SoloLuck

How Will Quantum Computing Affect Bitcoin Mining?

← back to pool

SoloLuck Blog · 2026-07-01

The short answer: mining is the strong part

You have probably seen the headline: quantum computers are coming to break Bitcoin. It is a dramatic story, and it gets the most important detail backwards. The part people usually mean by mining — the vast global search that secures each new block — is one of the most quantum-resistant pieces of the whole system. The part actually worth watching is different: the digital signatures that prove you own your coins.

Two different quantum algorithms are involved, and telling them apart unlocks the whole topic:

Both threats are still years away from any working machine, and when — if ever — one arrives is genuinely uncertain and debated among experts. This is a prepared-not-scared subject, so let us walk through the mechanism and leave you able to reason about it for yourself.

How mining works, and why quantum barely touches it

Mining is a giant guessing game. Miners take a block's data and run it through a one-way function called SHA-256 (twice, technically), changing a small number called a nonce each time, hunting for an output below a target value. There is no clever shortcut — each guess is an independent lottery draw. The machines that do this are ASICs: chips built to do nothing but SHA-256, unbelievably fast. Together the network makes on the order of a billion trillion guesses every second.

Grover's algorithm is a genuine quantum speedup for this kind of blind search, but only a quadratic one — roughly the square root of the work, not an instant answer. In practice that advantage never materializes for mining, for several independent reasons:

Myth to retire: the idea that a quantum computer will instantly out-mine everyone and break SHA-256. Neither is true. Grover only halves SHA-256's effective security — from about 256 bits to about 128 — which is still so vast that a machine doing ten billion operations a second would need on the order of 10^21 years to exhaust it — over a hundred billion times the age of the universe. Cryptographers and standards bodies agree: 256-bit hashes stay quantum-safe, and no hash sizes need to change.

The real threat: Shor's algorithm versus your signatures

Owning Bitcoin means being able to produce a valid digital signature. Those signatures use the secp256k1 elliptic curve, through schemes called ECDSA and Schnorr. Your public key is derived from your private key by a one-way mathematical step; reversing it — recovering the private key from the public key — is something classical computers cannot do in any workable time.

Shor's algorithm changes that. On a large enough quantum computer it solves exactly this reversal in polynomial time — an exponential break, not a square-root one. Given a visible public key, such a machine could in principle derive the matching private key in hours or days, with some 2026 designs estimating minutes. The attacker out-hashes no one; they simply forge ownership. This is a wallet-and-signature problem, entirely separate from mining.

The crucial word is visible. A public key only becomes a target once it appears on the blockchain:

How much is at risk? Estimates vary by method, so treat it as a range: several 2025–2026 analyses land near 6 to 7 million BTC, roughly 30–35% of supply, in addresses with exposed or exposable public keys. Of that, about 1.7 million BTC in the oldest format is likely lost forever. The other ~65% of supply, held in addresses that have never revealed a public key, faces only the harder spend-window risk. A note on the popular phrase harvest-now-decrypt-later: exposed keys are already public, so there is nothing to harvest — and nothing can be done to them until a capable quantum computer actually exists.

Where quantum hardware actually is today

To run Shor against Bitcoin, a machine needs many high-quality logical qubits, and that word matters. Physical qubits are the raw, noisy hardware; error correction bundles many physical qubits together to make one reliable logical qubit — often a hundred to a thousand physical per logical. Shor at cryptographic scale needs hundreds of thousands of these, held stable through millions of error-corrected steps.

Where is the field in mid-2026? The best publicly reported machines have on the order of a few thousand physical qubits and only a handful of logical ones — for example around 96 logical qubits at QuEra, roughly 48 at Quantinuum, and a single demonstrated logical qubit from Google. Meanwhile the estimated hardware requirement has fallen sharply as designs improve:

Read those numbers carefully. They are theoretical circuit designs and resource estimates, not demonstrations. No machine has broken any real key or factored a cryptographically meaningful number. The gap between a few thousand noisy qubits today and hundreds of thousands of stable, error-corrected ones is enormous, and keeping error correction running in real time remains genuinely hard.

So when is Q-day? Honestly, nobody knows — this part is speculative and contested. No credible source expects a capable machine before the 2030s even under optimistic projections, and one 2026 assessment rated quantum computing at Stage 0. The government deadlines you may have heard of — NIST advising retirement of classical public-key cryptography between 2030 and 2035 — are for general IT security, not for Bitcoin. The direction of travel points toward feasibility; the timing is an open question.

Why difficulty adjustment defuses any mining edge

Suppose, despite everything above, someone did build a quantum miner with a small edge. Bitcoin has a built-in shock absorber that has already tamed decades of hardware leaps: the difficulty adjustment. Every 2,016 blocks — about two weeks — the network recalculates how hard the puzzle is, aiming to keep blocks arriving roughly every ten minutes. If total hashing speed rises, blocks come faster, and difficulty simply rises to match, pulling the pace back to ten minutes.

This is exactly how the network absorbed every generation of faster ASICs: no takeover, no broken chain, just a higher difficulty and reshuffled economics. A hypothetical quantum miner would be no different — and because Grover's square-root parallel penalty means it could not cheaply scale up all at once, it would have to ramp in gradually, giving difficulty ample time to adapt.

The adjustment is even clamped so it cannot move more than a factor of four in either direction per period, though a gradual arrival never tests that limit. The takeaway: a working quantum miner would be an evolutionary competitive pressure at most, not a 51%-in-a-day catastrophe. Mining is simply not where the fragility lives.

What is already being done

The reassuring part is that the cryptography already exists. In August 2024, after an eight-year public process, NIST finalized its first post-quantum standards — including lattice-based and hash-based signature schemes designed to resist Shor's algorithm. The catch for Bitcoin is that these quantum-resistant signatures and keys are much larger than today's, which costs precious block space and fees.

Bitcoin-specific work is underway, though nothing is live yet:

The genuinely unresolved problems are not mathematical but human. Upgrading Bitcoin requires broad social consensus, and a migration touching perhaps a third of all supply would be unprecedented. Hardest of all are the lost coins: an estimated 1.7 million BTC, including Satoshi's holdings, can never be moved by their owners. The community faces an unresolved choice between leaving them as a future bounty, freezing them, or recycling them — each option carrying serious ethical and economic objections, with no consensus in sight.

For an ordinary holder today, the sensible posture is low-cost and boring: do not reuse addresses, and keep funds in modern address types that never expose a public key until you spend. That is the whole ecosystem's stance — prepared, not scared. And because fear sells, it is worth remembering the goal is to understand the mechanism, not to buy anything sold on a scary quantum headline.

FAQ

Will quantum computers break Bitcoin mining?
Not in any practical sense. Mining relies on SHA-256, which quantum computing only speeds up quadratically through Grover's algorithm. That modest edge is crushed by how much faster ASICs are per operation, by a parallelization penalty (four times the machines just to search twice as fast), and by difficulty adjustment. SHA-256 itself stays secure — Grover only reduces its effective security to about 128 bits, still far out of reach.
What is the real quantum threat to Bitcoin?
Digital signatures. Bitcoin ownership rests on the secp256k1 elliptic curve (ECDSA and Schnorr), and Shor's algorithm could let a large enough quantum computer derive a private key from a public key that is visible on the blockchain. That is a wallet-and-ownership problem, not a mining problem, and it only affects coins whose public keys are exposed.
How much Bitcoin is actually at risk?
Estimates vary by method, so it is best treated as a range. Several 2025–2026 analyses put roughly 6 to 7 million BTC, about 30–35% of supply, in addresses with exposed or exposable public keys. Of that, around 1.7 million BTC in the oldest format is likely lost forever. Coins in addresses that have never revealed a public key face only the harder, minutes-scale spend-window attack.
When will quantum computers be able to threaten Bitcoin (Q-day)?
No one knows, and experts disagree. Today's best machines have a few thousand physical qubits and only a handful of logical ones, while breaking the curve is estimated to need hundreds of thousands of physical qubits — and those estimates are theoretical designs, not demonstrations. Most projections do not see a capable machine before the 2030s at the earliest, and it may be much later or never.
Can anything be done to protect Bitcoin?
Yes. Post-quantum signature standards already exist (NIST finalized them in August 2024), and Bitcoin proposals like BIP-360, an opt-in quantum-resistant address type merged in early 2026, are being developed. Coins can be migrated to safety with advance warning. The unsolved parts are coordination and what to do about lost coins — not the underlying cryptography. In the meantime, do not reuse addresses.

All blog posts · Mining guides · Start solo mining

Ready to take a ticket?

Paste your address and copy the config from /setup, watch the pool on /status, and check every claim on /verify. Mine to your own address — that is what makes it truly solo.

Get the setup config →

Not ready to point a miner yet? Run your gear through the odds calculator, or join Telegram for block & record alerts — no rig required.

More guides

Browse all guides →