Pages:
Author

Topic: [BREAKING] Quantum Computer Hits. BFL, bASIC etc all dead. End of BTC? - page 2. (Read 4671 times)

legendary
Activity: 2492
Merit: 1491
LEALANA Bitcoin Grim Reaper
Dang, I wish I had read the above response before I panicked and dumped all my BTC because MPOE-PR told me Bitcoin was broken.

What ever happened to that 10,000 BTC you left with Pirate because you believed he would pay? LOL  Grin
full member
Activity: 238
Merit: 100
BREAKING NEWS: I have a bridge in Brooklyn to sell you.

Does it hash?

You bet I hash, ehehehehe
hero member
Activity: 518
Merit: 500
I will leave this here:
http://en.wikipedia.org/wiki/D-Wave_Systems#Criticism

Also as Mike points out even if true and even if it could be used to cost effectively break x bit ECDSA keypairs, 128 qubits is insufficient by at least 2 orders of magnitude to break a 256bit ECDSA keypair.   The estimate for researchers (in paper above) is ~6 logical qubits per bit in the keysize of ECDSA.   So 6*256 = 1500 qubits.   Note this is logical qubits.  With only a single physical qubit per logic qubit the amount of error and noise would simply make any results worthless.  A ballpark figure is 12 to 20 physical qubits (to perform error code correction algorithms) per logical qubit is estimated.   So to break 256bit ECDS would require in the ballpark of a single 24,000 physical qubits computer.   A 128 qubit computer could break 2 to 3 bit ECDSA keys.  Then again I could break them with a notepad and a good pencil a lot faster.

If/when massive QC start being built a "simple" interim step would be to make a new address type which uses a larger ECDSA curve.  It would require a hard fork but would remain backwards compatible with existing addresses.  Create a new address standard, give it a new version (first digit of address) and use a 384bit (or even 512bit) ECDSA keypair.    Once the network transistions over users could send funds to these "high security version 2" addresses.

The cost to increase the key size is much smaller than the cost to build increasingly larger QC.  It also has the added bonus that larger QC may simply not be possible (with current tech).  So hypothetically someday it may be possible to break 256bit at high cost but completely impossible to break 384bit one at any cost.  Unlike classical computing you can't combine multiple smaller qubit QC to gain a higher computing power.  They aren't parallel like that.
Quote

Vesuvius

In early 2012, D-Wave Systems revealed a 512-qubit code named Vesuvius,[21] which it expects to launch before the end of 2012.[22]

If that is true they seem to exceed Moore's Law. But even if they are not given any exponential increase 24000 qubit aren't that far away.

To emphasise this: According to your own estimation a 512bit ecdsa would require 48000 qubits.

Moore's Law is just some guys guess, it has nothing to do with fact. It has already been proven to be wrong anyway. There is no way to chart computational growth for the future.
hero member
Activity: 756
Merit: 522
I am sorry to announce that there have been some fabrication delays at the secret fabrication plant which does exist and deliveries will be happening no earlier than February 31st. For more details see here.

PS. To all the trolls that posted here making false claims: I'm not answering to you because you are not real customers.
legendary
Activity: 1666
Merit: 1057
Marketing manager - GO MP
They do things that this kitten wants https://dwave.wordpress.com/2011/11/25/quantum-computing-and-light-switches/
It doesn't look like breaking ECDSA or SHA-256.
The point here is: NP-Complete problems aren't inherently different when it comes to their difficulty in solving them.
member
Activity: 65
Merit: 10
They do things that this kitten wants https://dwave.wordpress.com/2011/11/25/quantum-computing-and-light-switches/
It doesn't look like breaking ECDSA or SHA-256.
legendary
Activity: 1708
Merit: 1010
MPOE-PR, if you reall believe that this is a true threat, then you should also believe that the exchange value of your bitcoins is going to tank soon.  I, however, don't believe that is a near term risk.  So I willing to offer you $5 per bitcoin, for each and every bitcoin your have.  I'd be willing to take out a bank loan just to be able to do so.  Let me know when you're ready.

Nothing but naysayers on this forum. Why all the negativity?


I'm not knocking your position, I just don't agree, and believe that I stand to profit if I'm correct.  Conversely, you stand to profit if I'm incorrect; as you'd sell higher than zero

Quote
(Good pick on Ron Paul 2012 btw. I trust that wasn't another bank loan?)

I knew years ago that Ron Paul would not be president.  That has zero bearing on who I vote for, however.
hero member
Activity: 756
Merit: 522
MPOE-PR, if you reall believe that this is a true threat, then you should also believe that the exchange value of your bitcoins is going to tank soon.  I, however, don't believe that is a near term risk.  So I willing to offer you $5 per bitcoin, for each and every bitcoin your have.  I'd be willing to take out a bank loan just to be able to do so.  Let me know when you're ready.

Nothing but naysayers on this forum. Why all the negativity?

PREORDER NOW

(Good pick on Ron Paul 2012 btw. I trust that wasn't another bank loan?)
legendary
Activity: 1666
Merit: 1057
Marketing manager - GO MP
I will leave this here:
http://en.wikipedia.org/wiki/D-Wave_Systems#Criticism

Also as Mike points out even if true and even if it could be used to cost effectively break x bit ECDSA keypairs, 128 qubits is insufficient by at least 2 orders of magnitude to break a 256bit ECDSA keypair.   The estimate for researchers (in paper above) is ~6 logical qubits per bit in the keysize of ECDSA.   So 6*256 = 1500 qubits.   Note this is logical qubits.  With only a single physical qubit per logic qubit the amount of error and noise would simply make any results worthless.  A ballpark figure is 12 to 20 physical qubits (to perform error code correction algorithms) per logical qubit is estimated.   So to break 256bit ECDS would require in the ballpark of a single 24,000 physical qubits computer.   A 128 qubit computer could break 2 to 3 bit ECDSA keys.  Then again I could break them with a notepad and a good pencil a lot faster.

If/when massive QC start being built a "simple" interim step would be to make a new address type which uses a larger ECDSA curve.  It would require a hard fork but would remain backwards compatible with existing addresses.  Create a new address standard, give it a new version (first digit of address) and use a 384bit (or even 512bit) ECDSA keypair.    Once the network transistions over users could send funds to these "high security version 2" addresses.

The cost to increase the key size is much smaller than the cost to build increasingly larger QC.  It also has the added bonus that larger QC may simply not be possible (with current tech).  So hypothetically someday it may be possible to break 256bit at high cost but completely impossible to break 384bit one at any cost.  Unlike classical computing you can't combine multiple smaller qubit QC to gain a higher computing power.  They aren't parallel like that.
Quote

Vesuvius

In early 2012, D-Wave Systems revealed a 512-qubit code named Vesuvius,[21] which it expects to launch before the end of 2012.[22]

If that is true they seem to exceed Moore's Law. But even if they are not given any exponential increase 24000 qubit aren't that far away.

To emphasise this: According to your own estimation a 512bit ecdsa would require 48000 qubits.
legendary
Activity: 1708
Merit: 1010
MPOE-PR, if you reall believe that this is a true threat, then you should also believe that the exchange value of your bitcoins is going to tank soon.  I, however, don't believe that is a near term risk.  So I willing to offer you $5 per bitcoin, for each and every bitcoin your have.  I'd be willing to take out a bank loan just to be able to do so.  Let me know when you're ready.
hero member
Activity: 756
Merit: 522
I will leave this here:
http://en.wikipedia.org/wiki/D-Wave_Systems#Criticism

Also as Mike points out even if true and even if it could be used to cost effectively break x bit ECDSA keypairs, 128 qubits is insufficient by at least 2 orders of magnitude to break a 256bit ECDSA keypair.   The estimate for researchers (in paper above) is ~6 logical qubits per bit in the keysize of ECDSA.   So 6*256 = 1500 qubits.   Note this is logical qubits.  With only a single physical qubit per logic qubit the amount of error and noise would simply make any results worthless.  A ballpark figure is 12 to 20 physical qubits (to perform error code correction algorithms) per logical qubit is estimated.   So to break 256bit ECDS would require in the ballpark of a single 24,000 physical qubits computer.   A 128 qubit computer could break 2 to 3 bit ECDSA keys.  Then again I could break them with a notepad and a good pencil a lot faster.

If/when massive QC start being built a "simple" interim step would be to make a new address type which uses a larger ECDSA curve.  It would require a hard fork but would remain backwards compatible with existing addresses.  Create a new address standard, give it a new version (first digit of address) and use a 384bit (or even 512bit) ECDSA keypair.    Once the network transistions over users could send funds to these "high security version 2" addresses.

The cost to increase the key size is much smaller than the cost to build increasingly larger QC.  It also has the added bonus that larger QC may simply not be possible (with current tech).  So hypothetically someday it may be possible to break 256bit at high cost but completely impossible to break 384bit one at any cost.  Unlike classical computing you can't combine multiple smaller qubit QC to gain a higher computing power.  They aren't parallel like that.

Should I be quoting Inaba to you just about now?
legendary
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
Dang, I wish I had read the above response before I panicked and dumped all my BTC because MPOE-PR told me Bitcoin was broken.
donator
Activity: 1218
Merit: 1079
Gerald Davis
I will leave this here:
http://en.wikipedia.org/wiki/D-Wave_Systems#Criticism

Also as Mike points out even if true and even if it could be used to cost effectively break x bit ECDSA keypairs, 128 qubits is insufficient by at least 2 orders of magnitude to break a 256bit ECDSA keypair.   The estimate for researchers (in paper above) is ~6 logical qubits per bit in the keysize of ECDSA.   So 6*256 = 1500 qubits.   Note this is logical qubits.  With only a single physical qubit per logic qubit the amount of error and noise would simply make any results worthless.  A ballpark figure is 12 to 20 physical qubits (to perform error code correction algorithms) per logical qubit is estimated.   So to break 256bit ECDS would require in the ballpark of a single 24,000 physical qubits computer.   A 128 qubit computer could break 2 to 3 bit ECDSA keys.  Then again I could break them with a notepad and a good pencil a lot faster.

If/when massive QC start being built a "simple" interim step would be to make a new address type which uses a larger ECDSA curve.  It would require a hard fork but would remain backwards compatible with existing addresses.  Create a new address standard, give it a new version (first digit of address) and use a 384bit (or even 512bit) ECDSA keypair.    Once the network transistions over users could send funds to these "high security version 2" addresses.

The cost to increase the key size is much smaller than the cost to build increasingly larger QC.  It also has the added bonus that larger QC may simply not be possible (with current tech).  So hypothetically someday it may be possible to break 256bit at high cost but completely impossible to break 384bit one at any cost.  Unlike classical computing you can't combine multiple smaller qubit QC to gain a higher computing power.  They aren't parallel like that.
hero member
Activity: 952
Merit: 1009
Is this legit? I thought we were years away from being able to build an actual quantum computer?

Oh, they exist alright. They're even in use already.

http://blogs.nature.com/news/2012/08/d-wave-quantum-computer-solves-protein-folding-problem.html


Also they cost 10,000,000 $ per unit and are application specific, so.... yeah, you don't really want one.
hero member
Activity: 490
Merit: 500
... it only gets better...
We have covered this topic many times before.

I think you missed the gist of this discussion. Re-read is in order ty.

Said like a true newb...
hero member
Activity: 756
Merit: 522
We have covered this topic many times before.

I think you missed the gist of this discussion. Re-read is in order ty.
legendary
Activity: 1526
Merit: 1134
We have covered this topic many times before. Quantum computing is not a threat to Bitcoin in any reasonable timeframe. Does this need to be in the FAQ?

It's a 128-qubit machine. If you have to ask the price, that means you can't afford it (nor program it). It requires a specially built facility to house it.

From Proos and Zalka (2008):

http://arxiv.org/pdf/quantph/0301141.pdf

Quote
We show in some detail how to implement Shor’s efficient quantum algorithm for discrete logarithms for the particular case of elliptic curve groups. It turns out that for this problem a smaller quantum computer can solve problems further beyond current computing than for integer factorisation. A 160 bit elliptic curve cryptographic key could be broken on a quantum computer using around 1000 qubits while factoring the security-wise equivalent 1024 bit RSA modulus would require about 2000 qubits. In this paper we only consider elliptic curves over GF(p) and not yet the equally important ones over GF(2^n) or other finite fields. The main technical difficulty is to implement Euclid’s gcd algorithm to compute multiplicative inverses modulo p. As the runtime of Euclid’s algorithm depends on the input, one difficulty encountered is the “quantum halting problem”

Bitcoin uses the secp256k1 elliptic curve. This means 256-bit keys on a Koblitz curve. The p means prime field, GF(p).

The NSA informs us that a 256 bit elliptic curve key is equivalent to a 3072 bit RSA modulus. Therefore 1000 qubits is nowhere near close enough to solve even much weaker keys than the one Bitcoin uses, and the D-Wave machine provides only 128.

Even assuming quantum computers get much cheaper over time, you're not going to have a cryogenically cooled room sized machine in your house any time soon. And even if one day this becomes possible, there are several mitigating factors:

  • Money sent to a Bitcoin address that has never been used before cannot be stolen even with a fully-capable quantum computer because the address is hashed. So by using wallets that never re-use addresses this problem goes away.
  • Crypto schemes based on integer lattices are becoming more efficient every year, and are resistant to quantum computers (or at least, nobody yet discovered an equivalent to Shor's algorithm for them. We could switch to one of these schemes if necesary.
hero member
Activity: 518
Merit: 500
I do not appreciate your FUD and mud slinging at an obviously legitimate company which is actually registered, and made its actual logo itself (in MS Paint).

Where is this community headed when serious projects of serious companies with serious delivery dates and that can be preordered are mocked and abused by trolls such as yourself!

I see what you did there Tongue

FULL DISCLOSURE: I don't have any ASIC on preorder
hero member
Activity: 756
Merit: 522
When the vast majority of researchers state that even the simplest form of quantum computing is decades away I'm going to be highly skeptical to the utmost degree.

I do not appreciate your FUD and mud slinging at an obviously legitimate company which is actually registered, and made its actual logo itself (in MS Paint).

Where is this community headed when serious projects of serious companies with serious delivery dates and that can be preordered are mocked and abused by trolls such as yourself!
hero member
Activity: 561
Merit: 500
According to the site,

"Our current superconducting 128-qubit processor chip is housed inside a cryogenics system within a 10 square meter shielded room."

I'm going to cancel my Jalapeno order and start ordering parts for the cryogenic cooling system right away...
Pages:
Jump to: