Dang, I wish I had read the above response before I panicked and dumped all my BTC because MPOE-PR told me Bitcoin was broken.
What ever happened to that 10,000 BTC you left with Pirate because you believed he would pay? LOL
Topic: [BREAKING] Quantum Computer Hits. BFL, bASIC etc all dead. End of BTC? - page 2. (Read 4658 times)
December 30, 2012, 03:05:47 AM
What ever happened to that 10,000 BTC you left with Pirate because you believed he would pay? LOL
December 29, 2012, 09:26:11 PM
BREAKING NEWS: I have a bridge in Brooklyn to sell you.
Does it hash?
You bet I hash, ehehehehe
December 29, 2012, 07:59:53 PM
I will leave this here:
http://en.wikipedia.org/wiki/D-Wave_Systems#Criticism
Also as Mike points out even if true and even if it could be used to cost effectively break x bit ECDSA keypairs, 128 qubits is insufficient by at least 2 orders of magnitude to break a 256bit ECDSA keypair. The estimate for researchers (in paper above) is ~6 logical qubits per bit in the keysize of ECDSA. So 6*256 = 1500 qubits. Note this is logical qubits. With only a single physical qubit per logic qubit the amount of error and noise would simply make any results worthless. A ballpark figure is 12 to 20 physical qubits (to perform error code correction algorithms) per logical qubit is estimated. So to break 256bit ECDS would require in the ballpark of a single 24,000 physical qubits computer. A 128 qubit computer could break 2 to 3 bit ECDSA keys. Then again I could break them with a notepad and a good pencil a lot faster.
If/when massive QC start being built a "simple" interim step would be to make a new address type which uses a larger ECDSA curve. It would require a hard fork but would remain backwards compatible with existing addresses. Create a new address standard, give it a new version (first digit of address) and use a 384bit (or even 512bit) ECDSA keypair. Once the network transistions over users could send funds to these "high security version 2" addresses.
The cost to increase the key size is much smaller than the cost to build increasingly larger QC. It also has the added bonus that larger QC may simply not be possible (with current tech). So hypothetically someday it may be possible to break 256bit at high cost but completely impossible to break 384bit one at any cost. Unlike classical computing you can't combine multiple smaller qubit QC to gain a higher computing power. They aren't parallel like that.
http://en.wikipedia.org/wiki/D-Wave_Systems#Criticism
Also as Mike points out even if true and even if it could be used to cost effectively break x bit ECDSA keypairs, 128 qubits is insufficient by at least 2 orders of magnitude to break a 256bit ECDSA keypair. The estimate for researchers (in paper above) is ~6 logical qubits per bit in the keysize of ECDSA. So 6*256 = 1500 qubits. Note this is logical qubits. With only a single physical qubit per logic qubit the amount of error and noise would simply make any results worthless. A ballpark figure is 12 to 20 physical qubits (to perform error code correction algorithms) per logical qubit is estimated. So to break 256bit ECDS would require in the ballpark of a single 24,000 physical qubits computer. A 128 qubit computer could break 2 to 3 bit ECDSA keys. Then again I could break them with a notepad and a good pencil a lot faster.
If/when massive QC start being built a "simple" interim step would be to make a new address type which uses a larger ECDSA curve. It would require a hard fork but would remain backwards compatible with existing addresses. Create a new address standard, give it a new version (first digit of address) and use a 384bit (or even 512bit) ECDSA keypair. Once the network transistions over users could send funds to these "high security version 2" addresses.
The cost to increase the key size is much smaller than the cost to build increasingly larger QC. It also has the added bonus that larger QC may simply not be possible (with current tech). So hypothetically someday it may be possible to break 256bit at high cost but completely impossible to break 384bit one at any cost. Unlike classical computing you can't combine multiple smaller qubit QC to gain a higher computing power. They aren't parallel like that.
Quote
Vesuvius
In early 2012, D-Wave Systems revealed a 512-qubit code named Vesuvius,[21] which it expects to launch before the end of 2012.[22]
If that is true they seem to exceed Moore's Law. But even if they are not given any exponential increase 24000 qubit aren't that far away.
To emphasise this: According to your own estimation a 512bit ecdsa would require 48000 qubits.
Moore's Law is just some guys guess, it has nothing to do with fact. It has already been proven to be wrong anyway. There is no way to chart computational growth for the future.
December 21, 2012, 05:46:46 AM
I am sorry to announce that there have been some fabrication delays at the secret fabrication plant which does exist and deliveries will be happening no earlier than February 31st. For more details see here.
PS. To all the trolls that posted here making false claims: I'm not answering to you because you are not real customers.
PS. To all the trolls that posted here making false claims: I'm not answering to you because you are not real customers.
December 20, 2012, 04:14:33 PM
They do things that this kitten wants https://dwave.wordpress.com/2011/11/25/quantum-computing-and-light-switches/
It doesn't look like breaking ECDSA or SHA-256.
The point here is: NP-Complete problems aren't inherently different when it comes to their difficulty in solving them. It doesn't look like breaking ECDSA or SHA-256.
December 20, 2012, 04:00:35 PM
They do things that this kitten wants https://dwave.wordpress.com/2011/11/25/quantum-computing-and-light-switches/
It doesn't look like breaking ECDSA or SHA-256.
It doesn't look like breaking ECDSA or SHA-256.
December 20, 2012, 03:52:26 PM
MPOE-PR, if you reall believe that this is a true threat, then you should also believe that the exchange value of your bitcoins is going to tank soon. I, however, don't believe that is a near term risk. So I willing to offer you $5 per bitcoin, for each and every bitcoin your have. I'd be willing to take out a bank loan just to be able to do so. Let me know when you're ready.
Nothing but naysayers on this forum. Why all the negativity?
I'm not knocking your position, I just don't agree, and believe that I stand to profit if I'm correct. Conversely, you stand to profit if I'm incorrect; as you'd sell higher than zero
Quote
(Good pick on Ron Paul 2012 btw. I trust that wasn't another bank loan?)
I knew years ago that Ron Paul would not be president. That has zero bearing on who I vote for, however.
December 20, 2012, 03:32:01 PM
MPOE-PR, if you reall believe that this is a true threat, then you should also believe that the exchange value of your bitcoins is going to tank soon. I, however, don't believe that is a near term risk. So I willing to offer you $5 per bitcoin, for each and every bitcoin your have. I'd be willing to take out a bank loan just to be able to do so. Let me know when you're ready.
Nothing but naysayers on this forum. Why all the negativity?
PREORDER NOW
(Good pick on Ron Paul 2012 btw. I trust that wasn't another bank loan?)
December 20, 2012, 03:22:34 PM
I will leave this here:
http://en.wikipedia.org/wiki/D-Wave_Systems#Criticism
Also as Mike points out even if true and even if it could be used to cost effectively break x bit ECDSA keypairs, 128 qubits is insufficient by at least 2 orders of magnitude to break a 256bit ECDSA keypair. The estimate for researchers (in paper above) is ~6 logical qubits per bit in the keysize of ECDSA. So 6*256 = 1500 qubits. Note this is logical qubits. With only a single physical qubit per logic qubit the amount of error and noise would simply make any results worthless. A ballpark figure is 12 to 20 physical qubits (to perform error code correction algorithms) per logical qubit is estimated. So to break 256bit ECDS would require in the ballpark of a single 24,000 physical qubits computer. A 128 qubit computer could break 2 to 3 bit ECDSA keys. Then again I could break them with a notepad and a good pencil a lot faster.
If/when massive QC start being built a "simple" interim step would be to make a new address type which uses a larger ECDSA curve. It would require a hard fork but would remain backwards compatible with existing addresses. Create a new address standard, give it a new version (first digit of address) and use a 384bit (or even 512bit) ECDSA keypair. Once the network transistions over users could send funds to these "high security version 2" addresses.
The cost to increase the key size is much smaller than the cost to build increasingly larger QC. It also has the added bonus that larger QC may simply not be possible (with current tech). So hypothetically someday it may be possible to break 256bit at high cost but completely impossible to break 384bit one at any cost. Unlike classical computing you can't combine multiple smaller qubit QC to gain a higher computing power. They aren't parallel like that.
http://en.wikipedia.org/wiki/D-Wave_Systems#Criticism
Also as Mike points out even if true and even if it could be used to cost effectively break x bit ECDSA keypairs, 128 qubits is insufficient by at least 2 orders of magnitude to break a 256bit ECDSA keypair. The estimate for researchers (in paper above) is ~6 logical qubits per bit in the keysize of ECDSA. So 6*256 = 1500 qubits. Note this is logical qubits. With only a single physical qubit per logic qubit the amount of error and noise would simply make any results worthless. A ballpark figure is 12 to 20 physical qubits (to perform error code correction algorithms) per logical qubit is estimated. So to break 256bit ECDS would require in the ballpark of a single 24,000 physical qubits computer. A 128 qubit computer could break 2 to 3 bit ECDSA keys. Then again I could break them with a notepad and a good pencil a lot faster.
If/when massive QC start being built a "simple" interim step would be to make a new address type which uses a larger ECDSA curve. It would require a hard fork but would remain backwards compatible with existing addresses. Create a new address standard, give it a new version (first digit of address) and use a 384bit (or even 512bit) ECDSA keypair. Once the network transistions over users could send funds to these "high security version 2" addresses.
The cost to increase the key size is much smaller than the cost to build increasingly larger QC. It also has the added bonus that larger QC may simply not be possible (with current tech). So hypothetically someday it may be possible to break 256bit at high cost but completely impossible to break 384bit one at any cost. Unlike classical computing you can't combine multiple smaller qubit QC to gain a higher computing power. They aren't parallel like that.
Quote
Vesuvius
In early 2012, D-Wave Systems revealed a 512-qubit code named Vesuvius,[21] which it expects to launch before the end of 2012.[22]
If that is true they seem to exceed Moore's Law. But even if they are not given any exponential increase 24000 qubit aren't that far away.
To emphasise this: According to your own estimation a 512bit ecdsa would require 48000 qubits.
December 20, 2012, 02:52:02 PM
MPOE-PR, if you reall believe that this is a true threat, then you should also believe that the exchange value of your bitcoins is going to tank soon. I, however, don't believe that is a near term risk. So I willing to offer you $5 per bitcoin, for each and every bitcoin your have. I'd be willing to take out a bank loan just to be able to do so. Let me know when you're ready.
December 20, 2012, 02:39:50 PM
I will leave this here:
http://en.wikipedia.org/wiki/D-Wave_Systems#Criticism
Also as Mike points out even if true and even if it could be used to cost effectively break x bit ECDSA keypairs, 128 qubits is insufficient by at least 2 orders of magnitude to break a 256bit ECDSA keypair. The estimate for researchers (in paper above) is ~6 logical qubits per bit in the keysize of ECDSA. So 6*256 = 1500 qubits. Note this is logical qubits. With only a single physical qubit per logic qubit the amount of error and noise would simply make any results worthless. A ballpark figure is 12 to 20 physical qubits (to perform error code correction algorithms) per logical qubit is estimated. So to break 256bit ECDS would require in the ballpark of a single 24,000 physical qubits computer. A 128 qubit computer could break 2 to 3 bit ECDSA keys. Then again I could break them with a notepad and a good pencil a lot faster.
If/when massive QC start being built a "simple" interim step would be to make a new address type which uses a larger ECDSA curve. It would require a hard fork but would remain backwards compatible with existing addresses. Create a new address standard, give it a new version (first digit of address) and use a 384bit (or even 512bit) ECDSA keypair. Once the network transistions over users could send funds to these "high security version 2" addresses.
The cost to increase the key size is much smaller than the cost to build increasingly larger QC. It also has the added bonus that larger QC may simply not be possible (with current tech). So hypothetically someday it may be possible to break 256bit at high cost but completely impossible to break 384bit one at any cost. Unlike classical computing you can't combine multiple smaller qubit QC to gain a higher computing power. They aren't parallel like that.
http://en.wikipedia.org/wiki/D-Wave_Systems#Criticism
Also as Mike points out even if true and even if it could be used to cost effectively break x bit ECDSA keypairs, 128 qubits is insufficient by at least 2 orders of magnitude to break a 256bit ECDSA keypair. The estimate for researchers (in paper above) is ~6 logical qubits per bit in the keysize of ECDSA. So 6*256 = 1500 qubits. Note this is logical qubits. With only a single physical qubit per logic qubit the amount of error and noise would simply make any results worthless. A ballpark figure is 12 to 20 physical qubits (to perform error code correction algorithms) per logical qubit is estimated. So to break 256bit ECDS would require in the ballpark of a single 24,000 physical qubits computer. A 128 qubit computer could break 2 to 3 bit ECDSA keys. Then again I could break them with a notepad and a good pencil a lot faster.
If/when massive QC start being built a "simple" interim step would be to make a new address type which uses a larger ECDSA curve. It would require a hard fork but would remain backwards compatible with existing addresses. Create a new address standard, give it a new version (first digit of address) and use a 384bit (or even 512bit) ECDSA keypair. Once the network transistions over users could send funds to these "high security version 2" addresses.
The cost to increase the key size is much smaller than the cost to build increasingly larger QC. It also has the added bonus that larger QC may simply not be possible (with current tech). So hypothetically someday it may be possible to break 256bit at high cost but completely impossible to break 384bit one at any cost. Unlike classical computing you can't combine multiple smaller qubit QC to gain a higher computing power. They aren't parallel like that.
Should I be quoting Inaba to you just about now?
December 20, 2012, 12:51:33 PM
Dang, I wish I had read the above response before I panicked and dumped all my BTC because MPOE-PR told me Bitcoin was broken.
December 20, 2012, 11:57:58 AM
I will leave this here:
http://en.wikipedia.org/wiki/D-Wave_Systems#Criticism
Also as Mike points out even if true and even if it could be used to cost effectively break x bit ECDSA keypairs, 128 qubits is insufficient by at least 2 orders of magnitude to break a 256bit ECDSA keypair. The estimate for researchers (in paper above) is ~6 logical qubits per bit in the keysize of ECDSA. So 6*256 = 1500 qubits. Note this is logical qubits. With only a single physical qubit per logic qubit the amount of error and noise would simply make any results worthless. A ballpark figure is 12 to 20 physical qubits (to perform error code correction algorithms) per logical qubit is estimated. So to break 256bit ECDS would require in the ballpark of a single 24,000 physical qubits computer. A 128 qubit computer could break 2 to 3 bit ECDSA keys. Then again I could break them with a notepad and a good pencil a lot faster.
If/when massive QC start being built a "simple" interim step would be to make a new address type which uses a larger ECDSA curve. It would require a hard fork but would remain backwards compatible with existing addresses. Create a new address standard, give it a new version (first digit of address) and use a 384bit (or even 512bit) ECDSA keypair. Once the network transistions over users could send funds to these "high security version 2" addresses.
The cost to increase the key size is much smaller than the cost to build increasingly larger QC. It also has the added bonus that larger QC may simply not be possible (with current tech). So hypothetically someday it may be possible to break 256bit at high cost but completely impossible to break 384bit one at any cost. Unlike classical computing you can't combine multiple smaller qubit QC to gain a higher computing power. They aren't parallel like that.
http://en.wikipedia.org/wiki/D-Wave_Systems#Criticism
Also as Mike points out even if true and even if it could be used to cost effectively break x bit ECDSA keypairs, 128 qubits is insufficient by at least 2 orders of magnitude to break a 256bit ECDSA keypair. The estimate for researchers (in paper above) is ~6 logical qubits per bit in the keysize of ECDSA. So 6*256 = 1500 qubits. Note this is logical qubits. With only a single physical qubit per logic qubit the amount of error and noise would simply make any results worthless. A ballpark figure is 12 to 20 physical qubits (to perform error code correction algorithms) per logical qubit is estimated. So to break 256bit ECDS would require in the ballpark of a single 24,000 physical qubits computer. A 128 qubit computer could break 2 to 3 bit ECDSA keys. Then again I could break them with a notepad and a good pencil a lot faster.
If/when massive QC start being built a "simple" interim step would be to make a new address type which uses a larger ECDSA curve. It would require a hard fork but would remain backwards compatible with existing addresses. Create a new address standard, give it a new version (first digit of address) and use a 384bit (or even 512bit) ECDSA keypair. Once the network transistions over users could send funds to these "high security version 2" addresses.
The cost to increase the key size is much smaller than the cost to build increasingly larger QC. It also has the added bonus that larger QC may simply not be possible (with current tech). So hypothetically someday it may be possible to break 256bit at high cost but completely impossible to break 384bit one at any cost. Unlike classical computing you can't combine multiple smaller qubit QC to gain a higher computing power. They aren't parallel like that.
December 20, 2012, 11:52:16 AM
Is this legit? I thought we were years away from being able to build an actual quantum computer?
Oh, they exist alright. They're even in use already.
http://blogs.nature.com/news/2012/08/d-wave-quantum-computer-solves-protein-folding-problem.html
Also they cost 10,000,000 $ per unit and are application specific, so.... yeah, you don't really want one.
December 20, 2012, 11:50:58 AM
We have covered this topic many times before.
I think you missed the gist of this discussion. Re-read is in order ty.
Said like a true newb...
December 20, 2012, 11:43:21 AM
We have covered this topic many times before.
I think you missed the gist of this discussion. Re-read is in order ty.
December 20, 2012, 11:22:29 AM
We have covered this topic many times before. Quantum computing is not a threat to Bitcoin in any reasonable timeframe. Does this need to be in the FAQ?
It's a 128-qubit machine. If you have to ask the price, that means you can't afford it (nor program it). It requires a specially built facility to house it.
From Proos and Zalka (2008):
http://arxiv.org/pdf/quantph/0301141.pdf
Bitcoin uses the secp256k1 elliptic curve. This means 256-bit keys on a Koblitz curve. The p means prime field, GF(p).
The NSA informs us that a 256 bit elliptic curve key is equivalent to a 3072 bit RSA modulus. Therefore 1000 qubits is nowhere near close enough to solve even much weaker keys than the one Bitcoin uses, and the D-Wave machine provides only 128.
Even assuming quantum computers get much cheaper over time, you're not going to have a cryogenically cooled room sized machine in your house any time soon. And even if one day this becomes possible, there are several mitigating factors:
It's a 128-qubit machine. If you have to ask the price, that means you can't afford it (nor program it). It requires a specially built facility to house it.
From Proos and Zalka (2008):
http://arxiv.org/pdf/quantph/0301141.pdf
Quote
We show in some detail how to implement Shor’s efficient quantum algorithm for discrete logarithms for the particular case of elliptic curve groups. It turns out that for this problem a smaller quantum computer can solve problems further beyond current computing than for integer factorisation. A 160 bit elliptic curve cryptographic key could be broken on a quantum computer using around 1000 qubits while factoring the security-wise equivalent 1024 bit RSA modulus would require about 2000 qubits. In this paper we only consider elliptic curves over GF(p) and not yet the equally important ones over GF(2^n) or other finite fields. The main technical difficulty is to implement Euclid’s gcd algorithm to compute multiplicative inverses modulo p. As the runtime of Euclid’s algorithm depends on the input, one difficulty encountered is the “quantum halting problem”
Bitcoin uses the secp256k1 elliptic curve. This means 256-bit keys on a Koblitz curve. The p means prime field, GF(p).
The NSA informs us that a 256 bit elliptic curve key is equivalent to a 3072 bit RSA modulus. Therefore 1000 qubits is nowhere near close enough to solve even much weaker keys than the one Bitcoin uses, and the D-Wave machine provides only 128.
Even assuming quantum computers get much cheaper over time, you're not going to have a cryogenically cooled room sized machine in your house any time soon. And even if one day this becomes possible, there are several mitigating factors:
- Money sent to a Bitcoin address that has never been used before cannot be stolen even with a fully-capable quantum computer because the address is hashed. So by using wallets that never re-use addresses this problem goes away.
- Crypto schemes based on integer lattices are becoming more efficient every year, and are resistant to quantum computers (or at least, nobody yet discovered an equivalent to Shor's algorithm for them. We could switch to one of these schemes if necesary.
December 20, 2012, 11:14:36 AM
I do not appreciate your FUD and mud slinging at an obviously legitimate company which is actually registered, and made its actual logo itself (in MS Paint).
Where is this community headed when serious projects of serious companies with serious delivery dates and that can be preordered are mocked and abused by trolls such as yourself!
Where is this community headed when serious projects of serious companies with serious delivery dates and that can be preordered are mocked and abused by trolls such as yourself!
I see what you did there
FULL DISCLOSURE: I don't have any ASIC on preorder
December 20, 2012, 11:13:26 AM
When the vast majority of researchers state that even the simplest form of quantum computing is decades away I'm going to be highly skeptical to the utmost degree.
I do not appreciate your FUD and mud slinging at an obviously legitimate company which is actually registered, and made its actual logo itself (in MS Paint).
Where is this community headed when serious projects of serious companies with serious delivery dates and that can be preordered are mocked and abused by trolls such as yourself!
December 20, 2012, 11:11:01 AM
According to the site,
"Our current superconducting 128-qubit processor chip is housed inside a cryogenics system within a 10 square meter shielded room."
I'm going to cancel my Jalapeno order and start ordering parts for the cryogenic cooling system right away...
"Our current superconducting 128-qubit processor chip is housed inside a cryogenics system within a 10 square meter shielded room."
I'm going to cancel my Jalapeno order and start ordering parts for the cryogenic cooling system right away...
Jump to: