Pages:
Author

Topic: Bitcoin Security vs Quantum Computing (Read 693 times)

newbie
Activity: 20
Merit: 1
June 05, 2020, 03:01:20 AM
#30

Just adding my humble piece here.
Quantic-based computing is only a very vague theory that has been translated into very early practical use-cases.
If I would need to pick an example of the past, it would be like saying that 1946's first computer is able to unlock the 2020 Iphone.
Joke apart, this is not far from this.
Most of the Quantum Computing is made currently within very specific universities and there are around a dozen of startups trying to surf on the wave.
Bitcoin and other cryptographic-based digital assets are safe... for now.

Thank you all very much for the informative replies. Truly educational!

If I had more sendable merit, I'd be spreading it around this thread.

Thank you all very much for the informative replies. Truly educational!

If I had more sendable merit, I'd be spreading it around this thread.
jr. member
Activity: 91
Merit: 5
June 04, 2020, 05:49:12 AM
#29
Thank you all very much for the informative replies. Truly educational!

If I had more sendable merit, I'd be spreading it around this thread.
legendary
Activity: 1904
Merit: 1277
June 04, 2020, 05:13:52 AM
#28
It might be worth me sharing this again, a summary of how QCs can affect bitcoin:

Mining can potentially be much quicker with QCs.
The current PoW difficulty system can be exploited by a Quantum Computer using Grover’s algorithm to drastically reduce the number of computational steps required to solve the problem. The theorised advantage that a quantum computer (or parallelised QCs) have over classical computers is a couple of orders of magnitude, so ~x100 easier to mine. This isn’t necessarily a game-changer, as this QC speed advantage is likely to be some years away, by which time classical computers will surely have increased speed to reduce the QC advantage significantly. It is worth remembering that QCs aren’t going up against run-of-the-mill standard equipment here, but rather against the very fast ASICs that have been set up specifically for mining.

Re-used BTC addresses are 100% vulnerable to QCs.
Address Re-Use. Simply, any address that is re-used is 100% vulnerable because a QC can use Shor’s algorithm to break public-key cryptography. This is a quantum algorithm designed specifically to solve for prime factors. As with Grover’s algorithm, the key is in dramatically reducing the number of computational steps required to solve the problem. The upshot is that for any known public key, a QC can use Shor’s approach to derive the private key. The vulnerability cannot be overstated here. Any re-used address is utterly insecure.

Processed (accepted) transactions are theoretically somewhat vulnerable to QCs.
Theoretically possible because the QC can derive private keys from used addresses. In practice however processed transactions are likely to be quite secure as QCs would need to out-hash the network to double spend.

Unprocessed (pending) transactions are extremely vulnerable to QCs.
As above, a QC can derive a private key from a public key. So for any unprocessed transaction, a QC attacker can obtain the private key and then create their own transaction whilst offering a much higher fee, so that the attacker’s transaction gets onto the blockchain first, ahead of the genuine transaction. So block interval and QC speed are both crucial here – it all depends on whether or not the a QC can hack the key more quickly than the block is processed.


Possible defences...

Defences using classical computers.
  • Modify the PoW system such that QCs don’t have any advantage over classical computers. Defending PoW is not as important as defending signatures (as above), because PoW is less vulnerable. However various approaches that can protect PoW against QCs are under development, such as Cuckoo Cycle, Momentum and Equihash.
  • Modify the signature system to prevent easy derivation of private keys. Again, various approaches are under development, which use some pretty esoteric maths. There are hash-based approaches such as XMSS and SPHINCS, but more promising (as far as I can tell) are the lattice-based approaches such as Dilithium, which I think is already used by Komodo.

Defences using quantum computers.
As I’ve said a few times, I’m more of a bumbling enthusiast than an expert, but exploiting quantum properties to defend against QC attack seems to me a very good idea. In theory properties such as entanglement and the uncertainty principle can offer an unbreakable defence. Again, people are busy researching this area. There are some quite astonishing ideas out there, such as this one.


... but apart from all of this, migrating bitcoin to a quantum-proof system brings its own challenges. Coins will only be safe once they have been moved to new, quantum-proof addresses. What happens to those coins that aren't moved? They would remain vulnerable, and could still be stolen using a QC. Should these be burned to prevent theft, or should the theft be permitted? This is an important question with no obvious consensus on how it should be resolved. Potentially millions of coins would be vulnerable. Theft could tank the price and damage bitcoin irreparably, but burning 'someone else's' coins could do the same thing. Theymos brought this subject up years ago, and as far as I'm aware it is still a contentious issue.
legendary
Activity: 1624
Merit: 2481
June 03, 2020, 11:26:11 AM
#27
If Bitcoin encryption is ever broken, all other systems will also be broken together,
because all institutions use similar encrypton.

Bitcoin doesn't use any encryption at all.
Bitcoin makes use of signatures. That's the crucial part which might be broken with QCs.

Same applies to other institutions. The problem isn't just (asymmetric) encryption, but signatures and therefore besides confidentiality also integrity and authenticity.
legendary
Activity: 3346
Merit: 3130
June 03, 2020, 11:23:20 AM
#26
...

Any thoughts on the above?

This topic has been discussed a lot since the quantum computers become a reality, abt the answer is NO, we don't have to be afraid from them. And if they can break sha256 then there are bigger things to worry about like hackers getting access to millitar technology.
legendary
Activity: 2086
Merit: 1282
Logo Designer ⛨ BSFL Division1
June 03, 2020, 09:07:55 AM
#25
I agree with previous post.
If Bitcoin encryption is ever broken, all other systems will also be broken together,
because all institutions use similar encrypton.
In future, we can also expect improvement in Bitcoin code, so I don't worry about this at all.
legendary
Activity: 2898
Merit: 1823
June 01, 2020, 03:02:21 AM
#24

so that article that says 2-3 years is wrong ?


Definitely.
Don't trust random online articles.

Quantum computers won't be a threat for the next decade.


Bitcoin's "failure" should be the minimum of everyone's problems with the birth of actual quantum computers. I believe that everyone should worry about the banks/governments/military. Hahaha.
legendary
Activity: 3122
Merit: 2178
Playgram - The Telegram Casino
so far the estimations i have seen are in the matter of 20 to 30 years.

so that article that says 2-3 years is wrong ?

We'll only know in hindsight but currently there's no basis to reasonably assume a timespan as short as 2-3 years. Maybe in a decade or two, but everything earlier seems highly speculative.


also, if and when QC becomes more easily available, wouldn't bitcoin devs consider 'upgrading' the encryption to QC proof, or is that already completely set in stone for BTC ?

Switching to a quantum proof signature scheme has been discussed every now and then for a couple of years now, challenge being that the currently most likely candidate -- Lamport signatures -- are much larger than what Bitcoin uses right now (40-170 times, according to the Bitcoin wiki [1]). Accordingly we're unlikely to see a switch to quantum proof signatures until the future of QC becomes much clearer or a more compact signature scheme is found.

[1] https://en.bitcoin.it/wiki/Quantum_computing_and_Bitcoin


If QC with big qubits will be available within next 2-3 years, everyone in software department will be in panic how to migrate their legacy code to use quantum resistant cryptography or make sure their customer update their software within 2-3 years.

Oof, I'm getting nightmares just imagining it.
legendary
Activity: 3472
Merit: 10611
so far the estimations i have seen are in the matter of 20 to 30 years.

so that article that says 2-3 years is wrong ?

also, if and when QC becomes more easily available, wouldn't bitcoin devs consider 'upgrading' the encryption to QC proof, or is that already completely set in stone for BTC ?

well it is not exactly an "article". it looks more like a clickbait and it is throwing random names around and is vague about its sources calling them "experts". who are these experts? where is the proof?

besides both of the main cryptography functions used by bitcoin (SHA256 and Elliptic Curve Cryptography) is used almost the entire internet. for example when you visit your google account your communication is encrypted using ECC on P256 curve and same SHA256 as the hash function. the rest use RSA which is pretty similar.
the whole internet would fall apart if were were that close...
legendary
Activity: 1624
Merit: 2481
so that article that says 2-3 years is wrong ?

Definitely.
Don't trust random online articles.

Quantum computers won't be a threat for the next decade.



there is nothing called bitcoin encryption, but sha-256 or aes encryption, used by bitcoin core wallets to encrypt your keys.

Note that sha is not an ecryption algorithm, but a hash function.
Also, the risk with quantum computers wouldn't be AES or any other symmetric encryption algorithm, but the asymmetric ones (e.g. RSA) where the algorithm relies on mathematical problems.
The attack vector on bitcoin wouldn't be the encryption of keys on a local wallet, but the ECDSA.
member
Activity: 95
Merit: 10
I read an article recently again claiming that within a few years, quantum computers will be easily able to crack BTC encryption: https://decrypt.co/28560/quantum-computers-could-crack-bitcoins-encryption-by-2022

Any thoughts on the above?

there is nothing called bitcoin encryption, but sha-256 or aes encryption, used by bitcoin core wallets to encrypt your keys.

The are several claims to have quantum supremacy, like googles claim last year, but it is more likely a flaw in system upgrades to lightnining might be more vulnerable than quantum computers. look at the defi hacks earlier this year.
jr. member
Activity: 91
Merit: 5
so far the estimations i have seen are in the matter of 20 to 30 years.

so that article that says 2-3 years is wrong ?

also, if and when QC becomes more easily available, wouldn't bitcoin devs consider 'upgrading' the encryption to QC proof, or is that already completely set in stone for BTC ?
legendary
Activity: 3472
Merit: 10611
How long is the world away until the "Quantum Computing will crack ALL non-QC encryption algorithms!" setting? It can't permanently be FUD, can it?

Asking for a friend.

i don't think it is possible to predict. there could be some breakthroughs in both the algorithms used and the hardware to speed up the process and shorten the estimated time or the technology growth could start plateauing and take even longer.
so far the estimations i have seen are in the matter of 20 to 30 years.
legendary
Activity: 2898
Merit: 1823
How long is the world away until the "Quantum Computing will crack ALL non-QC encryption algorithms!" setting? It can't permanently be FUD, can it?

Asking for a friend.
copper member
Activity: 1666
Merit: 1901
Amazon Prime Member #7
I believe, most likely we don’t know the true current state of QC technology and won’t know when QC can break ECDSA. QC being used to double spend bitcoin transactions would make it obvious that the technology exists.

[...]

I might hypothesize that some major governments have bitcoin stored in addresses whose public keys have been exposed to serve as a canary in the coal mine so they would know not to use EDSCA anymore. Similarly, a government with technology to calculate the private key based on the public key to prevent the canary from being set off.  

I guess the biggest canary in the coalmine are actually the earliest Coinbase transactions that were still P2PK. At least I find it hard to believe that anyone with the technology to crack ECDSA and the intention to double-spend bitcoins will be able to resist giving the early dormant block rewards a whirl as soon as they are able to. Emphasis being "the intention to double-spend bitcoins" because for all we know there might be larger goals at stake other than mere wealth accumulation, assuming such technical progress would indeed be successfully kept secret.
Not necessary because satoshi might have those private keys (or someone who has access to his computers) and it would be difficult to rule out that the person spending those inputs being the one who generated the private keys.
legendary
Activity: 3122
Merit: 2178
Playgram - The Telegram Casino
I believe, most likely we don’t know the true current state of QC technology and won’t know when QC can break ECDSA. QC being used to double spend bitcoin transactions would make it obvious that the technology exists.

[...]

I might hypothesize that some major governments have bitcoin stored in addresses whose public keys have been exposed to serve as a canary in the coal mine so they would know not to use EDSCA anymore. Similarly, a government with technology to calculate the private key based on the public key to prevent the canary from being set off.   

I guess the biggest canary in the coalmine are actually the earliest Coinbase transactions that were still P2PK. At least I find it hard to believe that anyone with the technology to crack ECDSA and the intention to double-spend bitcoins will be able to resist giving the early dormant block rewards a whirl as soon as they are able to. Emphasis being "the intention to double-spend bitcoins" because for all we know there might be larger goals at stake other than mere wealth accumulation, assuming such technical progress would indeed be successfully kept secret.
copper member
Activity: 1666
Merit: 1901
Amazon Prime Member #7
- A quantum computer capable of cracking Bitcoin's encryption could be just two years away.

Probably closer to 20 years than to 2 years. At least if we're talking about the kind of computation power that would enable double-spend attacks as described by PrimeNumber7. Question being how long it will take for QC to break ECDSA within minutes instead of days once it becomes practically possible at all. We're likely to hear a lot more news about leaps in QC long before that though so we should get a bit of a heads up.

I believe, most likely we don’t know the true current state of QC technology and won’t know when QC can break ECDSA. QC being used to double spend bitcoin transactions would make it obvious that the technology exists.

If someone were to intercept encrypted communications today, they can keep the encrypted message until they can decrypt it in the future after advances in code breaking (via QC or otherwise) are realized. There is also an advantage to being able to secretly know what your enemies are doing in real time. If it becomes publicly known that encryption standards have been broken, governments will know to use different/more advanced encryption technology to communicate.

I might hypothesize that some major governments have bitcoin stored in addresses whose public keys have been exposed to serve as a canary in the coal mine so they would know not to use EDSCA anymore. Similarly, a government with technology to calculate the private key based on the public key to prevent the canary from being set off.   
legendary
Activity: 3122
Merit: 2178
Playgram - The Telegram Casino
- A quantum computer capable of cracking Bitcoin's encryption could be just two years away.

Probably closer to 20 years than to 2 years. At least if we're talking about the kind of computation power that would enable double-spend attacks as described by PrimeNumber7. Question being how long it will take for QC to break ECDSA within minutes instead of days once it becomes practically possible at all. We're likely to hear a lot more news about leaps in QC long before that though so we should get a bit of a heads up.



Nuclear lock codes anyone?  Smiley Wink Wink

About that... Grin

https://www.huffpost.com/entry/nuclear-missile-code-00000000-cold-war_n_4386784
jr. member
Activity: 91
Merit: 5
Nuclear lock codes anyone?  Smiley Wink Wink

Fair enough!  Grin
copper member
Activity: 77
Merit: 17
Well, if quantum computing can break into my wallet, you got a whole lot more to worry about than Bitcoin.
All Your Banking cards debit cards , online payment companies such as Paypal and anothor , as well tons of other things online are less secure than your basic non-custodial wallet.

Nuclear lock codes anyone?  Smiley Wink Wink
Pages:
Jump to: