But, IMO, unfortunately QC wouldn't work for any task other than generating enormous amounts of noise.
If you had a viable and sufficiently powerful QC, then mining isn't your best angle of attack. As others have suggested, the QC attack on mining would use Grover's algorithm, which makes mining only
slightly easier.
QCs are vastly better than classical computers at
certain types of task, specifically where the combination of quantum state superposition (in a single qubit) and quantum entanglement (multiple 'linked' qubits) can be exploited. A classical bit can be 0 or 1, either/or. A qubit, because of quantum superposition, is in a sense partially both values, a probability smear across the two, until it is measured, when it resolves to a definite classical 0 or 1 outcome. In a system with multiple entangled qubits, the number of values covered increases 2^n. Two entangled qubits cover 2^2=4 possibilities, 00, 01, 10, 11. Three entangled qubits cover 2^3=8, 000, 001, 010, 011, 100, 101, 110, 111. And so on. A QC will assess the probabilities associated with all possible classical values, and will do so simultaneously. The number of outcomes it can assess simultaneously (2^n) being limited by the total number of qubits (n). Whereas a classical computer, no matter how fast, still proceeds one step at a time.
The quantum Shor algorithm is a much more powerful approach than Grover, and can be used to destroy public-key cryptography. And the easiest target here is reused addresses, as below:
Mining can potentially be much quicker with QCs.The current PoW difficulty system can be exploited by a Quantum Computer using
Grover’s algorithm to drastically reduce the number of computational steps required to solve the problem. The theorised advantage that a quantum computer (or parallelised QCs) have over classical computers is a couple of orders of magnitude, so ~x100 easier to mine. This isn’t necessarily a game-changer, as this QC speed advantage is likely to be some years away, by which time classical computers will surely have increased speed to reduce the QC advantage significantly. It is worth remembering that QCs aren’t going up against run-of-the-mill standard equipment here, but rather against the very fast ASICs that have been set up specifically for mining.
Re-used BTC addresses are 100% vulnerable to QCs.Address Re-Use. Simply, any address that is re-used is 100% vulnerable because a QC can use
Shor’s algorithm to break public-key cryptography. This is a quantum algorithm designed specifically to solve for prime factors. As with Grover’s algorithm, the key is in dramatically reducing the number of computational steps required to solve the problem. The upshot is that for any known public key, a QC can use Shor’s approach to derive the private key. The vulnerability cannot be overstated here.
Any re-used address is utterly insecure.Processed (accepted) transactions are theoretically somewhat vulnerable to QCs.Theoretically possible because the QC can derive private keys from used addresses. In practice however processed transactions are likely to be quite secure as QCs would need to out-hash the network to double spend.
Unprocessed (pending) transactions are extremely vulnerable to QCs.As above, a QC can derive a private key from a public key. So for any unprocessed transaction, a QC attacker can obtain the private key and then create their own transaction whilst offering a much higher fee, so that the attacker’s transaction gets onto the blockchain first, ahead of the genuine transaction. So block interval and QC speed are both crucial here – it all depends on whether or not the a QC can hack the key more quickly than the block is processed.