an attacker to derive a private key from a public key, potentially compromising wallets if quantum computers become powerful enough. - SHA-256, used in Bitcoin's proof-of-work, is considered more resistant to quantum attacks. While **Grover's algorithm** could theoretically speed up hash cracking (reducing the time to find a hash collision by a factor of the square root), the impact on mining or double-spending attacks is less immediate and would require an infeasible number of qubits and error correction. 2. **Current Quantum Computing Limitations**: - As of August 10, 2025, quantum computers are far from capable of breaking Bitcoin's cryptography. Current quantum computers have limited qubits (e.g., IBM's largest systems have around 1,000 qubits, while breaking ECDSA would require millions of high-quality, error-corrected qubits). - Error rates, coherence times, and scalability remain significant hurdles. Estimates suggest it could take 10–20 years (or more) for quantum computers to reach the scale needed to threaten Bitcoin. 3. **Bitcoin's Defenses and Adaptability**: - Bitcoin's protocol can be upgraded via **soft forks** or **hard forks** to adopt quantum-resistant cryptographic algorithms, such as **post-quantum cryptography** (e.g., lattice-based or hash-based signatures). The NIST has already standardized some post-quantum algorithms (e.g., CRYSTALS-Dilithium, FALCON) that could be integrated. - Many Bitcoin wallets use addresses derived from public keys only when spending, meaning private keys are not exposed until a transaction occurs. This limits the window for quantum attacks unless public keys are reused (a practice discouraged by best practices). - The Bitcoin community is aware of the quantum threat and could implement changes proactively if quantum advancements accelerate. 4. **Practical Risks**: - Even with a sufficiently powerful quantum computer, hacking Bitcoin would require targeting specific high-value wallets with exposed public keys, which is a targeted rather than systemic attack. - A quantum computer capable of running Shor's algorithm effectively would also threaten other cryptographic systems (e.g., RSA, HTTPS), making Bitcoin one of many potential targets. - Economic and logistical barriers (e.g., the immense cost of building and operating such a quantum computer) may deter attackers, especially if Bitcoin adapts. 5. **Timeline and Speculation**: - Experts estimate that quantum computers capable of breaking ECDSA are at least a decade away, likely beyond 2035, based on current progress (e.g., IBM, Google, and others' roadmaps). - Posts on X and web sources (as of my last data) reflect mixed opinions: some alarmist claims suggest Bitcoin is at risk soon, while technical analyses (e.g., from cryptography experts) emphasize that quantum computers are not yet a practical threat and Bitcoin has time to adapt. - For example, a 2023 analysis by the Quantum Resistant Ledger team estimated that a quantum computer with ~10 million qubits would be needed to break ECDSA in a reasonable timeframe, far beyond current capabilities. Conclusion: Quantum computers could theoretically hack Bitcoin by breaking ECDSA, but this is not feasible with current or near-future technology (as of 2025). Bitcoin's community can mitigate this risk by adopting quantum-resistant algorithms before quantum computers become a threat. For now, Bitcoin remains secure, but vigilance and protocol upgrades will be crucial in the long term. If you want me to dive deeper into quantum algorithms, post-quantum cryptography, or specific X posts on this topic, let me know!

CBpegasus

Grover gives a quadratic advantage on reversing hash and breaking symmetric encryption. But still it is unlikely it would "break" most algorithms. SHA-256 for example - the classic search can reverse a hash in about 2^256 steps, Grover's improves that to 2^128 - but that is still unfeasible, it would take more time than the age of the universe to run. Now the main thing SHA-256 is used for in Bitcoin is the PoW mechanism (mining) and the quadratic advantage of Grover's can throw a wrench into that - but that would only be relevant when there is a single quantum computer (can't really join forces with other quantum computers as Grover's doesn't parallelize) that can run Grover's steps as fast as about a square root of the hash rate of the entire Bitcoin mining network... That would take a while to reach. Shor's algorithm on the other hand can break the ECDSA signature scheme used by Bitcoin and go from public key to private key. That is somewhat mitigated by the fact that modern addresses don't have their public keys on the chain until you spend funds, but still old Satoshi-era wallets can become loot, and even modern wallets can be attacked on the time window between sending a transaction and when it is finalized. This might also take decades to be feasible, I really don't know. But is a much more real concern than Grover's.

ulam17

SHA-256 and BIP39 are “quantum safe” if you’re talking about what quantum computers are capable of at this moment. But if quantum computers become what they’re projected to eventually become, no cryptographic standard that currently exists is safe, and saying buzz words you heard on a brocast isn’t going to change that.