Quantum Computing's Bitcoin Kill Shot Needs a Star's Worth of Energy (But Your Dog Can Factor RSA-2048)

New research confirms what physicists have been screaming into the void: a quantum computer powerful enough to attack Bitcoin mining would need energy output approaching a small star. Good news for HODLers, bad news for anyone who's been doom-scrolling quantum FUD on Twitter at 3 AM while questioning their life choices.

Two recent papers—one serious engineering analysis, one satirical takedown—make the case that current quantum panic is overblown. They approach the problem from opposite angles and arrive at the same conclusion: the headlines are conflating a genuine long-term concern with academic theater. It's like worrying that your landlord will foreclose on your apartment while the building still exists.

The first paper, from Pierre-Luc Dallaire-Demers and the BTQ Technologies team, published in March 2026, examines whether a quantum computer could out-mine Bitcoin using Grover's algorithm. The theoretical stakes are high: if a quantum miner dominated block production, consensus itself would be in play, not just individual wallets. Imagine if your barber could both cut hair AND determine whether you actually paid him.

In practice, the math falls apart. Running Grover against SHA-256 would require quantum hardware on a scale no one knows how to build. Each step of the search involves hundreds of thousands of delicate operations, each requiring its own support system of thousands of qubits just to keep errors in check. It's like asking a drunken goldfish to do your taxes while riding a unicycle.

At Bitcoin's January 2025 difficulty, the authors estimate a quantum mining fleet would need roughly 10²³ qubits drawing 10²⁵ watts—approaching the energy output of a star. For reference, that's still 3% of the Earth's Sun. The entire current Bitcoin blockchain, by comparison, draws about 15 gigawatts. To put that in perspective, your laptop could theoretically power a small country if that country ran entirely on optimism and vibes.

A quantum 51% attack isn't just expensive. It's physically unreachable at any scale a real civilization could power. We might get fusion energy working before we get quantum mining, which means we'll have infinite clean energy AND Bitcoin's proof-of-work will still be securing the chain. The irony is not lost on anyone.

The second paper, from Peter Gutmann of the University of Auckland and Stephan Neuhaus of Zürcher Hochschule in Switzerland, takes aim at the drumbeat of quantum factoring headlines. They set out to replicate every major quantum factoring "breakthrough" of the past two decades. They succeeded—using a 1981 VIC-20 home computer, an abacus, and a dog named Scribble, trained to bark three times. Yes, you read that correctly. Science has peaked.

The underlying point is serious. Factoring is the math problem at the heart of most modern encryption. Shor's algorithm is why people worry quantum machines could eventually crack it. But according to Gutmann and Neuhaus, nearly every demonstration so far has cheated. This is like claiming you can bench press 500 pounds while the weights are actually made of cardboard.

In some cases, researchers picked numbers whose hidden prime factors were only a few digits apart, making them easy to guess with basic calculator tricks. In others, they ran the hard part of the problem on a regular computer first—called preprocessing—and handed a trivially easy version to the quantum machine to "solve." It's the cryptographic equivalent of writing the punchline before the joke.

The authors focused on one recent paper claiming a Chinese team used a D-Wave machine to make progress toward breaking RSA-2048. The researchers published ten example numbers as proof. Gutmann and Neuhaus ran those numbers through a VIC-20 emulator and recovered the answers in about 16 seconds each. The primes had been chosen to sit just a few digits apart, making them easy to find with an algorithm John von Neumann adapted from an abacus technique in 1945.

Why does this keep happening? The authors suggest a simple answer: quantum factoring is a high-profile field with limited real results, and the incentive to publish something impressive-sounding is strong. In crypto terms, it's pure narrative over fundamentals—except the researchers are playing themselves.

The paper proposes new evaluation standards requiring random numbers, no preprocessing, and factors kept secret from experimenters. No demonstration to date would pass. This would be like requiring DeFi audits to actually audit the code. Revolutionary concept, really.

Neither paper dismisses the quantum threat entirely. The real vulnerability is bitcoin wallets, not mining. Millions of bitcoin sit in older or reused addresses where key information is already exposed, making them the most likely long-term target. If you bought pizza with Bitcoin in 2010