# Impact of Quantum Computers

Learn the consequences of Grover's and Shor's algorithms for Bitcoin's security.

## We'll cover the following

The two major cryptographic primitives used in Bitcoin, namely Proof-of-Work and digital signatures, are affected by quantum algorithms. In this lesson, we’ll show the consequences of Grover’s and Shor’s algorithms for Bitcoin’s security.

## Grover’s algorithm

As already discussed in this section

However, it’s more likely that Grover’s algorithm could allow an attacker to gain an unfair advantage in the mining process on which Bitcoin’s consensus mechanism is based. Since the block creation process is coupled to the PoW problem, there’s a risk that a single attacker who is in possession of a quantum computer could mine blocks faster than other competitors who only own conventional computers. Thus, a single quantum miner could dominate the generations of new blocks and hence dominate the whole blockchain. They would have several attack possibilities.

For example, they could only integrate desired transactions into the blockchain and thus control the content of the blockchain (

However, even if quantum computers with enough qubits to perform Grover’s algorithm could one day become a reality, an attack on the mining system would be unlikely. This is because other practical factors aren’t taken into account in this scenario. In fact, the quantum advantage is limited to the factor $\sqrt{2^{256} / T}$ in terms of complexity, regardless of the number of qubits the quantum computer has.

However, the mining performance isn’t only tied to the complexity but also to the hashing rate. So, although there’s a quantum advantage in complexity, it’s probably not big enough not to be beaten by classic hardware as parallelization of classic hardware allows a very large hash rate and thus will outpace any quantum computer. Consequently,

Based on their prediction model, they estimate that before 2028, there will be no existing quantum computer with enough qubits to implement Grover’s algorithm. According to their most optimistic estimations, there will then be a quantum computer capable of achieving a hashing rate of $13.8 \mathrm{GH} / \mathrm{s}$, which is still 1000 times slower than a single current conventional ASIC device that achieves a hash rate of $14 \mathrm{TH} / \mathrm{s}$.

So, we can’t expect that there will be a single quantum computer that could dominate Bitcoin’s consensus mechanism in the next decade. And even if this would become practical once, this would not have such a direct dramatic impact as we would expect since an attacker can neither steal foreign coins nor reverse foreign transactions since they’re protected by the ECC key pair. Consequently, they could only use their advantage in mining to double-spend their own coins. However, due to the financial incentive system, it would be more likely that the quantum computational effort would be invested in normal block generation, as this is the most lucrative from a financial perspective.

Other concerns regarding the mining process are expressed by

Consequently, they immediately stop solving the current PoW and start mining on top of the new block. Sattath argues that a quantum miner will behave differently when they receive a new block. Instead of accepting the new block, they will immediately stop applying Grover’s algorithm and measure its quantum state. They could be lucky and get a valid block, which they also immediately propagate to the network. If many miners are using Grover’s algorithm, most of them will follow this strategy such that many miners will measure their state roughly at the same time. This increases the probability that multiple miners will simultaneously find a new valid block, resulting in a higher rate of forks or even multi-forks in the quantum setting. However, this problem can be overcome by redefining the mining rules.

Get hands-on with 1200+ tech skills courses.