Topic: Breaking RSA Encryption with Quantum Computer (Read 306 times)

Technology in skyrocketing, maybe it would be great to buy part of a company that developed this remarkable tech.

quantum computers cant reverse engineer public-> private in seconds.
its still going to be a several hours-days(compared to thousands of millenia) thing even with the high qubit rate this topic link mentions

so the fear of someone grabbing a zero-confirm tx at relay. engineer the privkey then RBF the utxo to a new destination, before the original tx confirms.. . is not a concern for a network that confirms much sooner
(still be cautious but dont be fearful. its more super luck, if they manage to engineer a RBF in the average 10min confirm window)

the real concern is leaving valuable amounts/data on a exposed key
EG hoarding on a re-used key.
EG putting valuable data into a message on an app where you dont want anyone reading it later after the fact. but have your encrypted messages stored somewhere to be interrogated later

also those owning a large expensive multibillion dollar system are not going to waste hours on one process that wont net them break even/profit

that's on the table with BIP324 (except without the certificates part, any authentication has been left easy to add, but not actually specified)

but I'm not convinced that would help, transactions are propagated to all nodes, so the attack is really the same: start a node, listen for transactions to get valid public keys, crazily try to factorize the private key out of any pubkey from the instant you receive it

even directly connecting to a miner IP with bitcoind set to refuse anything but a BIP324 connection wouldn't work for the same reason; the miner would broadcast your transaction to it's peers, then onto the rest of the bitcoin network.

Quantum computing is still years behind, so it is still an unique way computation that cannot interact withthe current computational model. This means that it still cannot be used to break any sort of encription used in tje current computation plane. Therefore, I believe the article is just plain and simple FUD. Nevertheless, it doesnt. Mean that we should stay unwoorried. On the contrary,  quantum computing is evolving and will soon get there, but as someone already mentioned, when that so happens, encryption will also evolve to cope with it. At least I hope so!

Quantum computing is still years behind, so it is still an unique way computation that cannot interact withthe current computational model. This means that it still cannot be used to break any sort of encription used in tje current computation plane. Therefore, I believe the article is just plain and simple FUD. Nevertheless, it doesnt. Mean that we should stay unwoorried. On the contrary,  quantum computing is evolving and will soon get there, but as someone already mentioned, when that so happens, encryption will also evolve to cope with it. At least I hope so!

I still can't believe why the bitcoin protocol isn't using end-to-end encryption between nodes using self-signed certificates. That would prevent information leak that someone would harvest and attempt to break a specific ECDSA key.

for Bitcoin, yes. For protocols that involve encrypting network packets using public keys, it might make sense to pick now (and I believe this is the reason OpenSSH did so). I do not know why it doesn't make more sense to extend/redesign the protocol to encrypt using negotiated ephemeral encryption keys, but maybe that's something specific the protocol.

That is something which is suspiciously missing from the paper linked to by OP as well. It's all well and good saying "We have a xxx qubit computer which can solve the ECDLP for 256 bit private keys", but if you have to run your xxx qubit computer for ten years to find a single private key, then it isn't going to pose much of a risk to bitcoin.

There are quite a few in development: https://en.wikipedia.org/wiki/Post-quantum_cryptography

The last discussion regarding quantum computers on the mailing list I am aware of is from April last year: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-April/020209.html
This discussion focuses on NTRU, which is a lattice-based algorithm: https://en.wikipedia.org/wiki/NTRU

Picking one now, when the threat from quantum computers is very likely still decades away, seems very premature though. There is a good chance that whatever we picked today would be at best outdated and at worst insecure by the time it actually mattered.

or look at this way: anyone producing a sufficiently powerful quantum computer probably has big interest from the "local military" so to speak.

because that kind of equipment has military implications; whichever political faction who obtained such a tool first could use it to:

• outright attack enemies
• blackmail them instead

it would be a world changing event, if it came out of a clear blue sky (i.e. unexpectedly). One could pwn everything and everyone with such tech, a whole new era would begin rather abruptly

guess what though? everyone to which any of this is relevant already knows, and is preparing accordingly. Bitcoin devs are only one out of many who are aware, and they don't even have any (known) military connections

Do not disregard that the developers are well aware of this scenario and I believe they will not get idle and just wait for these so called quantum computer to break the Bitcoin security.  Because before Bitcoin, I believe there are lots of low security that will be cracked first giving a hint that there is a need of an upgrade of security for Bitcoin  hence the possibility of your speculation or prediction might not happen.  

I think as the quantum computer progress and develop, securities also evolve and develop.  So it is a race and not just a one sided race where QC are the only one progressing.

how fast will this quantum computer be able to factorize the public key into it's private key? it has to be faster than a miner can mine transactions transferring to a quantum resistant keypair.

also, don't forget that miners will want to continue to mine, so if a new keypair scheme is available, one can simply send (encrypted) transactions directly to a miner, transferring utxos to a new address using the new scheme, IBM cannot crack public keys they do not have access to.

what's that you say, the quantum resistant keypairs don't exist? well neither does IBM's 4000 qubit computer (and some kind of quantum resistant keypair cryptography does exist, although I have no idea how good it is, nor whether it's at all suitable for Bitcoin addresses/tx's)

did you say game over?

BTC is not quantum secure. IBM will have a QC of 4,000+ qubits by 2025 (in two years). It takes only 1556  qubits to break the ECDSA encryption used to correllate private to public keys. What this means is if you have an exposed (unhashed) public key - which if you ever used your wallet it leaves an unhashed copy of your public key out there on the network for anyone to have - a quantum computer of 1556 or more qubits can take that public key and reverse engineer out your private key. Game over. Bitcoin has no value other than as a way to Secure information - security is literally its only selling point - when that security breaks, as it will, it has no more usefulness and the value will crash to probably just a few dollars, propped up by die-hard dead-ender BTC maxis. If you want to get rich on bitcoin, short it by buying a short bitcoin etf (example is ticker BITI - not financial advice). Doing anything else will result in losing investment.

Google this / do your own research - this is not "FUD", this is just sober fact. Bitcoin public keys can fall with QC's of just 1556 qubits. (Source: https://security.stackexchange.com/questions/33069/why-is-ecc-more-vulnerable-than-rsa-in-a-post-quantum-world ). Misinformation you hear is that it takes many qubits to crack RSA hence bitcoin is safe - this only relates to the bitcoin mining algorithm not the ECDSA algorithm used to relate public/private keys which is more vulnerable. Again - in 2 years or so IBM will have QC strong enough to reverse engineer private key from unhashed public key. When this happens panic will spread and bitcoin will crash. This is as predictable as the housing bubble collapse of 2008 and just like then, there are people who will shout "FUD" at anyone showing the plain and simple facts. Don't be on the wrong side of this.

Quantum computer is a threat to cyber security, because it could be use to something bad or good, like massive security breaches all over the globe. But if the technology evolves the security also evolves, NIST is the one who are preparing for PQC to avoid such things, it is called quantum-resistant cryptographic standards, that must be adopted to prevent everything that could be gone wrong.

There is a difference here in that a centralized service such as a bank can much more easily swap to a new quantum resistant technology than we can on bitcoin. They can simply update their back end, as opposed to needing to hard fork an entire decentralized network. Further, they don't have to care about some of the same considerations that we do. Take Lamport signatures as an example. They should only ever be used once, as each subsequent signature makes it easier and easier for an attacker to forge a signature. For bitcoin this would mean a huge overhaul of how wallets (or even the whole network) works to prevent anyone from using the same address more than once. For a bank, then can just generate new keys as needed. Or the fact that Lamport public keys and signatures can be dozens of kilobytes in size. Irrelevant for a centralized service, but catastrophic for bitcoin blocks.

While quantum computers pose no risk to bitcoin at the moment, and won't for many years to come, we will have some of the most specific demands when it comes to selecting a quantum resistant algorithm to use.

right, improving the algorithm isn't so impressive when the hardware that could use the improved algorithm is still infeasible

You know that most secure services like SSL on websites and also services used by the Banking sector and other financial services use RSA Encryption technology ... right?

So why do you think this FUD is only targeted at Bitcoin as a huge threat? I will tell you why, because Bitcoin is a threat to the people who are spreading this FUD... because they want the uniformed slaves of their financial system .... to fear Bitcoin. (even if this is a bunch of lies)

Just get the truth out there... and how we already solved this possible threat, with counter measures.  

It is also worth pointing out that even the 2048-bit RSA key is less secure than a 256-bit EC key (112 vs 128). Don't be fooled by the bigger number, RSA keys provide a lot less security. The only significance of the article is the algorithm they used and how they reduced the number of qubits required, not that we are any closer to breaking actual keys in use in the near future.

yeah I saw it too and a bunch of it,
and I do believe before its gonna happen bitcoin and the other already creating some new encryption way more secure than RSA beside that quantum is early technology

"Quantum computers are known to be a potential threat to current encryption systems, but the technology is still in its infancy. Researchers typically estimate that it will be many years until quantum computers can crack cryptographic keys — the strings of characters used in an encryption algorithm to protect data — faster than ordinary computers." - https://www.nature.com/articles/d41586-023-00017-0

But we will doomed if AI with brain of quantum computer exist 

I agree, although the news only mention 48-bit on screenshot of the research which most reader would skip. And some media usually add pointless image, so it's not surprising that me and few reader automatically skipped it. And for those who want to read/skim the research, see https://arxiv.org/abs/2212.12372.


At very least, RSA is used on MasterCard's Payload Encryption.


Source: https://developer.mastercard.com/platform/documentation/security-and-authentication/securing-sensitive-data-using-payload-encryption/

They weren't able to crack any size of RSA key.

The largest number they were able to factorize was 48 bits. The minimum recommended size for RSA keys is 2,048. They weren't even close, even to older 1,024 keys which are still in circulation. The RSA-100 number, which has 330 bits, was factorized in 1991, and can be factorized on a modern computer in a matter of minutes. 48 bits isn't even close to this number either.

The whole thing is a clickbait nothing burger. The difference between 48 bits and 2,048 bits really can't be understated. It would be like newspapers in 1969 announcing we had colonized the solar system after landing on the moon.

That's not quite accurate. There are also millions of coins in old style P2PK outputs which are vulnerable, and since taproot no longer hashes public keys then coins in P2TR outputs are vulnerable as well. Not to mention all the public keys which have been revealed through other means, such as SPV wallets, watch only wallets, payment processors, signed non-transaction messages, etc. And obviously the public keys which will be revealed as soon as a transaction is broadcast. Relying on the public key being hashed is a poor defense against quantum computers. Rather we will implement some quantum resistant scheme when the time comes.