SHA-256 Mining Is Unchanged

The most counter-intuitive fact about quantum-resistant Bitcoin mining: the mining algorithm does not change. Proof-of-work mining uses SHA-256d (double SHA-256) to find a nonce that produces a block hash below the difficulty target. This is a hash function problem, not a public-key cryptography problem. Shor’s algorithm — the quantum threat to ECDSA — has no advantage against hash functions.

This means:

• All existing SHA-256 ASIC hardware (Antminer S19/S21, Whatsminer, etc.) works without modification
• All standard mining software works — cpuminer, CGMiner, BFGMiner, firmware-level mining
• The Stratum protocol between miners and pools is standard Bitcoin Stratum
• Coinbase transactions (which create new coins) require no signatures — they are the one transaction type that does not involve ECDSA or Dilithium

The quantum resistance lives entirely in the signature layer — how transactions are authorized — not in the consensus layer — how blocks are produced. A miner running SHA-256 hardware against a quantum-resistant chain is doing exactly the same work as mining Bitcoin. The block header format, the Merkle tree construction, and the difficulty adjustment algorithm are all inherited from Bitcoin Core.

Grover’s Algorithm: Not the Threat You Think

Grover’s algorithm provides a quadratic speedup for unstructured search problems. Applied to SHA-256 mining, it would theoretically allow a quantum miner to find valid nonces in roughly the square root of the time a classical miner takes. This sounds alarming until you examine the actual numbers.

SHA-256 provides 256 bits of security against classical pre-image attacks. Grover’s algorithm reduces this to 128 bits of quantum security — still astronomically beyond any foreseeable brute-force attack. For mining specifically, the quadratic speedup means a quantum miner could achieve the work of a classical miner in fewer operations, but:

• Grover’s algorithm requires coherent quantum computation across the entire search, which means the quantum computer must maintain its state without errors for the full computation duration.
• The difficulty adjustment algorithm compensates for any speed advantage. If quantum miners find blocks faster, difficulty rises to maintain the target block interval. This is the same mechanism that handles classical hardware improvements.
• The economic cost of quantum computation currently far exceeds the cost of equivalent classical ASIC hashing. A single SHA-256 ASIC produces trillions of hashes per second for a few thousand dollars. No quantum computer comes close to this cost-performance ratio.

In practical terms, Grover’s algorithm is not a meaningful threat to SHA-256 mining in any foreseeable timeframe. The quantum threat to Bitcoin is Shor’s algorithm against ECDSA signatures, not Grover’s algorithm against SHA-256 mining.

The Payout Batching Problem

While mining itself is unchanged, paying miners is dramatically different. Mining pools collect block rewards and distribute them to miners via payout transactions. In Bitcoin, a pool can batch 100+ miner payouts into a single transaction — each input contributes ~105 bytes of witness data (72-byte ECDSA signature + 33-byte public key), well within the standard transaction size limits.

With Dilithium signatures, each input contributes ~3,733 bytes of witness data (2,421-byte signature + 1,312-byte public key). A payout transaction with 100 Dilithium inputs would be approximately 270 KB — approaching transaction size limits. More importantly, the fee per payout increases proportionally.

The practical solution is to batch Dilithium payouts in groups of 15, with a recursive halving strategy: if an estimated transaction exceeds the size limit, it is split into two smaller batches. This means a pool paying 100 miners requires roughly 7 separate Dilithium payout transactions instead of Bitcoin’s single transaction.

Fee implications multiply quickly. A 15-address Dilithium payout batch costs roughly 4x the fees of an equivalent Bitcoin batch. Pool operators must choose whether to absorb these fees (reducing margins), pass them to miners (reducing miner income), or adopt a hybrid approach. This is a real operational cost of quantum resistance that cannot be optimized away — larger signatures mean more block space consumed per payout.

Bootstrapping Without Stealth

Bitcoin had the luxury of a unique historical circumstance: Satoshi Nakamoto mined alone (or nearly alone) for the first year, accumulating approximately 1.1 million bitcoin before the network attracted significant participation. This bootstrapping period was possible because Bitcoin was unknown, worthless, and of no interest to anyone. The mining difficulty was at the minimum, and a single CPU could mine blocks.

A quantum-resistant Bitcoin fork in 2025 does not have this luxury. The concept is known, the stakes are understood, and the network must demonstrate value from day one to attract the hashrate necessary for security. Without sufficient mining participation, the chain is vulnerable to 51% attacks — rendering the quantum resistance moot if classical attacks can rewrite the chain.

This creates a bootstrapping dilemma: you need miners to secure the chain, but miners need confidence that the chain is worth securing. The pragmatic solution adopted by the BTQ project was to launch a centralized mining pool — providing immediate infrastructure for miners while the network builds hashrate.

A centralized pool at launch is an honest acknowledgment of the bootstrapping problem. It is not the long-term architecture (additional pools and solo mining should emerge as the network grows), but it is the minimum viable infrastructure to start. The alternative — launching without mining infrastructure and hoping it appears organically — would leave the chain insecure during its most vulnerable period.

UTXO Consolidation and Block Timing

Mining pools accumulate many small UTXOs — one per block mined. Before these can be used in payout transactions, they often need to be consolidated into fewer, larger UTXOs. With Dilithium, each consolidation input adds ~3,733 bytes of witness data, limiting how many UTXOs can be combined in a single transaction.

The 1-minute block interval addresses this directly. With 10x more blocks per hour, the chain offers 10x more total block space for UTXO consolidation transactions. A pool with 500 pending UTXOs can consolidate them over multiple blocks without competing for space with regular transactions. The faster block interval also means mining rewards are distributed more frequently, reducing the per-block reward variance for small miners.

The tradeoff is increased block propagation overhead and faster chain growth. But for a chain where Dilithium transactions dominate, the consolidation throughput provided by faster blocks is essential for mining pool operations to remain practical.

Future: Quantum-Native Proof-of-Work

While SHA-256 proof-of-work is adequate — and even advantageous for bootstrapping because it leverages existing ASIC infrastructure — research continues into proof-of-work algorithms that provide a natural advantage to quantum hardware.

The leading research direction is boson sampling — a quantum computation task that is efficiently solvable on quantum hardware but believed to be classically intractable. A boson-sampling-based proof-of-work would create economic incentives for quantum hardware adoption while maintaining network security. The design challenge is making the proof classically verifiable (so all nodes can validate blocks without quantum hardware) while the computation requires quantum resources.

This remains an active research area, not a current feature. The pragmatic approach is to launch with proven SHA-256 mining and introduce quantum-native PoW as a future upgrade once the research matures and quantum hardware becomes more accessible. Premature adoption of unproven consensus mechanisms would introduce unnecessary risk to a network whose primary value proposition is security.