[ynik]

Or maybe there's a foreseen flaw in bitcoin. It's based on public-key cryptography which can be broken by quantum computers. Those don't exist yet (at least not in any form relevant to cryptography in practise), but I think they will by 2140.

[piercebot]

People often bring up the Bitcoin algorithm to make arguments against it, but don't seem to acknowledge the fact that the protocol is mutable.

If the sha-256 algorithm was cracked such that BTC blocks could be solved instantly, the existing miners would have to choose between:

1. No more income, or

2. Adopt a quantum-resistant protocol.

Market economics being what they are, I think it's safe to assume that BTC would survive the "quantum apocalypse." There's too much money at stake for any other choice to be the logical outcome.

[woobilicious]

From my understand, and I'm no expect, but the only known quantum attack against symmetrical crypto like sha-2 is [Grover's](https://en.wikipedia.org/wiki/Grover%27s_algorithm), and the recommended advice is to double the key size, so sha-256 would probably see a huge boost in "hash rate" but not be broken, a move to sha-512 would work probably work.

The problem is that Shor's algorithm breaks asymmetrical crypto used in the wallet signing, that means you can forge ownership of any transaction outputs, which would completely shatter confidence in the coin before they could migrate all ownership of all funds to a new post-quantum signature scheme, this problem is a lot harder to solve compared to a hash algorithm upgrade.

[tromp]

If they are physically realizable at all in practice, then they very likely will be by 2140.

But I think there's a non-negligible chance that the theory of quantum mechanics will break down as we move to superpositions of 2^1024 classical states that must be faithfully represented with physical elements.