Two research papers dropped in the last few months that together tell you everything you need to know about the quantum threat to Bitcoin. One is terrifying. One is quietly hilarious. And together they explain why almost every quantum panic headline you have read this year was aimed at the wrong target.
Start with the hilarious one.
Researchers Peter Gutmann and Stephan Neuhaus published a paper called “Replication of Quantum Factorisation Records with an 8-bit Home Computer, an Abacus, and a Dog.” The title is not a joke. They took every major quantum factoring breakthrough that has generated breathless headlines in recent years and replicated each result using a Commodore VIC-20 from 1981, then an abacus, then a dog. Their conclusion: the demonstrations ranked a VIC-20 above an abacus, an abacus above a dog, and a dog above a quantum factorisation physics experiment in terms of actual demonstrated factoring power.
The reason these quantum breakthroughs can be replicated by a 45-year-old home computer is that the numbers being factored have been pre-simplified using techniques that make the problem trivially easy regardless of what hardware you throw at it. The quantum supremacy claims have been real in a narrow technical sense. The threat to Bitcoin they implied has not been.
The Mining Attack That Would Require a Star
The second paper is serious, and its findings matter precisely because they settle a question that has been generating confusion for months.
Pierre-Luc Dallaire-Demers and the BTQ Technologies team published the first end-to-end cost analysis of what it would actually take for a quantum computer to out-mine Bitcoin using Grover’s algorithm. Grover’s algorithm offers a genuine theoretical advantage for the kind of brute-force search that Bitcoin mining requires, halving the exponent of the search problem. In theory this gives a quantum miner a quadratic edge over classical hardware. The question the paper asks is what that edge costs in the real world once you price out the hardware, the error correction, the energy, and the timing constraints of Nakamoto consensus.
The answer collapses the threat entirely.
At the most favorable possible setting, a quantum mining operation would require approximately 100 million physical qubits and 10,000 megawatts of power. For context, the entire current global Bitcoin mining network consumes roughly 150,000 megawatts. A quantum miner at the best-case scenario would need about 7% of the entire network’s current power consumption just to begin competing, with qubit counts that do not exist anywhere on earth.
At Bitcoin’s actual January 2025 mainnet difficulty level, the requirements become physically absurd. The qubit count rises to approximately 10^23, a number that exceeds the atoms in a large building. The power requirement reaches 10^25 watts, approaching the energy output of a star. The Kardashev scale, the framework physicists use to classify civilisations by their energy consumption, places humanity at roughly Type 0.7. A quantum Bitcoin mining attack at current difficulty would require a Type II civilisation, one that has harnessed the entire energy output of its star.
Nobody is building that. Not China. Not the NSA. Not Google.
So What Is the Actual Threat
Here is where it gets important, because the papers are not saying Bitcoin is safe from quantum computing. They are saying the attack vector everyone has been panicking about is not the real one.
We covered this in detail in March when Google’s quantum paper generated the “9 minutes to crack Bitcoin” headlines that spread across crypto media. Those headlines were about signature vulnerability, not mining. The distinction matters enormously.
Mining is protected by Grover’s algorithm constraints. As the BTQ paper demonstrates, the energy and hardware requirements make a quantum mining attack physically unreachable with any foreseeable technology.
Signatures are different. Bitcoin uses elliptic curve cryptography for wallet signatures. Shor’s algorithm, a different quantum approach, attacks this problem exponentially rather than quadratically. The resource requirements for breaking elliptic curve signatures are orders of magnitude more achievable than breaking mining. This is the real near-term quantum threat.
Specifically the threat is concentrated in exposed public keys. When you reuse a Bitcoin address, your public key sits on the blockchain permanently. A sufficiently powerful quantum computer running Shor’s algorithm could derive your private key from your public key and drain the wallet. Estimates put approximately 6.9 million Bitcoin in addresses with exposed public keys, including wallets believed to belong to Satoshi Nakamoto.
We wrote about the 2029 timeline and what developers are already doing about it. BIP-360, the proposal for quantum-resistant Bitcoin addresses, is moving through the development process. The upgrade path exists. The mining threat that generated most of the panic does not.
Why This Matters for How You Read Quantum Headlines
NVK, the founder of Coinkite and one of Bitcoin’s sharpest hardware security thinkers, put it plainly when the BTQ paper dropped: the quantum threat to Bitcoin mining is not the threat. The signature vulnerability is.
This distinction is not academic. If you are a Bitcoin holder making decisions based on quantum risk, the relevant question is not whether someone will build a star-powered quantum mining rig. Nobody is. The relevant question is whether your addresses expose public keys that could be targeted as quantum computing scales toward the threshold where Shor’s algorithm becomes practical against elliptic curve cryptography.
The answer for most addresses created with good practices is no. The answer for old addresses with exposed public keys, including many from the early years of Bitcoin, is increasingly yes as the timeline compresses.
What the two papers together tell you is that the quantum threat to Bitcoin is real, specific, addressable, and nothing like what the headlines suggested. The mining panic was aimed at the wrong target. The signature vulnerability is the thing worth watching, and the developers building BIP-360 are already on it.
The abacus paper should have killed the breathless factoring breakthrough headlines. The BTQ paper should kill the quantum mining panic. What remains after both is the genuine problem, which is narrower, more solvable, and already being solved.
