https://bitcointalksearch.org/topic/m.16600877
Topic: Can quantum computers kill Bitcoin? (Read 2700 times)
For those of you who are interested in the matter I would like to point out the following discussion I had with some others users in a different section.
https://bitcointalksearch.org/topic/m.16600877
https://bitcointalksearch.org/topic/m.16600877
Let's say, quantum computers are little affordable. It won't kill bitcoins. Instead, it'll kill miners who can't afford quantum computers.
Bitcoin had been designed that not to get 21 million bitcoins at all, theoretically. But we might achieve that so soon which in turn might start the fall of bitcoins.
Bitcoin had been designed that not to get 21 million bitcoins at all, theoretically. But we might achieve that so soon which in turn might start the fall of bitcoins.
1. Bitcoins are safe from QCs as long as every address has been used only once, because the public key is only out once funds get spent from it and if they were all flushed it's too late.
2. Q-resistant digital signature algorithms exist, and could be enforced with a core update that forces all signatures to use Q-resistant algorithms after a certain block.
3. QCs will make headways in slowly, and their effects will be evident and cause shifts in the security and software community to start adapting, naturally bitcoin will move within reasonable time.
Your coins will likely be safe. Now the question is whether your operating system will.
2. Q-resistant digital signature algorithms exist, and could be enforced with a core update that forces all signatures to use Q-resistant algorithms after a certain block.
3. QCs will make headways in slowly, and their effects will be evident and cause shifts in the security and software community to start adapting, naturally bitcoin will move within reasonable time.
Your coins will likely be safe. Now the question is whether your operating system will.
It means that the PoW will change from being practically optimization free,
as currently the case with near-optimal ASICs, to becoming extremely optimization prone,
with huge advantages available only to the most advanced and well-funded organizations
(like your favorite 3-letter agency).
That is, mining power will go from fairly decentralized to absolutely centralized.
A post-quantum bitcoin will need to move away from Hashcash to some asymmetric PoW.
Simply increasing the key space of the hash to say, 512 bits, would provide us the same security as 256 bits does today. Hashcash would not be dead, we would just need to have larger key spaces.as currently the case with near-optimal ASICs, to becoming extremely optimization prone,
with huge advantages available only to the most advanced and well-funded organizations
(like your favorite 3-letter agency).
That is, mining power will go from fairly decentralized to absolutely centralized.
A post-quantum bitcoin will need to move away from Hashcash to some asymmetric PoW.
I don't think that the QC mining will increase the difficulty and let the blocks stay the same size. Because QC for now are reaaaaaaally rare and that's means that only few can afford to use them and few + bitcoin node are already a problem, so I don't think it will be accepted the worsening of the situation.
The difficulty and the block size have nothing to do with each other. Do not conflate the issues.
I don't think that the QC mining will increase the difficulty and let the blocks stay the same size. Because QC for now are reaaaaaaally rare and that's means that only few can afford to use them and few + bitcoin node are already a problem, so I don't think it will be accepted the worsening of the situation.
Even so, QCs cannot do preimage attacks on hashes, they can only brute force them faster. For mining, that just means that the difficulty will increase and blocks will stay the same. For addresses, that means that they still cannot find the associated public key because they still can't find the preimage.
It means that the PoW will change from being practically optimization free,
as currently the case with near-optimal ASICs, to becoming extremely optimization prone,
with huge advantages available only to the most advanced and well-funded organizations
(like your favorite 3-letter agency).
That is, mining power will go from fairly decentralized to absolutely centralized.
A post-quantum bitcoin will need to move away from Hashcash to some asymmetric PoW.
i can see many threads with this same kind of discussions,now we have a fifth thread regarding quantum computers
1.Quantum computer? So what! No worries...(?)
2. Quantum computers and Bitcoin
3.Will Bitcoin survive if quantum computing is introduced
4. Quantum computer mining
1.Quantum computer? So what! No worries...(?)
2. Quantum computers and Bitcoin
3.Will Bitcoin survive if quantum computing is introduced
4. Quantum computer mining
Quantum Computers are not any faster at hashing than classical computers.
You are very wrong.
From Section 4.3 of https://www.iotatoken.com/IOTA_Whitepaper.pdf:
Quote
It is known that a (today still hypothetical) sufficiently large quantum computer can
be very efficient for handling problems where only way to solve it is to guess answers
repeatedly and check them. The process of finding a nonce in order to generate a
Bitcoin block is a good example of such a problem. As of today, in average one must
check around 2^68 nonces to find a suitable hash that allows to generate a block. It
is known (see e.g. [Gilles Brassard, Peter Hyer, Alain Tapp (1998) Quantum cryptanalysis
of hash and claw-free functions. Lecture Notes in Computer Science 1380, 163–
169.]) that a quantum computer would need Θ(√N) operations to
solve a problem of the above sort that needs Θ(N) operations on a classical computer.
Therefore, a quantum computer would be around √2^68 = 2^34 ≈ 17 billion times more
efficient in Bitcoin mining than a classical one. Also, it is worth noting that if
blockchain does not increase its difficulty in response to increased hashing power,
that would lead to increased rate of orphaned blocks.
be very efficient for handling problems where only way to solve it is to guess answers
repeatedly and check them. The process of finding a nonce in order to generate a
Bitcoin block is a good example of such a problem. As of today, in average one must
check around 2^68 nonces to find a suitable hash that allows to generate a block. It
is known (see e.g. [Gilles Brassard, Peter Hyer, Alain Tapp (1998) Quantum cryptanalysis
of hash and claw-free functions. Lecture Notes in Computer Science 1380, 163–
169.]) that a quantum computer would need Θ(√N) operations to
solve a problem of the above sort that needs Θ(N) operations on a classical computer.
Therefore, a quantum computer would be around √2^68 = 2^34 ≈ 17 billion times more
efficient in Bitcoin mining than a classical one. Also, it is worth noting that if
blockchain does not increase its difficulty in response to increased hashing power,
that would lead to increased rate of orphaned blocks.
Even so, QCs cannot do preimage attacks on hashes, they can only brute force them faster. For mining, that just means that the difficulty will increase and blocks will stay the same. For addresses, that means that they still cannot find the associated public key because they still can't find the preimage.
There is high chance for quantum computer to be a threat to bitcoin. But I don't think it will kill bitcoin. Everybody is well aware of the capabilities of a quantum computer and what it can do if it falls in the wrong hands. I am sure the devs are working to solve this issue. I have heard that they can hard fork bitcoin's algo and use SHA 512 which is said to be quantum resistant. You can protect your bitcoins by using a new address for every transactions.
Quantum Computers are not any faster at hashing than classical computers.
You are very wrong.
From Section 4.3 of https://www.iotatoken.com/IOTA_Whitepaper.pdf:
Quote
It is known that a (today still hypothetical) sufficiently large quantum computer can
be very efficient for handling problems where only way to solve it is to guess answers
repeatedly and check them. The process of finding a nonce in order to generate a
Bitcoin block is a good example of such a problem. As of today, in average one must
check around 2^68 nonces to find a suitable hash that allows to generate a block. It
is known (see e.g. [Gilles Brassard, Peter Hyer, Alain Tapp (1998) Quantum cryptanalysis
of hash and claw-free functions. Lecture Notes in Computer Science 1380, 163–
169.]) that a quantum computer would need Θ(√N) operations to
solve a problem of the above sort that needs Θ(N) operations on a classical computer.
Therefore, a quantum computer would be around √2^68 = 2^34 ≈ 17 billion times more
efficient in Bitcoin mining than a classical one. Also, it is worth noting that if
blockchain does not increase its difficulty in response to increased hashing power,
that would lead to increased rate of orphaned blocks.
be very efficient for handling problems where only way to solve it is to guess answers
repeatedly and check them. The process of finding a nonce in order to generate a
Bitcoin block is a good example of such a problem. As of today, in average one must
check around 2^68 nonces to find a suitable hash that allows to generate a block. It
is known (see e.g. [Gilles Brassard, Peter Hyer, Alain Tapp (1998) Quantum cryptanalysis
of hash and claw-free functions. Lecture Notes in Computer Science 1380, 163–
169.]) that a quantum computer would need Θ(√N) operations to
solve a problem of the above sort that needs Θ(N) operations on a classical computer.
Therefore, a quantum computer would be around √2^68 = 2^34 ≈ 17 billion times more
efficient in Bitcoin mining than a classical one. Also, it is worth noting that if
blockchain does not increase its difficulty in response to increased hashing power,
that would lead to increased rate of orphaned blocks.
would better be used for mining
Guys do you think quantum computers will be able to kill Bitcoin?
https://cointelegraph.com/news/bitcoins-final-obituary-quantum-computers-may-kill-future-of-money
Quantum computers are very rare and very expensive to operate, so every time they use them they are risking millions of dollars of equipment.https://cointelegraph.com/news/bitcoins-final-obituary-quantum-computers-may-kill-future-of-money
Therefor there is no logical or financial reason for any one to use QC on bitcoin.
For goverment of developed country, some millions are nothing to risk. I think they won't use QC computers on bitcoin and they don't need it. I think if we use QC computers and the most talented hackers, than we are able to kill bitcoin, banking, commerce but why? There is no reason for this, so I feel myself safe. Also since bitcoin was created, there wasn't happened something danger, so don't worry about this.
People there is nothing happening to worry and what cointelegraph writes.. eh..
If it is the BTC public key that quantum computer will need to extract from it the private key, who it (quantum computer) will get these public keys?
AFAIK you can get public keys from your own BTC addresses in your wallet. Am I wrong?
AFAIK you can get public keys from your own BTC addresses in your wallet. Am I wrong?
Theoretically, yes.
All the single signature addresses are going to be exposed to this kind of attack, even if we all start using multi-sig addresses, it will still won't solve the problem, since many old addresses including satoshi's addresses that contains a lot of bitcoins are only single signature and they will be exposed to the attack.
The only solution to this case will be to make a kind of a hard fork.
But don't worry, the quantum computers are far away and it won't happen in the near future, we have some other things to take care of now, including the block size limit.
All the single signature addresses are going to be exposed to this kind of attack, even if we all start using multi-sig addresses, it will still won't solve the problem, since many old addresses including satoshi's addresses that contains a lot of bitcoins are only single signature and they will be exposed to the attack.
The only solution to this case will be to make a kind of a hard fork.
But don't worry, the quantum computers are far away and it won't happen in the near future, we have some other things to take care of now, including the block size limit.
So according to you BTC is not in danger against quantum computers?
of course it is and so is everything else. bitcoin's gonna be the least of your worries if it arrives and there's no preparation to counter it.
As has been explained multiple times in multiple places on this forum and on the internet, quantum computers pose a very low risk to Bitcoin.
As Danny said,
The word quantum does not mean "magic".
Quantum Computers are not any faster at hashing than classical computers. Thus they will not destroy Bitcoin mining. What Quantum Computers are really good at is prime factorization. Through Shor's Algorithm, QCs could in theory obtain the private key out of a private key. However, it is not known how long that will take as no QCs have been invented that can do that yet. It is only known that it will be significantly faster than a classical computer.
While that sounds scary, it isn't actually the end of the world for Bitcoin. If you do not reuse addresses as most wallets practically force you to do, then you are perfectly safe. This is because the public key is protected by a hash, and hashes are not easily reversed by Quantum Computers. Thus your public key will remain safe, and when you go to spend your Bitcoin, the public key will be revealed but the Bitcoin will be gone so there is nothing for a malicious entity to steal.
Furthermore, Quantum Computers aren't just going to suddenly appear overnight and be powerful enough to crack various cryptographic schemes. As they become more and more popular, there is a very high likelihood of Bitcoin changing the signature scheme to something that is quantum resistant so your Bitcoin will still be safe.
So according to you BTC is not in danger against quantum computers?
of course it is and so is everything else. bitcoin's gonna be the least of your worries if it arrives and there's no preparation to counter it.
So according to you BTC is not in danger against quantum computers?
The word quantum does not mean "magic".
No, currently BTC is in no danger from quantum computers.
In the future, bitcoin's protocol can be updated to new quantum secure algorithms if quantum computing ever becomes a serious threat to the current algorithms. Therefore, quantum computing will almost certainly never be a realistic threat to BTC.
then they'll be able to have a bunch of fun with the rest of us. but they don't have the scientists or the funding compared to the big ticket agencies elsewhere. if there is a glimmer of it becoming a possibility then we'll all have to figure out new forms of encryption before they're prevalent or the world is in a little trouble.
So according to you BTC is not in danger against quantum computers?
then they'll be able to have a bunch of fun with the rest of us. but they don't have the scientists or the funding compared to the big ticket agencies elsewhere. if there is a glimmer of it becoming a possibility then we'll all have to figure out new forms of encryption before they're prevalent or the world is in a little trouble.
What if one day Iran or North Korea declares it has quantum computers?
Jump to: