Pages:
Author

Topic: . (Read 1040 times)

full member
Activity: 270
Merit: 100
.
October 12, 2017, 10:28:15 AM
#22
still a long way to go brother. Older encryption systems isnt Quantum resistant as well, but if quantum computing does go mainstream then new altcoins solving that problem would probably replace the king of crypto. The only way to save BTC is to implment some new alogrithms to make it quantum proof. Maybe 10-20 years from now before t happens though.
newbie
Activity: 63
Merit: 0
October 12, 2017, 06:35:06 AM
#21
How is easy enough. When is the more interesting question.

Nobody will ever know it's possible to crack everything until it has already happened. To guard against it you'd have to hard fork the entire planet. Humans really aren't very good at preventative measures. They tend to wait until the last minute, but in the case of that preventative is the only way of stopping everything from turning to dust.
What do you exactly mean by "How is easy enough"? If it was that easy, some bright mind would've already figured out a way to protect bitcoin from quantum computing right?
We must also take into account that quantum computing isn't a thing yet. So perhaps as we learn more about quantum computing we can also figure out ways to protect bitcoin from potential treats. Maybe that is what you mean by figuring things out last minute?

I think he meant that there's already a lot of work going into developing quantum resistant algorithms, even NIST has work to identify and recommend the best algorithms for this since it isn't a challenge unique to blockchain. There are algorithms that should be resistant to quantum computing attacks so presumably Bitcoin would need to switch to one of these algorithms. That is an over-simplification though because what happens with all those coins sat in storage that were generated with the old algorithm. It may be that the only solution is to start a whole new blockchain and there are altcoins out there that are built to tackle this exact problem.
newbie
Activity: 41
Merit: 0
October 11, 2017, 08:18:57 PM
#20
How do you think we can protect bitcoin from such an attack?
Bitcoin mining, which is an "attack" against symmetric crypto, might never be dominated by quantum miners, Since traditional miners could very well always be faster and cheaper. For symmetric cryptography, quantum attacks exist, but are less dangerous.
full member
Activity: 294
Merit: 104
✪ NEXCHANGE | BTC, LTC, ETH & DOGE ✪
October 11, 2017, 10:19:47 AM
#19
How do you think we can protect bitcoin from such an attack?

The main website of Bitcoin which is Bitcoin.Org already placed that as one of their frequently asked questions(FAQ). And you will see their answer as well. Just take a minute or two to read.
legendary
Activity: 1456
Merit: 1175
Always remember the cause!
October 09, 2017, 04:48:01 AM
#18
Again?  Huh I think someone should merge topics like this, a moderator likely.

It has been exhaustively discussed in this forum and we are fine for near and even mid-term future. Because bitcoin, inherently posses a counter-quantum measure: public keys being hashed, are not disclosed,  as long as they are used as outputs.

No hypothetical quantum computer can ever do anything near to a crack to this schema until a spend transaction discloses the original public key, since then until the tr gets confirmed (hopefully) the attacker has a relatively short window  to do the crack job and it is why s/he has to utilize an even much powerful QC (a huge sci-fi produced mega Qbit one).

Taking the above factor into consideration, one can easily be assured that the first QC crack against bitcoin network won't happen in 21st century.

And no! Quantum computing won't accelerate itself, and won't grow exponentially, it is not a snowball!
member
Activity: 208
Merit: 84
🌐 www.btric.org 🌐
October 08, 2017, 10:14:20 PM
#17
I think an interesting related question is...

If someone develops quantum computing technology, in secret/classified, would there be a way to detect it?  I know that quantum computing is quite a ways from being of practical use, at least if you go by what information is available to the public.

However, I also know that quantum computing technology will be of enormous utility to many and believe there could be a strong incentive to develop such technologies in secret, probably sponsored by a government.  So, I believe any mitigation measures to make Bitcoin and other technologies "quantum resistant" should be planned and implemented far in advance of when they are anticipated to be needed.  There is every incentive for quantum developments, especially any breakthroughs that could significantly advance the field, to remain state secrets.

On the other hand, stealing Bitcoin would probably not be at the top of the list of things that a major world power would want to do with a classified quantum computing device.  But I do expect major, unexpected advances to happen in the field that could adjust the time frames that are now considered likely.

Advances in technology are often positive feedback loops.  At least to a point.
newbie
Activity: 33
Merit: 0
October 08, 2017, 04:59:13 PM
#16
Here is a good summary about quantum resistant algorithms:

https://en.wikipedia.org/wiki/Post-quantum_cryptography
full member
Activity: 378
Merit: 197
October 08, 2017, 04:33:32 PM
#15
To brute-force pre-image resistance of hash functions such as SHA256, a quantum computer would still need to perform a number of operations proportional to the square root of the number of operations performed by a normal computer.  Therefore, simply doubling the number of bits (e.g., switching from SHA256 to SHA512) would provide quantum-resistant security equivalent to existing security against normal computers.  (Note that sqrt(2^512) = 2^256.)
No need to move to SHA512, because bitcoin security is currently 128 bits for solving the ECDSA problem. After efficient quantum computers finally become available  (if ever) the SHA256 will still be as secure as ECDSA is now, which is 128 bits. And I assume quantum computers will be much slower in trying out 2^128 different possibilities than 1000:s of current computers counting in parallel are.
 
The vast majority of Bitcoin UTXOs include only a hash of a ECDSA public key, not the ECDSA key itself.  Therefore, if the public key has not already been revealed, an attacker would need to (1) sniff a transaction as it is entered into the mempool, (2) crack the private key, (3) create a new transaction using the private key, and (4) get this new transaction committed to a block before the legitimate owner's transaction.  To guard against this attack, Bitcoin would need to add support for quantum-resistant asymmetric cryptography.  Unfortunately, this field is still immature, and existing quantum-resistant asymmetric cryptographic schemes (see, e.g., https://en.wikipedia.org/wiki/Post-quantum_cryptography) are much less practical than ECDSA.  But it is likely that they will develop to be the point of being practical before quantum computing poses a severe risk to Bitcoin.  In fact, it is not even known for sure that quantum computing will ever economically scale to the point where it can attack 256-bit ECDSA.

Yep. It depends on how long it would take for a quantum computer to solve ECDSA. If it takes more than 30min, then it will still be too slow for this approach. (at least if the transaction was made with sufficient transaction fee)

Would be interesting to know how secure P2SH is against quantum computers. Because it does not necessarily use ECDSA.

newbie
Activity: 18
Merit: 0
October 08, 2017, 03:56:02 PM
#14
To brute-force pre-image resistance of hash functions such as SHA256, a quantum computer would still need to perform a number of operations proportional to the square root of the number of operations performed by a normal computer.  Therefore, simply doubling the number of bits (e.g., switching from SHA256 to SHA512) would provide quantum-resistant security equivalent to existing security against normal computers.  (Note that sqrt(2^512) = 2^256.)

The vast majority of Bitcoin UTXOs include only a hash of a ECDSA public key, not the ECDSA key itself.  Therefore, if the public key has not already been revealed, an attacker would need to (1) sniff a transaction as it is entered into the mempool, (2) crack the private key, (3) create a new transaction using the private key, and (4) get this new transaction committed to a block before the legitimate owner's transaction.  To guard against this attack, Bitcoin would need to add support for quantum-resistant asymmetric cryptography.  Unfortunately, this field is still immature, and existing quantum-resistant asymmetric cryptographic schemes (see, e.g., https://en.wikipedia.org/wiki/Post-quantum_cryptography) are much less practical than ECDSA.  But it is likely that they will develop to be the point of being practical before quantum computing poses a severe risk to Bitcoin.  In fact, it is not even known for sure that quantum computing will ever economically scale to the point where it can attack 256-bit ECDSA.
full member
Activity: 378
Merit: 197
October 08, 2017, 03:38:11 PM
#13
What do you exactly mean by "How is easy enough"? If it was that easy, some bright mind would've already figured out a way to protect bitcoin from quantum computing right?
We must also take into account that quantum computing isn't a thing yet. So perhaps as we learn more about quantum computing we can also figure out ways to protect bitcoin from potential treats. Maybe that is what you mean by figuring things out last minute?

There are coins that claim to be quantum resistant right now. I've no idea whether that's bollocks or not but let's assume it's possible.

The issue is implementing it. No one will want to hard fork even if the cure exists. By the time a hard fork is needed it'll be far too late.

If used properly bitcoin is already quantum resistant. Quantum computers can NOT break SHA256 hash algorithm, which is used in bitcoin.
What quantum computer can do, is that it can get private key from the public key, which is a problem only if you reuse your address.
And it is a problem with all the old addresses, that has been reused. The owners of those addresses would have to move their coins to a new address to be safe.
member
Activity: 62
Merit: 10
We will. We will. Block chain. Block chain.
October 08, 2017, 02:55:12 PM
#12
How do you think we can protect bitcoin from such an attack?

They could copy IOTA which is supposedly already quantum resistant.  The problem with Bitcoin is not really identifying the problem or the solution.  It's that as it grows bigger and bigger it becomes harder to upgrade without disrupting the existing network.  It's like having a fully loaded 18 wheeler traveling down the highway and trying to transform it into a 747 jet little by little without stopping. MAYBE it's possible but it's a lot easier just to build a new jet.  I think to get Bitcoin to the point of being agile enough to adapt for these and other yet unknown threats there will have to be a lot of hard forks until we get to a point of a totally different Bitcoin than we currently have. Most of the problems with bitcoin could be fixed with decentralized governance with decision making power and budgets for development but I don't know if Bitcoin can get there before forking itself out of existence.  Also I think some form of nomenclature should be adopted for the minority side of new bitcoin hard forks so that we don't have 30 or 40 different bitcoins around like BitcoinNew, BitcoinCool NewestBTC etc. because this confuses the market. If we named each fork something more standardized like BitcoinHF25_10_2017 people would still see it as being an official part of Bitcoin as a whole and when people used one of the forked bitcoin networks it would seem closer to using a different version of a software rather than seeming like using a knock off version, the way it would seem if we have BTCPlatinum, SuperBitcoin and whatever other names people could think of for a fork.
legendary
Activity: 2590
Merit: 3015
Welt Am Draht
October 08, 2017, 02:32:11 PM
#11
What do you exactly mean by "How is easy enough"? If it was that easy, some bright mind would've already figured out a way to protect bitcoin from quantum computing right?
We must also take into account that quantum computing isn't a thing yet. So perhaps as we learn more about quantum computing we can also figure out ways to protect bitcoin from potential treats. Maybe that is what you mean by figuring things out last minute?

There are coins that claim to be quantum resistant right now. I've no idea whether that's bollocks or not but let's assume it's possible.

The issue is implementing it. No one will want to hard fork even if the cure exists. By the time a hard fork is needed it'll be far too late.
member
Activity: 96
Merit: 11
October 08, 2017, 02:24:56 PM
#10
The question is a total waste of time.   If quantum computing were to become available and 1 system suddenly had the computing power of all the computers ever built, bitcoin is the least of our troubles.   Bitcoin is built on top of asymmetric cryptography.  Well, so is everything else,   all of banking and all of modern digital commerce would fall under attack.   

If the concept of quantum computing becomes reality,   there will be a million things more important then bitcoin which may be destroyed.
legendary
Activity: 1358
Merit: 1014
October 08, 2017, 10:34:46 AM
#9
Bitcoin is not yet quantum resistant, but then again most encryption isn't yet. There are ways to make it quantum resistant, but it will require a hard fork. I think we have about another decade before we need to worry about any quantum computer being powerful enough and having enough qubits to be of any threat to bitcoin. So to answer your question we can readily save bitcoin form quantum computing closer to time of them being any kind of threat.

If a quantum computer breaks SHA256 (and this is sci-fi nowadays and will continue being the case for along time) then the entire baking system is geopardized.

All this "omg, quantum computer attack is coming" bullshit is just FUD from goldbugs, i've seen it a million times before. By the time we get anywhere near a realistic quantum attack, we can hardfork into another hashing algo, in fact we should have done this a while ago, the problem is we don't have yet a clear idea of what is the best move. Moving to any of the existing algos will just delay the inevitable again and will piss off all existing miners. It is a tricky situation, but in the risk of a quantum attack I guess we will finally reach common ground and all miners (except suicidal ones) will agree to change PoW algo. Hopefully by then we have some creative solution against ASIC centralization such as random PoW algo changes.
sr. member
Activity: 474
Merit: 285
Brave New World
October 08, 2017, 09:41:17 AM
#8
Bitcoin is not yet quantum resistant, but then again most encryption isn't yet. There are ways to make it quantum resistant, but it will require a hard fork. I think we have about another decade before we need to worry about any quantum computer being powerful enough and having enough qubits to be of any threat to bitcoin. So to answer your question we can readily save bitcoin form quantum computing closer to time of them being any kind of threat.
legendary
Activity: 3108
Merit: 2177
Playgram - The Telegram Casino
October 08, 2017, 09:15:32 AM
#7
How do you think we can protect bitcoin from such an attack?

What attack? Quantum computing is able to solve a certain class of mathematical problems faster than traditional CPUs, it's not some kind of voodoo magic.

The only known theoretical attack vector so far would be deriving the private key of an address from its public key. However this would only be applicable in case of address-reuse, as the public key is unknown prior to the first transaction. So folks, stay quantum-safe and don't reuse addresses!
sr. member
Activity: 336
Merit: 252
October 08, 2017, 08:06:34 AM
#6
How is easy enough. When is the more interesting question.

Nobody will ever know it's possible to crack everything until it has already happened. To guard against it you'd have to hard fork the entire planet. Humans really aren't very good at preventative measures. They tend to wait until the last minute, but in the case of that preventative is the only way of stopping everything from turning to dust.
What do you exactly mean by "How is easy enough"? If it was that easy, some bright mind would've already figured out a way to protect bitcoin from quantum computing right?
We must also take into account that quantum computing isn't a thing yet. So perhaps as we learn more about quantum computing we can also figure out ways to protect bitcoin from potential treats. Maybe that is what you mean by figuring things out last minute?
member
Activity: 93
Merit: 10
October 08, 2017, 06:52:17 AM
#5
It may cause the end of Bitcoin as we know it, but I'm sure there will be some solution that arises.
legendary
Activity: 2590
Merit: 3015
Welt Am Draht
October 08, 2017, 06:49:39 AM
#4
How is easy enough. When is the more interesting question.

Nobody will ever know it's possible to crack everything until it has already happened. To guard against it you'd have to hard fork the entire planet. Humans really aren't very good at preventative measures. They tend to wait until the last minute, but in the case of that preventative is the only way of stopping everything from turning to dust.
newbie
Activity: 12
Merit: 0
October 08, 2017, 05:13:45 AM
#3
Bitcoin should apply Quantum resistant ledger algo in order to resist quantum decryption
Pages:
Jump to: