Topic: how many more years our bitcoins will be save from quantum supercomputer (Read 472 times)

Yeah. I get your point, even from the first analogy. There would definitely be a certain degree of collateral damage. Just to provide a more thorough discussion; I'm only as qualified to give my own opinions but nothing that technical or something that evaluates all of the variables. Here's a discussion that I once participated (closely followed rather) and pretty much conveys my take on this issue: https://bitcointalksearch.org/topic/theymos-bitcoins-belonging-to-satoshi-should-be-destroyed-1469099.

Then why should the network remotely "brick" someone's coins by moving to an algorithm which prevents them being spent?

Here's another analogy. Let's say the company who make the locks on my doors release a new lock because the old one is defective. If I fail to replace my locks, should the company come to my house and burn all my belongings, because "Well, they were going to be stolen anyway"?

Just because coins haven't moved doesn't mean they are lost, and quantum computing is not suddenly going to hack all two million vulnerable coins at once. They will slowly trickle back in to circulation over a long period of time, meaning if we set a date to inactivate elliptic curve keys, then we will certainly be depriving some users of their coins. They could be in prison, be under house arrest, be unable to leave a country to reach their wallets/seed phrases, etc. Perhaps their bitcoin is locked in a trust for their descendents. Perhaps they had an inheritance plan to release it when their child reaches their 21st birthday. Perhaps there is a timelocked transaction waiting to be broadcast. The possibilities are endless.

I don't think the scale of that would be to the tune of 2 million Bitcoins. Of course you should not remotely brick any device, that is absurd and absolutely immoral. I also don't think the million(?) Bitcoins that Satoshi holds (and presumably never be circulated again) would be in any hardware wallets or generated by it. It is safe to assume that most users do still have access to their hardware wallets and that is up to them to move their own coins, so I agree on the HW wallet scenario with you. I find the QC issue something that is more complex than this and no change (CMIIW) would save ECDSA keys from being vulnerable. My idea would be to have the network switch to a new algorithm and plan a fairly long road map to completely deprecate those ECDSA bound keys. Something like this could be planned when QCs capable of doing this feasibly (and also cost effectively) is on the horizon (probably 10-20 years before), well of course in the meantime convince people to switch to QC resistant signatures by discouraging them from using ECDSA keys.

Of course, violating that very rule of Bitcoin sounds completely absurd, I'll be very honest with you. I maintain that burning them is still a possibility as the impact could possibly hurt Bitcoin economically and IMO both of them have valid points.


You do. I respect both sides of the camp, that is why I believe that it is a moral dilemma.

For the record: https://www.reddit.com/r/Bitcoin/comments/4isxjr/petition_to_protect_satoshis_coins/d30we6f/.

It is definitely an unpopular opinion and I rest my case.

Then you'll have to split the network to do it.  I guarantee you I won't be on that fork.  If you think "betterment of the community" means forming a new one of your own with a different ethos around what constitutes 'ownership', then I wish you the best of luck.  But count me out.  It's a line I refuse to cross.

SHA256 is not particularly susceptible to being broken by quantum computers, and will remain safe for decades more at least. It is elliptic curve multiplication which is the concern.

Let's consider the case of a hardware wallet which is found to have a critical vulnerability which makes having your coins being stolen from it trivial. What should the manufacturer do? Alert everyone who owns one, roll out a patch to fix it, and encourage everyone to upgrade to the new version. However, they should absolutely not remotely brick your device or exploit the vulnerability themselves to burn your coins.

Any hardware wallet manufacturer which was found to be burning users' coins would be shunned by the community and see their business collapse. Why should we want a similar situation with bitcoin itself?

its quite interesting when people talk about quantum supercomputer and they said those days bitcoin will never be mining again. well the community its already bigger if there is nothing special in quantum supercomputer and giving more benefir like crypto i dont its gonna bother crypto community .

Hmm, then I guess though we do have agreements on most issues, we'll be on the opposite sides regarding this. My take is that the unusual circumstances of this warrants the need to violate certain tenets of Bitcoin, for the betterment of the community at the very least.

Would it be possible for it to be implemented in a trustless manner on the protocol level. Doing something like this requires the user to expose their seeds and subsequently the private keys to someone, it wouldn't work if it is to be implemented on the network.

In some point bitcoin will have to upgrade to a better sha hashing, that's the only way to secure the coins from quantum computers, right now bitcoin uses sha 256, but already exist sha512, which could be a good solution and a really hard to vuln by a super computer. 

I don't know how long it will take this migration, but it could come at any moment with a hard fork if the network gets vulned.

Then let them be stolen. I would rather they were stolen and dumped on the market because the owner did not look after them properly, then the devs/miners/community step in and said "Well, if you aren't going to look after your coins properly then you won't be allowed to use them." The first will dump the price, sure, but it doesn't affect the fundamentals of bitcoin, and the price will recover. The latter changes the very nature of bitcoin. You can no longer "be your own bank" if the community can decide that that is simply a privilege they can deny, rather than right of every bitcoin user.

The only option I can imagine being comfortable with at the moment is one where the coins are locked, but proof of ownership of the original keys allows the true owner to unlock and use them again. For reused addresses this could be possible by demonstrating knowledge of the seed phrase which generated the relevant private key(s). Since seed phrase to private key uses hash functions and not elliptic curve multiplication, it is not particularly vulnerable to quantum computers. This does not solve the problem for P2PK coins, though.

I believe that such fears are, firstly, premature, and secondly, it is strange to think that the resource of such a computer will be aimed at mining anything, since this is most often government investment and most often it is fundamental research aimed at space or similar serious areas. It is unlikely that blockchain will somehow interest them. This is my opinion, maybe I'm wrong.

There is no reason to be worried about this, when those computers finally become a reality the developers are going to ask people to upgrade to an algorithm that is resistant to quantum attacks and move their coins to those kind of addresses, this will probably require a hardfork and everything will be fine, however there will be an interesting consequence of all of this and that is this will show us which coins are simply not moving and which ones are actually lost.

I'd go a step further and say it goes completely against the principles of the network.  I tend not to think of it as a choice, because it would be an immoral act to me.

If I said "these seemingly vacant houses don't look secure enough, so, even though we have no claim to them, we should all agree to burn them to the ground to make sure no one can steal them", clearly no one would accept that.  So why would it be acceptable to do that to bitcoins?  It's the owners' responsibility to secure their own property.  We have no say in the matter.

True, I suppose. You'd imagine (and there are certainly stories reported of such instances) that plenty of people had coins in the early days, and then just forgot about them, lost access etc... because it wasn't a big deal until years later when the price increased so dramatically. But as for actual numbers and proof, no. Perhaps common opinion is an overestimate.


Yes, I'm uncomfortable with the burning option, too.
My understanding on this subject is much more from the quantum mechanical side than from the bitcoin side. I know comparatively little about cryptography, so perhaps it's not as black and white as I've outlined, and some more palatable third option will become apparent.

Indeed, its a moral dilemma but either of the solution will make sense.

However, if it reaches that point; it gets easy enough to attack ECDSA within a reasonable period of time and with a good cost/benefit ratio , your coins would be stolen anyways. Either you prevent people from stealing Bitcoins or you allow people to steal those Bitcoins and potentially ruin Bitcoin as a whole, eitherways the Bitcoins would probably be stolen/made inaccessible somewhere in the future. Is Bitcoin still really worth X, if 2 million coins (potentially more as we near that phase) can be siphoned from those addresses at will?  Moving to a quantum-resistant algorithm can be done years before it becomes feasible, thus giving those people a few years to recover those coins before finally switching to that algorithm completely. Great thing is: you can choose to support either of this forks in the future and choose which side you would side on.

IMO, it doesn't really reflect anything negative on Bitcoin. Locking those coins probably doesn't benefit anyone and the issue at hand is quite obvious, any decision made can be quite justifiable.

We have no proof that any coin is actually "lost" though, unless it has been provably burned. There were coins which haven't moved since 2009 which many would have assumed were "lost", until a signed message from dozens of addresses calling CSW a fraud showed up last year.

I am deeply uncomfortable with the idea of the network agreeing to a fork which burns or otherwise locks coins which don't belong to us. I understand the situation with potentially 2 million coins being vulnerable to being stolen and dumped, which would undoubtedly have a major impact on the price, but I think the alternative is worse. It sets a terrible precedent that in the future your coins can be seized against your will. It threatens the very nature of bitcoin.

It's not something that you should be very concerned about right now. It's going to take maybe another decade or so before we actually get a perfect quantum computer that will be accessible to all. Though yeah, we should be a little concerned. But I am pretty much sure we all will come up with something that will help us to mitigate the threat.
Even though it won't be publicly available, lets say IBM or some others that are working on super computers decides to break the bitcoin system, it's going to be a huge chaos.
And I don't think we should underestimate and say thing like "it won't be able to make a dent". It may. Even its existence might make a dent.

I think the simple answer is when the maker of quantum computer outwits the developer of Bitcoin.  Do you ever think that Bitcoin development is never stuck?  When there is threat on the Bitcoin security, developer create patches and even do hard fork in order to prevent that threat on bridging the Bitcoin network.  So we won't be facing this problem as long as the Bitcoin security is up to date.

The theory of quantum supercomputers is possible but the question is for how much price you can own a quantum supercomputer. Is this going to be available for everyone in the world? and the value of money it costs to create a quantum supercomputer is important too. Considering all the conditions and questions I said above, currently we are really far from seeing a quantum supercomputer being a threat for bitcoin and the cryotocurrency world. At lest that's what we know.

Yes, potentially. There's a distinction to be made between

• post-quantum cryptography, which uses 'normal' classical computers to build defences from quantum attack, and
• quantum cryptography, which exploits the laws of quantum mechanics to build defences.

Most current work is in post-quantum cryptography. This is where the early quantum-proof bitcoin solutions will come from.

Quantum cryptography is more of a future solution. The possibilities are exciting. Because any act of measurement causes the wave function to collapse, then there is the possibility of absolute security based on immutable laws of physics.

If you know the timeline of how computers become smaller then you can probably assume that it can also be the time that quantum computer will become available for public use, of course it depends because there is a stagnattion period in innovation sometimes but we know that we are making progress in the realm of quantum computing.