Pages:
Author

Topic: Bitcoin’s race to outrun the quantum computer - page 3. (Read 1495 times)

legendary
Activity: 1652
Merit: 1483
Computing, security, encryption, and hacking has always been and will likely always be a cat and mouse game.  It's not like we all woke up one day and found all of our security that was based on SHA-1 encryption was hosed by every hacker on the planet, it was a gradual shift.  As computers get faster, encryption will need to become stronger, and it's the faster computers that will enable stronger encryption.

there seems to be a consensus that we'll switch to a quantum-resistant signature scheme (and eventually a quantum-resistant hashing algorithm) but that's just common sense. there are 2 more pressing questions to my mind.

1. what happens to quantum-vulnerable outputs? like p2pk and spent addresses that still hold coins. the answer dictates whether lost coins are actually a donation to bitcoin holders as satoshi said. if we do nothing, then he was obviously wrong about that.

2. the logistics of a fork. take lamport signatures for example. wouldn't it be optimal to do it years before it's a real concern = less people reusing keys as the threat approaches?
copper member
Activity: 2338
Merit: 4543
Join the world-leading crypto sportsbook NOW!
Computing, security, encryption, and hacking has always been and will likely always be a cat and mouse game.  It's not like we all woke up one day and found all of our security that was based on SHA-1 encryption was hosed by every hacker on the planet, it was a gradual shift.  As computers get faster, encryption will need to become stronger, and it's the faster computers that will enable stronger encryption.
jr. member
Activity: 33
Merit: 1
Don't worry about Bitcoin, a small niche. The world will have BIGGER problems to worry about with the arrival of quantum computers. Hahaha.

The world will be able to fix the quantum issue and implement a quantum secure mode through rewinding, freezing, correcting accounts. But Bitcoin can't and that will lead to forks. We already have two main post quantum 'forks':

1. The original chain with all the coins. The 'shalecoins', https://bitcointalksearch.org/topic/bitcoin-as-shalecoin-5134441 coins with no owner, will have new owners as it will be able to move these coins.
The original chain will remain the strongest chain. If some groups can reproduce the privatekeys of 'shalecoins', coins with no owner https://bitcointalksearch.org/topic/bitcoin-as-shalecoin-5134441, it's their reward. They are trying to build a computer in the near future, that wouldn't be built so fast without that incentive. That opportunity accelerates the technology. If there are still some BTC owners -incl. Satoshi- with old addresses and remove their coins now, they will be secure. So it's a fair game. And nobody can change that game: Bitcoin rewards the best technology.

The Bitcoin network is a pure competition network. Only the best technology will be successful here and make it secure. A Bitcoin fork without the old coins would be like another s**tcoin, because it would avoid real competition.

2. A fork without old coins which could be transferred by quantum computers.
(For example: Burn Satoshis coins to end the threat of prices crashing - Paxful Founder https://bitcointalksearch.org/topic/burn-satoshis-coins-to-end-the-threat-of-prices-crashing-paxful-founder-5177563)

Both chains will be upgraded to quantum secure.

edited
legendary
Activity: 2898
Merit: 1823
Don't worry about Bitcoin, a small niche. The world will have BIGGER problems to worry about with the arrival of quantum computers. Hahaha.
legendary
Activity: 3472
Merit: 10611
~
I  agree that it is stupid right now because you would be doubling the storage requirements when they are not even needed yet. In the future SHA512 will be an option however I think that there's already more promising solutions than SHA152 but concerning the storage issues that you mention because of the way technology is evolving at an exponential rate we can estimate that storage issues will not be an issue even for people with low budget within the next 5-10 years.

you are thinking one dimensionally. you should think of it as a choosing SHA512 from a group of hash algorithms, a group that contains better options at lower cost which makes choosing this one not the best choice. so as long as we can achieve a high security with a 256-bit digest we should stick to that and avoid unnecessary size increase even if storage was of no concern.
legendary
Activity: 1232
Merit: 1080
I'm not sure if this article has been lost in translation when communicating with the "top" cryptographers but a lot of the information quoted here is just false. Its already been mentioned that the private key of Bitcoin is no where near the 16 characters mentioned above. The fact that they speak about finding a solution to quantum computers without acknowledging that there is already quantum resistant algorithms out there is absurd.

Quantum computing is not currently a threat and has technology advances we will see technology change including the algorithm which Bitcoin and other cryptocurrencies use. This is just how we evolve and stay ahead of the game. There's unlimited funding against quantum computers because if quantum computers were readily available and able to break algorithms like predicted with a 4000 qbit quantum computer you are looking at several industries being put at threat and not just Bitcoin or cryptocurrencies. Banks and governments also use algorithms and encryption which is not quantum resistant at this very moment.

I have seen this US run competition circle around a lot and it looks like its being used to scare monger those invested in cryptocurrencies. "The US government funding quantum computers" yet they have funded similar projects before without any malicious actions. The US government is not always out to get you they funded the Tor Project which was originally a US Navy program to allow them to communicate with more privacy yet that hasn't been used maliciously has it? Tor Browser has probably made it harder for US government to reprimand certain people. I think that Edward Snowden used Tor Browser to send files anonymously.  

not only switching to SHA512 is unlikely, i would say it is stupid.
for starters it would make everything twice as big and that is while we are trying so hard to compress everything and make them smaller to keep it manageable (for storage and scaling).
on top of that you can't just stop there, you have to change the curve too. with a 256 bit curve it is not useful to use a 512 bit hash function. you have to also switch to a 512+ bit curve like secp521r1. i am also sure that switch to SHA512 would break 90% of bitcoin implementations because they either don't have the functionality to calculate "e" during ECDSA since they never needed it or they have a false one in place.

I  agree that it is stupid right now because you would be doubling the storage requirements when they are not even needed yet. In the future SHA512 will be an option however I think that there's already more promising solutions than SHA152 but concerning the storage issues that you mention because of the way technology is evolving at an exponential rate we can estimate that storage issues will not be an issue even for people with low budget within the next 5-10 years.
legendary
Activity: 3472
Merit: 10611
Well, I think the solution is already out there in the form of SHA512.  Roll Eyes  Most processors today can handle SHA512 much easier today, so it is not unlikely that they would switch to SHA512 in the future.  Huh  They are obviously not just doing this to protect Crypto currencies, because most secure sites and even some Banking services use SHA256 today.  Cheesy

Will the change from SHA256 to SHA512 necessitate a whole Bitcoin fork or can this just be done with a normal node update? I am not a developer, so I might be asking a stupid question... sorry.  Roll Eyes

not only switching to SHA512 is unlikely, i would say it is stupid.
for starters it would make everything twice as big and that is while we are trying so hard to compress everything and make them smaller to keep it manageable (for storage and scaling).
on top of that you can't just stop there, you have to change the curve too. with a 256 bit curve it is not useful to use a 512 bit hash function. you have to also switch to a 512+ bit curve like secp521r1. i am also sure that switch to SHA512 would break 90% of bitcoin implementations because they either don't have the functionality to calculate "e" during ECDSA since they never needed it or they have a false one in place.

and finally as i have said before, unlike SHA1 versus SHA256 where the algorithms are different, in SHA512 versus SHA256 the algorithm is exactly the same (hence the switch being stupid). when a hash function becomes obsolete/weak like SHA1 it is not because of the size of it (160 bit) it is because a vulnerability in the algorithm was found, again like SHA1 which leads to attacks becoming easier (decreasing complexity from from 280 down to 263.1).
if such switch some day happens it will be to a different 256-bit algorithm such as Keccak-256, Blak2b-256,...
legendary
Activity: 2968
Merit: 3684
Join the world-leading crypto sportsbook NOW!
Will the change from SHA256 to SHA512 necessitate a whole Bitcoin fork or can this just be done with a normal node update? I am not a developer, so I might be asking a stupid question... sorry.  Roll Eyes

Was a separate discussion I saw just days ago about SHA512 and it would seem to be that changing the hash function isn't as drastic as changing the algorithm itself (which I'm certain needs the hard fork). It seems to me it's still consensus that's required though, so if there were resistance...

On the other hand, if I understood that discussion well enough, there's simply not enough justification for sha512, not enough benefit.

Neither am I (a developer!) so I don't know the right answer to this, but now you ask, I wonder if I should look up how and when forks are needed...
legendary
Activity: 3542
Merit: 1965
Leading Crypto Sports Betting & Casino Platform
Well, I think the solution is already out there in the form of SHA512.  Roll Eyes  Most processors today can handle SHA512 much easier today, so it is not unlikely that they would switch to SHA512 in the future.  Huh  They are obviously not just doing this to protect Crypto currencies, because most secure sites and even some Banking services use SHA256 today.  Cheesy

Will the change from SHA256 to SHA512 necessitate a whole Bitcoin fork or can this just be done with a normal node update? I am not a developer, so I might be asking a stupid question... sorry.  Roll Eyes
legendary
Activity: 2562
Merit: 1441
If you are paranoid about the outcome of this US sponsored competition to come up with encryption standards, then you should be paranoid about Bitcoin's SHA256, Tor or anything else that came out of US related activity.

In any case there's no real reason to worry about any of this, quantum computing as it is today it's just a meme. I would stick to SHA256 and plan for a NIST alternative in the future if necessary.. and non-US stuff doesn't necessarily mean safer anyway. It just has to be peer reviewed by as many independent and widespread people as possible.

Satoshi most likely did the right thing at not using something more exotic, it could have backfired, SHA256 was the most widespread with hardware support and timetested, peer-reviewed by cryptographers.


This being the anniversary of the september 11th World Trade Center attacks. It should be remembered that the official report attributing the destruction of buildings to office fires was drawn up by NIST (National Institute of Science and Technology). The 9/11 report NIST released was NOT open to peer review by architects, structural engineers or anyone with the academic or professional credentials who might normally peer review that type of report.

Not only does NIST have a history of publishing controversial findings as their initial 9/11 publishing containing "pancake theory" was wholly debunked by engineers across the globe. They also have a history of producing work that is completely closed to peer review or any form of accountability process.

Quantum computing is pseudoscience imo. There is no real quantum computing threat or crisis aside from media gaslighting and sensationalism. What we're witnessing is the typical process by which crisis is artificially manufactured to push agendas.
legendary
Activity: 3472
Merit: 10611
Quote
victim’s 16-character public key

in what world is a bitcoin public key a 16-character string? even if you encode it with smallest encodings used in bitcoin you wouldn't make it to 16 characters. even encoding the RIPEMD160 hash of the SHA256 hash of the public key is going to give you 20 bytes that would encode to 26 characters minimum Cheesy

Quote
Maybe this competition is intended to create encryption standards utilized by the entire world that have backdoors or vulnerabilities specifically engineered into them?
NIST standards are not for the "entire" world and the entire world has never been using their standards anyways. for example SHA256 is theirs, other countries sometimes have their own standards which they use. SM3 is the Chinese equivalent of SHA256. Streebog is the Russian equivalent.
legendary
Activity: 1652
Merit: 1483
okay, so we're maybe 8-30 years out from quantum computers breaking ECDSA. what's the plan? how far ahead should we integrate a quantum resistant signature scheme?

In any case there's no real reason to worry about any of this, quantum computing as it is today it's just a meme. I would stick to SHA256 and plan for a NIST alternative in the future if necessary.. and non-US stuff doesn't necessarily mean safer anyway. It just has to be peer reviewed by as many independent and widespread people as possible.

my understanding is that ECDSA will eventually be vulnerable to quantum computers. SHA-256 not so much.
legendary
Activity: 1610
Merit: 1183


Maybe this competition is intended to create encryption standards utilized by the entire world that have backdoors or vulnerabilities specifically engineered into them?

It could be a decent security practice to avoid whatever encryption standards are produced as a result of this?

If you are paranoid about the outcome of this US sponsored competition to come up with encryption standards, then you should be paranoid about Bitcoin's SHA256, Tor or anything else that came out of US related activity.

In any case there's no real reason to worry about any of this, quantum computing as it is today it's just a meme. I would stick to SHA256 and plan for a NIST alternative in the future if necessary.. and non-US stuff doesn't necessarily mean safer anyway. It just has to be peer reviewed by as many independent and widespread people as possible.

Satoshi most likely did the right thing at not using something more exotic, it could have backfired, SHA256 was the most widespread with hardware support and timetested, peer-reviewed by cryptographers.
legendary
Activity: 2562
Merit: 1441
Quote
The world’s best cryptographers meet this week to compete in a U.S.-sponsored challenge to create a quantum-resistant standard.

Want to steal some Bitcoin? All you need to do is find your victim’s 16-character public key and calculate their private key by solving something called an “elliptic curve discrete logarithm problem.” No sweat! With a regular computer, that’ll take you around 50 million times the amount of time the universe itself has left—around 0.65 billion billion years.

Ah, but with the right quantum computer, able to process information at speeds exponentially faster than today’s supercomputers? Suddenly, what seems uncrackable becomes child’s play, able to be broken in under 10 minutes.

The quantum-computing problem is nothing new to crypto, and many experts believe we have at least a decade or more to come up with quantum-resistant cryptography. However, some observers say that recent and unexpectedly fast advances are causing the time horizon to dramatically shrink. The most aggressive estimate says that bitcoin will be hackable by 2027, according to Fact Based Insights.

“We moved the state of the art more in the last two years than it has progressed in the last 15 or 20,” says Stewart Allen, Chief Operating Officer at IonQ, a company that claims to make some of the most powerful quantum computers in the world, in an interview with Decrypt.

On Thursday, top cryptographers will meet in Santa Barbara at the University of California for the National Institute of Standards and Technology (NIST) Post Quantum Cryptography semi finals. The finalists of the NIST competition will be announced in the months after the conference, though it might take years before the winner is annointed. Cryptographers say the standards that result represent blockchain’s best hope for resisting the rapidly encroaching power of quantum computers.

”If someone cracked your key, they could do anything they wanted,” Rob Campbell, President at Baltimore,Maryland-based Med Cybersecurity, told Decrypt. Anyone with sensitive information on the blockchain—cash, personal data, medical records—is at risk. With that sort of information, quantum hackers could “forge your name, take your assets,” and, if there’s medical data to be found, maliciously “triple your dose,” said Campbell. “It’s an open door.”

Take the Bitcoin blockchain: an unencrypted public key is sent along with every bitcoin transaction, and left unencrypted during the time it takes for the network to confirm the block, around ten minutes. That’s theoretically more than enough time for a quantum-equipped hacker to calculate a private key from the public key and replace the recipient’s address with his own.

Que Quantum?  

Transistors in conventional computers capture data in terms of 1s and 0s. Is the sky blue today? If it is, 1. If not, 0. Computing is essentially combinations of these calculations: have enough transistors, you can compute almost anything.

With quantum computers, it’s possible for the same input, called a qubit, to represent both 0 and 1 at the same time, a non-binary state known as “quantum superposition”—think Schrödinger's dead-and-alive cat. This makes quantum computers exponentially more powerful; one lone, superpositioned qubit can handle the processing load of at least two full-sized transistors on a regular computer.

Using modified versions of “Shor’s algorithm,” a quantum algorithm that rapidly turns large numbers into prime factors, hackers could reverse the process that makes private keys so difficult to crack.

But at the moment, the best quantum computer is probably Google's Bristlecone quantum computer, which has 72 qubits. Miruna Rosca, a PhD student in post-quantum cryptography, tells Decrypt you’d probably need around 4000 qubits to break current cryptographic algorithms.

So how long do we have?
IonQ’s Allan, who creates quantum computers for a living, speculates it’ll take about a decade for post-quantum cryptography to become an issue. By then, he reckons, someone will probably have developed a quantum-resistant blockchain. Danny Ryan, a core researcher at Ethereum, thinks the same: “This isn't really a meaningful problem in the next 10 years and likely not for 20 to 30. That said, we tend to be bad at estimating things like this so we should be ready to transition sooner rather than later.”

But others say the problem requires immediate attention, and that—beyond the threat to Bitcoin—quantum computing could pose a major cybersecurity threat. Med Cybersecurity’s Rob Campbell says that a government armed with quantum decryption software could read all the world’s secrets.

A U.S. Navy signal officer by training, Campbell’s time in the classified research and development world has taught him that secret government technologies often outpace commercially available technology. “We were decades ahead of the commercial world,” he said. “We didn’t want any potential adversaries to know what our capabilities are.”

Even if Campbell’s claims seem ambitious, he points out that if an enemy security agency scrape all of your encrypted data today—which they certainly could—they’ll be able to decrypt all that data once they’ve built a powerful enough quantum computer. That’s enough to make developing quantum-resistant cryptographic techniques an issue of national security.

In any case, the arms race for quantum supremacy is well underway: China just spent $10 billion on a research center for quantum computers, and the U.S. has pumped hundreds of millions of dollars into the field.

Quantum-resistant techniques
Quantum computing can be just as effective for cryptographers as it is for hackers. Unobserved, superpositioned particles exist in multiple states, but when detected, they “collapse” to one point in space-time. Quantum cryptography has the same properties; because the protons that make up an encoded transaction shift upon observation, a successful attacker would have to break the laws of physics to intercept it.

This makes information encoded at the quantum level resistant to, among other things, so-called “man in the middle attacks,” where attackers intercept the transmission itself without having to decrypt the key.

A few blockchains claim to apply quantum-resistant techniques to ensure signatures and hashes remain encrypted, including QRL, IOTA, HyperCash, and Starkware. But with quantum computing still in its formative years, it’s difficult to determine the strength of these claims.

Until a quantum-resistant algorithm is tested and accepted by the wider academic community, there’s no assurance that any of these blockchains will be resilient enough against quantum computers. Scientists like Campbell are waiting on the results of next week’s NIST competition at UCAL-Santa Barbara; the final winners might not be announced for a few years, however. NIST tentatively expects drafts for standardisation will be completed around 2022.

“These winners are considered to be the best candidates on Earth and will likely go on to be standard cryptography and will be used by most of the planet,” says Campbell.

But developing the algorithm might not be the difficult part for large blockchains like Ethereum or Bitcoin. Whereas owners of centralized protocols can update the system as they please, blockchains, democratic by nature, require broad consensus among many thousands of miners to pass an upgrade.

In the case of an upgrade, all wallets that aren’t quantum-resistant become vulnerable to attack. That includes the 1 million bitcoins mined by Bitcoin’s pseudonymous inventor, Satoshi Nakamoto—if those aren’t migrated to a new, quantum-resistant wallet, they’re treasure for the first person with a powerful enough quantum computer.

“If high powered quantum computers appeared tomorrow,” said Ethereum’s Ryan, “we'd have many more problems than just the security of our blockchains.”

A 2019 National Academy of Sciences report concludes that, even if quantum computing is about a decade off, prioritising research is necessary to minimize “the chance of a potential security and privacy disaster.” Best get cracking, then.

https://decrypt.co/8498/bitcoins-race-to-outrun-the-quantum-computer

....


Many aspects of this initiative would appear to be political and agenda based rather than technologically or scientifically motivated. Like artificial intelligence, recent breakthroughs in brute forcing have come mainly from innovation associated with smaller nanoscale fabrication process of semiconductors.

We've witnessed many calls from political figures for corporations like apple to explicitly build backdoors into encryption standards used by iphones. Governments around the world would appear to unanimously support wholesale decryption defeating backdoors built into products ranging from smart phones to routers to operating systems.

In that the spirit of this competition would appear to run contrary to the status quo.

The excerpt below raises interesting questions.

Quote
Scientists like Campbell are waiting on the results of next week’s NIST competition at UCAL-Santa Barbara; the final winners might not be announced for a few years, however. NIST tentatively expects drafts for standardisation will be completed around 2022.

These winners are considered to be the best candidates on Earth and will likely go on to be standard cryptography and will be used by most of the planet,” says Campbell.

Maybe this competition is intended to create encryption standards utilized by the entire world that have backdoors or vulnerabilities specifically engineered into them?

It could be a decent security practice to avoid whatever encryption standards are produced as a result of this?
Pages:
Jump to: