Topic: how many more years our bitcoins will be save from quantum supercomputer (Read 542 times)

Yeah. I get your point, even from the first analogy. There would definitely be a certain degree of collateral damage. Just to provide a more thorough discussion; I'm only as qualified to give my own opinions but nothing that technical or something that evaluates all of the variables. Here's a discussion that I once participated (closely followed rather) and pretty much conveys my take on this issue: https://bitcointalksearch.org/topic/theymos-bitcoins-belonging-to-satoshi-should-be-destroyed-1469099.

Then why should the network remotely "brick" someone's coins by moving to an algorithm which prevents them being spent?

Here's another analogy. Let's say the company who make the locks on my doors release a new lock because the old one is defective. If I fail to replace my locks, should the company come to my house and burn all my belongings, because "Well, they were going to be stolen anyway"?

Just because coins haven't moved doesn't mean they are lost, and quantum computing is not suddenly going to hack all two million vulnerable coins at once. They will slowly trickle back in to circulation over a long period of time, meaning if we set a date to inactivate elliptic curve keys, then we will certainly be depriving some users of their coins. They could be in prison, be under house arrest, be unable to leave a country to reach their wallets/seed phrases, etc. Perhaps their bitcoin is locked in a trust for their descendents. Perhaps they had an inheritance plan to release it when their child reaches their 21st birthday. Perhaps there is a timelocked transaction waiting to be broadcast. The possibilities are endless.

I don't think the scale of that would be to the tune of 2 million Bitcoins. Of course you should not remotely brick any device, that is absurd and absolutely immoral. I also don't think the million(?) Bitcoins that Satoshi holds (and presumably never be circulated again) would be in any hardware wallets or generated by it. It is safe to assume that most users do still have access to their hardware wallets and that is up to them to move their own coins, so I agree on the HW wallet scenario with you. I find the QC issue something that is more complex than this and no change (CMIIW) would save ECDSA keys from being vulnerable. My idea would be to have the network switch to a new algorithm and plan a fairly long road map to completely deprecate those ECDSA bound keys. Something like this could be planned when QCs capable of doing this feasibly (and also cost effectively) is on the horizon (probably 10-20 years before), well of course in the meantime convince people to switch to QC resistant signatures by discouraging them from using ECDSA keys.

Of course, violating that very rule of Bitcoin sounds completely absurd, I'll be very honest with you. I maintain that burning them is still a possibility as the impact could possibly hurt Bitcoin economically and IMO both of them have valid points.


You do. I respect both sides of the camp, that is why I believe that it is a moral dilemma.

For the record: https://www.reddit.com/r/Bitcoin/comments/4isxjr/petition_to_protect_satoshis_coins/d30we6f/.

It is definitely an unpopular opinion and I rest my case.

Then you'll have to split the network to do it.  I guarantee you I won't be on that fork.  If you think "betterment of the community" means forming a new one of your own with a different ethos around what constitutes 'ownership', then I wish you the best of luck.  But count me out.  It's a line I refuse to cross.

SHA256 is not particularly susceptible to being broken by quantum computers, and will remain safe for decades more at least. It is elliptic curve multiplication which is the concern.

Let's consider the case of a hardware wallet which is found to have a critical vulnerability which makes having your coins being stolen from it trivial. What should the manufacturer do? Alert everyone who owns one, roll out a patch to fix it, and encourage everyone to upgrade to the new version. However, they should absolutely not remotely brick your device or exploit the vulnerability themselves to burn your coins.

Any hardware wallet manufacturer which was found to be burning users' coins would be shunned by the community and see their business collapse. Why should we want a similar situation with bitcoin itself?

its quite interesting when people talk about quantum supercomputer and they said those days bitcoin will never be mining again. well the community its already bigger if there is nothing special in quantum supercomputer and giving more benefir like crypto i dont its gonna bother crypto community .

Hmm, then I guess though we do have agreements on most issues, we'll be on the opposite sides regarding this. My take is that the unusual circumstances of this warrants the need to violate certain tenets of Bitcoin, for the betterment of the community at the very least.

Would it be possible for it to be implemented in a trustless manner on the protocol level. Doing something like this requires the user to expose their seeds and subsequently the private keys to someone, it wouldn't work if it is to be implemented on the network.

In some point bitcoin will have to upgrade to a better sha hashing, that's the only way to secure the coins from quantum computers, right now bitcoin uses sha 256, but already exist sha512, which could be a good solution and a really hard to vuln by a super computer. 

I don't know how long it will take this migration, but it could come at any moment with a hard fork if the network gets vulned.

Then let them be stolen. I would rather they were stolen and dumped on the market because the owner did not look after them properly, then the devs/miners/community step in and said "Well, if you aren't going to look after your coins properly then you won't be allowed to use them." The first will dump the price, sure, but it doesn't affect the fundamentals of bitcoin, and the price will recover. The latter changes the very nature of bitcoin. You can no longer "be your own bank" if the community can decide that that is simply a privilege they can deny, rather than right of every bitcoin user.

The only option I can imagine being comfortable with at the moment is one where the coins are locked, but proof of ownership of the original keys allows the true owner to unlock and use them again. For reused addresses this could be possible by demonstrating knowledge of the seed phrase which generated the relevant private key(s). Since seed phrase to private key uses hash functions and not elliptic curve multiplication, it is not particularly vulnerable to quantum computers. This does not solve the problem for P2PK coins, though.

I believe that such fears are, firstly, premature, and secondly, it is strange to think that the resource of such a computer will be aimed at mining anything, since this is most often government investment and most often it is fundamental research aimed at space or similar serious areas. It is unlikely that blockchain will somehow interest them. This is my opinion, maybe I'm wrong.

There is no reason to be worried about this, when those computers finally become a reality the developers are going to ask people to upgrade to an algorithm that is resistant to quantum attacks and move their coins to those kind of addresses, this will probably require a hardfork and everything will be fine, however there will be an interesting consequence of all of this and that is this will show us which coins are simply not moving and which ones are actually lost.

I'd go a step further and say it goes completely against the principles of the network.  I tend not to think of it as a choice, because it would be an immoral act to me.

If I said "these seemingly vacant houses don't look secure enough, so, even though we have no claim to them, we should all agree to burn them to the ground to make sure no one can steal them", clearly no one would accept that.  So why would it be acceptable to do that to bitcoins?  It's the owners' responsibility to secure their own property.  We have no say in the matter.

True, I suppose. You'd imagine (and there are certainly stories reported of such instances) that plenty of people had coins in the early days, and then just forgot about them, lost access etc... because it wasn't a big deal until years later when the price increased so dramatically. But as for actual numbers and proof, no. Perhaps common opinion is an overestimate.


Yes, I'm uncomfortable with the burning option, too.
My understanding on this subject is much more from the quantum mechanical side than from the bitcoin side. I know comparatively little about cryptography, so perhaps it's not as black and white as I've outlined, and some more palatable third option will become apparent.

Indeed, its a moral dilemma but either of the solution will make sense.

However, if it reaches that point; it gets easy enough to attack ECDSA within a reasonable period of time and with a good cost/benefit ratio , your coins would be stolen anyways. Either you prevent people from stealing Bitcoins or you allow people to steal those Bitcoins and potentially ruin Bitcoin as a whole, eitherways the Bitcoins would probably be stolen/made inaccessible somewhere in the future. Is Bitcoin still really worth X, if 2 million coins (potentially more as we near that phase) can be siphoned from those addresses at will?  Moving to a quantum-resistant algorithm can be done years before it becomes feasible, thus giving those people a few years to recover those coins before finally switching to that algorithm completely. Great thing is: you can choose to support either of this forks in the future and choose which side you would side on.

IMO, it doesn't really reflect anything negative on Bitcoin. Locking those coins probably doesn't benefit anyone and the issue at hand is quite obvious, any decision made can be quite justifiable.

We have no proof that any coin is actually "lost" though, unless it has been provably burned. There were coins which haven't moved since 2009 which many would have assumed were "lost", until a signed message from dozens of addresses calling CSW a fraud showed up last year.

I am deeply uncomfortable with the idea of the network agreeing to a fork which burns or otherwise locks coins which don't belong to us. I understand the situation with potentially 2 million coins being vulnerable to being stolen and dumped, which would undoubtedly have a major impact on the price, but I think the alternative is worse. It sets a terrible precedent that in the future your coins can be seized against your will. It threatens the very nature of bitcoin.

It's not something that you should be very concerned about right now. It's going to take maybe another decade or so before we actually get a perfect quantum computer that will be accessible to all. Though yeah, we should be a little concerned. But I am pretty much sure we all will come up with something that will help us to mitigate the threat.
Even though it won't be publicly available, lets say IBM or some others that are working on super computers decides to break the bitcoin system, it's going to be a huge chaos.
And I don't think we should underestimate and say thing like "it won't be able to make a dent". It may. Even its existence might make a dent.

I think the simple answer is when the maker of quantum computer outwits the developer of Bitcoin.  Do you ever think that Bitcoin development is never stuck?  When there is threat on the Bitcoin security, developer create patches and even do hard fork in order to prevent that threat on bridging the Bitcoin network.  So we won't be facing this problem as long as the Bitcoin security is up to date.

The theory of quantum supercomputers is possible but the question is for how much price you can own a quantum supercomputer. Is this going to be available for everyone in the world? and the value of money it costs to create a quantum supercomputer is important too. Considering all the conditions and questions I said above, currently we are really far from seeing a quantum supercomputer being a threat for bitcoin and the cryotocurrency world. At lest that's what we know.

Yes, potentially. There's a distinction to be made between

• post-quantum cryptography, which uses 'normal' classical computers to build defences from quantum attack, and
• quantum cryptography, which exploits the laws of quantum mechanics to build defences.

Most current work is in post-quantum cryptography. This is where the early quantum-proof bitcoin solutions will come from.

Quantum cryptography is more of a future solution. The possibilities are exciting. Because any act of measurement causes the wave function to collapse, then there is the possibility of absolute security based on immutable laws of physics.

If you know the timeline of how computers become smaller then you can probably assume that it can also be the time that quantum computer will become available for public use, of course it depends because there is a stagnattion period in innovation sometimes but we know that we are making progress in the realm of quantum computing.

Potentially true, but the mining improvement is much smaller than we might anticipate. The biggest advantage of a QC is using Shor's algorithm to break asymmetric cryptography. This isn't an approach that can be used for mining - the QC advantage here would be that PoW can be exploited using Grover's algorithm. IIRC that's only an advantage over classical of a couple of orders of magnitude. Big, but not huge.

What I worry most is years of nosense talk of those fake quantum computers would make btc community so insensitive that no action would be taken when true threat arriving.

Quantum supre computers are the main challenges associated with bitcoin but i believein the near future, we will have some tech gurus using the saem computers that once served as challenges to compute to also become the major source of solutions to computers related challenges on the bitcoin network

This is certainly true for us as individuals right now... but there is a large quantity of bitcoin in reused addresses, and there are plenty of coins that are effectively lost. When bitcoin forks to deal with the quantum threat, all coins will need to be moved to new, quantum-safe addresses. Those that aren't moved or can't be moved can then be stolen by a QC running Shor. Admittedly we don't have QCs capable of this right now, but the field is advancing rapidly, and because of superposition and entanglement QC processing power scales 2^n, so if you go from say 9 qubits to 10, the capability doubles... which is quite counterintuitive from a classical perspective. I'm not trying to be alarmist, and there are certainly engineering challenges to overcome with larger QCs, particularly in maintaining coherence, but the time will come when we're forced into a choice of whether to burn any coins that aren't moved by a given date, or else leave them to be stolen. Neither option is great, and I assume both would be hugely contentious. Achieving a consensus on this would I'd imagine be quite a challenge.

As a side note, ignore DWave and similar. These are annealers rather than universal gate QCs; they have a specific use case, and won't be running Shor's alogrithm. DWave is not a threat to bitcoin.

If you're not an expert in this topic, then why do you assert that "QCs are nothing but FUD?"

1. You cannot protect outputs which requires an ECDSA signature to unlock. They are inherently vulnerable.

2. A successful attack will most likely not be detectable. Siphoning funds slowly from exposed addresses would be pretty much undetectable, given that people would go with the suspicion of a having malwares, etc and if the knowledge of a QC technology is concealed well enough, it could be quite a while before the community catches on.

Perfect opportunity to quote myself here because the question and topic of QC
comes up a lot on the forum and so all questions have been answered already.

Why try attack the network with a QC when you could HELP the network and mine
Bitcoin, your QC would out perform all others!

All the theories about quantum computers and Bitcoin are nothing but FUD...
Quantum computers are simply being used as a "scarecrow" by all the FUDsters and Bitcoin haters.
"Don't buy Bitcoin,because after X amount of years,a quantum computer will destroy the Bitcoin Core blockchain and your Bitcoins will be gone."This is the main narrative.
There are two things to be considered:
1.The Bitcoin Core blockchain is not static and can be/will be improved.
2.A potential successful attack will crash the Bitcoin price to unprecedented lows,which makes the attack unprofitable.
Two 2 factors make a possible quantum computer attack pointless.
By the way,I'm not an expert in this topic.

Bitcoin is way up ahead of supercomputers, if bitcoin can defeat most government policies that most countries are reversing their ban on it,I don't see how supercomputers can in any way hold it down,but rather it will bow to bitcoin like every other that have been against it ends up bowing

That’s not a thing to be worried about for now, because Quantum computers are not yet out and widely being used, for now. And when it comes out, it’s going to take a lot of years before you will start seeing them as you would a regular computer. And moreover, I have this feeling that by the time Quantum computers comes out there will be people who will still figure out a way to get pass all the problems that it brings with it.

And next, I don’t think there is going to be any problem except if it’s illegal in your country for anyone to be making use of cryptocurrency, that’s when you might be having such issues. And then from what I have understood, for anyone to do something to your coins with such a computer, they will need to have your address, that’s why it’s good to secure every bit of your information.

Quantum computers are already available, but not for personal use. And besides, those computers are not your conventional PCs that run on normal processors anyway, so the configuration and its possible application on computing as we know it will be entirely different. It will take decades before we even land on an age wherein quantum computers are readily available for personal use. And even then, we might have transitioned into an algorithm completely safe from quantum computing. There really isn't much of a threat when it comes to quantum computers and bitcoin IMO. Even when quantum computers are treated as PCs of today, I doubt people would even think of using those to mess with bitcoin.

the threat has not been proven until now, we can see several times bitcoin has problems that can destroy it but until now bitcoin is still there and continues to experience price increases from year to year. Bitcoin is not easily destroyed because if there is a serious problem, the community will not be silent and they will definitely do something to prevent the destruction of bitcoin.

I've never seen a flying car but quantum computers? Definitely.

Quantum computers are not conventional/classical computers and you can't measure it as such as they're not designed to function similarly. You're talking about qubits which has been successfully with quite a few QCs, from IBM, Google and DWave. We're more interested about specific application of it in the field, Shor's algorithm, Grover's algorithm for example. They are designed to work with quantum computers and would produce more efficient results. Quantum physics is a proven science.

It won't affect any of our crypto assets because we already see how those big names are now involved in this industry, they are not jokers they really mean it when they started their journey to hodl their first BTC. These people have their own personal investment advisers whom they can count in terms of this issue and they don't really count this quantum thing as a threat since we only have right now are mere theories and myths.

Bro it depends, I don't think someone can predict the actually or specific time all these can happen, anyone pronouncing time it will happen, I don't think it will be accurate in some extent.

computers and its parts are cheap now .
 is this not enough to  build a super computer ? maybe it isnt but thats a good news to btc users because the safety for our btc is extended but soon the time will come that computer and its parts are going to get more cheaper but before that happens i guess btc developers and its team will release a solution .
something that can make btc become more resistant to super computers and other deadly threats .

I am hearing about this quantum computer boogeyman for years and how it will destroy Bitcoin, there is even some cult like coins with only purpose to protect against imminent quantum attack that may never happen during their lifetime.
If Bitcoin is going to be affected by something like quantum computers than everything else will be affected including banks and almost every other electronic devices, so BTC will be the least of your worries.
If we look in distant future, maybe next 30 or 50 years we can say that Bitcoin forks are very likely to happen for various reasons and I would not be surprised to see one that will improve code and make it quantum resistant.
Problem with quantum computers is that they can only do one single task, they are not so smart as you may think and they are not even near mass production.

Your number is pretty low, in 5 years, I am pretty sure that it won't even be publicly available because it will be expensive and it will only be used for academic, scientific and military purposes. Plus, bitcoin's code and security is quite impervious so I don't think that quantum computer is going to be able to make a dent against it and if we ever come to a point where a vulnerability is discovered, they would probably do a hotfix.

Quantum supercomputers are the new flying cars.

Some say they will someday be a reality. But there is no evidence of it.

An 8 cylinder engine might produce 500 horsepower. A child might look at this and announce plans to build an 8,000 cylinder engine that produces 500,000 horsepower.

An intel core CPU might produce 500 giga flops on average on 64 bits. A child might look at this and announce they built a "quantum supercomputer" that runs on 64,000,000 bits producing 500,000,000 GFLOPs. In the case of announced quantum computers the actual result is far less than 500,000,000 GFLOP (as the technology doesn't scale).

If someone bothered to read some of the whitepapers on "achieving" quantum supremacy. This is the type of thing they might see. "Quantum supercomputers" with more than 100,000 bits that don't even run. Which in theory can produce astronomical levels of performance simply by scaling upwards.

The problem is not with quantum computers breaking a code. The problem lies in coding the existing software into a language understood by a quantum computer and then translating the results back from quantum data to binary.

If you could do it fast and easy then a quantum computer would already be a threat to every single encryption available in the world.

Don't you think that there are more important things for countries to protect from quantum hacking like missile launch codes, satellite controls and intelligence messages?

There are already core developers working on quantum cryptography to add as a layer to the bitcoin's blockchain. So no worries I think, I cant say I don't have any doubts about it tho.

Bitcoin uses the same cryptography that your bank uses, that the military and government uses and so on. So, theoretically it could do way worse than stealing your bitcoins. But cryptographers have developed quantum-resistant cryptography decades ago, so far it's not being widely adopted because it could be slower than the current standards, or not yet as tested as other algorithms. Eventually a new quantum-resistant will emerge, and I'm sure it will happen long before quantum computers will be a real threat.

You really shouldn't worry about such distant future and instead focus on securing your coins against malware or $5 wrench attacks.

true quantum computers need sub zero temperatures and in fixed locations with no vibrations or ambient sounds..
your not gonna have a desktop quantum.. sorry.. but no

the closest you will get from a home PC is 4gate transistor tech rather then native binary 2gate
but before thats even a thing they have to make the stuff and the chip firmware and then the operating system and then the software. so dont plan anything soon

as for how long..

quantum computers are great at problem solving things that are not binary.
things like 3d vectors and multidirectional rout planning.
putting a binary problem into a quantum computer where the solution and path to the solution need to follow binary rules for a binary commuter to then accept it as the solution. causes a quantum computer to not be able to have all its freedoms of dimensions/gate utility.

so all that ends up happening is it processes at 2x speed.
basically using one 'bit' which can represent 0123. instead of binary needing 2bits to represent 0123

so if you have a 32bit bitcoin mining asic chip
its like having a 16bit QC chip
so a ASIC with 100 chips.. is like 3200 bits

all in all.. dont worry too much. QC wont be replacing mining any time soon. or brute forcing bitcoin signatures

None of the replies actually answered your question.

Estimates puts it at after 2030, there could be a quantum computer that is capable to break an asymmetric cryptography, which is the ECDSA that Bitcoin uses. These are just purely estimate and currently, the highest known qubit count of a quantum computer is less than 100 (or somewhere thereof). You need more than 1200 qubits to be able to factorize it within a reasonable period of time and even that comes both in the huge cost of building one as well as running it. Bitcoin won't be the first to be attacked, it is just not profitable.

One of the few things banks do get right is their marketing spiel.  Just about every article on the internet regarding quantum computing and banking is a list of advantages and positive messages about all the benefits it will supposedly bring.  Conversely, just about every article with quantum computing and Bitcoin is the complete opposite.  Nothing but dire consequences and doomsday scenarios.  As a result, everyone seems to think the money in their bank is totally safe and that Bitcoin is somehow more vulnerable.  I've been in bank branches where staff have admitted they still use DOS-based applications, which are 30+ years old now.  Hell, I work in insurance, a financial services industry.  My company still uses DOS-based applications.  Let's stop pretending that banks are going to adapt to a change in technology more rapidly that we are.  The idea is laughable.

Before quantum computing would negatively affect the security of the Bitcoin network, it would have already successfully breached a lot of other industries and sectors, as Bitcoin has a far stronger security than most sectors.

So if we are imagining a futuristic scenario where technology has advanced to possibly breach the security of Bitcoin we should assume that all networks built on the internet has been potentially breached, including other assets or forms of storing wealth.

It's part of the shill that gets old already but they keep reviving because it's still working for newbies in Bitcoin. If it would really work, the government could have used it already to destroy Bitcoin market but nope, they sure aren't doing it and that is because it doesn't work.

Bitcoin now is the safe haven of the companies and rich individuals wanting to preserve their wealth, they can't stop it anymore.

There are even rumors that a fully-functional quantum computer has the capability of finishing all BTCs to be mined instead of waiting for the year 2140. I believe that someone out there are already building something for BTCs and other cryptocurrencies to be quantum resistant.

Quantum computers that can break the Bitcoin algorithm are years distant from now.Bitcoin price if you hold now until 2025 will make you rich as the value is expected to skyrocket.

Enough to make you crypto rich. Be sure of that.

"my short question is how long we will be calm that one day we will not wake up without anything" the answer from my point is that we will continue to sleep and wake up with the assurance that all coins will still be intact.

Quantum computers are not some magic device which will allow the owner of one to steal bitcoin at will.

The concerns regarding quantum computers are that they can theoretically provide an exponential speed up when considering the process of reversing elliptic curve multiplication, and therefore calculating a private key from a known public key. They can't just hack any given address or any given wallet.

Since the public key of your address is only revealed if you either chose to reveal it, sign a message from that address, or make a transaction from that address, then if you do none of these things, your bitcoin remain safe against quantum computing for decades more. What that means in practice is to simply to avoid address reuse. Do this and by the time quantum computing is a concern for you, we will have long ago moved to quantum resistant algorithms.

bitcoin has long been attacked by a new type of supercomputer, although supercomputers are looking for a thousand ways to destroy weaken and drop bitcoin, I believe they will not be able to, their efforts will definitely be in vain, because I believe bitcoin will be safe, up to 20 or so. The next 30 years ... maybe until I get old ...

When Bitcoin has rises, questions about threats from quantum computers appear. I am not expert and can not make a thesis to prove Bitcoin private keys are safe in many more years.

Experts say it is safe and I believe in them. I think if there are bigger threats from quantum computers, the Bitcoin developers can upgrade the Protocol with consensus from community.

In normal conditions, community can be separated but when threats come, they will reunited and make what needs to be done.

If we can buy quantum computers as a Personal computer then we can probably safely assume that our bitcoins is going to be not safe in terms of security but it will be difficult for quantum computer to brute force bitcoin no matter how fast we can imagine it.

Hello. Quantum supercomputers and other serious threats to bitcoin have been widely talked about lately. from what I read on the net it is clear that so far there is no problem, but .... my short question is how long we will be calm that one day we will not wake up without anything? 3-4-5 or how many more years? I will be glad to hear your opinions.