Update 2025-06-30 (PST) (AI summary of creator comment): The market will resolve to NO if sha256 is cracked by quantum computers, but Bitcoin is patched in time to prevent a crash from that specific event, even if Bitcoin does lose >90% of its value for other reasons.
Update 2025-07-21 (PST) (AI summary of creator comment): The market will resolve to NO if the price crash is caused by quantum computers breaking the elliptic curve signatures (secp256k1 ECDSA) and not by cracking sha256.
1,000People are also trading
Chaincode report on quantum & BTC: https://chaincode.com/bitcoin-post-quantum.pdf
"Experts believe that CRQCs capable of breaking Bitcoin's ECC foundations could first emerge between 2030-2035, aligning with government directives to deprecate vulnerable cryptography by 2030 and disallow it by 2035. This projected timeline provides a crucial window for preparation, given the unpredictable nature of technological breakthroughs, it is essential to account for both the expected trajectory and the possibility of a significantly accelerated timeline."
@JonathanRay So, just to be clear, this question resolves NO even if quantum computers break the part of Bitcoin we expect them to break and that causes the price to crash??
@JamesEAdministrator this question is specifically about cracking sha256, not the elliptic curve signatures
I believe given the currently known quantum algorithms, quantum computers don't really break hashing algorithms like sha256, but they do effectively halve the key size. So the block difficulty would need to go up significantly to compensate. Seems like that would be fine, and it would happen gradually as the first quantum computers would be really slow even if they were more efficient per hash checked.
@JonathanRay Yes I believe so. Grover's algorithm allows brute force searches to be done in O(sqrt(N)) time vs O(N) for classical computers. It shouldn't matter what hashing algorithm is used (and double-sha256 is just another hashing algorithm), as long as it's not one where quantum computers can do better than a brute force search, like something involving discrete logarithms or prime factorisation (which sha256 doesn't).
@chrisjbillington It's true that quantum advantage might happen gradually, but I would say the real issue is more likely to be related to the way that Grover mining changes the incentives of the miners.
@BoltonBailey If grover's algorithm is ever successfully used on single-SHA256 I will be very surprised. It requires a lot of state that needs to be perfectly accurate, but qubits are inherently noisy.
@BoltonBailey Huh, so if I understand correctly, Grover's algorithm can be used in such a way such that the probability per unit time of breaking a given hash is not constant, but grows. It was an unexamined assumption of mine that this would not be the case, so I defer to the article's authors on the consequences of this as it's not something I have considered.
@JonathanRay but that's the primary problem with quantum computers generally. If scalable quantum computers become a reality at all, it will be because scalable quantum error correction was achieved (which is the current approach and seems to be working).
If grover's algorithm is ever successfully used on single-SHA256 I will be very surprised. It requires a lot of state that needs to be perfectly accurate, but qubits are inherently noisy.
Seems like if you believe this, you don't believe in quantum error correction, and you should probably buy NO shares in the markets on RSA-2048 being factored (which actually, I see you have, kudos to you).
@BoltonBailey For further reading on the economic viability of Grover mining, this recent paper is super good. The takeaway is that the price of a Grover iteration has to be at most the cost of a classical hash times the number of iterations per block time.
@BoltonBailey All this being said, I still think NO is the right buy on this market.
Fault-tolerant Quantum computers might not exist in 2053
Even if they do, they might not be cost-effective enough to mine.
Even if it would be cost-effective to mine under the current setup, the Bitcoin network might simply switch to another hash function where there is less advantage for quantum computers.
Even if they don't, attackers might not want to invest money in an attack that they know will destroy the value of their mining equipment.
@BoltonBailey And one more:
Even if all this happens and one miner somehow comes to dominate the hashrate, the price of Bitcoin might not even go down by 90%.