{"id":25936677,"url":"https://github.com/demining/quantum-attacks-on-bitcoin","last_synced_at":"2026-02-28T16:32:25.212Z","repository":{"id":280324299,"uuid":"941621568","full_name":"demining/Quantum-Attacks-on-Bitcoin","owner":"demining","description":"Quantum Attacks on Bitcoin: Assessing Vulnerabilities and Developing Defense Strategies Against Emerging Quantum Computing Threats","archived":false,"fork":false,"pushed_at":"2025-03-02T18:14:43.000Z","size":15789,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-06-03T16:49:14.153Z","etag":null,"topics":["bitcoin","bitcoin-hacks","bitcoin-wallet","btc","btc-tool","private-key","private-key-tool","quantum","quantum-computing"],"latest_commit_sha":null,"homepage":"https://cryptodeeptech.ru/quantum-attacks-on-bitcoin","language":"Jupyter Notebook","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/demining.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-03-02T18:06:16.000Z","updated_at":"2025-03-03T14:09:39.000Z","dependencies_parsed_at":"2025-03-02T19:31:40.806Z","dependency_job_id":null,"html_url":"https://github.com/demining/Quantum-Attacks-on-Bitcoin","commit_stats":null,"previous_names":["demining/quantum-attacks-on-bitcoin"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/demining%2FQuantum-Attacks-on-Bitcoin","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/demining%2FQuantum-Attacks-on-Bitcoin/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/demining%2FQuantum-Attacks-on-Bitcoin/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/demining%2FQuantum-Attacks-on-Bitcoin/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/demining","download_url":"https://codeload.github.com/demining/Quantum-Attacks-on-Bitcoin/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/demining%2FQuantum-Attacks-on-Bitcoin/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":259147461,"owners_count":22812431,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bitcoin","bitcoin-hacks","bitcoin-wallet","btc","btc-tool","private-key","private-key-tool","quantum","quantum-computing"],"created_at":"2025-03-04T02:45:16.470Z","updated_at":"2026-02-28T16:32:25.165Z","avatar_url":"https://github.com/demining.png","language":"Jupyter Notebook","funding_links":[],"categories":[],"sub_categories":[],"readme":"\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter\"\u003e\u003cimg decoding=\"async\" src=\"./Quantum Attacks on Bitcoin_ Assessing Vulnerabilities and Developing Defense Strategies Against Emerging Quantum Computing Threats - CRYPTO DEEP TECH_files/060-2-1024x576.png\" alt=\"Quantum Attacks on Bitcoin: Vulnerability Assessment and Defense Strategies Against New Quantum Computing Threats\" class=\"wp-image-5302\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003cp\u003eMany crypto experts are asking: Will the cryptocurrency industry be able to withstand the new technological revolution? This article will discuss modern methods of protecting financial transactions and the Internet based on cryptography, which may be powerless against a sufficiently powerful quantum computer, and whether cryptocurrencies, whose market is estimated at hundreds of billions of dollars, are vulnerable. The study shows that the proof-of-work algorithm used in Bitcoin is relatively resistant to quantum attacks in the next decade, due to the high speed of specialized mining equipment. However, the elliptic curve digital signature system used by Bitcoin may be hacked by 2027. As an alternative,\u0026nbsp;\u003ca href=\"https://keyhunters.ru/quantum-resistance-and-momentum-algorithm\"\u003ethe Momentum algorithm\u003c/a\u003e\u0026nbsp;is considered , which is more resistant to quantum computing. Other protection methods that can ensure the security and efficiency of blockchain applications in the future are also analyzed.\u003c/p\u003e\n\n\n\n\u003cblockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"\u003e\n\u003cp\u003eOverall, the results of the study suggest that quantum computers pose a serious threat to cryptocurrencies, and new security methods need to be developed to ensure their security in the future. We will also use an example to examine the process of compromising the extraction of the secret key Nonce value K from a vulnerable RawTX transaction using the BitcoinChatGPT machine learning process. \u003csup data-fn=\"77e87faf-f7a7-4a3c-b1f8-1e4690c475ac\" class=\"fn\"\u003e\u003ca id=\"77e87faf-f7a7-4a3c-b1f8-1e4690c475ac-link\" href=\"https://cryptodeeptech.ru/quantum-attacks-on-bitcoin-assessing-vulnerabilities-and-developing-defense-strategies-against-emerging-quantum-computing-threats/#77e87faf-f7a7-4a3c-b1f8-1e4690c475ac\"\u003e1\u003c/a\u003e\u003c/sup\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\n---\n\n* Tutorial: https://youtu.be/p62orC7WDUE\n* Tutorial: https://cryptodeeptech.ru/quantum-attacks-on-bitcoin\n* Tutorial: https://dzen.ru/video/watch/67c3e91abbfa683a745a0aea\n* Google Colab: https://colab.research.google.com/drive/1jqHX5Oawy3QPh2OSYVf6AF1RGtjAb4rj\n\n---\n\n\n\n\u003cp\u003eBitcoin, as a decentralized and cryptographically protected digital currency, has been successfully in existence since 2008, inspiring the creation of many other cryptocurrencies. Its security is ensured by the proof-of-work mechanism and elliptic curve cryptographic signatures. However, the development of quantum computers poses a serious threat to Bitcoin and all modern cryptography used on the Internet and financial transactions. Research shows that the proof-of-work algorithm used in Bitcoin is relatively resistant to quantum attacks in the next 10 years due to the high speed of specialized mining equipment. But the elliptic curve digital signature system is vulnerable to Shor’s algorithm and could be hacked as early as 2027, allowing attackers to obtain secret keys from Bitcoin transactions and private keys from public ones. Alternative algorithms such as Momentum for proof-of-work and quantum-resistant signature schemes are proposed as a solution. Overall, the findings suggest that quantum computers pose a serious threat to Bitcoin, and new security methods need to be developed to ensure its future security. Quantum computers could\u0026nbsp;\u003ca href=\"https://keyhunters.ru/quantum-computers-will-hack-bitcoin-in-five-years-opinion/\"\u003e\u003cem\u003ehack Bitcoin within five years\u003c/em\u003e\u003c/a\u003e\u0026nbsp;. This could\u0026nbsp;\u003ca href=\"https://polynonce.ru/bitcoins-looming-threat-the-risk-of-quantum-hack/\"\u003e\u003cem\u003ewipe out more than $3 trillion in cryptocurrency\u003c/em\u003e\u003c/a\u003e\u0026nbsp;and other markets and cause a deep recession.\u003c/p\u003e\n\n\n\n\u003cp\u003e\u003c/p\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cp\u003e\u003c/p\u003e\n\n\n\n\u003cp\u003e\u003c/p\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter size-full\"\u003e\u003ca href=\"https://www.youtube.com/watch?v=p62orC7WDUE\"\u003e\u003cimg decoding=\"async\" width=\"778\" height=\"444\" src=\"./Quantum Attacks on Bitcoin_ Assessing Vulnerabilities and Developing Defense Strategies Against Emerging Quantum Computing Threats - CRYPTO DEEP TECH_files/image-9.png\" alt=\"Quantum Attacks on Bitcoin: Assessing Vulnerabilities and Developing Defense Strategies Against Emerging Quantum Computing Threats\" class=\"wp-image-3251\" srcset=\"https://cryptodeeptech.ru/wp-content/uploads/2025/03/image-9.png 778w, https://cryptodeeptech.ru/wp-content/uploads/2025/03/image-9-300x171.png 300w, https://cryptodeeptech.ru/wp-content/uploads/2025/03/image-9-768x438.png 768w\" sizes=\"(max-width: 778px) 100vw, 778px\"\u003e\u003c/a\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003cp\u003e\u003c/p\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cp\u003e\u003c/p\u003e\n\n\n\n\u003ch3 class=\"wp-block-heading has-text-align-center\"\u003eBitcoin Basics and Attack Protection Principles: Blockchain Mechanism and Proof of Work\u003c/h3\u003e\n\n\n\n\u003cp\u003e\u003c/p\u003e\n\n\n\n\u003cp\u003eIn this part of the article, we will try to explain how Bitcoin works to make it easier to understand possible attacks using quantum computers. The description is given in general terms, since the basic principles of operation are similar to other cryptocurrencies. All transactions are recorded in a public registry – blockchain. Transactions are combined into blocks, which are considered to have occurred simultaneously and are built into a chain. Each block contains a link to the previous one in the form of its hash. New blocks are added by miners using the “proof-of-work” mechanism (Proof-of-Work, PoW). Bitcoin uses the Hashcash algorithm. Miners look for a suitable block header so that its hash is less than a certain value. The header contains information about transactions, the hash of the previous block, a timestamp, and a random number (nonce). The difficulty of the task is selected automatically so that the block is found in about 10 minutes. Bitcoin uses double hashing SHA256.\u003c/p\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cp\u003e\u003cstrong\u003ePython script:\u0026nbsp;\u003ca href=\"https://github.com/demining/CryptoDeepTools/blob/main/38QuantumAttacks/DoubleSHA256Hasher.py\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eDoubleSHA256Hasher.py\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cpre class=\"wp-block-code has-text-color has-link-color wp-elements-fa7876f849273a89517e062a3926eb18\" style=\"color:#4092c2\"\u003e\u003ccode\u003e\u003cstrong\u003eimport hashlib\n\ndef double_sha256(data):\n \"\"\"\n Performs double SHA256 hashing on the input data.\n \"\"\"\n # First pass of SHA256\n hash1 = hashlib.sha256(data).digest()\n # Second pass of SHA256\n hash2 = hashlib.sha256(hash1).digest()\n return hash2\n\n# Example usage\ndata = b\"Example data for double SHA256\" # Data must be represented as bytes\nhashed_data = double_sha256(data)\nprint(hashed_data.hex()) # Output in hexadecimal format\n\u003c/strong\u003e\u003c/code\u003e\u003c/pre\u003e\n\n\n\n\u003cp\u003e\u003cstrong\u003eIn this script:\u003c/strong\u003e\u003c/p\u003e\n\n\n\n\u003col class=\"wp-block-list\"\u003e\n\u003cli\u003eThe module is imported\u0026nbsp;\u0026nbsp;\u003ccode\u003e\u003ca href=\"http://grep.cs.msu.ru/python3.8_RU/digitology.tech/docs/python_3/library/hashlib.html\"\u003ehashlib\u003c/a\u003e\u003c/code\u003e.\u003c/li\u003e\n\n\n\n\u003cli\u003eA function is defined\u0026nbsp;\u0026nbsp;\u003ccode\u003edouble_sha256\u003c/code\u003e that accepts data in byte format\u0026nbsp;\u003ca href=\"https://kedu.ru/press-center/articles/info-prog-sekrety-kheshirovaniya-v-python-razberites-s-osnovnymi-metodami/\" target=\"_blank\" rel=\"noreferrer noopener\"\u003e\u003csup\u003e2\u003c/sup\u003e\u003c/a\u003e\u0026nbsp;.\u003c/li\u003e\n\n\n\n\u003cli\u003eInside the function:\n\u003cul class=\"wp-block-list\"\u003e\n\u003cli\u003eThe SHA256 hash is calculated from the input data using\u0026nbsp;\u0026nbsp;\u003ccode\u003ehashlib.sha256(data).digest()\u003c/code\u003e. The method\u0026nbsp;\u0026nbsp;\u003ccode\u003e.digest()\u003c/code\u003e\u0026nbsp;returns the hash as a byte string.\u003c/li\u003e\n\n\n\n\u003cli\u003eThe SHA256 hash is then calculated from the resulting hash.\u003c/li\u003e\n\n\n\n\u003cli\u003e\u003ca href=\"https://polynonce.ru/python-hashing-secrets-understand-the-basic-methods/\"\u003eThe function returns the second hash\u003c/a\u003e\u0026nbsp;.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\n\n\n\u003cli\u003eThe usage example shows how to apply the function to a byte string and output the result in\u0026nbsp;\u003ca href=\"https://polynonce.ru/python-hashing-secrets-understand-the-basic-methods/\"\u003ehexadecimal format\u003c/a\u003e\u0026nbsp;. It is important to note that the input data must be represented in bytes, for this purpose,\u0026nbsp;\u003ccode\u003eb\"...\"\u003c/code\u003e\u003c/li\u003e\n\u003c/ol\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter\"\u003e\u003cimg decoding=\"async\" src=\"./Quantum Attacks on Bitcoin_ Assessing Vulnerabilities and Developing Defense Strategies Against Emerging Quantum Computing Threats - CRYPTO DEEP TECH_files/Double-SHA-256-accelerator-for-Bitcoin-mining-.png\" alt=\"Quantum Attacks on Bitcoin: Vulnerability Assessment and Defense Strategies Against New Quantum Computing Threats\" class=\"wp-image-5241\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cp\u003eMiners add the transactions they choose to a block and are rewarded in bitcoins for doing so. When a miner finds a suitable header, they notify the network and the block is added to the blockchain. It is easy to verify the correctness of a PoW solution – you only need to calculate the hash once. PoW is needed to prevent one participant from faking the blockchain, for example, to spend the same money twice. The blockchain can branch, but miners must work on the longest chain. A transaction in Bitcoin is considered confirmed when 6 more blocks are added after it. The article discusses what\u0026nbsp;\u003ca href=\"https://cryptodeeptech.ru/quantum-attacks-on-bitcoin\"\u003eadvantage a quantum computer\u003c/a\u003e\u0026nbsp;can give when solving PoW and whether it can faking the blockchain. The structure of transactions is also analyzed. When Bob wants to send bitcoins to Alice, Alice creates a pair of keys – private and public. The public key is hashed and the result is an address, which Alice tells Bob. Bitcoin uses the hash of the public key to save space. To send bitcoins, Bob specifies the transactions where he received bitcoins to his addresses. The amount of bitcoins received must be at least as much as the amount Bob wants to send to Alice. Bob proves ownership of the addresses by providing public keys and signing the message with his private key. The choice to use a hash of the public key instead of the key itself affects Bitcoin’s security against quantum attacks.\u003c/p\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter is-resized\"\u003e\u003cimg decoding=\"async\" src=\"./Quantum Attacks on Bitcoin_ Assessing Vulnerabilities and Developing Defense Strategies Against Emerging Quantum Computing Threats - CRYPTO DEEP TECH_files/image.png\" alt=\"Quantum Attacks on Bitcoin: Vulnerability Assessment and Defense Strategies Against New Quantum Computing Threats\" class=\"wp-image-5141\" style=\"width:840px;height:auto\"\u003e\u003cfigcaption class=\"wp-element-caption\"\u003eIllustration of a block. The data at the top makes up the block header.\u003c/figcaption\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003ch2 class=\"wp-block-heading has-text-align-center\"\u003eAttacks on the Bitcoin Proof-of-Work\u003c/h2\u003e\n\n\n\n\u003cp\u003eFor the most part, a quantum computer can be more efficient than a conventional computer at mining Bitcoin, that is, at performing Proof-of-Work (PoW) based on the hashcash algorithm. A quantum computer using the Grover search algorithm can perform PoW by trying significantly fewer hash options than a classical computer. However, modern ASIC miners, which specialize in calculating hashes, work so fast that this advantage of quantum computers is leveled out, given that the speed of quantum computers is still relatively low. In the future, if the speed of quantum computers can be increased to 100 GHz, they will be able to solve the PoW problem about 100 times faster than now. But this is unlikely to happen in the next 10 years. By that time, both conventional computers will have become faster and quantum technologies will have become more widespread, so no one will be able to single-handedly dominate mining. To assess the security of a blockchain, it is important to understand how much computing power\u0026nbsp;\u003ca href=\"https://cryptodeeptech.ru/quantum-attacks-on-bitcoin\"\u003ea quantum computer would need to successfully solve a PoW problem\u003c/a\u003e\u0026nbsp;with a probability greater than 50%. As a result, although quantum computers can theoretically speed up the mining process, in practice, due to the limitations of current technologies, they do not yet pose a serious threat to Bitcoin security. However, in the future, with the development of quantum technologies, this threat may become more real, and it is necessary to develop appropriate security measures to determine how effective a quantum computer can be in mining Bitcoin, taking into account all the technical difficulties and limitations. Grover’s algorithm allows a quantum computer to search for a solution (a suitable block header) much faster than a classical one, but in practice this advantage is greatly reduced.\u003c/p\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter size-full\"\u003e\u003ca href=\"https://cryptodeeptech.ru/blockchain-attack-vectors/\"\u003e\u003cimg decoding=\"async\" width=\"835\" height=\"421\" src=\"./Quantum Attacks on Bitcoin_ Assessing Vulnerabilities and Developing Defense Strategies Against Emerging Quantum Computing Threats - CRYPTO DEEP TECH_files/image(1).png\" alt=\"Quantum Attacks on Bitcoin: Assessing Vulnerabilities and Developing Defense Strategies Against Emerging Quantum Computing Threats\" class=\"wp-image-3237\" srcset=\"https://cryptodeeptech.ru/wp-content/uploads/2025/03/image.png 835w, https://cryptodeeptech.ru/wp-content/uploads/2025/03/image-300x151.png 300w, https://cryptodeeptech.ru/wp-content/uploads/2025/03/image-768x387.png 768w\" sizes=\"(max-width: 835px) 100vw, 835px\"\u003e\u003c/a\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cblockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"\u003e\n\u003cp class=\"has-medium-font-size\"\u003e\u003cem\u003eEach hash calculation and block construction requires additional operations, and quantum error correction adds significant overhead. To estimate real-world performance, a model of a universal quantum computer with error correction is used.\u003c/em\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter\"\u003e\u003cimg decoding=\"async\" src=\"./Quantum Attacks on Bitcoin_ Assessing Vulnerabilities and Developing Defense Strategies Against Emerging Quantum Computing Threats - CRYPTO DEEP TECH_files/image-39.png\" alt=\"Quantum Attacks on Bitcoin: Vulnerability Assessment and Defense Strategies Against New Quantum Computing Threats\" class=\"wp-image-5244\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cp\u003eCalculating the SHA256 hash on a quantum computer requires converting logical operations into reversible quantum operations, which increases the complexity. In addition, quantum computers need to correct errors, which also requires additional resources and time. As a result, the mining speed of a quantum computer depends not only on Grover’s algorithm, but also on many other factors, such as the clock frequency, error rate, complexity of error correction algorithms, and the number of qubits used. The article introduces the concept of “effective hash rate” for a quantum computer (hQC), which takes all these factors into account. The analysis shows that at the current level of technology development, quantum computers are significantly inferior to specialized ASIC miners in hash rate. However, it is expected that in the future, quantum technologies will develop and their performance will increase. The article provides forecasts for the next 25 years and estimates when quantum computers will be able to surpass classical ones in Bitcoin mining. Even if a quantum computer cannot control mining on its own, it could be used to attack mining pools using smart contracts. A small advantage in hashing speed would allow attackers to profit from block manipulation and hold.\u003c/p\u003e\n\n\n\n\u003cp\u003eDespite the time constraints, the effective hash rate improves asymptotically with the square root of the problem complexity, reflecting the advantage of quantum processors. Grover’s algorithm can be run in parallel on multiple quantum processors. Ideally, each processor searches the entire possible solution space. This reduces the number of oracle queries required to find a solution. As a result, the time to find a solution is reduced and the overall hash rate increases. Grover’s algorithm requires a fixed number of logical qubits (2402), regardless of the complexity of the problem. However, the number of physical qubits required depends on the error correction methods used and is related to the complexity of the problem and the probability of errors.\u003c/p\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter\"\u003e\u003cimg decoding=\"async\" src=\"./Quantum Attacks on Bitcoin_ Assessing Vulnerabilities and Developing Defense Strategies Against Emerging Quantum Computing Threats - CRYPTO DEEP TECH_files/image-1.png\" alt=\"Quantum Attacks on Bitcoin: Vulnerability Assessment and Defense Strategies Against New Quantum Computing Threats\" class=\"wp-image-5144\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003cp\u003eThe results of the analysis of the performance of quantum computers in attacks on the blockchain are presented\u0026nbsp;\u003cem\u003ein Figure 2.\u003c/em\u003e\u0026nbsp;The graph compares the hashing power of the Bitcoin network and one quantum computer over the next 25 years. The estimates are given in optimistic and pessimistic scenarios. According to the optimistic forecast, there will be no quantum computers powerful enough to implement Grover’s algorithm until 2028. For comparison, the graph also shows the hashing speed of modern ASIC devices.\u003c/p\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter\"\u003e\u003cimg decoding=\"async\" src=\"./Quantum Attacks on Bitcoin_ Assessing Vulnerabilities and Developing Defense Strategies Against Emerging Quantum Computing Threats - CRYPTO DEEP TECH_files/image-25-1024x666.png\" alt=\"Quantum Attacks on Bitcoin: Vulnerability Assessment and Defense Strategies Against New Quantum Computing Threats\" class=\"wp-image-5209\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003ch2 class=\"wp-block-heading\"\u003eASIC Device Hash Rate Scheme Description\u003c/h2\u003e\n\n\n\n\u003cp\u003eModern ASIC devices for mining cryptocurrencies based on the SHA-256 algorithm (for example, Bitcoin) work as follows:\u003c/p\u003e\n\n\n\n\u003col class=\"wp-block-list\"\u003e\n\u003cli\u003e\u003cstrong\u003eData preprocessing\u003c/strong\u003e\u0026nbsp;: Input data is padded to a length that is a multiple of 512 bits.\u003c/li\u003e\n\n\n\n\u003cli\u003e\u003cstrong\u003eInitial setup\u003c/strong\u003e\u0026nbsp;: Predefined initial hash values ​​are used.\u003c/li\u003e\n\n\n\n\u003cli\u003e\u003cstrong\u003eBlock processing\u003c/strong\u003e\u0026nbsp;: Data is processed in 512-bit blocks over 64 rounds.\u003c/li\u003e\n\n\n\n\u003cli\u003e\u003cstrong\u003eMixing and transforming\u003c/strong\u003e\u0026nbsp;: Bitwise operations, modular addition, and bit shifts mix data.\u003c/li\u003e\n\u003c/ol\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003ch2 class=\"wp-block-heading\"\u003eExamples of devices\u003c/h2\u003e\n\n\n\n\u003cfigure class=\"wp-block-table\"\u003e\u003ctable class=\"has-fixed-layout\"\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eDevice\u003c/th\u003e\u003cth\u003eHash Rate\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eBitmain Antminer S21 Pro\u003c/td\u003e\u003ctd\u003eUp to 234 Th/s\u0026nbsp;\u003ca href=\"https://ibmm.ru/news/kriptoindustriya/algoritm-heshirovania-SHA256/\" target=\"_blank\" rel=\"noreferrer noopener\"\u003e\u003csup\u003e1\u003c/sup\u003e\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAntminer T9\u003c/td\u003e\u003ctd\u003e11.5 Th/s\u0026nbsp;\u003ca href=\"https://ibmm.ru/katalog/bitmain/T9-11_5Th/\" target=\"_blank\" rel=\"noreferrer noopener\"\u003e\u003csup\u003e4\u003c/sup\u003e\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eCheetah Miner F1\u003c/td\u003e\u003ctd\u003eAbout 24 Th/s\u0026nbsp;\u003ca href=\"https://pushminer.ru/produkciya/oborudovanie-dla-mainiga/asic-miners/cheetah-f1-bu\" target=\"_blank\" rel=\"noreferrer noopener\"\u003e\u003csup\u003e6\u003c/sup\u003e\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/figure\u003e\n\n\n\n\u003cp class=\"has-text-align-center has-small-font-size\"\u003eThese devices are optimized for maximum performance with minimal power consumption.\u003c/p\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cp\u003eTo estimate the achievable performance, superconducting circuits are considered, which are currently the fastest quantum technologies and have good scaling prospects. At the maximum operating speed of elements and certain assumptions about the error rate and the complexity of the problem,\u0026nbsp;\u003ca href=\"https://cryptodeeptech.ru/quantum-attacks-on-bitcoin\"\u003ethe effective hash rate of a quantum computer\u003c/a\u003e\u0026nbsp;is 13.8 GH/s, which requires the use of 4.4 million physical qubits. This is thousands of times slower than modern ASIC devices, which achieve a speed of 14 TH/s. The reason lies in the low operating speed of quantum elements and the delays associated with the creation of fault-tolerant T-elements. It is expected that quantum technologies will develop rapidly in the future, and a “quantum version of Moore’s Law” will occur, which will affect the clock rate, element accuracy and the number of qubits. This will allow us to estimate the power of quantum computers in the future.\u003c/p\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cblockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"\u003e\n\u003cp\u003e\u003cstrong\u003eA quantum version of Moore’s Law\u003c/strong\u003e\u0026nbsp;\u0026nbsp;is a hypothetical concept that suggests that quantum computers will experience similar increases in performance and power as classical computers do, as shown by Moore’s Law. Moore’s Law states that the number of transistors on a chip doubles every 24 months, leading to\u0026nbsp;\u003ca href=\"https://polynonce.ru/important-steps-in-the-cryptocurrency-industry-towards-quantum-electronics-in-the-era-of-moores-law/\"\u003e\u003cem\u003eincreased computing power\u003c/em\u003e\u0026nbsp;\u003c/a\u003eand decreased cost. In the context of quantum computing, this increase could manifest itself in increases in the number of qubits (quantum bits), processing speed, or other parameters\u0026nbsp;\u003ca href=\"https://hub.forklog.com/kk-vs-blokchejn-chast-ii-kvantovye-ataki-na-bitkoin-i-sposoby-zashhity-ot-nih/\" target=\"_blank\" rel=\"noreferrer noopener\"\u003e\u003csup\u003e2\u0026nbsp;\u003c/sup\u003e\u003c/a\u003e\u003ca href=\"https://polynonce.ru/%D0%BA%D0%B2%D0%B0%D0%BD%D1%82%D0%BE%D0%B2%D1%8B%D0%B5-%D0%B0%D1%82%D0%B0%D0%BA%D0%B8-%D0%BD%D0%B0-%D0%B1%D0%B8%D1%82%D0%BA%D0%BE%D0%B8%D0%BD/\" target=\"_blank\" rel=\"noreferrer noopener\"\u003e\u003csup\u003e4\u003c/sup\u003e\u003c/a\u003e\u0026nbsp;.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter\"\u003e\u003cimg decoding=\"async\" src=\"./Quantum Attacks on Bitcoin_ Assessing Vulnerabilities and Developing Defense Strategies Against Emerging Quantum Computing Threats - CRYPTO DEEP TECH_files/image-27-1024x761.png\" alt=\"Quantum Attacks on Bitcoin: Vulnerability Assessment and Defense Strategies Against New Quantum Computing Threats\" class=\"wp-image-5211\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cp\u003eIt will obviously take time for quantum computers to outperform classical machines at the mining task. Even when they do, no single quantum computer will have overwhelming power. However, even a small advantage in power over other miners could make certain types of attacks profitable, such as those on mining pools that use smart contracts. For example, under certain optimistic assumptions, a group of 20 quantum machines working in parallel could have 0.1% of the total hashing power. This is enough to attack mining pools and reduce their profits by 10% with minimal bribery costs.\u003c/p\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003ch2 class=\"wp-block-heading has-text-align-center\"\u003eAttacks on signatures\u003c/h2\u003e\n\n\n\n\u003cp\u003eBitcoin uses the Elliptic Curve Digital Signature Algorithm (ECDSA), based on the secp256k1 curve, to create signatures. The security of this system relies on the difficulty of the elliptic curve discrete logarithm problem\u0026nbsp;\u003ca href=\"https://cryptodeeptech.ru/discrete-logarithm/\"\u003e(ECDLP)\u003c/a\u003e\u0026nbsp;. Although this problem is classically considered hard, Peter Shor proposed\u0026nbsp;\u003cem\u003e\u003ca href=\"https://polynonce.ru/what-is-elliptic-curve-cryptography-ecc/\"\u003ean efficient quantum algorithm to solve it\u003c/a\u003e\u003c/em\u003e\u0026nbsp;.\u0026nbsp;\u003c/p\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter\"\u003e\u003cimg decoding=\"async\" src=\"./Quantum Attacks on Bitcoin_ Assessing Vulnerabilities and Developing Defense Strategies Against Emerging Quantum Computing Threats - CRYPTO DEEP TECH_files/image-28-1024x506.png\" alt=\"Quantum Attacks on Bitcoin: Vulnerability Assessment and Defense Strategies Against New Quantum Computing Threats\" class=\"wp-image-5212\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cblockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"\u003e\n\u003cp class=\"has-medium-font-size\"\u003e\u003cem\u003eThis means that a sufficiently powerful universal quantum computer could efficiently\u0026nbsp;\u003ca href=\"https://cryptodeeptech.ru/discrete-logarithm/\"\u003ecompute the private key\u003c/a\u003e\u0026nbsp;associated with the public key, making this scheme completely insecure.\u003c/em\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter\"\u003e\u003cimg decoding=\"async\" src=\"./Quantum Attacks on Bitcoin_ Assessing Vulnerabilities and Developing Defense Strategies Against Emerging Quantum Computing Threats - CRYPTO DEEP TECH_files/image-29.png\" alt=\"Quantum Attacks on Bitcoin: Vulnerability Assessment and Defense Strategies Against New Quantum Computing Threats\" class=\"wp-image-5213\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cp\u003e\u003cstrong\u003eThe implications for Bitcoin are:\u003c/strong\u003e\u003c/p\u003e\n\n\n\n\u003col class=\"wp-block-list\"\u003e\n\u003cli\u003e\u003cstrong\u003e(Address Reuse)\u003c/strong\u003e\u0026nbsp;\u0026nbsp;In order to spend Bitcoin from an address, the public key associated with that address must be revealed. Once the public key is revealed in the presence of a quantum computer, the address is no longer secure and should therefore never be reused. While it is a best practice in Bitcoin to always use new addresses, in practice this is not always the case. Any address that contains Bitcoin and for which the public key has been revealed is completely insecure.\u003c/li\u003e\n\n\n\n\u003cli\u003e\u003cstrong\u003e(Processed transactions)\u003c/strong\u003e\u0026nbsp;\u0026nbsp;If a transaction is made from an address that has not spent anything before, and that transaction is placed on the blockchain with a few blocks following it, then that transaction is reasonably secure against quantum attacks. The private key can be derived from the published public key, but since the address has already been spent, this must be combined with bypassing the network hashing to perform a double-spend attack. As we saw in Section III A, even with a quantum computer, a double-spend attack is unlikely if there are many blocks following the transaction.\u003c/li\u003e\n\n\n\n\u003cli\u003e\u003cstrong\u003e(Raw Transactions)\u003c/strong\u003e\u0026nbsp;\u0026nbsp;After a transaction has been broadcast to the network, but before it is placed on the blockchain, it is at risk of a quantum attack. If the secret key can be derived from the broadcast public key before the transaction is placed on the blockchain, an attacker can use that secret key to broadcast a new transaction from the same address to their own address. If the attacker then ensures that this new transaction is placed on the blockchain first, they can effectively steal all the bitcoins behind the original address. We consider point (3) to be the most serious attack. To determine the severity of this attack, it is important to accurately estimate how long it would take a quantum computer to calculate ECDLP, and whether it can be done in a time close to the block interval.\u003c/li\u003e\n\u003c/ol\u003e\n\n\n\n\u003cp\u003eWe consider the attack described in point 3 (attack on raw transactions) to be the most dangerous. To assess its severity, it is important to understand how long it would take a quantum computer to\u0026nbsp;\u003ca href=\"https://cryptodeeptech.ru/discrete-logarithm\"\u003e\u003cem\u003esolve the Elliptic Curve Discrete Logarithm Problem\u003c/em\u003e\u0026nbsp;(ECDLP)\u003c/a\u003e\u0026nbsp;and whether it is possible to do so in a time comparable to the block generation interval in the blockchain. For an n-bit prime field, according to recent research, a quantum computer can solve the ECDLP using 9n + 2\u0026nbsp;\u003cem\u003elog2(n) + 10 logical qubits and (448\u003c/em\u003e\u0026nbsp;log2(n) + 4090)*n^3 Toffoli gates. Bitcoin uses 256-bit signatures (n = 256), so the number of Toffoli gates is 1.28 * 10^11, which can be slightly parallelized to a depth of 1.16 * 10^11. Each Toffoli gate can be implemented using a small circuit of T-gates operating on 7 qubits in parallel (including 4 auxiliary qubits). By analyzing this, one can estimate the resources required for a quantum attack on digital signatures. As in the case of block mining, most of the time is spent on distilling the “magic states” for the logical T-gates. The time to solve ECDLP on a quantum processor is τ = 1.28 * 10^11 * cτ(pg)/s, where cτ depends only on the error rate of the gates (pg) and s is the clock frequency. The number of physical qubits required is nQ = 2334 * cnQ(pg), where the first factor is the number of logical qubits including 4 auxiliary logical qubits, and cnQ is the space cost factor.\u003c/p\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter size-full\"\u003e\u003ca href=\"https://cryptodeeptech.ru/discrete-logarithm/\"\u003e\u003cimg decoding=\"async\" width=\"834\" height=\"401\" src=\"./Quantum Attacks on Bitcoin_ Assessing Vulnerabilities and Developing Defense Strategies Against Emerging Quantum Computing Threats - CRYPTO DEEP TECH_files/image-1(1).png\" alt=\"Quantum Attacks on Bitcoin: Assessing Vulnerabilities and Developing Defense Strategies Against Emerging Quantum Computing Threats\" class=\"wp-image-3238\" srcset=\"https://cryptodeeptech.ru/wp-content/uploads/2025/03/image-1.png 834w, https://cryptodeeptech.ru/wp-content/uploads/2025/03/image-1-300x144.png 300w, https://cryptodeeptech.ru/wp-content/uploads/2025/03/image-1-768x369.png 768w\" sizes=\"(max-width: 834px) 100vw, 834px\"\u003e\u003c/a\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter\"\u003e\u003cimg decoding=\"async\" src=\"./Quantum Attacks on Bitcoin_ Assessing Vulnerabilities and Developing Defense Strategies Against Emerging Quantum Computing Threats - CRYPTO DEEP TECH_files/image-3.png\" alt=\"Quantum Attacks on Bitcoin: Vulnerability Assessment and Defense Strategies Against New Quantum Computing Threats\" class=\"wp-image-5149\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cp\u003eFigure\u0026nbsp;\u003cem\u003e3\u003c/em\u003e\u0026nbsp;shows the performance of a quantum computer for attacks on digital signatures. Using a surface code with a physical gate error rate of pg = 5 * 10^-4, the overhead factors are cτ = 291.7 and cnQ = 735.3. In this case, at a clock rate of 66.6 MHz, the problem will take 6.49 days to solve, using 1.7 * 10^6 physical qubits. If the clock rate is increased to 10 GHz and the error rate is reduced to 10^-5, the signature can be cracked in 30 minutes, using 485550 qubits. The latter scenario makes an attack on raw transactions (point 3) quite possible and seriously threatens the security of the current Bitcoin system. Figure 4 presents an estimate of the time required for a quantum computer to crack the signature scheme as a function of time, based on a certain model.\u003c/p\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cblockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"\u003e\n\u003cp class=\"has-medium-font-size\"\u003e\u003cem\u003eThe biggest threat to Bitcoin from quantum computers is the possibility of unconfirmed transactions being stolen.\u003c/em\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter size-full\"\u003e\u003ca href=\"https://cryptodeeptech.ru/vector76-attack/\"\u003e\u003cimg loading=\"lazy\" decoding=\"async\" width=\"832\" height=\"444\" src=\"./Quantum Attacks on Bitcoin_ Assessing Vulnerabilities and Developing Defense Strategies Against Emerging Quantum Computing Threats - CRYPTO DEEP TECH_files/image-2.png\" alt=\"Quantum Attacks on Bitcoin: Assessing Vulnerabilities and Developing Defense Strategies Against Emerging Quantum Computing Threats\" class=\"wp-image-3239\" srcset=\"https://cryptodeeptech.ru/wp-content/uploads/2025/03/image-2.png 832w, https://cryptodeeptech.ru/wp-content/uploads/2025/03/image-2-300x160.png 300w, https://cryptodeeptech.ru/wp-content/uploads/2025/03/image-2-768x410.png 768w\" sizes=\"auto, (max-width: 832px) 100vw, 832px\"\u003e\u003c/a\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cp\u003eA quantum computer can crack a transaction signature while it is waiting to be written to the blockchain and redirect the money to the attacker’s wallet. Currently, this would require a lot of time and resources, but technological advances could make such an attack possible. To assess the danger, you need to understand\u0026nbsp;\u003ca href=\"https://cryptodeeptech.ru/quantum-attacks-on-bitcoin\"\u003ehow quickly a quantum computer can crack these signatures\u003c/a\u003e\u0026nbsp;. It all depends on the computer’s power and error rate. If a sufficiently powerful and accurate quantum computer were created, it would take only half an hour to crack a signature, making the Bitcoin system very vulnerable.\u003c/p\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter\"\u003e\u003cimg decoding=\"async\" src=\"./Quantum Attacks on Bitcoin_ Assessing Vulnerabilities and Developing Defense Strategies Against Emerging Quantum Computing Threats - CRYPTO DEEP TECH_files/image-4.png\" alt=\"Quantum Attacks on Bitcoin: Vulnerability Assessment and Defense Strategies Against New Quantum Computing Threats\" class=\"wp-image-5150\"\u003e\u003cfigcaption class=\"wp-element-caption\"\u003eFIGURE 4. This graph shows two estimates of the time (in seconds) it would take a quantum computer to crack the signature scheme (red curves) plotted against the next 25 years. We give more and less optimistic estimates (red striped lines). The models are described in detail in Appendix C. According to this estimate, the signature scheme could be cracked in less than 10 minutes (600 seconds, black dotted line) as early as 2027.\u003c/figcaption\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003ch2 class=\"wp-block-heading has-text-align-center\"\u003eFuture improvements to quantum attacks\u003c/h2\u003e\n\n\n\n\u003cp\u003eAttacks on the Bitcoin protocol using known quantum algorithms and error correction schemes. While some estimates of the speed and scaling of quantum computing may seem optimistic, it is important to remember that there are several ways to improve the performance of quantum computers in solving the problems mentioned. First, the error-correcting code considered here is a surface code, which requires significant classical computational overhead for state distillation, error syndrome extraction, and correction. Other codes that provide transverse Clifford and non-Clifford gates can eliminate the need for slow state distillation. In fact, the slowdown due to classical processing for syndrome extraction and correction can be completely eliminated using a dimension-free protocol such as [PSBT10], which in a recent analysis shows error thresholds [CJS16] to be only about 5 times worse than the high-dimensional surface code. This can potentially significantly improve the overall error-correction performance.\u003c/p\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cp\u003eSecond, reducing the number of logic gates in quantum circuits is possible as more efficient advanced quantum computing techniques are developed. For example, using a specific large-scale problem (including oracle implementations) that was analyzed in a previous paper\u0026nbsp;\u003ccode\u003e[SVM+17]\u003c/code\u003e, a direct comparison of specific gate counts obtained with the Quipper software package between an old\u0026nbsp;\u003ccode\u003e[HHL09]\u003c/code\u003eand new\u0026nbsp;\u003ccode\u003e[CKS15]\u003c/code\u003equantum linear system solving algorithm was achieved, showing an improvement of several orders of magnitude.\u003c/p\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter\"\u003e\u003cimg decoding=\"async\" src=\"./Quantum Attacks on Bitcoin_ Assessing Vulnerabilities and Developing Defense Strategies Against Emerging Quantum Computing Threats - CRYPTO DEEP TECH_files/image-31-1024x578.png\" alt=\"Quantum Attacks on Bitcoin: Vulnerability Assessment and Defense Strategies Against New Quantum Computing Threats\" class=\"wp-image-5217\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cp\u003eGiven that Shor’s and Grover’s quantum algorithms have been well studied and carefully optimized, one should not expect such a significant improvement, but some improvement is probably possible. Third, different quantum algorithms can provide relative speedups. A recent paper by Kaliski\u0026nbsp;\u003ccode\u003e[Kal17]\u003c/code\u003epresents a quantum algorithm for\u0026nbsp;\u003cem\u003e\u003ca href=\"https://cryptodeeptech.ru/discrete-logarithm/\"\u003ethe discrete logarithm problem:\u003c/a\u003e\u003c/em\u003e\u0026nbsp;find m given\u0026nbsp;\u003ca href=\"https://cryptodeeptech.ru/discrete-logarithm/\"\u003eb = a^m\u003c/a\u003e\u0026nbsp;, where b is a known target value and a is a known base, using queries to a so-called “magic box” routine that computes the most significant bit of m. By repeating the queries, using carefully chosen powers of the target value, one can compute all the bits of m and solve the problem. Since different bits are solved one by one, the problem can be distributed among several quantum processors. Each processor requires a number of logical qubits comparable to solving the entire problem, but the overall time will be reduced due to parallelism. In addition, the overhead of quantum error correction is likely to be reduced since the phases in the quantum Fourier transform of part of the circuit do not have to be as precise as in Shor’s original algorithm.\u003c/p\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter\"\u003e\u003cimg decoding=\"async\" src=\"./Quantum Attacks on Bitcoin_ Assessing Vulnerabilities and Developing Defense Strategies Against Emerging Quantum Computing Threats - CRYPTO DEEP TECH_files/image-30-1024x612.png\" alt=\"Quantum Attacks on Bitcoin: Vulnerability Assessment and Defense Strategies Against New Quantum Computing Threats\" class=\"wp-image-5216\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cblockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"\u003e\n\u003cp class=\"has-medium-font-size\"\u003e\u003cem\u003eWhile quantum attacks on Bitcoin seem complicated, don’t get too comfortable. There are ways to make quantum computers faster and more efficient at solving these problems.\u003c/em\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cul class=\"wp-block-list\"\u003e\n\u003cli\u003e\u003cstrong\u003eImproved error correction:\u003c/strong\u003e\u0026nbsp;\u0026nbsp;Instead of using complex error correction codes, simpler and faster methods can be used that do not require continuous measurements.\u003c/li\u003e\n\n\n\n\u003cli\u003e\u003cstrong\u003eOptimizing algorithms:\u003c/strong\u003e\u0026nbsp;\u0026nbsp;New quantum computing algorithms are being developed that reduce the number of operations needed to crack a signature. It’s like finding a shorter path to the goal.\u003c/li\u003e\n\n\n\n\u003cli\u003e\u003cstrong\u003eParallelization:\u003c/strong\u003e\u0026nbsp;\u0026nbsp;The hacking task can be divided into parts and distributed among several quantum computers to speed up the process.\u003c/li\u003e\n\u003c/ul\u003e\n\n\n\n\u003cp\u003eSo, even if a quantum attack on Bitcoin now requires huge resources, as technology develops, this threat will become more and more real.\u003c/p\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003ch2 class=\"wp-block-heading has-text-align-center\"\u003eCOUNTERMEASURES: Alternative proofs-of-work\u003c/h2\u003e\n\n\n\n\u003cp\u003eA quantum computer can use Grover’s search to perform Bitcoin’s proof-of-work using quadratically fewer hashes than classically required. In this section, we explore alternative proofs-of-work that may offer a smaller quantum advantage. The main properties we want from proof-of-work are:\u003c/p\u003e\n\n\n\n\u003col class=\"wp-block-list\"\u003e\n\u003cli\u003e\u003cstrong\u003e(Difficulty)\u003c/strong\u003e\u0026nbsp;\u0026nbsp;The difficulty of the task can be adjusted according to the computing power available on the network.\u003c/li\u003e\n\n\n\n\u003cli\u003e\u003cstrong\u003e(Asymmetry)\u003c/strong\u003e\u0026nbsp;\u0026nbsp;It is much easier to verify that a proof-of-work has completed successfully than to perform a proof-of-work.\u003c/li\u003e\n\n\n\n\u003cli\u003e\u003cstrong\u003e(No quantum advantage)\u003c/strong\u003e\u0026nbsp;\u0026nbsp;Proof-of-work cannot be performed significantly faster on a quantum computer than on a classical computer.\u003c/li\u003e\n\u003c/ol\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter\"\u003e\u003cimg decoding=\"async\" src=\"./Quantum Attacks on Bitcoin_ Assessing Vulnerabilities and Developing Defense Strategies Against Emerging Quantum Computing Threats - CRYPTO DEEP TECH_files/image-34.png\" alt=\"Quantum Attacks on Bitcoin: Vulnerability Assessment and Defense Strategies Against New Quantum Computing Threats\" class=\"wp-image-5220\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cp\u003e\u003cstrong\u003ePython script:\u0026nbsp;\u003ca href=\"https://github.com/demining/CryptoDeepTools/blob/main/38QuantumAttacks/QuantumInspiredPoW.py\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eQuantumInspiredPoW.py\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cpre class=\"wp-block-code has-text-color has-link-color wp-elements-a6943f49ad156aae464fc8259396a45d\" style=\"color:#4092c2\"\u003e\u003ccode\u003e\u003cstrong\u003eimport hashlib\nimport random\n\ndef rough_hash_check(nonce, prefix_zeros):\n \"\"\"\n Simulates checking a hash for compliance with difficulty (number of zeros at the beginning).\n \"\"\"\n data = str(nonce).encode('utf-8')\n hash_value = hashlib.sha256(data).hexdigest()\n return hash_value.startswith('0' * prefix_zeros)\n\ndef grover_proof_of_work(difficulty): # difficulty - number of zeros at the start of the hash\n \"\"\"\n Pseudocode demonstrating an attempt to apply Grover's search idea \n (quantum acceleration of search) to find a nonce that meets \n Proof-of-Work requirements. In practice, this will not provide significant \n acceleration on a classical computer.\n \"\"\"\n N = 2**32 # Example: nonce search space (simplified)\n \n iterations = int(N**0.5) # Square root of N - estimate of Grover's iterations\n\n for _ in range(iterations):\n random_nonce = random.randint(0, N - 1) # Random choice of nonce\n if rough_hash_check(random_nonce, difficulty):\n print(f\"Found nonce: {random_nonce}\")\n return random_nonce\n return None # Did not find a suitable nonce\n\n# Example usage (with very low difficulty to find something)\ndifficulty = 2\nnonce = grover_proof_of_work(difficulty)\n\nif nonce:\n print(f\"Nonce satisfying difficulty {difficulty}: {nonce}\")\nelse:\n print(\"Failed to find a nonce within the specified number of iterations.\")\n\n\u003c/strong\u003e\u003c/code\u003e\u003c/pre\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003col class=\"wp-block-list\"\u003e\n\u003cli\u003ebrute force hash check\u0026nbsp;\u003ccode\u003e(nonce, prefix_zeros)\u003c/code\u003e: This function simulates checking whether the nonce hash matches a given difficulty (the number of leading zeros in the hash). In the real Bitcoin network, this is replaced by checking that the block header hash (including the nonce) is less than a target value.\u0026nbsp;\u003ca href=\"https://python-scripts.com/blockchain\"\u003eThis uses\u003c/a\u003e\u0026nbsp;\u003ccode\u003ehashlib.sha256\u003c/code\u003e\u0026nbsp;.\u003c/li\u003e\n\n\n\n\u003cli\u003eGrover search\u0026nbsp;\u003ccode\u003eproof_of_work(difficulty)\u003c/code\u003e: This is the main function that tries to find a nonce that satisfies the PoW requirements.\n\u003cul class=\"wp-block-list\"\u003e\n\u003cli\u003e\u003ccode\u003eN = 2**32\u003c/code\u003e: Represents the nonce search space. In the real Bitcoin network, the search space is much larger.\u003c/li\u003e\n\n\n\n\u003cli\u003e\u003ccode\u003eiterations = int(N**0.5)\u003c/code\u003e: The key idea is inspired by Grover’s algorithm. Grover’s algorithm theoretically allows finding a solution in a search space of size N\u0026nbsp;\u003ccode\u003eO(sqrt(N))\u003c/code\u003eoperations, as opposed to O(N) for exhaustive search. We try to reflect this by performing the square root of N iterations.\u003c/li\u003e\n\n\n\n\u003cli\u003eIn the loop, we randomly select a nonce and check if its hash meets the difficulty requirements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\n\n\n\u003cli\u003eNote that this code\u0026nbsp;\u0026nbsp;\u003cstrong\u003eis not a real implementation of Grover’s algorithm\u003c/strong\u003e\u0026nbsp;\u0026nbsp;and will not give any speedup on a classical computer. It simply demonstrates the concept of using\u0026nbsp;\u003ccode\u003esqrt(N)\u003c/code\u003eiterations.\u003c/li\u003e\n\u003c/ol\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter\"\u003e\u003cimg decoding=\"async\" src=\"./Quantum Attacks on Bitcoin_ Assessing Vulnerabilities and Developing Defense Strategies Against Emerging Quantum Computing Threats - CRYPTO DEEP TECH_files/image-35-1024x669.png\" alt=\"Quantum Attacks on Bitcoin: Vulnerability Assessment and Defense Strategies Against New Quantum Computing Threats\" class=\"wp-image-5222\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cp\u003eBitcoin’s proof-of-work satisfies (1) and (2), but we would like to find an alternative proof-of-work that does (3) better. Similar considerations have been explored by authors trying to find proofs-of-work that, instead of (3), look for proofs-of-work that cannot be accelerated by ASICs. An approach to this is to consider memory-intensive proofs-of-work. Several interesting candidates have been proposed, such as\u0026nbsp;\u003ca href=\"https://keyhunters.ru/quantum-resistance-and-momentum-algorithm/\"\u003eMomentum\u003c/a\u003e\u0026nbsp;[Lar14], which is based on finding collisions in a hash function, Cuckoo Cycle [Tro15], which is based on finding constant-size subgraphs in a random graph, and Equihash [BK17], which is based on the generalized birthday problem. These are also good candidates for a more quantum-resistant proof-of-work. All of these schemes are based on hashcash-style proof-of-work and use the following template. Let be\u0026nbsp;\u003ccode\u003eh1 : {0, 1} ∗ → {0, 1} n\u003c/code\u003ea cryptographically secure hash function and H = h1(header) be the hash of the block header. The goal is to find a nonce x such that\u0026nbsp;\u003ccode\u003eh1(H k x) ≤ t и P(H, x)\u003c/code\u003efor some predicate P.\u003c/p\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter\"\u003e\u003cimg decoding=\"async\" src=\"./Quantum Attacks on Bitcoin_ Assessing Vulnerabilities and Developing Defense Strategies Against Emerging Quantum Computing Threats - CRYPTO DEEP TECH_files/image-36-1024x595.png\" alt=\"Quantum Attacks on Bitcoin: Vulnerability Assessment and Defense Strategies Against New Quantum Computing Threats\" class=\"wp-image-5226\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cp\u003eThe fact that the header and nonce must satisfy the predicate P means that the best algorithm will no longer simply iterate over nonce x. Having proof-of-work in this form also ensures that the parameter t can still be chosen to vary the difficulty. We next analyze this pattern for proof-of-work Momentum, as this can be related to known quantum lower bounds. For proof-of-work Momentum, let h2 : {0, 1} ∗ → {0, 1} be another hash function with n ≤ . In the original Momentum proposal, h1 could be taken to be SHA-256 and h2 to be a memory-intensive hash function, but this is less important for our discussion. The proof-of-work is to find H, a, b such that h1(H kakb) ≤ t and h2(H ka) = h2(H kb) and a, b ≤ 2 `. (1)Let us first examine the running time for solving this proof-of-work, assuming that the hash functions h1, h2 can be evaluated in unit time. Taking a subset S ⊂ {0, 1} and evaluating h2(H ka) for all a ∈ S, we expect to find about |S| 2/2 many collisions. Note that, using an appropriate data structure, these collisions can be found in about |S| time. One algorithm then is as follows. For each H, we evaluate h2 on the subset S and find about |S| 2/2 many pairs a, b such that h2(H ka) = h2(H kb).\u003c/p\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter size-full\"\u003e\u003ca href=\"https://cryptodeeptech.ru/rowhammer-attack/\"\u003e\u003cimg loading=\"lazy\" decoding=\"async\" width=\"833\" height=\"409\" src=\"./Quantum Attacks on Bitcoin_ Assessing Vulnerabilities and Developing Defense Strategies Against Emerging Quantum Computing Threats - CRYPTO DEEP TECH_files/image-3(1).png\" alt=\"Quantum Attacks on Bitcoin: Assessing Vulnerabilities and Developing Defense Strategies Against Emerging Quantum Computing Threats\" class=\"wp-image-3240\" srcset=\"https://cryptodeeptech.ru/wp-content/uploads/2025/03/image-3.png 833w, https://cryptodeeptech.ru/wp-content/uploads/2025/03/image-3-300x147.png 300w, https://cryptodeeptech.ru/wp-content/uploads/2025/03/image-3-768x377.png 768w\" sizes=\"auto, (max-width: 833px) 100vw, 833px\"\u003e\u003c/a\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cp\u003eFor each collision, we then test h1(H kakb) ≤ t. In anticipation, we will have to perform this second test 2n/t many times. So the number of H’s we will have to try is about m = max{1, 2 n+ t|S| 2 }, since we must try at least one H. Since we spend |S| time for each H, the total running time is m|S|. We see that it is smallest when |S| = q 2 n+ t , that is, when m = 1 and we just try one H. This optimal running time is then T = q 2 n+ t , and to achieve it we must use memory equal to the running time, which can be prohibitively expensive. For some smaller memory |S| \u0026lt; q 2 n+ t the running time will be 2 n++1 t|S| . Now let’s look at the running time on a quantum computer. On a quantum computer, we can do the following. We call H good if there exist a, b ∈ S such that h1(H kakb) ≤ t and h2(H ka) = h2(H kb). Checking whether H is good requires finding a collision and hence requires at least |S| 2/3 time according to the quantum lower bound of queries of Aaronson and Shi [AS04].\u003c/p\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter\"\u003e\u003cimg decoding=\"async\" src=\"./Quantum Attacks on Bitcoin_ Assessing Vulnerabilities and Developing Defense Strategies Against Emerging Quantum Computing Threats - CRYPTO DEEP TECH_files/image-37-1024x583.png\" alt=\"Quantum Attacks on Bitcoin: Vulnerability Assessment and Defense Strategies Against New Quantum Computing Threats\" class=\"wp-image-5227\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cp\u003e\u003cem\u003eNote\u003c/em\u003e\u0026nbsp;that this lower bound is tight, since finding such a collision can also be done in about |S| 2/3 time using the Ambainis Element Dissimilarity Algorithm [Amb07]. We argued above that finding at least one good H requires a set of size m = max{1, 2 n+ t|S| }. From Grover’s search optimality [BBBV97], we know that we must perform at least √ m many tests to find a good H. Since checking whether H is good takes |S| 2/3 time, the total running time is at least √ m|S| 2/3 . Since the classical running time is m|S|, we see that, unlike the current proof-of-work in Bitcoin, with this proposal a quantum computer will not be able to achieve a quadratic advantage once S becomes larger than a constant size. In particular, since √ m|S| 2/3 is also minimized when S = q 2 n+ t , the execution time of even the fastest quantum algorithm is at least T 2/3 , which is significantly larger than T 1/2 .\u003c/p\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cblockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"\u003e\n\u003cp class=\"has-medium-font-size\"\u003e\u003cem\u003e\u003ca href=\"https://cryptodeeptech.ru/quantum-attacks-on-bitcoin\"\u003eQuantum computers\u003c/a\u003e\u0026nbsp;can solve Bitcoin’s current proof-of-work problem faster. Therefore, alternative ways of securing the blockchain that will be more resistant to quantum attacks are being sought. One approach is to use proof-of-work, which requires large amounts of memory.\u003c/em\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cp\u003eExamples:\u0026nbsp;\u003ca href=\"https://cryptodeeptech.ru/publication\"\u003eMomentum, Cuckoo Cycle, Equihash\u003c/a\u003e\u0026nbsp;. These methods make the task more difficult for quantum computers. The basic idea is to find a number (nonce) that satisfies certain conditions. These conditions are related to finding collisions in hash functions. The\u0026nbsp;\u003ca href=\"https://keyhunters.ru/quantum-resistance-and-momentum-algorithm\"\u003eMomentum\u003c/a\u003e\u0026nbsp;algorithm , for example, requires finding two different values ​​that give the same result when hashed. Unlike the current proof-of-work in Bitcoin, with such alternative approaches, a quantum computer does not gain a big advantage. The time required to solve the problem increases, making the attack less profitable.\u003c/p\u003e\n\n\n\n\u003cp\u003eFinding collisions in hash functions, especially in the context of the Momentum algorithm (as described in theoretical papers on quantum stability of PoW), usually comes down to the following:\u003c/p\u003e\n\n\n\n\u003col class=\"wp-block-list\"\u003e\n\u003cli\u003e\u003cstrong\u003eDefining hash functions:\u003c/strong\u003e\u0026nbsp;\u0026nbsp;It is necessary to define the hash functions in which collisions are to be found (h1 and h2 in the context of Momentum PoW). In real systems, this could be SHA256 or other cryptographic hash functions.\u003c/li\u003e\n\n\n\n\u003cli\u003e\u003cstrong\u003eImplementation of collision detection:\u003c/strong\u003e\u0026nbsp;\u0026nbsp;Various methods can be used to detect collisions, from simple (brute-force) to more complex (e.g.\u0026nbsp;\u003ca href=\"https://keyhunters.ru/steps-in-a-birthday-attack-on-bitcoin\"\u003ebirthday attack\u003c/a\u003e\u0026nbsp;).\u003c/li\u003e\n\u003c/ol\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter\"\u003e\u003cimg decoding=\"async\" src=\"./Quantum Attacks on Bitcoin_ Assessing Vulnerabilities and Developing Defense Strategies Against Emerging Quantum Computing Threats - CRYPTO DEEP TECH_files/image-38.png\" alt=\"Quantum Attacks on Bitcoin: Vulnerability Assessment and Defense Strategies Against New Quantum Computing Threats\" class=\"wp-image-5228\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cp class=\"has-medium-font-size\"\u003eHere is an example Python script demonstrating brute-force collision detection for a simplified hash function (\u0026nbsp;\u0026nbsp;\u003cstrong\u003einsecure\u003c/strong\u003e\u0026nbsp;for demonstration purposes ):\u003c/p\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cp\u003e\u003cstrong\u003ePython script:\u0026nbsp;\u003ca href=\"https://github.com/demining/CryptoDeepTools/blob/main/38QuantumAttacks/CollisionHunter.py\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eCollisionHunter.py\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cpre class=\"wp-block-code has-text-color has-link-color wp-elements-460cf49ce80c6a22dd14e4c8aa89db70\" style=\"color:#4092c2\"\u003e\u003ccode\u003e\u003cstrong\u003eimport hashlib\nimport random\n\ndef simple_hash(data, modulus):\n \"\"\"\n Simplified hash function for demonstration.\n DO NOT USE IN PRODUCTION.\n \"\"\"\n data_bytes = str(data).encode('utf-8') # Convert to bytes\n hash_value = int(hashlib.sha256(data_bytes).hexdigest(), 16) % modulus\n return hash_value\n\ndef find_collision(hash_function, modulus, max_attempts=100000):\n \"\"\"\n Finds a collision for a given hash function and modulus.\n \"\"\"\n seen_hashes = {}\n for i in range(max_attempts):\n data = random.randint(0, modulus * 10) # Generate random data\n hash_value = hash_function(data, modulus)\n\n if hash_value in seen_hashes:\n data1 = seen_hashes[hash_value]\n data2 = data\n print(f\"Collision found: data1={data1}, data2={data2}, hash={hash_value}\")\n return data1, data2, hash_value\n else:\n seen_hashes[hash_value] = data\n\n print(\"No collision found within the specified number of attempts.\")\n return None\n\n# Example usage\nmodulus = 256 # Size of the hash table (for example)\ncollision = find_collision(simple_hash, modulus)\n\nif collision:\n data1, data2, hash_value = collision\n print(f\"Data 1: {data1}, Data 2: {data2}, Hash: {hash_value}\")\n\u003c/strong\u003e\u003c/code\u003e\u003c/pre\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cp\u003e\u003cstrong\u003eWhat this script does:\u003c/strong\u003e\u003c/p\u003e\n\n\n\n\u003col class=\"wp-block-list\"\u003e\n\u003cli\u003e\u003ccode\u003esimple_hash(data, modulus)\u003c/code\u003e: A simplified hash function. It takes the SHA256 of the data, converts the hash to an integer, and takes the remainder when divided by\u0026nbsp;\u0026nbsp;\u003ccode\u003emodulus\u003c/code\u003e.\u0026nbsp;\u0026nbsp;\u003cstrong\u003eImportant:\u003c/strong\u003e\u0026nbsp;\u0026nbsp;This hash function is for demonstration purposes only. It is not cryptographically secure. Do not use it in real applications.\u003c/li\u003e\n\n\n\n\u003cli\u003e\u003ccode\u003efind_collision(hash_function, modulus, max_attempts=100000)\u003c/code\u003e: This function tries to find a collision for a given hash function. It generates random data, calculates its hash and stores it in a dictionary\u0026nbsp;\u0026nbsp;\u003ccode\u003eseen_hashes\u003c/code\u003e. If the generated hash is already in the dictionary, then we have found a collision.\u003c/li\u003e\n\n\n\n\u003cli\u003eIn the usage example, we set the hash table size (\u0026nbsp;\u003ccode\u003emodulus\u003c/code\u003e) to 256 and run a collision search.\u003c/li\u003e\n\n\n\n\u003cli\u003eThis code looks for collisions “head-on”, that is, it simply iterates through random values ​​and checks whether such a hash has already existed. This method only works for very simple hash functions with a small output range.\u003c/li\u003e\n\u003c/ol\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cp\u003e\u003cstrong\u003eKey points and warnings:\u003c/strong\u003e\u003c/p\u003e\n\n\n\n\u003cul class=\"wp-block-list\"\u003e\n\u003cli\u003e\u003cstrong\u003eInsecurity\u0026nbsp;\u0026nbsp;\u003ccode\u003esimple_hash\u003c/code\u003e:\u003c/strong\u003e\u0026nbsp;\u0026nbsp;The hash function\u0026nbsp;\u0026nbsp;\u003ccode\u003esimple_hash\u003c/code\u003e\u0026nbsp;is extremely vulnerable to attacks and is not suitable for real cryptographic tasks. It is used only to demonstrate the principle of finding collisions.\u003c/li\u003e\n\n\n\n\u003cli\u003e\u003cstrong\u003eCollision Finding Difficulty:\u003c/strong\u003e\u0026nbsp;\u0026nbsp;Finding collisions for cryptographically strong hash functions such as SHA256 is an extremely difficult task. A brute-force search is impossible due to the huge size of the hash function output space.\u003c/li\u003e\n\n\n\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://keyhunters.ru/steps-in-a-birthday-attack-on-bitcoin\"\u003eBirthday attack:\u003c/a\u003e\u003c/strong\u003e\u0026nbsp;\u0026nbsp;A more efficient method for finding collisions (compared to a complete search) is the birthday attack. This method is based on the birthday paradox and allows finding a collision in approximately\u0026nbsp;\u003ccode\u003esqrt(N)\u003c/code\u003e\u0026nbsp;operations, where\u0026nbsp;\u003ccode\u003eN\u003c/code\u003e\u0026nbsp;is the size of the output space of the hash function. However, even for the birthday attack, huge computing resources are required for SHA256.\u003c/li\u003e\n\n\n\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://keyhunters.ru/quantum-resistance-and-momentum-algorithm\"\u003eMomentum Algorithm\u003c/a\u003e\u0026nbsp;:\u003c/strong\u003e\u0026nbsp;\u0026nbsp;Implementing the Momentum algorithm would require also implementing h2 and the validation logic\u0026nbsp;\u003ccode\u003eh1(H k a k b) ≤ t\u003c/code\u003e.\u003c/li\u003e\n\n\n\n\u003cli\u003e\u003cstrong\u003eResources to learn:\u003c/strong\u003e\u0026nbsp;\u0026nbsp;Check out ”\u0026nbsp;\u003ca href=\"https://javarush.com/quests/lectures/ru.javarush.python.core.lecture.level16.lecture06\"\u003eCollision Problems and Solutions\u003c/a\u003e\u0026nbsp;“, ” Hash Tables in Python: How They Work and Why You Need Them “, ”\u0026nbsp;\u003ca href=\"https://keyhunters.ru/list-with-hash-collisions/\"\u003eList with Hash Collisions\u003c/a\u003e\u0026nbsp;“, and more to gain a deeper understanding of the problem.\u003c/li\u003e\n\u003c/ul\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cp class=\"has-medium-font-size\"\u003eThis example serves as a starting point. For more complex scenarios (e.g. birthday attack or integration with Momentum)\u0026nbsp;\u003c/p\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter size-full\"\u003e\u003ca href=\"https://cryptodeeptech.ru/signature-malleability/\"\u003e\u003cimg loading=\"lazy\" decoding=\"async\" width=\"832\" height=\"416\" src=\"./Quantum Attacks on Bitcoin_ Assessing Vulnerabilities and Developing Defense Strategies Against Emerging Quantum Computing Threats - CRYPTO DEEP TECH_files/image-4(1).png\" alt=\"Quantum Attacks on Bitcoin: Assessing Vulnerabilities and Developing Defense Strategies Against Emerging Quantum Computing Threats\" class=\"wp-image-3241\" srcset=\"https://cryptodeeptech.ru/wp-content/uploads/2025/03/image-4.png 832w, https://cryptodeeptech.ru/wp-content/uploads/2025/03/image-4-300x150.png 300w, https://cryptodeeptech.ru/wp-content/uploads/2025/03/image-4-768x384.png 768w\" sizes=\"auto, (max-width: 832px) 100vw, 832px\"\u003e\u003c/a\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003ch2 class=\"wp-block-heading has-text-align-center\"\u003e\u003ca href=\"https://cryptodeeptech.ru/quantum-attacks-on-bitcoin\"\u003ePost-quantum signature schemes\u003c/a\u003e\u003c/h2\u003e\n\n\n\n\u003cp\u003eNumerous public-key digital signature schemes have been proposed in the literature that are supposedly resistant to quantum computers. Examples include hashing-based schemes (LMS, XMSS, SPHINCS, NSW), code-based schemes (CFS, QUARTZ), multivariate polynomial-based schemes (RAINBOW), and lattice-based schemes (GPV, LYU, BLISS, DILITHIUM, NTRU). Each of these cryptosystems has varying degrees of efficiency. A comparison of signature and key sizes is presented in Table II (in the original text). In the context of blockchain, the most important parameters of a signature scheme are the length of the signature and the public key, since they must be stored somewhere to fully verify transactions, and the signature verification time.\u003c/p\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter\"\u003e\u003cimg decoding=\"async\" src=\"./Quantum Attacks on Bitcoin_ Assessing Vulnerabilities and Developing Defense Strategies Against Emerging Quantum Computing Threats - CRYPTO DEEP TECH_files/image-5-1024x410.png\" alt=\"Quantum Attacks on Bitcoin: Vulnerability Assessment and Defense Strategies Against New Quantum Computing Threats\" class=\"wp-image-5153\"\u003e\u003cfigcaption class=\"wp-element-caption\"\u003eAccording to Table II, in terms of the sum of the signature and public key lengths, the only reasonable options are hashing and lattice-based schemes.\u003c/figcaption\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cp\u003eHash-based schemes like XMSS have the advantage of being provably secure, at least if the chosen hash function behaves like a random oracle. A common quantum attack on these schemes is to use Grover’s algorithm, which means their quantum security is half their classical security.\u003c/p\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter\"\u003e\u003cimg decoding=\"async\" src=\"./Quantum Attacks on Bitcoin_ Assessing Vulnerabilities and Developing Defense Strategies Against Emerging Quantum Computing Threats - CRYPTO DEEP TECH_files/image-15-1024x588.png\" alt=\"Quantum Attacks on Bitcoin: Vulnerability Assessment and Defense Strategies Against New Quantum Computing Threats\" class=\"wp-image-5194\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cblockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"\u003e\n\u003cp class=\"has-medium-font-size\"\u003e\u003cem\u003eIn contrast, the best known quantum attack on DILITHIUM at 138-bit classical security level requires 2^125 time. Thus, for the same quantum security level, lattice-based schemes have some advantage in signature length plus public key.\u003c/em\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter\"\u003e\u003cimg decoding=\"async\" src=\"./Quantum Attacks on Bitcoin_ Assessing Vulnerabilities and Developing Defense Strategies Against Emerging Quantum Computing Threats - CRYPTO DEEP TECH_files/image-16-1024x335.png\" alt=\"Quantum Attacks on Bitcoin: Vulnerability Assessment and Defense Strategies Against New Quantum Computing Threats\" class=\"wp-image-5196\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003cp\u003eAlthough the lattice-based BLISS scheme has the smallest sum of signature and public key lengths of all the schemes in Table II, there are several reasons not to choose BLISS in practice. The security of BLISS is based on the difficulty of the NTRU problem and the assumption that solving this problem is equivalent to finding a short vector in the so-called NTRU lattice. It has recently been shown that this assumption may be too optimistic, at least for large parameters. Moreover, there is a history of attacks on previous NTRU-based signature schemes. Perhaps most importantly, BLISS is difficult to implement securely because it is highly susceptible to side-channel attacks. The production BLISS implementation strongSwan was attacked in this way by Pessl et al., who showed that the signature key can be recovered after observing approximately 6000 signature generations.\u003c/p\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter size-full\"\u003e\u003ca href=\"https://cryptodeeptech.ru/lattice-attack-249bits/\"\u003e\u003cimg loading=\"lazy\" decoding=\"async\" width=\"837\" height=\"407\" src=\"./Quantum Attacks on Bitcoin_ Assessing Vulnerabilities and Developing Defense Strategies Against Emerging Quantum Computing Threats - CRYPTO DEEP TECH_files/image-5.png\" alt=\"Quantum Attacks on Bitcoin: Assessing Vulnerabilities and Developing Defense Strategies Against Emerging Quantum Computing Threats\" class=\"wp-image-3242\" srcset=\"https://cryptodeeptech.ru/wp-content/uploads/2025/03/image-5.png 837w, https://cryptodeeptech.ru/wp-content/uploads/2025/03/image-5-300x146.png 300w, https://cryptodeeptech.ru/wp-content/uploads/2025/03/image-5-768x373.png 768w\" sizes=\"auto, (max-width: 837px) 100vw, 837px\"\u003e\u003c/a\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cblockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"\u003e\n\u003cp class=\"has-medium-font-size\"\u003e\u003cem\u003eWhen it comes to protecting against quantum computers, there are many different ways to encrypt data. The most popular methods include using hash functions and mathematical lattices.\u003c/em\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cul class=\"wp-block-list\"\u003e\n\u003cli\u003e\u003cstrong\u003eHash functions:\u003c/strong\u003e\u0026nbsp;\u0026nbsp;This method is good because it can be proven secure, but quantum computers can speed up the cracking of this cipher a little.\u003c/li\u003e\n\n\n\n\u003cli\u003e\u003cstrong\u003eLattice:\u003c/strong\u003e\u0026nbsp;\u0026nbsp;This method looks more promising in terms of protection against quantum computers, but it has its drawbacks. For example, the lattice-based BLISS algorithm is very vulnerable to attacks that use information about the computer’s operation (such as power consumption) to steal the key.\u003c/li\u003e\n\u003c/ul\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cfigure class=\"wp-block-image\"\u003e\u003cimg decoding=\"async\" src=\"./Quantum Attacks on Bitcoin_ Assessing Vulnerabilities and Developing Defense Strategies Against Emerging Quantum Computing Threats - CRYPTO DEEP TECH_files/image-6-1024x595.png\" alt=\"Quantum Attacks on Bitcoin: Vulnerability Assessment and Defense Strategies Against New Quantum Computing Threats\" class=\"wp-image-5154\"\u003e\u003cfigcaption class=\"wp-element-caption\"\u003eTABLE III. Algorithms for computing space and time resources for quantum attacks. Input\u003cbr\u003epg, the error rate of the physical gate; nC, the total number of Clifford gates in the logic circuit; nT, the total number of T gates in the logic circuit; and nL, the number of logical qubits. Output\u003cbr\u003eτ, the time cost in cycles; and nQ = Qcircuit + Qfactory, the number of\u003cbr\u003ephysical qubits used for the computation, including state distillation.\u003c/figcaption\u003e\u003c/figure\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003ch2 class=\"wp-block-heading has-text-align-center\"\u003eEstimating the Error Correction Overhead in a Quantum Attack\u003c/h2\u003e\n\n\n\n\u003cp\u003eHow are quantum error correction overhead factors calculated to obtain resource cost estimates for\u0026nbsp;\u003ca href=\"https://cryptodeeptech.ru/publication\"\u003equantum attacks\u003c/a\u003e\u0026nbsp;on blockchains and digital signatures? The method is based on the analysis in [FMMC12, MDMG+16]. First, nT and nC are determined, which are the numbers of T-gates and Clifford gates required in the algorithm. The pseudocode for calculating the overhead is presented in Table III (in the original text).\u003c/p\u003e\n\n\n\n\u003cul class=\"wp-block-list\"\u003e\n\u003cli\u003eFor an attack on a blockchain with nL = 2402 qubits, these values ​​are nT = 297784 × π^2 / (14√(10) · D), nC = 29.4 × nT.\u003c/li\u003e\n\n\n\n\u003cli\u003eFor a digital signature attack with nL = 2334 qubits, the values ​​are nT = 1.28 × 10^11, nC = 20 × nT.\u003c/li\u003e\n\u003c/ul\u003e\n\n\n\n\u003cp\u003eLooking ahead a few years, we can assume plausible improvements in quantum computer technology. Assuming a quantum error correction code that supports Clifford and non-Clifford transversal gates, so there is no distillation slowdown, and that this is done without measurement, so no classical error syndrome handling is required, then the number of cycles required for one oracle call is determined solely by the circuit depth, which is 2142094. This is based on the total circuit depth, calculated as follows. The oracle makes two calls to the SHA256 hash function, and it does this twice: once to compute it and once to undo it. Each hash has a reversible circuit depth of 528768. Similarly, two multi-gate phase gates are used, one for mean inversion and one for function call, each of which has a circuit depth of 13511, for a total depth of 4 × 528768 + 2 × 13511 = 2142094 (these numbers are taken from [SFL+13] but can be further optimized). Then, accepting the potential overhead in space and number of physical qubits, but assuming no time overhead for error correction or distillation of non-Clifford gates, this implies an improved effective hash rate of hQC = 0.04 × s / √D, which is substantially faster. For superconducting circuits, ultrafast geometric phase gates are possible at ∼50 GHz, which is mainly limited by the microwave cavity frequency [RBW+12]. Using the above very optimistic assumptions, at difficulty D = 10^12 the effective hash rate is hQC = 2.0 × 10^3 TH/s.\u003c/p\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter\"\u003e\u003cimg decoding=\"async\" src=\"./Quantum Attacks on Bitcoin_ Assessing Vulnerabilities and Developing Defense Strategies Against Emerging Quantum Computing Threats - CRYPTO DEEP TECH_files/image-21-1024x473.png\" alt=\"Quantum Attacks on Bitcoin: Vulnerability Assessment and Defense Strategies Against New Quantum Computing Threats\" class=\"wp-image-5204\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cblockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"\u003e\n\u003cp class=\"has-medium-font-size\"\u003e\u003cem\u003eTo estimate how much resources are needed for a quantum attack on a blockchain or digital signatures, many factors need to be taken into account, including the number of certain quantum operations (T-gates and Clifford gates) and the error correction methods in a quantum computer. Assuming that quantum computers become better in the future and can quickly and efficiently correct errors, the speed of hacking (hash rate) could increase significantly.\u003c/em\u003e\u003c/p\u003e\n\n\n\n\u003cp\u003eIt is important to understand that these scripts are intended to\u0026nbsp;\u0026nbsp;\u003cstrong\u003esimulate\u003c/strong\u003e\u0026nbsp;\u0026nbsp;quantum computing on a classical computer, since running on a real quantum computer requires specialized hardware and access to it.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter\"\u003e\u003cimg decoding=\"async\" src=\"./Quantum Attacks on Bitcoin_ Assessing Vulnerabilities and Developing Defense Strategies Against Emerging Quantum Computing Threats - CRYPTO DEEP TECH_files/image-19-1024x347.png\" alt=\"Quantum Attacks on Bitcoin: Vulnerability Assessment and Defense Strategies Against New Quantum Computing Threats\" class=\"wp-image-5201\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003cblockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"\u003e\n\u003cp class=\"has-medium-font-size\"\u003e\u003cstrong\u003eExample 1: Qiskit (IBM)\u003c/strong\u003e\u0026nbsp;Qiskit is one of the most popular libraries for quantum programming in Python\u003csup\u003e\u0026nbsp;\u003ca href=\"https://habr.com/ru/companies/yandex/articles/510054/\" target=\"_blank\" rel=\"noreferrer noopener\"\u003e2\u0026nbsp;\u003c/a\u003e\u003ca href=\"https://vc.ru/dev/88875-ispolzovanie-kvantovyh-ventilei-v-biblioteke-qiskit-na-python-chast-pervaya\" target=\"_blank\" rel=\"noreferrer noopener\"\u003e3\u0026nbsp;\u003c/a\u003e\u003ca href=\"https://sky.pro/media/kak-ispolzovat-python-dlya-raboty-s-kvantovymi-kompyuterami/\" target=\"_blank\" rel=\"noreferrer noopener\"\u003e7\u003c/a\u003e\u003c/sup\u003e\u0026nbsp;. It provides tools for creating, simulating, and executing quantum circuits.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cp\u003e\u003cstrong\u003ePython script:\u0026nbsp;\u003ca href=\"https://github.com/demining/CryptoDeepTools/blob/main/38QuantumAttacks/QuBitWizard.py\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eQuBitWizard.py\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cpre class=\"wp-block-code has-text-color has-link-color wp-elements-f7f7757716b43f96a1bee4329b016d7d\" style=\"color:#4092c2\"\u003e\u003ccode\u003e\u003cstrong\u003efrom qiskit import QuantumCircuit, transpile\nfrom qiskit.quantum_info import Statevector\nfrom qiskit.visualization import plot_histogram\n\n# Create a quantum circuit with 2 qubits and 2 classical bits\ncircuit = QuantumCircuit(2, 2)\n\n# Apply the Hadamard gate (H, Clifford) to the first qubit\ncircuit.h(0)\n\n# Apply the CNOT gate (Clifford) with control qubit 0 and target qubit 1\ncircuit.cx(0, 1)\n\n# Add a T-gate (non-Clifford) to qubit 0\ncircuit.t(0)\n\n# Measure the qubits and store results in classical bits\ncircuit.measure([0, 1], [0, 1])\n\n# Simulate the circuit\nsimulator = Aer.get_backend('qasm_simulator') # Use Aer for simulation\ncompiled_circuit = transpile(circuit, simulator) # Transpile the circuit \njob = simulator.run(compiled_circuit, shots=1000) # Run simulation for 1000 times \nresult = job.result() # Get results \ncounts = result.get_counts(circuit) # Get measurement statistics\n\nprint(counts) # Print results \nplot_histogram(counts) # Display histogram of results (requires matplotlib)\n\u003ccode\u003e\n\u003c/code\u003e\u003c/strong\u003e\u003c/code\u003e\u003c/pre\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cblockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"\u003e\n\u003cp\u003e\u003cstrong\u003eIn this example:\u003c/strong\u003e\u003c/p\u003e\n\n\n\n\u003cul class=\"wp-block-list\"\u003e\n\u003cli\u003e\u003ccode\u003eQuantumCircuit(2, 2)\u003c/code\u003e: Creates a quantum circuit with 2 qubits and 2 classical bits to store measurement results.\u003c/li\u003e\n\n\n\n\u003cli\u003e\u003ccode\u003ecircuit.h(0)\u003c/code\u003e: Applies the Hadamard gate (H) to qubit 0. The Hadamard gate creates a superposition, putting the qubit in the state (|0⟩ + |1⟩)/√2\u0026nbsp;\u003ca href=\"https://tproger.ru/articles/kvantovye-yazyki-programmirovaniya\" target=\"_blank\" rel=\"noreferrer noopener\"\u003e\u003csup\u003e1\u003c/sup\u003e\u003c/a\u003e\u0026nbsp;. H is a Clifford gate.\u003c/li\u003e\n\n\n\n\u003cli\u003e\u003ccode\u003ecircuit.cx(0, 1)\u003c/code\u003e: Uses a CNOT (Controlled-NOT) gate with control qubit 0 and target qubit 1. CNOT is a Clifford gate.\u003c/li\u003e\n\n\n\n\u003cli\u003e\u003ccode\u003ecircuit.t(0)\u003c/code\u003e: Applies the T-gate to qubit 0. The T-gate is a non-Clifford gate and plays an important role in universal quantum computation.\u003c/li\u003e\n\n\n\n\u003cli\u003e\u003ccode\u003ecircuit.measure([0, 1], [0, 1])\u003c/code\u003e: Measures the state of qubits 0 and 1 and stores the results in classical bits 0 and 1 respectively.\u003c/li\u003e\n\n\n\n\u003cli\u003e\u003ccode\u003eAer.get_backend('qasm_simulator')\u003c/code\u003e: Gets the QASM (Quantum Assembly Language) simulator from Aer (Quantum’s framework for simulating quantum computing).\u003c/li\u003e\n\n\n\n\u003cli\u003e\u003ccode\u003etranspile(circuit, simulator)\u003c/code\u003e: Optimizes a quantum circuit for a given simulator.\u003c/li\u003e\n\n\n\n\u003cli\u003e\u003ccode\u003esimulator.run(compiled_circuit, shots=1000)\u003c/code\u003e: Runs the simulation 1000 times (shots).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter\"\u003e\u003cimg decoding=\"async\" src=\"./Quantum Attacks on Bitcoin_ Assessing Vulnerabilities and Developing Defense Strategies Against Emerging Quantum Computing Threats - CRYPTO DEEP TECH_files/image-18-1024x380.png\" alt=\"Quantum Attacks on Bitcoin: Vulnerability Assessment and Defense Strategies Against New Quantum Computing Threats\" class=\"wp-image-5200\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cblockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"\u003e\n\u003cp class=\"has-medium-font-size\"\u003e\u003cstrong\u003eExample 2:\u0026nbsp;\u003c/strong\u003e\u003ca href=\"https://polynonce.ru/pip-install-pyquil/\"\u003e\u003cstrong\u003epyQuil (Rigetti)\u003c/strong\u003e\u0026nbsp;pyQuil\u003c/a\u003e\u0026nbsp;is a library from Rigetti Computing focused\u0026nbsp;\u003ca href=\"https://polynonce.ru/how-quantum-programming-languages-work/\"\u003eon superconducting quantum computers.\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cp\u003e\u003cstrong\u003ePython script:\u0026nbsp;\u003ca href=\"https://github.com/demining/CryptoDeepTools/blob/main/38QuantumAttacks/WaveMaster.py\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eWaveMaster.py\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cpre class=\"wp-block-code has-text-color has-link-color wp-elements-b4604e3f1fd41580421b53a71ef27a15\" style=\"color:#4092c2\"\u003e\u003ccode\u003e\u003cstrong\u003efrom pyquil import Program\nfrom pyquil.gates import H, CNOT, T\nfrom pyquil.api import WavefunctionSimulator\n\n# Create a quantum program\nprogram = Program()\n\n# Apply the Hadamard gate to qubit 0\nprogram += H(0)\n\n# Apply CNOT with control qubit 0 and target qubit 1\nprogram += CNOT(0, 1)\n\n# Apply the T gate to qubit 0\nprogram += T(0)\n\n# Create a simulator\nsimulator = WavefunctionSimulator()\n\n# Simulate the program and get the wave function\nwavefunction = simulator.simulate(program)\n\n# Print the wave function\nprint(wavefunction)\u003ccode\u003e\n\u003c/code\u003e\u003c/strong\u003e\u003c/code\u003e\u003c/pre\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cblockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"\u003e\n\u003cp\u003e\u003cstrong\u003eIn this example:\u003c/strong\u003e\u003c/p\u003e\n\n\n\n\u003cul class=\"wp-block-list\"\u003e\n\u003cli\u003e\u003ccode\u003eProgram()\u003c/code\u003e: Creates an object representing a quantum program.\u003c/li\u003e\n\n\n\n\u003cli\u003e\u003ccode\u003eH(0)\u003c/code\u003e,\u0026nbsp;\u0026nbsp;\u003ccode\u003eCNOT(0, 1)\u003c/code\u003e,\u0026nbsp;\u0026nbsp;\u003ccode\u003eT(0)\u003c/code\u003e: Applies Hadamard, CNOT, and T gates to the specified qubits.\u003c/li\u003e\n\n\n\n\u003cli\u003e\u003ccode\u003eWavefunctionSimulator()\u003c/code\u003e: Creates a quantum computing simulator.\u003c/li\u003e\n\n\n\n\u003cli\u003e\u003ccode\u003esimulator.simulate(program)\u003c/code\u003e: Simulates the execution of a program and returns a wave function describing the state of the qubits after the program has executed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cblockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"\u003e\n\u003cfigure class=\"wp-block-image\"\u003e\u003cimg decoding=\"async\" src=\"./Quantum Attacks on Bitcoin_ Assessing Vulnerabilities and Developing Defense Strategies Against Emerging Quantum Computing Threats - CRYPTO DEEP TECH_files/image-17-1024x618.png\" alt=\"Quantum Attacks on Bitcoin: Vulnerability Assessment and Defense Strategies Against New Quantum Computing Threats\" class=\"wp-image-5199\"\u003e\u003c/figure\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\u003c/blockquote\u003e\n\n\n\n\u003cp\u003e\u003cstrong\u003ePython script:\u0026nbsp;\u003ca href=\"https://github.com/demining/CryptoDeepTools/blob/main/38QuantumAttacks/CirqQuantumCircuit.py\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eCirqQuantumCircuit.py\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\n\n\n\u003cblockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"\u003e\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cp\u003e\u003cstrong\u003eExample 3: Cirq (Google)\u003c/strong\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\n\n\u003cpre class=\"wp-block-code has-text-color has-link-color wp-elements-00d82d61f50918158f2f96a4a33cb9a4\" style=\"color:#4092c2\"\u003e\u003ccode\u003e\u003cstrong\u003eimport cirq\n\n# Create qubits\nqubit1 = cirq.GridQubit(0, 0)\nqubit2 = cirq.GridQubit(0, 1)\n\n# Create circuit\ncircuit = cirq.Circuit()\n\n# Add operations\ncircuit.append(cirq.H(qubit1))\ncircuit.append(cirq.CNOT(qubit1, qubit2))\ncircuit.append(cirq.T(qubit1))\n\n# Simulate circuit\nsimulator = cirq.Simulator()\nresult = simulator.simulate(circuit)\n\nprint(circuit)\nprint(result)\u003c/strong\u003e\u003c/code\u003e\u003c/pre\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cblockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"\u003e\n\u003cp class=\"has-medium-font-size\"\u003e\u003cem\u003eIn this example, Cirq is used for the same operations as in the previous examples, but using Cirq syntax.\u003c/em\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cblockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"\u003e\n\u003cp\u003e\u003cstrong\u003eImportant notes:\u003c/strong\u003e\u003c/p\u003e\n\n\n\n\u003cul class=\"wp-block-list\"\u003e\n\u003cli\u003e\u003cstrong\u003eInstalling libraries:\u003c/strong\u003e\u0026nbsp;\u0026nbsp;Before running these scripts, you need to install the corresponding libraries. For example, for Qiskit:\u0026nbsp;\u0026nbsp;\u003ccode\u003epip install qiskit qiskit-aer qiskit-visualization\u003c/code\u003e. For\u0026nbsp;\u003ca href=\"https://polynonce.ru/pip-install-pyquil/\"\u003epyQuil\u003c/a\u003e\u0026nbsp;:\u0026nbsp;\u0026nbsp;\u003ccode\u003epip install pyquil\u003c/code\u003e. For Cirq:\u0026nbsp;\u0026nbsp;\u003ccode\u003epip install cirq\u003c/code\u003e.\u003c/li\u003e\n\n\n\n\u003cli\u003e\u003cstrong\u003eQuantum Simulators:\u003c/strong\u003e\u0026nbsp;\u0026nbsp;These libraries use classical computers to simulate quantum computations. The simulation is computationally intensive and its capabilities are limited compared to real quantum computers.\u003c/li\u003e\n\n\n\n\u003cli\u003e\u003cstrong\u003eUniversality:\u003c/strong\u003e\u0026nbsp;\u0026nbsp;Clifford gates and T-gates (or other non-Clifford gates) constitute a universal set of gates. This means that any quantum circuit can be approximated using only these gates.\u003c/li\u003e\n\u003c/ul\u003e\n\n\n\n\u003cp\u003eThese examples provide a starting point for experimenting with quantum operations (including T-gates and Clifford gates) using Python and quantum libraries.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cblockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"\u003e\n\u003cp class=\"has-medium-font-size\"\u003e\u003cem\u003eFor example, if certain technologies and very optimistic forecasts are used, the hash rate can reach enormous values, which will greatly simplify quantum attacks.\u003c/em\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter size-full\"\u003e\u003ca href=\"https://cryptodeeptech.ru/signature-malleability/\"\u003e\u003cimg loading=\"lazy\" decoding=\"async\" width=\"827\" height=\"401\" src=\"./Quantum Attacks on Bitcoin_ Assessing Vulnerabilities and Developing Defense Strategies Against Emerging Quantum Computing Threats - CRYPTO DEEP TECH_files/image-6.png\" alt=\"Quantum Attacks on Bitcoin: Assessing Vulnerabilities and Developing Defense Strategies Against Emerging Quantum Computing Threats\" class=\"wp-image-3246\" srcset=\"https://cryptodeeptech.ru/wp-content/uploads/2025/03/image-6.png 827w, https://cryptodeeptech.ru/wp-content/uploads/2025/03/image-6-300x145.png 300w, https://cryptodeeptech.ru/wp-content/uploads/2025/03/image-6-768x372.png 768w\" sizes=\"auto, (max-width: 827px) 100vw, 827px\"\u003e\u003c/a\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003ch2 class=\"wp-block-heading has-text-align-center\"\u003eModeling the evolution of hashrate and difficulty of the Bitcoin network\u003c/h2\u003e\n\n\n\n\u003cp\u003eThe total number of hashes per second across the entire Bitcoin network is taken from blockchain.info. The data in Figure 5(a) are the hash rates as of January 1st (2012–2015) and January 1st and July 1st (2016–2017). The two dashed curves represent optimistic and less optimistic assumptions for the extrapolations. The optimistic extrapolation assumes that the current growth will continue exponentially for five years and then become linear as the market is saturated with fully optimized Bitcoin ASIC miners. The less optimistic assumption assumes linear growth at the current rate. By extrapolating the Bitcoin network hash rate, the difficulty can be determined as a function of time. The expected number of hashes needed to find a block in 10 minutes (600 seconds) is given by rate(t) * 600, where rate(t) is the overall hash rate shown in Figure 5(a). Thus, Bitcoin’s hashing difficulty is calculated as D(t) = rate(t) * 600 * 2^(-32) for the two scenarios described above. Figure 5(b) compares this with the values ​​from blockchain.info for January 1, 2015–2017.\u003c/p\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cblockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"\u003e\n\u003cp class=\"has-medium-font-size\"\u003e\u003cem\u003eTo predict how Bitcoin mining difficulty will change, they analyze how quickly the network’s computing power (hashrate) is growing. Hashrate data is taken from the blockchain.info website and graphs are built showing how the hashrate has changed in the past.\u003c/em\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter\"\u003e\u003cimg decoding=\"async\" src=\"./Quantum Attacks on Bitcoin_ Assessing Vulnerabilities and Developing Defense Strategies Against Emerging Quantum Computing Threats - CRYPTO DEEP TECH_files/image-13-1024x373.png\" alt=\"Quantum Attacks on Bitcoin: Vulnerability Assessment and Defense Strategies Against New Quantum Computing Threats\" class=\"wp-image-5174\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cp\u003e\u003cstrong\u003eTwo predictions are made:\u003c/strong\u003e\u003c/p\u003e\n\n\n\n\u003col class=\"wp-block-list\"\u003e\n\u003cli\u003e\u003cstrong\u003eOptimistic:\u003c/strong\u003e\u0026nbsp;\u0026nbsp;The hashrate will continue to grow very quickly until everyone switches to the latest miners.\u003c/li\u003e\n\n\n\n\u003cli\u003e\u003cstrong\u003eLess optimistic:\u003c/strong\u003e\u0026nbsp;\u0026nbsp;The hashrate will grow at the same rate as now.\u003c/li\u003e\n\u003c/ol\u003e\n\n\n\n\u003cp\u003eUsing these predictions, you can calculate how\u0026nbsp;\u003ca href=\"https://bits.media/difficulty/bitcoin/\"\u003edifficult it will be to mine Bitcoin in the future\u003c/a\u003e\u0026nbsp;. Difficulty is calculated based on how many hashes it takes to find a new block\u0026nbsp;\u003ca href=\"https://bits.media/hashrate/\" target=\"_blank\" rel=\"noreferrer noopener\"\u003e1\u003c/a\u003e\u0026nbsp;.\u0026nbsp;\u0026nbsp;\u003cem\u003e\u003ca href=\"https://keyhunters.ru/bitcoin-hashrate-reaches-all-time-high-contrary-to-analyst-expectations/\"\u003eThe higher the hash rate, the higher the difficulty\u003c/a\u003e\u003c/em\u003e\u0026nbsp;.\u003c/p\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter is-resized\"\u003e\u003cimg decoding=\"async\" src=\"./Quantum Attacks on Bitcoin_ Assessing Vulnerabilities and Developing Defense Strategies Against Emerging Quantum Computing Threats - CRYPTO DEEP TECH_files/image-14.png\" alt=\"Quantum Attacks on Bitcoin: Vulnerability Assessment and Defense Strategies Against New Quantum Computing Threats\" class=\"wp-image-5178\" style=\"width:840px;height:auto\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003ch2 class=\"wp-block-heading has-text-align-center\"\u003e\u003ca href=\"https://cryptodeeptech.ru/quantum-attacks-on-bitcoin\"\u003eModeling the development of quantum computers\u003c/a\u003e\u003c/h2\u003e\n\n\n\n\u003cp\u003eThere are several aspects of quantum technology development that need to be taken into account in the modeling. Since only a few data points are available at this early stage of development, there is inevitably a large uncertainty in our estimates. We therefore provide two different estimates: one that is optimistic about the rate of development, and one that is significantly more pessimistic. However, these projections should be considered as very rough estimates that may require adjustment in the future. First, we need to make an assumption about the number of qubits available at any given time. Since we are focusing only on solid-state superconducting implementations, there are only a few data points available.\u003c/p\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter\"\u003e\u003cimg decoding=\"async\" src=\"./Quantum Attacks on Bitcoin_ Assessing Vulnerabilities and Developing Defense Strategies Against Emerging Quantum Computing Threats - CRYPTO DEEP TECH_files/image-9(1).png\" alt=\"Quantum Attacks on Bitcoin: Vulnerability Assessment and Defense Strategies Against New Quantum Computing Threats\" class=\"wp-image-5159\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cp\u003eWe assume that the number of available qubits will grow exponentially over time in the near future. An optimistic assumption is that the number will double every 10 months, while a less optimistic assumption is that the number will double every 20 months. These two extrapolations are shown in\u0026nbsp;\u003cem\u003eFigure 6\u003c/em\u003e\u0026nbsp;(a). The data points are taken from the following table: (table not shown).\u003c/p\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter\"\u003e\u003cimg decoding=\"async\" src=\"./Quantum Attacks on Bitcoin_ Assessing Vulnerabilities and Developing Defense Strategies Against Emerging Quantum Computing Threats - CRYPTO DEEP TECH_files/image-8.png\" alt=\"Quantum Attacks on Bitcoin: Vulnerability Assessment and Defense Strategies Against New Quantum Computing Threats\" class=\"wp-image-5158\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cp\u003ePredicting the development of quantum computers is difficult because we have little information yet. Therefore, the authors of the article made two predictions that differ from each other:\u003c/p\u003e\n\n\n\n\u003cul class=\"wp-block-list\"\u003e\n\u003cli\u003e\u003cstrong\u003eOptimistic forecast:\u003c/strong\u003e\u0026nbsp;\u0026nbsp;Quantum computers will develop very quickly, and the number of qubits (the basic “building blocks” of quantum computing) will double every 10 months.\u003c/li\u003e\n\n\n\n\u003cli\u003e\u003cstrong\u003ePessimistic forecast:\u003c/strong\u003e\u0026nbsp;\u0026nbsp;The development of quantum computers will proceed more slowly, and the number of qubits will double every 20 months.\u003c/li\u003e\n\u003c/ul\u003e\n\n\n\n\u003cp\u003eBoth predictions are likely not very accurate, but they help us understand how quickly quantum computers can develop and when they might become a threat to existing information security systems.\u003c/p\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cp\u003eWe predict that the quantum gate frequency will grow exponentially over the next few years. This assumes that classical control schemes will be fast enough to drive quantum gates at these frequencies. After a couple of years, the growth slows down significantly, as faster classical control schemes are needed to further speed up quantum gates. We limit the quantum gate frequency to 50 GHz (for the optimistic case) or 5 GHz (for the less optimistic case), respectively, mainly because we expect that classical control schemes will not be able to drive quantum gates at higher frequencies. (See, for example,\u0026nbsp;\u003ccode\u003e[HHOI11]\u003c/code\u003eprogress in this direction.)\u003c/p\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter\"\u003e\u003cimg decoding=\"async\" src=\"./Quantum Attacks on Bitcoin_ Assessing Vulnerabilities and Developing Defense Strategies Against Emerging Quantum Computing Threats - CRYPTO DEEP TECH_files/image-10.png\" alt=\"Quantum Attacks on Bitcoin: Vulnerability Assessment and Defense Strategies Against New Quantum Computing Threats\" class=\"wp-image-5160\"\u003e\u003cfigcaption class=\"wp-element-caption\"\u003eThis is shown in Figure 6(b). The data points are taken from the following table: (table not shown).\u003c/figcaption\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cblockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"\u003e\n\u003cp class=\"has-medium-font-size\"\u003e\u003cem\u003eThe paper also predicts how fast quantum computers will operate, that is, how often they will be able to perform basic operations (quantum gates).\u003c/em\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter size-full\"\u003e\u003ca href=\"https://cryptodeeptech.ru/twist-attack/\"\u003e\u003cimg loading=\"lazy\" decoding=\"async\" width=\"833\" height=\"475\" src=\"./Quantum Attacks on Bitcoin_ Assessing Vulnerabilities and Developing Defense Strategies Against Emerging Quantum Computing Threats - CRYPTO DEEP TECH_files/image-7.png\" alt=\"Quantum Attacks on Bitcoin: Assessing Vulnerabilities and Developing Defense Strategies Against Emerging Quantum Computing Threats\" class=\"wp-image-3248\" srcset=\"https://cryptodeeptech.ru/wp-content/uploads/2025/03/image-7.png 833w, https://cryptodeeptech.ru/wp-content/uploads/2025/03/image-7-300x171.png 300w, https://cryptodeeptech.ru/wp-content/uploads/2025/03/image-7-768x438.png 768w\" sizes=\"auto, (max-width: 833px) 100vw, 833px\"\u003e\u003c/a\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cul class=\"wp-block-list\"\u003e\n\u003cli\u003e\u003cstrong\u003eForecast:\u003c/strong\u003e\u0026nbsp;\u0026nbsp;At first, the speed of quantum computers will grow very quickly, but then the growth will slow down.\u003c/li\u003e\n\n\n\n\u003cli\u003e\u003cstrong\u003eLimitation:\u003c/strong\u003e\u0026nbsp;\u0026nbsp;The authors believe that there is a speed limit that will be difficult to exceed because quantum computers require very fast “regular” (classical) computers to operate. If regular computers cannot keep up, then quantum computers will not be able to operate faster.\u003c/li\u003e\n\u003c/ul\u003e\n\n\n\n\u003cp\u003eThe optimistic forecast suggests that the operating speed of quantum computers will reach 50 GHz, while the pessimistic one suggests only 5 GHz.\u003c/p\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter\"\u003e\u003cimg decoding=\"async\" src=\"./Quantum Attacks on Bitcoin_ Assessing Vulnerabilities and Developing Defense Strategies Against Emerging Quantum Computing Threats - CRYPTO DEEP TECH_files/image-11.png\" alt=\"Quantum Attacks on Bitcoin: Vulnerability Assessment and Defense Strategies Against New Quantum Computing Threats\" class=\"wp-image-5162\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cp\u003eFigure 6 shows the predicted number of qubits, the gate frequency (in gate operations per second), and the gate imprecision as a function of time. The fourth plot models the reduction in overhead due to theoretical advances. The predicted evolution of gate imprecision is shown in Figure 6(c). We assume that gate imprecision will continue to decrease exponentially, but that this evolution will stop at an imprecision of 5 × 10^-6 (optimistic case) or 5 × 10^-5 (less optimistic case). For the optimistic case, we expect gate imprecision to continue to follow DiVincenzo’s law, which predicts imprecision to decrease by a factor of 2 per year. The data are taken from the following table: (table not shown).\u003c/p\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter\"\u003e\u003cimg decoding=\"async\" src=\"./Quantum Attacks on Bitcoin_ Assessing Vulnerabilities and Developing Defense Strategies Against Emerging Quantum Computing Threats - CRYPTO DEEP TECH_files/image-12.png\" alt=\"Quantum Attacks on Bitcoin: Vulnerability Assessment and Defense Strategies Against New Quantum Computing Threats\" class=\"wp-image-5164\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cblockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"\u003e\n\u003cp class=\"has-medium-font-size\"\u003e\u003cem\u003eIn addition to the number of qubits and how fast they operate, it is important to consider how well they work, that is, how often they make mistakes.\u003c/em\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cp\u003eThis is called\u0026nbsp;\u003cstrong\u003e“valve inaccuracy”\u003c/strong\u003e\u0026nbsp;.\u003c/p\u003e\n\n\n\n\u003cul class=\"wp-block-list\"\u003e\n\u003cli\u003e\u003cstrong\u003ePrediction:\u003c/strong\u003e\u0026nbsp;\u0026nbsp;Quantum computers are expected to become more accurate and the number of errors will decrease.\u003c/li\u003e\n\n\n\n\u003cli\u003e\u003cstrong\u003eLimitation:\u003c/strong\u003e\u0026nbsp;\u0026nbsp;But there is a limit beyond which it will be very difficult to improve accuracy. The optimistic forecast assumes that the inaccuracy will decrease to 5 per million, and the pessimistic one – to 5 per 100 thousand.\u003c/li\u003e\n\u003c/ul\u003e\n\n\n\n\u003cp\u003eThe more accurately the qubits work, the less additional resources (qubits and time) are needed to correct errors.\u003c/p\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cp\u003eFinally, we expect the number of qubits and time steps required by any algorithm to decrease over time for two reasons.\u0026nbsp;\u003cem\u003eFirst\u003c/em\u003e\u0026nbsp;, the precision of the gates will increase over time, allowing for more efficient fault-tolerant circuits.\u0026nbsp;\u003cem\u003eSecond\u003c/em\u003e\u0026nbsp;, theoretical advances will allow the number of qubits and gates required to implement the algorithm and fault-tolerant circuits to decrease. We expect this factor to be\u0026nbsp;\u003ccode\u003eoverhead(t) = β^(t-2017)\u003c/code\u003e, where\u0026nbsp;\u003ccode\u003eβ ∈ {0.75, 0.85}\u003c/code\u003efor optimistic and less optimistic assumptions, respectively.\u003c/p\u003e\n\n\n\u003cdiv class=\"wp-block-image\"\u003e\n\u003cfigure class=\"aligncenter\"\u003e\u003cimg decoding=\"async\" src=\"./Quantum Attacks on Bitcoin_ Assessing Vulnerabilities and Developing Defense Strategies Against Emerging Quantum Computing Threats - CRYPTO DEEP TECH_files/image-23-1024x468.png\" alt=\"Quantum Attacks on Bitcoin: Vulnerability Assessment and Defense Strategies Against New Quantum Computing Threats\" class=\"wp-image-5207\"\u003e\u003c/figure\u003e\u003c/div\u003e\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003cblockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"\u003e\n\u003cp class=\"has-medium-font-size\"\u003e\u003cem\u003eOver time, solving problems on quantum computers will require fewer resources (qubits and time) due to two things:\u003c/em\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003col class=\"wp-block-list\"\u003e\n\u003cli\u003e\u003cstrong\u003eImproving qubit accuracy:\u003c/strong\u003e\u0026nbsp;\u0026nbsp;The more accurate qubits are, the less additional effort is needed to correct errors.\u003c/li\u003e\n\n\n\n\u003cli\u003e\u003cstrong\u003eTheoretical breakthroughs:\u003c/strong\u003e\u0026nbsp;\u0026nbsp;Scientists will develop new algorithms and methods that will allow the same calculations to be done using fewer qubits and operations.\u003c/li\u003e\n\u003c/ol\u003e\n\n\n\n\u003cp\u003eTo estimate how much the resource requirements will be reduced, they introduce a special coefficient that depends on time and how optimistic we are about the future. This coefficient shows how many times the number of required qubits and time can be reduced.\u003c/p\u003e\n\n\n\n\u003chr class=\"wp-block-separator has-alpha-channel-opacity\"\u003e\n\n\n\n\u003ch2 class=\"wp-block-heading has-text-align-center\"\u003e\u003ca href=\"https://colab.research.google.com/drive/1jqHX5Oawy3QPh2OSYVf6AF1RGtjAb4rj?usp=sharing\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eThe process of identifying a critical vulnerability in a transaction\u003c/a\u003e\u003c/h2\u003e\n\n\n\u003col class=\"wp-block-footnotes\"\u003e\u003cli id=\"77e87faf-f7a7-4a3c-b1f8-1e4690c475ac\"\u003e \u003ca href=\"https://cryptodeeptech.ru/quantum-attacks-on-bitcoin-assessing-vulnerabilities-and-developing-defense-strategies-against-emerging-quantum-computing-threats/#77e87faf-f7a7-4a3c-b1f8-1e4690c475ac-link\" aria-label=\"Jump to footnote reference 1\"\u003e↩︎\u003c/a\u003e\u003c/li\u003e\u003c/ol\u003e\n\n\n\u003cblockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"\u003e\n\u003cp class=\"has-text-align-left has-medium-font-size\"\u003e\u003cem\u003eTo search for\u0026nbsp;\u003cstrong\u003eRawTX\u003c/strong\u003e\u0026nbsp;vulnerability , as a threat prevention for your own\u0026nbsp;\u003cstrong\u003eBitcoin\u003c/strong\u003e\u0026nbsp;and\u0026nbsp;\u003cstrong\u003eEthereum\u003c/strong\u003e\u0026nbsp;cryptocurrency wallet , we can use and apply various machine learning methods on examples\u003c/em\u003e\u0026nbsp;.\u003c/p\u003e\n\u003c/blockquote\u003e\n\n\n\n\u003cp\u003eLet’s use the list from\u0026nbsp;\u0026nbsp;\u003cstrong\u003e\u003ca href=\"https://dockeyhunt.com/dockeyhunt-deep-learning\" target=\"_blank\" rel=\"noreferrer noopener\"\u003e“Dockeyhunt Deep Learning”\u003c/a\u003e\u003c","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdemining%2Fquantum-attacks-on-bitcoin","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdemining%2Fquantum-attacks-on-bitcoin","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdemining%2Fquantum-attacks-on-bitcoin/lists"}