Quantum Computers are 1M x too small to hack Bitcoin/SHA-256
newscientist.comSo that's notionally 40 years under Moore's law. There are a lot of unknowns obviously, bit that's still a lot more concerning than the naive calculatikn that says there isn't enough energy in the universe to try enough inputs to find a collision. It will be interesting to see if / how this gets revised down in the future
Bitcoin relies on the security of ECC too. Doesn't that take way fewer qubits to break?
I don't think so, since computing a (double) SHA256 hash is vastly cheaper to compute than multiplying an elliptic curve point with a scalar. So much so, that by default (assumevalid=1), Bitcoin skips verifying signatures up to some recent date in its initial sync.