SoloLuck Blog · 2026-07-01
You have probably seen the headline: quantum computers are coming to break Bitcoin. It is a dramatic story, and it gets the most important detail backwards. The part people usually mean by mining — the vast global search that secures each new block — is one of the most quantum-resistant pieces of the whole system. The part actually worth watching is different: the digital signatures that prove you own your coins.
Two different quantum algorithms are involved, and telling them apart unlocks the whole topic:
Both threats are still years away from any working machine, and when — if ever — one arrives is genuinely uncertain and debated among experts. This is a prepared-not-scared subject, so let us walk through the mechanism and leave you able to reason about it for yourself.
Mining is a giant guessing game. Miners take a block's data and run it through a one-way function called SHA-256 (twice, technically), changing a small number called a nonce each time, hunting for an output below a target value. There is no clever shortcut — each guess is an independent lottery draw. The machines that do this are ASICs: chips built to do nothing but SHA-256, unbelievably fast. Together the network makes on the order of a billion trillion guesses every second.
Grover's algorithm is a genuine quantum speedup for this kind of blind search, but only a quadratic one — roughly the square root of the work, not an instant answer. In practice that advantage never materializes for mining, for several independent reasons:
Myth to retire: the idea that a quantum computer will instantly out-mine everyone and break SHA-256. Neither is true. Grover only halves SHA-256's effective security — from about 256 bits to about 128 — which is still so vast that a machine doing ten billion operations a second would need on the order of 10^21 years to exhaust it — over a hundred billion times the age of the universe. Cryptographers and standards bodies agree: 256-bit hashes stay quantum-safe, and no hash sizes need to change.
Owning Bitcoin means being able to produce a valid digital signature. Those signatures use the secp256k1 elliptic curve, through schemes called ECDSA and Schnorr. Your public key is derived from your private key by a one-way mathematical step; reversing it — recovering the private key from the public key — is something classical computers cannot do in any workable time.
Shor's algorithm changes that. On a large enough quantum computer it solves exactly this reversal in polynomial time — an exponential break, not a square-root one. Given a visible public key, such a machine could in principle derive the matching private key in hours or days, with some 2026 designs estimating minutes. The attacker out-hashes no one; they simply forge ownership. This is a wallet-and-signature problem, entirely separate from mining.
The crucial word is visible. A public key only becomes a target once it appears on the blockchain:
How much is at risk? Estimates vary by method, so treat it as a range: several 2025–2026 analyses land near 6 to 7 million BTC, roughly 30–35% of supply, in addresses with exposed or exposable public keys. Of that, about 1.7 million BTC in the oldest format is likely lost forever. The other ~65% of supply, held in addresses that have never revealed a public key, faces only the harder spend-window risk. A note on the popular phrase harvest-now-decrypt-later: exposed keys are already public, so there is nothing to harvest — and nothing can be done to them until a capable quantum computer actually exists.
To run Shor against Bitcoin, a machine needs many high-quality logical qubits, and that word matters. Physical qubits are the raw, noisy hardware; error correction bundles many physical qubits together to make one reliable logical qubit — often a hundred to a thousand physical per logical. Shor at cryptographic scale needs hundreds of thousands of these, held stable through millions of error-corrected steps.
Where is the field in mid-2026? The best publicly reported machines have on the order of a few thousand physical qubits and only a handful of logical ones — for example around 96 logical qubits at QuEra, roughly 48 at Quantinuum, and a single demonstrated logical qubit from Google. Meanwhile the estimated hardware requirement has fallen sharply as designs improve:
Read those numbers carefully. They are theoretical circuit designs and resource estimates, not demonstrations. No machine has broken any real key or factored a cryptographically meaningful number. The gap between a few thousand noisy qubits today and hundreds of thousands of stable, error-corrected ones is enormous, and keeping error correction running in real time remains genuinely hard.
So when is Q-day? Honestly, nobody knows — this part is speculative and contested. No credible source expects a capable machine before the 2030s even under optimistic projections, and one 2026 assessment rated quantum computing at Stage 0. The government deadlines you may have heard of — NIST advising retirement of classical public-key cryptography between 2030 and 2035 — are for general IT security, not for Bitcoin. The direction of travel points toward feasibility; the timing is an open question.
Suppose, despite everything above, someone did build a quantum miner with a small edge. Bitcoin has a built-in shock absorber that has already tamed decades of hardware leaps: the difficulty adjustment. Every 2,016 blocks — about two weeks — the network recalculates how hard the puzzle is, aiming to keep blocks arriving roughly every ten minutes. If total hashing speed rises, blocks come faster, and difficulty simply rises to match, pulling the pace back to ten minutes.
This is exactly how the network absorbed every generation of faster ASICs: no takeover, no broken chain, just a higher difficulty and reshuffled economics. A hypothetical quantum miner would be no different — and because Grover's square-root parallel penalty means it could not cheaply scale up all at once, it would have to ramp in gradually, giving difficulty ample time to adapt.
The adjustment is even clamped so it cannot move more than a factor of four in either direction per period, though a gradual arrival never tests that limit. The takeaway: a working quantum miner would be an evolutionary competitive pressure at most, not a 51%-in-a-day catastrophe. Mining is simply not where the fragility lives.
The reassuring part is that the cryptography already exists. In August 2024, after an eight-year public process, NIST finalized its first post-quantum standards — including lattice-based and hash-based signature schemes designed to resist Shor's algorithm. The catch for Bitcoin is that these quantum-resistant signatures and keys are much larger than today's, which costs precious block space and fees.
Bitcoin-specific work is underway, though nothing is live yet:
The genuinely unresolved problems are not mathematical but human. Upgrading Bitcoin requires broad social consensus, and a migration touching perhaps a third of all supply would be unprecedented. Hardest of all are the lost coins: an estimated 1.7 million BTC, including Satoshi's holdings, can never be moved by their owners. The community faces an unresolved choice between leaving them as a future bounty, freezing them, or recycling them — each option carrying serious ethical and economic objections, with no consensus in sight.
For an ordinary holder today, the sensible posture is low-cost and boring: do not reuse addresses, and keep funds in modern address types that never expose a public key until you spend. That is the whole ecosystem's stance — prepared, not scared. And because fear sells, it is worth remembering the goal is to understand the mechanism, not to buy anything sold on a scary quantum headline.
Paste your address and copy the config from /setup, watch the pool on /status, and check every claim on /verify. Mine to your own address — that is what makes it truly solo.
Not ready to point a miner yet? Run your gear through the odds calculator, or join Telegram for block & record alerts — no rig required.
Join the SoloLuck community
Mine true-solo with other miners on Telegram — setup help, block alerts, and real people.
Join on TelegramRemembered with a first-party flag — no cookies, no trackers.