Worst of cases:
The Bitcoin ECDSA algorithm would be broken. Because quantum computers can easily decrypt the private key using the public key, anyone with a quantum computer can extract Bitcoins using the corresponding public key.
Bitcoin hashing would become exponentially difficult. There is already a predicted escalation in the difficulty of mining due to the advent of ASIC, and quantum computers would create an increase in the difficulty of mining at which the effects of ASIC mining pale in comparison. In the short term, this would lead to hyperinflation, but the long-term effects are not known at this time.
The quantum computer hashing advantage will be limited by the limitations of block mining. To quote from the Bitcoin wiki:
"Difficulty is the measure of how difficult it is to find a new block compared to the easiest it can be. Each 2016 block is recalculated to a value such that the previous 2016 blocks would have been generated exactly in two weeks if all I've been undermining this difficulty. This will produce, on average, one block every ten minutes. As more miners join, the rate of block creation will increase. As the rate of block generation increases, the difficulty increases for offset what will push the block creation rate again. "
This means that the block creation rate will not be affected by quantum computers (the increase in key generation is proportional to the increase in difficulty, resulting in a general extraction rate of 1 bitcoin block every 10 minutes ), but it will drastically increase mining difficulty, exponentially more than what the ASIC miner already has. This gives miners with quantum computers (presumably corporations, government agencies or other power organizations) a great advantage, to the point of being considered a monopoly, in the bitcoin market.
Unless quantum computers:
(a) be available to the public
(b) they are given their own class for hash purposes, in order to limit their mining advantage
So, miners with access to quantum computers have an unfair mining advantage, which can (and will be) used to manipulate the value and distribution of bitcoins. Further,
- The hash power of the quantum computer can be used as voting power. If a coalition of people with scalable quantum computers could generate enough hashes to comprise more than 51% of the total Bitcoin hashes, they could use that power to greatly manipulate the bitcoin network.
As explained in the Bitcoin wiki ("Weaknesses")
"An attacker who controls more than 50% of the computing power of the network can, during the time he has control, exclude and modify the order of the transactions. This allows him to:
Inverse transactions that you send while in control. This has the potential to duplicate transactions that had previously been seen in the blockchain.
Prevent some or all transactions from getting confirmations
Prevent some or all other miners from removing valid blocks
The attacker cannot:
Reverse other people's transactions
Prevent transactions from being sent at all (they'll show as 0/unconfirmed)
Change the number of coins generated per block
Create coins out of thin air
Send coins that never belonged to him
With less than 50%, the same type of attacks are possible, but with less than 100% success. For example, someone with only 40% of the computing power of the network can overcome a confirmed transaction of 6 depths with a 50% success rate.
It is much harder to change historical blocks, and it becomes exponentially more difficult the further you go back. As indicated above, changing historical blocks only allows you to exclude and change the order of transactions. It is impossible to change the blocks created before the last checkpoint. "
"Since this attack does not allow so much power over the network, no one is expected to try it. A for-profit person will always earn more simply by following the rules, and even someone trying to destroy the system will." You will probably find other more attractive attacks. However, if this attack is executed successfully, it will be difficult or impossible to "untangle" the created disorder; any change made by the attacker could become permanent. "
That said, is it possible that a scalable quantum computer (especially one that is programmed (such as ASIC) for hash blocks) has an exponential advantage over traditional computers, FPGA, ASICS, etc.?
That question is best addressed here: https://cs.stackexchange.com/questions/586/could-quantum-computing-eventually-be-used-to-make-modern-day-hashing-trivial-to
There are many maths involved, which is a bit above my academic competence, but we can derive at least this:
Most of the algorithms that quantum computers are famous for using efficiently (Shor's algorithm, Grover's search algorithm) probably cannot be used to chop Bitcoin blocks. A possible exception observed is the collision attack, which if done using the Grover algorithm, could possibly Perform better attacks than conventional computers:
"Can quantum computers perform better collision attacks? Actually, I'm not sure about that. Grover's algorithm can be extended, so if there are t elements (that is, pre-images), the time to find one is reduced to O (N / t −−−− √) But this does not produce a collision: executing the algorithm again could return the same preimage. On the other hand, if we choose m1 at random and then use the Grover algorithm, it is likely that a different message. I'm not sure if this gives better attacks. "
In the event that scalable quantum computers manage to corner the Bitcoin network, a new code will be released to patch this vulnerability, so while there will be a long-term breakdown of the network in the short term, there is nothing to worry about for long-term Bitcoin users.