Topic: I don't believe Quantum Computing will ever threaten Bitcoin - page 4. (Read 5476 times)

there already exist several working ones ( google sycamore, D-wave, IBM Q...) and they are continuously being improved. Companies like D-wave succeeded in using quantum computing to solves real-world problems such as minimizing error in a voice recognition system, controlling risk in a financial portfolio, or reducing energy loss in an electrical grid. source

also, leading countries from all over the world are investing insane amounts of money in quantum computing research for obvious reasons to get their hands on this new monster.

IBM is already offering free limited access to their systems, you can now create an account and try your quantum circuits and run them on their quantum computers plus they are offering step by step guides and tutorials.

I don't believe anymore that quantum computing exists. It looks more like a fancy showdown to scare people.

-------------------------------------
What exactly are the dangers of quantum computing?
It's very simple.
I'm talking about the global, the danger to a lot of people, not to private cases.

All protection protocols, I'm talking about cryptographic methods of protection, built on a principle:
1. Asymmetric cryptography is the first step in any protocol to agree on a common session key for symmetric cryptography.
2. The second step is symmetric cryptography encryption, where secrets are encrypted securely (AES).

Why is a quantum computer dangerous today that will work far tomorrow?

Because all of our encrypted messages are stored.
Details:
- those encryptions that are very interesting - stored many times, it's communication between interesting and big people of our time;
- all other messages are also stored, just in case, they can be interesting, probably.

Now how quantum cheaters will work:
1) they will only crack the first stage of the encryption protocol - only asymmetric cryptography, where the shared session encryption key was encrypted. That's it.
2) They use the resulting key to quietly read the AES cipher, the second step of the encryption protocol.

And now, everything falls into place: AES-256, the symmetric system, is not cracked, and RSA (with any length of key) or ECC (with any length of key), the asymmetric system is cracked without a doubt, even by very weak, first quantum computers.

That's why everyone is so concerned, that's why post quantum asymmetric encryption systems are already needed.

Yes, not all people encrypt good messages, there are so many that lead two lives at once and one of those lives is very bad.
But the bad thing is to read and decide what's bad and what's good will be guys with the same questionable reputation as the first ones.

Here is the real vulnerability of all the key encryption methods: everything secret, sooner or later, becomes known and not secret.

This vulnerability is completely devoid of new keyless encryption systems.

Re: I don't believe Quantum Computing will ever threaten Bitcoin

"Exciting times" brings to mind the Chinese curse of living in interesting times.

Lost coins on the chain will indeed be vulnerable to QCs as these are the ones that won't be moved to quantum-safe addresses following a bitcoin upgrade. Making these coins available for theft by QCs could be terrible for bitcoin's price, but more so for faith in crypto as a whole, similarly if anything not moved was burned to prevent theft by QCs. There's no easy answer here.

The development of "second generation quantum computers" will bring the most exciting times, hashing will be history. We will make all "lost" coins active.

There has been a potentially important advance in qubit stability, published yesterday in Nature.

Anyone with a passing interest knows that maintaining the qubit state is a big problem in quantum computing. The quantum system is quite fragile, and any interaction with the wider environment can cause the state to decohere (decoherence meaning not actual wave function collapse, but rather the leaking of information across the boundary between the quantum system and its surroundings).

There have been various attempts in the past to increase stability, some (such as magnetic containment) being more successful than others.

The new experiment from the University of New South Wales uses quantum dots rather than normal silicon atoms, and they've built artificial atoms around these quantum dots - it's this approach that has increased the stability hugely.

The problem with 'traditional' (I say traditional, but really QC is all quite new!) devices built on silicon atoms is that there are always atomic imperfections, which disrupt the qubits and lead to a high chance of decoherence. This new experiment removes the atomic nucleus entirely, and instead applies a voltage to pull in spare electrons to orbit the dot. This is then repeated until the inner electron shells have formed. So instead of a normal atom, with a nucleus surrounded by spherical electron shells, you end up with a quantum dot surrounded by flat 2D circular electron shells. So they are mimicking the atomic structure but doing away with the messy nuclear stuff so it's essentially just clean shells around the dot.

This done, the key step is to build up the complete inner shells and then add one more electron to the next outer shell. This is a bit like painting multiple coats on a wall, you build up the thickness to smooth everything out. Complete shells always sum to zero, but the added electron in the incomplete outer shell can be used for the spin measurement for the qubit.

Basically it's a variant of the standard approach that removes the problem of atomic imperfections, and then improves stability further by building complete orbital electron shells beneath the final electron.

Apologies if this is either too technical or not technical enough, it's difficult to strike a balance, and as always with QC it can be a challenge to make sure you've understood everything correctly - I think I have, but please let me know if I've made some false connections here.

Anyway, it's an interesting approach and could end up being quite an important marker on the road towards stable large-scale QC production.

----------------------
How cryptanalysis works, especially against asymmetric encryption systems, will not be written to you on the Internet, let alone on Wikipedia.  It's a mystery that cryptanalysis is all about.

The life and work of cryptoanalysts is classified. Even their family doesn't know what they do, the results of their work are so important.

If they did not work well, asymmetric cryptography would be solved for serious questions. But it's not allowed.

Why is that?

Because it's used by those in power, and it's not written on public bulletin boards.

So stage 0 is kind of a pre-cursor to a quantum internet, where the only quantum activity is undertaken by the ISP. The quantum cryptographic key is created, but the ISP is like a trusted node. This stage is already live in parts of China.

In stage 1 the quantum key is generated by the sender, so it is truly encrypted, with no middle-man. This has already been tested successfully as I mentioned above with Micius (China again).

I am happy to concede that there is a huge amount of work required to progress to the end of the roadmap, quantum repeaters being just one example, but the direction of travel is encouraging.

A functioning and useful quantum internet won't need a massive expensive multi-qubit quantum computer in every home at all, but simply a means of transmitting and receiving quantum information. IBM has already had a simple quantum computer in the cloud since 2016.


[/quote]
----------------------
Yes, I agree with your conclusions, it's all true.
But this is good for the part of the network that is far from the end user, the backbone part of the network.
In this part of the network, indeed, any change in information will be impossible.

I am for progress, for everything technological, especially when the laws of physics are the basis of these innovations.
But I draw conclusions, I watch intentions diverge from reality.
How loud promises actually turn into advertising tricks.

Let's find out where we are most often attacked? As of today.  Among other things, I am talking about the most dangerous attack - the "man in the middle" technology. 
Most often it is not carried out on a segment of the network remote from us.
I think that from what I have learned, the most common places to attack are those that are close to the user: routers, other network access points, the end devices themselves.

None of these threats aimed at the end user, at the specified attack points, the quantum (photon) Internet offered to us - does not solve anything.

Modern protocols, based on modern cryptography, provide everything you expect from the "quantum Internet", except one thing - discreet copying of information, eavesdropping on your channel.

But this danger is solved by reliable cryptography, methods that are simpler and smarter than the mass of new equipment for the transmission of linked photons (quantum Internet).

If you are subject to a competent attack, information, any, before the Internet, before encryption, will be stolen invisibly directly from your devices, not from the backbone networks of the Internet.
All scammers and criminals working for governments are looking for easy ways to get information.

For example, fresh information, all Samsung devices are secretly spying on their users, on the government of China, not the government of South Korea. You see what a serious approach to espionage is. How will the quantum internet save you?

I think that all such technologies, except the quantum computer, are of scientific interest and will only be prepared for commercial success.

We need a good secret communication channel, which should be protected by post quantum cryptography. Cheap, reliable, affordable way.

We also know how to calculate it
https://en.wikipedia.org/wiki/Shor's_algorithm
but we don't have the device. Not yet, but soon, this decade.

A quantum internet (with its unhackable absolute security) isn't a complete replacement for the internet we have now, in the same way that quantum computers aren't a replacement for classical computers.

The team at Delft whom I've referenced before have devised a six-stage roadmap (below). A quantum internet can be built incrementally on top of what we already have, with different levels of functionality at each stage.


So stage 0 is kind of a pre-cursor to a quantum internet, where the only quantum activity is undertaken by the ISP. The quantum cryptographic key is created, but the ISP is like a trusted node. This stage is already live in parts of China.

In stage 1 the quantum key is generated by the sender, so it is truly encrypted, with no middle-man. This has already been tested successfully as I mentioned above with Micius (China again).

I am happy to concede that there is a huge amount of work required to progress to the end of the roadmap, quantum repeaters being just one example, but the direction of travel is encouraging.

A functioning and useful quantum internet won't need a massive expensive multi-qubit quantum computer in every home at all, but simply a means of transmitting and receiving quantum information. IBM has already had a simple quantum computer in the cloud since 2016.

Sign the message "i no money" with said key as proof of knowledge, or take your scam elsewhere.

----------------------
Transmission from one chip to another is quantum entanglement, it's always the transmission of photons.
They transfer photons between chips.
At a very, very short distance, it seems to be within a centimeter. It's a normal waveguide. That's it.
 
It's a path to the photonic Internet, not quantum networks. No one's dealing with quanta networks. It's a mix-up.
They're dealing with quantum states of photons. It's technology of the future, but not ours.
Hardly anyone would make you give up your favorite smartphone with a wi-fi or 3.4.5.6G internet and sit behind a stationary device.

Without post quantum mathematical (not quantum) cryptography, which encrypts on an ordinary smartphone, computer (not a quantum computer), no one will do. No ordinary user, no VIP.

It's just science. It won't make the world safe, even if it works tomorrow.
We're being given another illusion.
These successful experiments are needed for secure communication between government and large corporations.

What do you and I need it for?
A network based on ordinary light rays, photons of light?

It's a mistaken and commercial distortion of reality to call it "quantum networks". It sounds beautiful, but it's not true, it's expensive and stupid.

23 December: The first demonstration of chip-to-chip quantum teleportation has been achieved.

A team at Bristol University have been able to use quantum entanglement to transmit information (4 qubits) between two silicon computer chips, and they have achieved fidelity of 91%, which is very encouraging. Even more encouraging, the functionality that was demonstrated included entanglement swapping and four-photon Greenberger-Horne-Zeilinger entanglement, which are important requirements for the establishment of future quantum networks.

This is the instant, fundamentally unhackable data transfer that I've mentioned in previous posts (see here for a very simple overview of how entanglement works). There is no reliance on the esoteric cryptographic protocols of PQC that may or may not be broken in future, but rather a simpler dependency on the basic laws of quantum mechanics.

Admittedly the experiment was done with expensive specialised equipment, but it is early days, and there is no reason in theory why in future quantum cryptography using entanglement can't become a secure communications standard used by everyday users on cheap, mass-produced hardware.

---------------------
Dear opponent!
This is the first qualitative version of the discussion with my participation.  I am very pleased that there are interesting interlocutors on this business cryptographic platform.

When I wrote my posts on this topic, I thought that superficial knowledge was more successful than deeper knowledge.

But after reading your post, I realized that I was wrong.

But you know, I read a lot of opinions on "what cryptography we will need".

Of course, quantum cryptography is a technical, scientific, technological step forward. Although, in fact, nothing new is observed from the knowledge that we had 40 years ago.

Let me tell you something else.  Quantum cryptography, not only in my opinion, is it a big, powerful mechanism that needs to lift a big load. Simple, not tricky, the engineer's reasoning is this:
- if the load is 10 times heavier, then you need a crane 10 times more powerful. Scrap against scrap. It works. It's convincing. But it's not exactly an engineering approach, I think. It's force versus force.

I'm a supporter of beautiful engineering, I'm a supporter of ingenuity and cunning, intelligence and innovation - and against brute force.

For this reason, I don't like the solution of the problem with quantum cryptography, but I'd really like the solution with post quantum mathematical, logical, unusual solutions.

No matter how actively quantum encryption methods are developed, if a solution is found in the direction of post quantum (mathematical) cryptography, this solution will be cheaper, simpler, more elegant, more attractive, and will have a much greater commercial success than physical quantum cryptography.

Especially since quantum methods (actually old photonic systems, but words are always ahead of the curve, it's the golden law of advertising) plan to be used as a transport protocol, not as encryption itself.
Or as an encryption key exchange system for reliable mathematical symmetric encryption systems.
As a replacement for cryptography with a pair of open and private keys.
No more than that.
Especially since quantum cryptography is ABSOLUTELY not protected from information theft. It simply informs the recipient how much information is lost, but does not protect against theft!!!

Unlike some post quantum (mathematical) encryption systems.

Weighing all of the above, I am in favor of a future dominated by post quantum cryptographic systems, not quantum cryptography.
 
Otherwise, it is the surrender of progressive human thought to brute physical force.

And if you look even deeper, I am a supporter of new geometric principles of encryption, without a key, and principles of new authentication without a password.
It's my theme:
https://bitcointalksearch.org/topic/keyless-encryption-and-passwordless-authentication-5204368.
и
https://bitcointalksearch.org/topic/how-long-will-existing-encryption-last-5209297   

I agree, and I'm well aware of the distinction. Post-quantum cryptography and quantum cryptography are completely different things. It's unfortunate that they have such similar names!


Not sure I agree with this point. I would contend, as I have previously, that work in quantum cryptography is progressing at pace and whilst there are technical issues to overcome, it does potentially offer a fundamentally unhackable solution to quantum attacks, and one which can be used in the mainstream. Having said that, of course post-quantum cryptography is hugely important as well, and work is progressing there, too. There's no need to focus on just the one approach, though, and dismiss the other.


I think we agree, but are coming at this from different angles. An increase in key length is trivial to overcome if we're talking about asymmetric cryptography, where a quantum computer can apply Shor's algorithm. But as you state below, AES-256 is symmetric.


AES-256 security may be fine currently, it may be resistant to the best current attack (Grover search), but that's my point. Quantum cryptography uses the laws of quantum mechanics to make a system absolutely unhackable for all time, whereas post-quantum cryptography makes a system secure against current attacks, with no guarantee of security against future technology or future algorithms.

If AES-256 can beat Grover, what about other approaches? Quantum Square Attacks? Biclique Attacks? How about all mathematical attacks that haven't yet been devised?

I'm being flippant, and I do agree that there is certainly a chance that a post-quantum cryptography solution will remain forever secure, but we can't know for certain. My point is merely that we should investigate both quantum cryptography and post-quantum cryptography. It seems wasteful to focus solely on one approach.

I value the discussion immensely, by the way - thank you

----------------------
In my opinion, post quantum cryptography should not be confused with cryptography based on the mutual relation of quantum states of photons.
Post-quantum cryptography uses mathematical coding methods.
Physical laws of the quantum world are used in quantum cryptography.

Post quantum systems, most of them, were developed 10-20 years ago. Some of them are new, developed recently. But they're all based on mathematics.

They should not be confused with related quantum states, it's a completely different approach to the problem.

We are not interested in quantum cryptography, it is not our level, it is not intended for ordinary users.
And it's not even planned for us.

It's post quantum mathematical cryptography that we are planning.

You are very mistaken about the length of the key if you think that a quantum computer can solve the problem of a complete search for a key only 256 bits long. No quantum computer can do that. That's why the AES-256 remains a post quantum system.

If cryptography on elliptical curves, as well as any other cryptography with a public and private key was reliable, and everything depended only on the length of the key, then no search for post quantum systems would be done by mankind.

Moreover, a large number of cryptographic systems that were candidates for post quantum encryption systems were not cracked by quantum computers, but by good old cryptanalysis, mathematical methods.

The key which is not broken by full search in system AES length 256 bits - corresponds to a key 15300-16400 bits in system RSA. If it were only for the speed of quantum computing, you could use an RSA with a key length of 16400 bits or more, or cryptography on elliptical curves (ECC) with a length of 512 bits.

Instead, AES-256 with only 256 bits of key is definitely left (it's a symmetric system), but all our asymmetric systems (including RSA and ECC) are not.

Moreover, for serious secrets 5 years ago they were forbidden to use, this is only what has already leaked to the press.
Neither ECC, nor RSA have ever been used in serious cases 10 years ago.
Details here, post dated December 04, see:
https://bitcointalksearch.org/topic/keyless-encryption-and-passwordless-authentication-5204368.

Therefore, there is only one conclusion - all modern asymmetric systems with a pair of public and private keys - do not fit with any length of the key precisely because they are weak, but the details of this circumstance are not specified and few people know.

No, it's not. QC processing power increases exponentially with each new qubit. This is why scaling up a QC can produce such phenomenal power.
Where a classical computer with 'n' bits can represent 'n' states, a quantum computer can represent (2ⁿ) states.
So as we increase complexity, the number of states that can be represented are as follows:
Classical: 1,2,3,4,5,6,7,8 etc
Quantum: 1,2,4,8,16,32,64,128 etc.


Yes, there is. A QC can use Shor's algorithm to break ECC.

There is a lot of good work being done in post-quantum cryptography, as we've covered previously:


... and I do think that many of these approaches look promising. My main concern is that post-quantum-cryptography solutions are based merely on being very difficult to hack, whereas quantum-cryptography is in theory fundamentally unhackable due to the immutable physical laws of quantum mechanics.

----------------------------------------------
It's the complexity of machine translation, all attacks are illegal, that's right.

Including attacks on cryptography using quantum computing (using a quantum computer).

And by "more dangerous" attacks, I mean exploiting for criminal purposes the weaknesses of cryptography itself on elliptic curves.

I don't understand it, why one part of people consider it reliable, and officials of special organizations categorically prohibit its use.

I do not understand why there is one cryptography for all of us, it is like household cryptography, and why there is another cryptography for special organizations and government agencies.

I don't understand why for so many years, long before the quantum computer was going to be built, so many serious people and organizations around the world are looking for a replacement for existing encryption methods.

After all, from an attack with quantum computing, it is enough to simply increase the length of the key.

After all the key in AES 256 bits long is not afraid of quantum computers (it is left as a working mechanism on post quantum period) because the method of encryption itself is very successful.

And cryptography on elliptical curves with any key length is not suitable.
And that's with the fact that the key length of even 512,000 bits or more - post quantum cryptography suits everyone!!!

So there's something wrong with ECC?

I agree there are other bigger threats to Bitcoin than quantum computing but what are you hinting to when you say "illegal attacks"?