Futures
Access hundreds of perpetual contracts
CFD
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Introduction to Futures Trading
Learn the basics of futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to practice risk-free trading
CFD
Stock CFD Derivatives
US Stocks
Access real US stocks and ETFs
HK Stocks
Trade quality Hong Kong-listed stocks
Korean Stocks
SK Hynix
Real Korean stocks and top assets
Stock Futures
High leverage, 24/7 trading
Tokenized Stocks
Backed by real stock assets
IPO Access
Unlock full access to global stock IPOs
GUSD
3.8%
Mint GUSD for Treasury RWA yields
Stocks Activities
Trade Popular Stocks and Unlock Generous Airdrops
Launch
CandyDrop
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Pre-IPOs
Unlock full access to global stock IPOs
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
Promotions
AI
Gate AI
Your all-in-one conversational AI partner
Gate AI Bot
Use Gate AI directly in your social App
GateClaw
Gate Blue Lobster, ready to go
Gate for AI Agent
AI infrastructure, Gate MCP, Skills, and CLI
Gate Skills Hub
10K+ Skills
From office tasks to trading, the all-in-one skill hub makes AI even more useful.
Satoshi Nakamoto Predicted Bitcoin's Hash Defense 16 Years Before Quantum Fears
Sixteen years ago, Satoshi Nakamoto answered a doubter on a forum in 2010, and the reply still guides how the network defends its money today.
Key Takeaways
A Forum Post That Set the Rules
On July 16, 2010, a user named bdonlan questioned Bitcoin’s double SHA-256 hashing on the Bitcointalk forum. He asked whether the design weakened security.
Satoshi answered directly. Bitcoin’s inventor compared SHA-256 to the jump from 32-bit to 64-bit computing, not a small step up in bit length. Computers ran out of 32-bit address space at 4 gigabytes, he said, but nobody expects to run out of 64-bit space anytime soon. SHA-256 works the same way, and the math gives Bitcoin room to spare.
Satoshi also gave the network an exit plan. If SHA-256 ever weakened, developers could soft fork to a new hash function at a set block height. Old and new hashes would run side by side until every node upgraded.
Bitcoin’s market capitalization has since grown past a trillion, and the network settles hundreds of billions of dollars in value daily. Every dollar of that activity still depends on the hash function Satoshi defended in a single forum reply sixteen years ago.
Why Bitcoin Runs Two Hashes Instead of One
Bitcoin’s code hashes data twice: SHA256(SHA256(data)), a method developers call SHA256d. Cryptographers Niels Ferguson and Bruce Schneier recommended the approach to block length extension attacks, a flaw in the Merkle-Damgard structure SHA-2 uses.
Miners hash block headers twice to meet the network’s difficulty target, and nodes hash transactions twice to build Merkle trees. Wallets add a third layer, RIPEMD-160 over SHA-256, to shorten public keys into addresses.
Satoshi picked SHA-256 for a reason. The National Institute of Standards and Technology published the algorithm in 2001 as part of the SHA-2 family, offering a large jump in strength over SHA-1, which already showed cracks by the time Bitcoin launched in January 2009. SHA-256 needs roughly 2^128 operations to force a collision and roughly 2^256 to force a preimage.
Sixteen years later, and no one has cracked this design. No researcher has found a working collision, preimage, or second preimage attack against full SHA-256. Reduced-round versions have fallen to cryptanalysis, but those attacks stop scaling before they reach the real 64-round algorithm. NIST and independent groups such as ECRYPT-CSA continue to rate the full function as secure.
Mining hardware tells the same story. Application-specific integrated circuit (ASIC) makers have built entire product lines around SHA-256d, and network hashrate now runs in the exahash range. Satoshi predicted Moore’s Law alone would never threaten the function, and difficulty adjustments have kept block times near ten minutes despite exponential gains in mining power.
Quantum Computing Changes the Conversation
Classical brute force never worried Satoshi, and it still doesn’t threaten Bitcoin. Quantum computing splits the risk into two separate problems.
Grover’s algorithm speeds up brute-force search. Run against SHA-256, it cuts effective security from 256 bits to about 128 bits, a number that still sits far out of reach. Researchers say an attacker would need quantum hardware on a scale the world has not built, so things remain safe for now.
Shor’s algorithm poses the bigger problem, and it targets signatures, not hashes. A quantum computer running it could pull a private key from an exposed public key on the elliptic curve Bitcoin uses. An estimated 7 million bitcoin, close to 35% of supply, sit in addresses with exposed public keys and would carry risk if that hardware existed.
Google Quantum AI published research in 2026 that lowered the qubit count needed to break Bitcoin’s curve to about 500,000 physical qubits. Current quantum machines run in the range of 1,000 to 1,500 qubits. Researchers still peg a working threat somewhere between 2029 and 2035, depending on progress in error correction.
Developers Revisit the Question Over Sixteen Years
Satoshi returned to hash-related concerns more than once during 2010, including what would happen if SHA-256 suffered a partial collision. His answer stayed consistent: lock in the honest chain before trouble spreads, then migrate to a new function.
Later Bitcoin upgrades left core hashing untouched. Segregated Witness was activated in 2017, and Taproot activated in 2021, both aimed at efficiency and privacy rather than hashing. Quantum resistance did not become a front-burner topic for developers until awareness of Grover’s and Shor’s algorithms spread through the cryptography community in the 2020s.
Developers Propose Exit Ramps Satoshi Promised
Bitcoin developers have already proposed the migration path Satoshi described in 2010, just aimed at signatures instead of hashes. Several ideas have been brought to the table.
BIP-360 introduces a new address format, pay-to-Merkle-root addresses starting with bc1z, built around quantum-resistant signature schemes. Developers merged the proposal in 2026. A companion proposal, BIP-361, lays out how the network could eventually sunset older, exposed address types. With the latter method a bit more controversial.
Wallet providers now face pressure to stop address reuse and steer users toward the newer output types before any quantum deadline arrives.
Migration carries its own obstacles. Developers still need a plan for coins locked in old addresses whose owners are inactive or unreachable, including any bitcoin tied to Satoshi’s own early wallets. Post-quantum signatures also take up more block space than the signatures Bitcoin uses today, and researchers are testing hash-based signature schemes to keep that migration manageable.
What This Means for Bitcoin Holders
Nothing about SHA-256 requires action today. The hash function that secures mining and transaction history remains untouched by any known attack, classical or quantum.
Signature exposure is the item worth watching. Holders with coins in old-style addresses, or anyone who has reused a Bitcoin address, carry more exposure than someone using modern output types with public keys that stay hidden until spending.
Satoshi closed the 2010 thread with a warning that still reads as current policy. Any attack strong enough to break SHA-256 would likely damage stronger cousins like SHA-512 too, so a full break looks unlikely on its own. Bitcoin’s defense was never permanence. It was the ability to move before a threat becomes real.