Will the proof of work (POW) of Bitcoin mining be attacked by quantum computers?

Nov 03,2022
Will the proof of work (POW) of Bitcoin mining be attacked by quantum computers?

Shared by Xiaobian, Bitcoin is a digital currency running on a decentralized system, which uses the P2P distributed network introduced by Bencong in his pseudonym. However, with the advent of quantum computer, it is expected that it will have a significant impact on the security of Bitcoin, such as the proof of workload of attacking Bitcoin; This is also the issue to be discussed today. However, before studying the possibility of quantum computer attacking the work proof consensus protocol, it is better to look at the advantages that quantum computer will provide when Bitcoin blockchain network executes hash cash PoW.

Quantum computers perform functions by using fewer hashes than any traditional computer. However, compared with the much slower estimation gate speed of the existing quantum architecture, the dedicated ASIC hardware basically offsets the second acceleration. This means that, given the current level of difficulty, quantum computers do not currently provide any significant advantages. It needs some further improvements to achieve a gate speed of nearly 100 GHz. Only then can quantum computers resolve energy 100 times faster than current technology. Until then, the power of Bitcoin will not be seriously threatened.

However, such significant progress is highly unlikely in the next decade. By then, even traditional computers will be much faster. In addition, quantum technology will become more popular at that time, so there will not be a specific quantum driving force to dominate this field.

As far as current technology is concerned, you may know that Bitcoin PoW verifies that a block header is: h (header) ≤ t, where h ()=SHA256 (SHA256 ()). Based on this specific principle, blockchain security does not rely on any agent with a probability factor greater than 50% to solve the proof of work task first. In this regard, in order to perform this task, the computing power of a standard computer must match that of a quantum computer.

Consider a random oracle model, Pr [h (header) ≤ t]=t/2256. Assume that at any given point in time, the probability of all block headers created in the pool with available transactions is consistent. These block headers are well formed and set by changing the random number, the least important bit in the timestamp of the header, and the transactions contained in the block.

Comparing the two types of computers, on a traditional computer, the number of random numbers and blocks with a hash value of "t" that need to be hashed is D × 232。 Here, D represents the difficulty level, defined as D=2224/t3. On the other hand, for the random oracle model quantum computer, the PoW task is solved by using Grover algorithm following the general quantum method.

According to this algorithm, when searching for marked items in the database with N items, it will be completed by O (√ N) queries on the database, which is different from the ω (N) Queries. In this process, you need to define a function 'f'. This will determine whether the block is good. The formula used for it is:

If h (g (x))>t and

If h (g (x)) ≤ t, f (x)=1.

However, the advantage of quantum computer is that it can map or calculate "f" for the superposition of inputs. Moreover, each application in this specific operation is represented as an oracle call. Quantum algorithm can search for it by using Grover algorithm to identify a good block. To do this, # O=π/4 √ p10 N/t=π 214 √ 10 D oracle calls must be calculated. To run at this scale, if there is no solution or the number of solutions is unknown, you can modify the Grover algorithm. Ideally, the number of hashes that need to be executed is determined by the number of oracle calls.

Calculating each hash and performing quantum error correction will incur some additional overhead. In addition, the cost of building an appropriate block header should also be considered. When it comes to quantum error correction codes, most of these use t gates to represent time-consuming gates, rather than to oli gates. In addition, the cost of executing SHA 256 function calls needs to be carefully analyzed. The inversion of the average value used in the Grover algorithm also needs to find the total T-gate count of a single oracle call.

Ideally, T-gates in circuit decomposition can only be parallelized about three times. Then, quantum computers have additional overhead in order to perform error correction and consider many tradeoffs in order to determine a good quantum error correction code. These are:

1. Number of qubits used

2. Tolerances for specific physical error models

3. Complexity of logic gates

4. The versatility of subprograms and

5. Standard processing capacity of error feedback and corrector.

The analysis used to estimate the total running time of the quantum algorithm can be modified by implementing surface code. This will provide the advantage of relatively high local symptom measurement set and fault tolerance error threshold. For blockchain attacks executed by a single quantum computer, its performance will be a function of two specific elements, such as:

1. It is expressed as the physical gate error rate of pg. It is actually an internal device mode

2. The mining difficulty is expressed as D, which is determined by the blockchain protocol.

Ideally, for all expected possible clock speed limits, the effective hash rate (denoted hQC) of a quantum computer can be 50 GHz. However, this hash rate may increase with the square root of the difficulty level. Based on the progress speed in the field of superconducting quantum circuit technology, it can be said that quantum computers will surpass traditional computers for some time. As far as the current situation is concerned, there is still much work to be done to have a significant impact on the work certification mechanism.


The above is about bitcoin mining. Is it possible to prove that it will be attacked by quantum computers? An analytical solution to this problem. In general, even when quantum computing technology is significantly improved, it is not enough for a single quantum computer to have the super strong hash capability required to overwhelm the classical mining computer. Because the workload used by Bitcoin proves that the consensus is resistant to the relatively fast quantum computers at present.