Pages:
Author

Topic: Can Quantum Computer's destroy Blockchain and Bitcoins[SHA-256 specifically] (Read 1787 times)

sr. member
Activity: 1190
Merit: 469

It'd be sufficient if a solution to the ECDLP was found, which means to find k given points P, Q so that Q = k*P.

they already have a quantum algorithm for that: extended shor's algorithm.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
does that mean they are going to break sha256? not necessarily.
It'd be sufficient if a solution to the ECDLP was found, which means to find k given points P, Q so that Q = k*P.

I'm not an expert in this field by any means, but it does not sound like there is anything to break in SHA256, other than the obvious collision concern and proving the P versus NP problem. But, please, someone more involved, correct me.

solving problems faster than conventional supercomputers, etc
Or rather, finding less complex solutions.
hero member
Activity: 714
Merit: 1010
Crypto Swap Exchange
I'm not surprised that the possibility of QCs with some necessary breakthroughs is a potential danger to established computer security. The security of RSA depends upon the extremely computationally hard factorisation of very very large numbers. In such a factorisation challenge QCs could show off their quantum advantage, alas current QC technology isn't ready for it. Current QCs can factor maybe two-digit numbers which isn't very impressive at all as normal computers can factor such two-digit numbers in microseconds (maybe nanoseconds, anyway fast enough).

Breakthroughs can sometimes come very unexpected and faster than anticipated, so it's normal to prepare for such scenarios. If current RSA could be broken quickly, we'll have a lot of problems in computer science and applications.

I just don't see such necessary breakthroughs coming any soon, that's all.
hero member
Activity: 1078
Merit: 566
My understanding of QCs is surely limited and from my personal understanding, I don't see a lot of danger for decent hashing algorithms like SHA-256 or SHA-512 to be broken considerably faster by far future QC with enough(!!) stable qubits of high coherence times and awesome gate fidelity.

I don't deny progress in this field, but current QCs are vastly overrated and very far from breaking anything important. Sorry to be the QC party pooper...

Advancements in technologies are rarely welcomed in the start. See what people used to comment about personal computers or Bitcoin in there early days of launch.
The US government has already passed a bill in Dec 2022[1] that encourages federal government agencies to adopt technology that will protect against quantum computing attacks [2]. This is why I think it's not a buzz word but a reality. 

[1] Public Law No: 117-260 (12/21/2022) Quantum Computing Cybersecurity Preparedness Act

[2] https://www.forbes.com/sites/forbestechcouncil/2023/01/25/what-the-quantum-computing-cybersecurity-preparedness-act-means-for-national-security/?sh=64fcd901368a
sr. member
Activity: 1190
Merit: 469
I refer with "vastly overrated" to solving bigger (and thus more real) problems with "quantum advantage". I haven't seen much at all there. The demos of so-called quantum superiority weren't much impressive so far (very much a problem of so far puny numbers of stable enough qubits and the need for sophisticated error correction due to too quick decoherence issues). And I don't give much to what's theoretically possible, only practical application counts.

C'mon, universities have to jump onto the hottest tech. How could you otherwise educate and produce experts in such fields that are desperately needed outside.


https://www.msn.com/en-ae/news/featured/aramco-signs-agreement-with-pasqal-to-deploy-first-quantum-computer-in-the-kingdom-of-saudi-arabia/ar-BB1mItwE

Aramco, one of the world's leading integrated energy and chemicals companies, has signed an agreement with Pasqal, a global leader in neutral atom quantum computing, to install the first quantum computer in the Kingdom of Saudi Arabia.

one day you're going to wake up and find out that someone is solving problems that you didn't think they would. and it might be in the next few years. it won't suprise me though. do you think people spending millions of dollars on these type of systems are dumb? obviously not.

does that mean they are going to break sha256? not necessarily. there would have to be an algorithmic advancement for that to happen. but all the other things could still come true : solving problems faster than conventional supercomputers, etc.




hero member
Activity: 714
Merit: 1010
Crypto Swap Exchange
"Now that we can produce extremely pure silicon-28, our next step will be to demonstrate that we can sustain quantum coherence for many qubits simultaneously," project co-supervisor David Jamieson, professor of physics at the University of Melbourne, said in the statement.

producing the silicon-28 is not an issue apparently otherwise he wouldn't have said that.

In the academic realm, exaggeration isn't an uncommon phenomenon. We're somewhat digressing from the topic here, but I find the part interesting that separation aka purification of Si28 from Si29 and Si30 isn't an issue according to above cited stance. Isotope separation can only be done by differences in physical properties of elements or their chemical compounds, not by any chemical properties (isotopes of chemical elements don't have any different chemistry).

Anyway, they seem to have figured this out as there's apparently enough interest to have purified Si28.


i guess that depends on what you consider to be "important". but i don't agree that they are "vastly overrated". maybe it's time to wake up and take a look at what is going on around you:

https://www.msn.com/en-us/news/technology/rpi-unveils-high-tech-ibm-quantum-system-one/ar-BB1l9Jqz

if universities are buying them and installing them then that kind of legitimizes them.

I refer with "vastly overrated" to solving bigger (and thus more real) problems with "quantum advantage". I haven't seen much at all there. The demos of so-called quantum superiority weren't much impressive so far (very much a problem of so far puny numbers of stable enough qubits and the need for sophisticated error correction due to too quick decoherence issues). And I don't give much to what's theoretically possible, only practical application counts.

C'mon, universities have to jump onto the hottest tech. How could you otherwise educate and produce experts in such fields that are desperately needed outside.
sr. member
Activity: 1190
Merit: 469
...

Have you actually read and understood this yellow-press QC "science" article?

No details how easy and at what cost they claim to be able to produce more or less pure Silicon28. They still haven't demonstrated such Qubits to have actually a longer and more stable coherence time. What a bummer...

Solid state systems have typically coherence times measured in microseconds to milliseconds at best (ion trap qubits usually seconds to minutes if cooled close to absolute zero Kelvin). Source

Man, this article is full of conjunctives, to an extend that I'd consider it a click-bait at best. So little proven, you can't even call this "science".
ok now that you have all of that out of the way, lets talk about what they actually said.

"Now that we can produce extremely pure silicon-28, our next step will be to demonstrate that we can sustain quantum coherence for many qubits simultaneously," project co-supervisor David Jamieson, professor of physics at the University of Melbourne, said in the statement.

producing the silicon-28 is not an issue apparently otherwise he wouldn't have said that.


Quote
I don't deny progress in this field, but current QCs are vastly overrated and very far from breaking anything important.
i guess that depends on what you consider to be "important". but i don't agree that they are "vastly overrated". maybe it's time to wake up and take a look at what is going on around you:

https://www.msn.com/en-us/news/technology/rpi-unveils-high-tech-ibm-quantum-system-one/ar-BB1l9Jqz

if universities are buying them and installing them then that kind of legitimizes them.
hero member
Activity: 714
Merit: 1010
Crypto Swap Exchange
...

Have you actually read and understood this yellow-press QC "science" article?

No details how easy and at what cost they claim to be able to produce more or less pure Silicon28. They still haven't demonstrated such Qubits to have actually a longer and more stable coherence time. What a bummer...

Solid state systems have typically coherence times measured in microseconds to milliseconds at best (ion trap qubits usually seconds to minutes if cooled close to absolute zero Kelvin). Source

Man, this article is full of conjunctives, to an extend that I'd consider it a click-bait at best. So little proven, you can't even call this "science".

My understanding of QCs is surely limited and from my personal understanding, I don't see a lot of danger for decent hashing algorithms like SHA-256 or SHA-512 to be broken considerably faster by far future QC with enough(!!) stable qubits of high coherence times and awesome gate fidelity.

I don't deny progress in this field, but current QCs are vastly overrated and very far from breaking anything important. Sorry to be the QC party pooper...
sr. member
Activity: 1190
Merit: 469
'World's purest silicon' could lead to 1st million-qubit quantum computing chips
https://www.msn.com/en-us/news/technology/worlds-purest-silicon-could-lead-to-1st-million-qubit-quantum-computing-chips/ar-BB1lXFFn?ocid=BingNewsSearch

"Now that we can produce extremely pure silicon-28, our next step will be to demonstrate that we can sustain quantum coherence for many qubits simultaneously," project co-supervisor David Jamieson, professor of physics at the University of Melbourne, said in the statement. "A reliable quantum computer with just 30 qubits would exceed the power of today's supercomputers for some applications."
 
1 million cubits would definitely be problematic for bitcoin.

newbie
Activity: 6
Merit: 0
Have been researching QC's and bitcoin for months. It is not clear from many sources of the World Wide Web whether or not QC is a threat to the sha256 of Bitcoin.
1.Can we if possible mine more than the specified value of BTC in less than a minute with the help of a powerfully-eligible Quantum Computer?

Agree that QC's can destroy Elliptic Curve Digital Signature Algorithm and steal our private keys. So considering all of the above threats,

2.Is it possible to fork Bitcoin and solve the following problems?

3.How to secure the SHA256 encryption and make it immutable to QC attacks?

I am pretty sure, Satoshi Nakamoto must have thought about the possible problems there has to be a solution, but exactly where?

Researching for months but didn't somehow come across this?

SHA-256 is very strong.  It's not like the incremental step from MD5 to SHA1.  It can last several decades unless there's some massive breakthrough attack.

If SHA-256 became completely broken, I think we could come to some agreement about what the honest block chain was before the trouble started, lock that in and continue from there with a new hash function.

If the hash breakdown came gradually, we could transition to a new hash in an orderly way.  The software would be programmed to start using a new hash after a certain block number.  Everyone would have to upgrade by that time.  The software could save the new hash of all the old blocks to make sure a different block with the same old hash can't be used.

...
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
[...]
Thirdly, there's no HD standard. Most wallet software have adopted BIP39, Electrum & Armory have their own (AFAIK), etc. But the protocol recognizes no deterministic keys; that's something the Bitcoin community - and specifically some developers - have invented unofficially and nonconsensually. Therefore, such change is beneficial subjectively, because you can't include all wallet software's HD rules nor there is a "neutral" list of those software.

And even if there was such list, you're burdening full node's cost, because it now has to verify computationally expensive functions such as PBKDF2 and HMAC-SHA256, that can be deliberately abused to establish an attack successfully. For example, I can provide a zero-knowledge proof of my HD wallet in which I used millions of PBKDF2 rounds to generate.
legendary
Activity: 3906
Merit: 6249
Decentralization Maximalist
That's not entirely true. It would be possible to lock some coins in a way in which the original owner could move them but a quantum attacker reversing the ECDLP could not steal them. This would be done by requiring some proof, ideally a zero knowledge proof, of possession of the seed phrase or master private key which was used to derive the relevant private key. The true owner who had derived the private key in an HD wallet would be able to provide this proof, while a quantum attacker who had obtained the private key from the public key would not.
Interesting. I wonder how would this be done technically, is this mechanism described anywhere? My doubt is about how "the blockchain" (i.e. the Bitcoin client in combination with the blockchain data) can know about HD seed phrases / master public keys. All what is stored on the blockchain (from my knowledge) are signatures, public key hashes and (in the case of P2PK) public keys, can you derive information about the HD "master key" from one of these elements?
newbie
Activity: 108
Merit: 0
Are there any puzzle or Crypto vendors for your Bitcoin Crypto Grafix.
You believe you won't take any keys and you'll catch them at another party?
So think we are far behind and your attacks will be successful, think about it .
legendary
Activity: 2268
Merit: 18711
If they're "lost", i.e. nobody has access to them anymore, there would be no way to protect them with the exception of harsh methods like the blocking of these addresses/utxos (something similar Ethereum did when TheDAO was exploited).
That's not entirely true. It would be possible to lock some coins in a way in which the original owner could move them but a quantum attacker reversing the ECDLP could not steal them. This would be done by requiring some proof, ideally a zero knowledge proof, of possession of the seed phrase or master private key which was used to derive the relevant private key. The true owner who had derived the private key in an HD wallet would be able to provide this proof, while a quantum attacker who had obtained the private key from the public key would not.

The downside to this approach is two-fold, though. Firstly, it only protects reused HD addresses, and does nothing for the 1.73 million BTC in P2PK addresses. Secondly, there is no way of knowing which addresses were generated in an HD manner and which were not, which would mean some coins being locked forever and being irrecoverable by anyone, the true owner included.
member
Activity: 196
Merit: 67
...
exactly.

I think that Satoshi thought about it and made the same decission like you described it here. Let them move  Smiley
legendary
Activity: 3906
Merit: 6249
Decentralization Maximalist
.. most of we'd need to make Bitcoin "quantum-resistant" is to extend Bitcoin Script with mechanisms to ...
What will we make with early mined coins that haven't been moved since ~2010, eg. Satoshi's coins?
If they're "lost", i.e. nobody has access to them anymore, there would be no way to protect them with the exception of harsh methods like the blocking of these addresses/utxos (something similar Ethereum did when TheDAO was exploited).

I personally would be against this - I'd rather be ok if they're "stolen" and dumped, even if this meant a sudden price crash. Distribution afterwards would probably be better, and I expect only short term price turbulences. Take into account that if these coins were mined by a single entity (most likely Satoshi) then there is always the danger that they're suddenly moved and be sold, either because Satoshi himself is selling them, or because his computer was hacked (he should have had some knowledge how to secure his data, but nothing is impossible). This danger would then be gone forever, so I expect a quick price recovery. (Anyway, quantum computers would have to solve each address separately, and at first they would be rather slow with that task. So the dumping process could be pretty long - at least if the "dumpers" wanted to maximize profit - and maybe thus the amounts would be too low to generate much panic)
member
Activity: 196
Merit: 67
.. most of we'd need to make Bitcoin "quantum-resistant" is to extend Bitcoin Script with mechanisms to ...
What will we make with early mined coins that haven't been moved since ~2010, eg. Satoshi's coins?
legendary
Activity: 3906
Merit: 6249
Decentralization Maximalist
Just wanted to add a thought I had some days ago (have thought about it and I see no drawback until now).

Like garlonicon wrote in this post, most of we'd need to make Bitcoin "quantum-resistant" is to extend Bitcoin Script with mechanisms to handle other public key cryptosystems than ECDSA.

While there's surely a long way to go to get this implemented in the Bitcoin protocol, one could imagine an extension protocol for tokens based on the OP_RETURN mechanism, like OmniLayer, supporting interesting quantum-resistant cryptosystem candidates first, which would be possible much faster (they could simply copy/paste parts of the algo of this shitcoin which was promoted in this thread by a certain FUDster Wink ). You could then not only create Tether-like centralized tokens which are quantum resistant, but also in theory an 1:1 pegged Bitcoin stablecoin - the easiest way would be using a proof-of-burn scheme, where each bitcoin burnt would entitle its owner to create one unit of the quantum-resistant Bitcoin stablecoin (we could call it QBitcoin).

If the threat becomes real at some point and Bitcoin extends its Script language to support a quantum-secure algorithm, then it should be possible to "merge" the QBitcoin with the "old" upgraded Bitcoin. This would be a way to ensure QBitcoin's peg with Bitcoin holds, although maybe not absolutely necessary.

I write this mostly because if someone is really worried about quantum computers then this could be possibly a straightforward path for Bitcoin to achieve quantum resistance step by step, without having to wait for a complete, thoroughly-tested implementation - and no shitcoin is really needed. Grin

By the way, I wonder if Simplicity, if it gets included into Bitcoin, could provide the necessary functions for "quantum resistant addresses"? In the whitepaper it's mentioned that it's "expressive enough to represent any finitary function", so wouldn't "quantum computer resistant cryptography" be a possible use case?
jr. member
Activity: 49
Merit: 19
I started this thread a few months ago to understand what others think of the same question. I, myself have been around this specific question for a long time and I think technology itself has a solution to this particular problem, Technology cannot destroy technology itself unless they both have an understanding conscious that thrives being "ON TOP".

In that case, it is going to be a long marathon[which might be never ending] in the case of: Quantum Computers --> (running for) Bitcoin.

I think this is what gets to fork bitcoin and improve it for the larger mass to adopt it [It is particularly a slow process]. Exactly how the internet was Born and raised.

copper member
Activity: 821
Merit: 1992
I know it exists on Bitcoin blockchain. I thought about similar challenges in the context of this altcoin, quantum computers and instant break. Because without any "in between" step, it looks like bogosort way of sorting.
Pages:
Jump to: