Author

Topic: Bitcoin Security vs Quantum Computing (Read 710 times)

newbie
Activity: 20
Merit: 1
June 05, 2020, 03:01:20 AM
#30

Just adding my humble piece here.
Quantic-based computing is only a very vague theory that has been translated into very early practical use-cases.
If I would need to pick an example of the past, it would be like saying that 1946's first computer is able to unlock the 2020 Iphone.
Joke apart, this is not far from this.
Most of the Quantum Computing is made currently within very specific universities and there are around a dozen of startups trying to surf on the wave.
Bitcoin and other cryptographic-based digital assets are safe... for now.

Thank you all very much for the informative replies. Truly educational!

If I had more sendable merit, I'd be spreading it around this thread.

Thank you all very much for the informative replies. Truly educational!

If I had more sendable merit, I'd be spreading it around this thread.
jr. member
Activity: 91
Merit: 5
June 04, 2020, 05:49:12 AM
#29
Thank you all very much for the informative replies. Truly educational!

If I had more sendable merit, I'd be spreading it around this thread.
legendary
Activity: 1904
Merit: 1277
June 04, 2020, 05:13:52 AM
#28
It might be worth me sharing this again, a summary of how QCs can affect bitcoin:

Mining can potentially be much quicker with QCs.
The current PoW difficulty system can be exploited by a Quantum Computer using Grover’s algorithm to drastically reduce the number of computational steps required to solve the problem. The theorised advantage that a quantum computer (or parallelised QCs) have over classical computers is a couple of orders of magnitude, so ~x100 easier to mine. This isn’t necessarily a game-changer, as this QC speed advantage is likely to be some years away, by which time classical computers will surely have increased speed to reduce the QC advantage significantly. It is worth remembering that QCs aren’t going up against run-of-the-mill standard equipment here, but rather against the very fast ASICs that have been set up specifically for mining.

Re-used BTC addresses are 100% vulnerable to QCs.
Address Re-Use. Simply, any address that is re-used is 100% vulnerable because a QC can use Shor’s algorithm to break public-key cryptography. This is a quantum algorithm designed specifically to solve for prime factors. As with Grover’s algorithm, the key is in dramatically reducing the number of computational steps required to solve the problem. The upshot is that for any known public key, a QC can use Shor’s approach to derive the private key. The vulnerability cannot be overstated here. Any re-used address is utterly insecure.

Processed (accepted) transactions are theoretically somewhat vulnerable to QCs.
Theoretically possible because the QC can derive private keys from used addresses. In practice however processed transactions are likely to be quite secure as QCs would need to out-hash the network to double spend.

Unprocessed (pending) transactions are extremely vulnerable to QCs.
As above, a QC can derive a private key from a public key. So for any unprocessed transaction, a QC attacker can obtain the private key and then create their own transaction whilst offering a much higher fee, so that the attacker’s transaction gets onto the blockchain first, ahead of the genuine transaction. So block interval and QC speed are both crucial here – it all depends on whether or not the a QC can hack the key more quickly than the block is processed.


Possible defences...

Defences using classical computers.
  • Modify the PoW system such that QCs don’t have any advantage over classical computers. Defending PoW is not as important as defending signatures (as above), because PoW is less vulnerable. However various approaches that can protect PoW against QCs are under development, such as Cuckoo Cycle, Momentum and Equihash.
  • Modify the signature system to prevent easy derivation of private keys. Again, various approaches are under development, which use some pretty esoteric maths. There are hash-based approaches such as XMSS and SPHINCS, but more promising (as far as I can tell) are the lattice-based approaches such as Dilithium, which I think is already used by Komodo.

Defences using quantum computers.
As I’ve said a few times, I’m more of a bumbling enthusiast than an expert, but exploiting quantum properties to defend against QC attack seems to me a very good idea. In theory properties such as entanglement and the uncertainty principle can offer an unbreakable defence. Again, people are busy researching this area. There are some quite astonishing ideas out there, such as this one.


... but apart from all of this, migrating bitcoin to a quantum-proof system brings its own challenges. Coins will only be safe once they have been moved to new, quantum-proof addresses. What happens to those coins that aren't moved? They would remain vulnerable, and could still be stolen using a QC. Should these be burned to prevent theft, or should the theft be permitted? This is an important question with no obvious consensus on how it should be resolved. Potentially millions of coins would be vulnerable. Theft could tank the price and damage bitcoin irreparably, but burning 'someone else's' coins could do the same thing. Theymos brought this subject up years ago, and as far as I'm aware it is still a contentious issue.
legendary
Activity: 1624
Merit: 2509
June 03, 2020, 11:26:11 AM
#27
If Bitcoin encryption is ever broken, all other systems will also be broken together,
because all institutions use similar encrypton.

Bitcoin doesn't use any encryption at all.
Bitcoin makes use of signatures. That's the crucial part which might be broken with QCs.

Same applies to other institutions. The problem isn't just (asymmetric) encryption, but signatures and therefore besides confidentiality also integrity and authenticity.
legendary
Activity: 3388
Merit: 3154
June 03, 2020, 11:23:20 AM
#26
...

Any thoughts on the above?

This topic has been discussed a lot since the quantum computers become a reality, abt the answer is NO, we don't have to be afraid from them. And if they can break sha256 then there are bigger things to worry about like hackers getting access to millitar technology.
legendary
Activity: 2086
Merit: 1282
Logo Designer ⛨ BSFL Division1
June 03, 2020, 09:07:55 AM
#25
I agree with previous post.
If Bitcoin encryption is ever broken, all other systems will also be broken together,
because all institutions use similar encrypton.
In future, we can also expect improvement in Bitcoin code, so I don't worry about this at all.
legendary
Activity: 2898
Merit: 1823
June 01, 2020, 03:02:21 AM
#24

so that article that says 2-3 years is wrong ?


Definitely.
Don't trust random online articles.

Quantum computers won't be a threat for the next decade.


Bitcoin's "failure" should be the minimum of everyone's problems with the birth of actual quantum computers. I believe that everyone should worry about the banks/governments/military. Hahaha.
legendary
Activity: 3150
Merit: 2185
Top-tier crypto casino and sportsbook
so far the estimations i have seen are in the matter of 20 to 30 years.

so that article that says 2-3 years is wrong ?

We'll only know in hindsight but currently there's no basis to reasonably assume a timespan as short as 2-3 years. Maybe in a decade or two, but everything earlier seems highly speculative.


also, if and when QC becomes more easily available, wouldn't bitcoin devs consider 'upgrading' the encryption to QC proof, or is that already completely set in stone for BTC ?

Switching to a quantum proof signature scheme has been discussed every now and then for a couple of years now, challenge being that the currently most likely candidate -- Lamport signatures -- are much larger than what Bitcoin uses right now (40-170 times, according to the Bitcoin wiki [1]). Accordingly we're unlikely to see a switch to quantum proof signatures until the future of QC becomes much clearer or a more compact signature scheme is found.

[1] https://en.bitcoin.it/wiki/Quantum_computing_and_Bitcoin


If QC with big qubits will be available within next 2-3 years, everyone in software department will be in panic how to migrate their legacy code to use quantum resistant cryptography or make sure their customer update their software within 2-3 years.

Oof, I'm getting nightmares just imagining it.
legendary
Activity: 3472
Merit: 10611
so far the estimations i have seen are in the matter of 20 to 30 years.

so that article that says 2-3 years is wrong ?

also, if and when QC becomes more easily available, wouldn't bitcoin devs consider 'upgrading' the encryption to QC proof, or is that already completely set in stone for BTC ?

well it is not exactly an "article". it looks more like a clickbait and it is throwing random names around and is vague about its sources calling them "experts". who are these experts? where is the proof?

besides both of the main cryptography functions used by bitcoin (SHA256 and Elliptic Curve Cryptography) is used almost the entire internet. for example when you visit your google account your communication is encrypted using ECC on P256 curve and same SHA256 as the hash function. the rest use RSA which is pretty similar.
the whole internet would fall apart if were were that close...
legendary
Activity: 1624
Merit: 2509
so that article that says 2-3 years is wrong ?

Definitely.
Don't trust random online articles.

Quantum computers won't be a threat for the next decade.



there is nothing called bitcoin encryption, but sha-256 or aes encryption, used by bitcoin core wallets to encrypt your keys.

Note that sha is not an ecryption algorithm, but a hash function.
Also, the risk with quantum computers wouldn't be AES or any other symmetric encryption algorithm, but the asymmetric ones (e.g. RSA) where the algorithm relies on mathematical problems.
The attack vector on bitcoin wouldn't be the encryption of keys on a local wallet, but the ECDSA.
member
Activity: 95
Merit: 10
I read an article recently again claiming that within a few years, quantum computers will be easily able to crack BTC encryption: https://decrypt.co/28560/quantum-computers-could-crack-bitcoins-encryption-by-2022

Any thoughts on the above?

there is nothing called bitcoin encryption, but sha-256 or aes encryption, used by bitcoin core wallets to encrypt your keys.

The are several claims to have quantum supremacy, like googles claim last year, but it is more likely a flaw in system upgrades to lightnining might be more vulnerable than quantum computers. look at the defi hacks earlier this year.
jr. member
Activity: 91
Merit: 5
so far the estimations i have seen are in the matter of 20 to 30 years.

so that article that says 2-3 years is wrong ?

also, if and when QC becomes more easily available, wouldn't bitcoin devs consider 'upgrading' the encryption to QC proof, or is that already completely set in stone for BTC ?
legendary
Activity: 3472
Merit: 10611
How long is the world away until the "Quantum Computing will crack ALL non-QC encryption algorithms!" setting? It can't permanently be FUD, can it?

Asking for a friend.

i don't think it is possible to predict. there could be some breakthroughs in both the algorithms used and the hardware to speed up the process and shorten the estimated time or the technology growth could start plateauing and take even longer.
so far the estimations i have seen are in the matter of 20 to 30 years.
legendary
Activity: 2898
Merit: 1823
How long is the world away until the "Quantum Computing will crack ALL non-QC encryption algorithms!" setting? It can't permanently be FUD, can it?

Asking for a friend.
copper member
Activity: 1666
Merit: 1901
Amazon Prime Member #7
I believe, most likely we don’t know the true current state of QC technology and won’t know when QC can break ECDSA. QC being used to double spend bitcoin transactions would make it obvious that the technology exists.

[...]

I might hypothesize that some major governments have bitcoin stored in addresses whose public keys have been exposed to serve as a canary in the coal mine so they would know not to use EDSCA anymore. Similarly, a government with technology to calculate the private key based on the public key to prevent the canary from being set off.  

I guess the biggest canary in the coalmine are actually the earliest Coinbase transactions that were still P2PK. At least I find it hard to believe that anyone with the technology to crack ECDSA and the intention to double-spend bitcoins will be able to resist giving the early dormant block rewards a whirl as soon as they are able to. Emphasis being "the intention to double-spend bitcoins" because for all we know there might be larger goals at stake other than mere wealth accumulation, assuming such technical progress would indeed be successfully kept secret.
Not necessary because satoshi might have those private keys (or someone who has access to his computers) and it would be difficult to rule out that the person spending those inputs being the one who generated the private keys.
legendary
Activity: 3150
Merit: 2185
Top-tier crypto casino and sportsbook
I believe, most likely we don’t know the true current state of QC technology and won’t know when QC can break ECDSA. QC being used to double spend bitcoin transactions would make it obvious that the technology exists.

[...]

I might hypothesize that some major governments have bitcoin stored in addresses whose public keys have been exposed to serve as a canary in the coal mine so they would know not to use EDSCA anymore. Similarly, a government with technology to calculate the private key based on the public key to prevent the canary from being set off.   

I guess the biggest canary in the coalmine are actually the earliest Coinbase transactions that were still P2PK. At least I find it hard to believe that anyone with the technology to crack ECDSA and the intention to double-spend bitcoins will be able to resist giving the early dormant block rewards a whirl as soon as they are able to. Emphasis being "the intention to double-spend bitcoins" because for all we know there might be larger goals at stake other than mere wealth accumulation, assuming such technical progress would indeed be successfully kept secret.
copper member
Activity: 1666
Merit: 1901
Amazon Prime Member #7
- A quantum computer capable of cracking Bitcoin's encryption could be just two years away.

Probably closer to 20 years than to 2 years. At least if we're talking about the kind of computation power that would enable double-spend attacks as described by PrimeNumber7. Question being how long it will take for QC to break ECDSA within minutes instead of days once it becomes practically possible at all. We're likely to hear a lot more news about leaps in QC long before that though so we should get a bit of a heads up.

I believe, most likely we don’t know the true current state of QC technology and won’t know when QC can break ECDSA. QC being used to double spend bitcoin transactions would make it obvious that the technology exists.

If someone were to intercept encrypted communications today, they can keep the encrypted message until they can decrypt it in the future after advances in code breaking (via QC or otherwise) are realized. There is also an advantage to being able to secretly know what your enemies are doing in real time. If it becomes publicly known that encryption standards have been broken, governments will know to use different/more advanced encryption technology to communicate.

I might hypothesize that some major governments have bitcoin stored in addresses whose public keys have been exposed to serve as a canary in the coal mine so they would know not to use EDSCA anymore. Similarly, a government with technology to calculate the private key based on the public key to prevent the canary from being set off.   
legendary
Activity: 3150
Merit: 2185
Top-tier crypto casino and sportsbook
- A quantum computer capable of cracking Bitcoin's encryption could be just two years away.

Probably closer to 20 years than to 2 years. At least if we're talking about the kind of computation power that would enable double-spend attacks as described by PrimeNumber7. Question being how long it will take for QC to break ECDSA within minutes instead of days once it becomes practically possible at all. We're likely to hear a lot more news about leaps in QC long before that though so we should get a bit of a heads up.



Nuclear lock codes anyone?  Smiley Wink Wink

About that... Grin

https://www.huffpost.com/entry/nuclear-missile-code-00000000-cold-war_n_4386784
jr. member
Activity: 91
Merit: 5
Nuclear lock codes anyone?  Smiley Wink Wink

Fair enough!  Grin
copper member
Activity: 77
Merit: 17
Well, if quantum computing can break into my wallet, you got a whole lot more to worry about than Bitcoin.
All Your Banking cards debit cards , online payment companies such as Paypal and anothor , as well tons of other things online are less secure than your basic non-custodial wallet.

Nuclear lock codes anyone?  Smiley Wink Wink
copper member
Activity: 1666
Merit: 1901
Amazon Prime Member #7
You don't need to worry if you don't expose public keys (address reuse).
When you spend your coin, you are exposing your public key. On average, there will be 5 minutes between when you broadcast your transaction and when the next block is found, so an attacker with a sufficiently strong quantum computer will have 5 minutes to calculate your private key, and double-spend your tx after you broadcast your transaction.

There are threads about this elsewhere in this sub, and I have posted about why QC is unlikely to be a threat to bitcoin. In short, the value someone can get from using QC to calculate bitcoin private keys is less than the value of keeping the existence of this technology secret.
jr. member
Activity: 91
Merit: 5
May 27, 2020, 02:03:06 AM
#9
I fail to understand how programming can mitigate this risk.

By changing the encryption to quantum-proof cryptography. There are several sources to learn about how we can face this, just take a little bit time to read (eg: https://en.bitcoin.it/wiki/Quantum_computing_and_Bitcoin).

Thanks, I will read and try to understand this better!
legendary
Activity: 2170
Merit: 1789
May 27, 2020, 01:19:38 AM
#8
I fail to understand how programming can mitigate this risk.

By changing the encryption to quantum-proof cryptography. There are several sources to learn about how we can face this, just take a little bit time to read (eg: https://en.bitcoin.it/wiki/Quantum_computing_and_Bitcoin).
copper member
Activity: 3010
Merit: 1284
https://linktr.ee/crwthopia
May 27, 2020, 01:04:24 AM
#7
There are a lot of theories corresponding to the capacity of quantum computing to be able to crack Bitcoin encryption. Some say years, some say decades, but what's important is that now, they are saying that it's possible.

We will see in the coming years if Quantum Computing would be able to it, but for now, let's just support the Bitcoin Network.

Maybe Quantum Resistant Ledger (QRL) [1] as the go-to cryptography of the public key. It would be more comfortable knowing that you could be safe. This is if you always think of the "attack" by Quantum Computers.  Shocked
jr. member
Activity: 91
Merit: 5
May 27, 2020, 12:49:58 AM
#6
In brief, the article states:
- A 4,000 qubit quantum computer could, theoretically, crack Bitcoin's encryption in a matter of seconds.
- The current generation of quantum computers max out at 54 qubits.
- A quantum computer capable of cracking Bitcoin's encryption could be just two years away.

I suppose BTC has a few years still to program it's way out of this risk, however I fail to understand how programming can mitigate this risk.
legendary
Activity: 3472
Merit: 10611
May 26, 2020, 09:33:48 PM
#5
You don't need to worry if you don't expose public keys (address reuse). Even if the network shuts down for a while your coins will be safe and developers eventually will figure a solution.

true, but the thing about bitcoin is that if there were any kind of vulnerability in its very basic cryptography (which there isn't by the way) then it would have no value so in the end it wouldn't matter much if your public key is revealed or not.
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
May 26, 2020, 08:33:53 PM
#4
Quantum computing is nowhere near the levels that is needed to break ECDSA.

It's true that Shor's algorithm makes ECDSA vulnerable to attacks by quantum computers which reduces the time needed significantly. However, if you look at it, the amount of qubit that is required to break ECDSA is estimated to be ~1500. The best quantum computer right now has 53 qubit.

If you don't reuse addresses, the effects are negated since it still takes time for the quantum computer to crack your keys. I don't see a real threat right now but the community would probably act on it when the need arises.
mda
member
Activity: 144
Merit: 13
May 26, 2020, 07:53:20 PM
#3
You don't need to worry if you don't expose public keys (address reuse). Even if the network shuts down for a while your coins will be safe and developers eventually will figure a solution.
legendary
Activity: 1624
Merit: 2509
May 26, 2020, 02:57:47 PM
#2
Ye.. i didn't read it and didn't even click on the link.
But i don't need to do that to tell you that this is absolute garbage.

Bitcoin "encryption" (i guess you meant signatures) won't be crackable the next few years..
Even if (and that already is a big if) there will be well working quantum computers available in a few years... there are no algorithms available.

You need the hardware AND the efficient algorithms.
And once its coming close to be possible, a hardfork is going to solve everything.
The traditional banking sector and the government will be at a higher risk with their slow IT departments than bitcoin.
jr. member
Activity: 91
Merit: 5
May 26, 2020, 12:38:57 PM
#1
I read an article recently again claiming that within a few years, quantum computers will be easily able to crack BTC encryption: https://decrypt.co/28560/quantum-computers-could-crack-bitcoins-encryption-by-2022

Any thoughts on the above?
Jump to: