Topic: I don't believe Quantum Computing will ever threaten Bitcoin - page 7. (Read 5476 times)

Bitcoin can answer to a crack, that was done before with a rollerback, but some attack would be bad for the business could be a complete CAOS for a while.

Hope the guys in command knows what they are doing, IOTA for example was lunched as anti-Quntum Attack, hope bitcoin improve in time.

This topic has got me thinking.

We all know that Quantum Computing could significantly improve the power of computers. Imagine that you are using this technology to have multiple nodes/computers. Then having those various computers, maybe roughly the amount of "enough users" to accept a new software that probably coded a bug or an exploit. Would we ever arrive at the part where Bitcoin has already formed to the right software where it could prevent this type of attack? Could bitcoin also recover? I think if this is successful, more trust would be broken not just with Bitcoin, but with Cryptocurrencies in general. It is knowing that there are a lot of people who don't understand this type of subject matter.

Anyway, why believe that Quantum Computing will end Bitcoin? Why not help it?

Looking for the time that man takes to answer many times i would not be so positive, we never know what is being made secretly like USA Area 51 and so on...

Biggest project to hack cryptography in WW2 ENIGMA was something never thought by germans, but ENIGMA was cracked.

Looking for the way bitcoin works now and who makes decisions i would say maybe we are in danger, just look the time we start to talk about scalling and the time it really scalled (not yet).

Cracking bitcoin could be a good project for all governments to prove they are right about Bitcoin not be a good thing, and governments have a lot of resources!

A possible approach to deal with quantum threat would be a multi-tier encryption system. For small amounts (90% of the total) don't change anything, for medium amounts (9% of the total) use weaker and lighter Lamport signatures and for the rest use stronger and heavier Lamport signatures.

https://en.bitcoin.it/wiki/Quantum_computing_and_Bitcoin

We will have a quantum secure network. That is not an issue, but the 'shalecoins', coins with no owner, will become active. https://bitcointalksearch.org/topic/bitcoin-as-shalecoin-5134441

And that will be the most challenging thing. https://bitcointalksearch.org/topic/the-most-challenging-thing-5166180

Thanks cnut237! I was thinking of summarising the thread and what we have discussed in the reserve post I made but I decided to just include useful quotes and links which I would like to hear more about and more differing opinions on if possible. I have moved this to Bitcoin development & technical discussion hopefully finding a few new people who can expand on the on going discussion and hopefully provide new useful information.


I have done some research in this particular field of quantum physics myself and had come across Rajan and Matt Visser proposed idea of implementing a blockchain which relied on transaction records being represented by pairs of entangled photons which would be ordered in a chronological way. Their idea is very smart and by preventing quantum computers from using data in the Blockchain by removing previous photons is a very unique solution to the problem. However I am a little concerned that this complex blockchain would be too hard for the public to grasp and usability could be compromised. The most important thing with Bitcoin is getting people trusting the software and investing in it with a solution as complex as this you would need a quantum computing degree to even grasp it which could result in the loss of faith from the public due to the complexity of the Blockchain. Currently the Blockchain is fairly easy to understand and can be explained in a concise matter but with a entangled photons based blockchain this would be lost.

This is one of my major concerns about Bitcoin being adopted by the masses. Its not the potential security risks because they will be combated with various different techniques. Its the problem of making Bitcoin too hard to understand and therefore losing the trust of the general user.

Hi all  I thought I’d try to summarise Bitcoin's vulnerabilities to Quantum Computers, as well as some potential defences, and get it all in one post. Apologies for the wall of text, but hopefully it is useful...


Mining can potentially be much quicker with QCs.
The current PoW difficulty system can be exploited by a Quantum Computer using Grover’s algorithm to drastically reduce the number of computational steps required to solve the problem. The theorised advantage that a quantum computer (or parallelised QCs) have over classical computers is a couple of orders of magnitude, so ~x100 easier to mine. This isn’t necessarily a game-changer, as this QC speed advantage is likely to be some years away, by which time classical computers will surely have increased speed to reduce the QC advantage significantly. It is worth remembering that QCs aren’t going up against run-of-the-mill standard equipment here, but rather against the very fast ASICs that have been set up specifically for mining.

Re-used BTC addresses are 100% vulnerable to QCs.
Address Re-Use. Simply, any address that is re-used is 100% vulnerable because a QC can use Shor’s algorithm to break public-key cryptography. This is a quantum algorithm designed specifically to solve for prime factors. As with Grover’s algorithm, the key is in dramatically reducing the number of computational steps required to solve the problem. The upshot is that for any known public key, a QC can use Shor’s approach to derive the private key. The vulnerability cannot be overstated here. Any re-used address is utterly insecure.

Processed (accepted) transactions are theoretically somewhat vulnerable to QCs.
Theoretically possible because the QC can derive private keys from used addresses. In practice however processed transactions are likely to be quite secure as QCs would need to out-hash the network to double spend.

Unprocessed (pending) transactions are extremely vulnerable to QCs.
As above, a QC can derive a private key from a public key. So for any unprocessed transaction, a QC attacker can obtain the private key and then create their own transaction whilst offering a much higher fee, so that the attacker’s transaction gets onto the blockchain first, ahead of the genuine transaction. So block interval and QC speed are both crucial here – it all depends on whether or not the a QC can hack the key more quickly than the block is processed.


Possible defences...

Defences using classical computers.

• Modify the PoW system such that QCs don’t have any advantage over classical computers. Defending PoW is not as important as defending signatures (as above), because PoW is less vulnerable. However various approaches that can protect PoW against QCs are under development, such as Cuckoo Cycle, Momentum and Equihash.
• Modify the signature system to prevent easy derivation of private keys. Again, various approaches are under development, which use some pretty esoteric maths. There are hash-based approaches such as XMSS and SPHINCS, but more promising (as far as I can tell) are the lattice-based approaches such as Dilithium, which I think is already used by Komodo.
  

Defences using quantum computers.
As I’ve said a few times, I’m more of a bumbling enthusiast than an expert, but exploiting quantum properties to defend against QC attack seems to me a very good idea. In theory properties such as entanglement and the uncertainty principle can offer an unbreakable defence. Again, people are busy researching this area. There are some quite astonishing ideas out there, such as this one.


I’ll leave it there. Apologies for all the external links, but hopefully this has summarised a few things.

All mechanics made by human, bitcoin made by human, Quantum computers made by human. Human can made, so human can destroy it, adjust it, improve it to make its stronger. If someday, Quantum computers become really dangerous to bitcoin, then bitcoin core developers will do find ways to improve bitcoin source codes, and strengthen protective mechanism of bitcoin network to potential attacks from Quantum computers.
Governments, I don't think we should over worry about governements. The history of bitcoin and crypto currencies show that bitcoin made by a man/ woman, foundation/ company, whatever, but it was definitely not made by government(s). My implication is governments are always falling farther behind bitcoin core developers, and crypto developers. They just want to use their power, legal power to control crypto currency world, but they will not completely reach their purposes. Addtiionally, governments are greedy to learn blockchain technology from @Satoshi Nakamoto, bitcoin core developers, and other crypto developers.

I definitely agree with you that there will only be a few wealthy individuals that will have access to quantum computers and although I think its a good example that Mark Z would be a competitor against Bitcoin I think its fairly unrealistic in reality. Mark already has the marketing power and exposure that he needs for Libra and Bitcoin really isn't competing against him in that way. The only similarities they share is its a digital currency but as far as I know Libra isn't generated using encryption techniques and therefore can't be considered a cryptocurrency. Besides even if Bitcoin was a competitor I think the platform both Facebook and Instagram give him will knock spots off Bitcoins marketing techniques and he probably wouldn't have to invest as much into it compared to a quantum computer. I doubt he would have any other tasks to be completed with a quantum computer.

I get your point that you and primenumber7 are putting across although lets not forget that Bitcoin has already had some very serious bugs in the past which involved basically printing off Bitcoin. This was a big thing at the time and luckily wasn't abused. You would think such negative press would have destroyed Bitcoin but it didn't. If money was stolen then Bitcoin would take a dive but I wouldn't say it would be the end of Bitcoin. Cash is stolen everyday and fiat currencies gets printed off fairly regular but that doesn't stop people using it. Bitcoin has its strengths and god forbid we will probably have incidents such as the earlier issue with printing off Bitcoin. I use printing off as a comparisons but really you could double spend coins and keep them and therefore create Bitcoins out of thin air.

The hypothetical person with the quantum computer able to break traditional encryption would probably not go after banks for multiple reasons. First of all banks would have definitely already switched to a quantum resistant encryption method and also the person who has access to the quantum computer will probably not be a ordinary person. They will be involved with the government or one of the wealthy elite in the world. Think facebook's CEO and while he may not agree with banks him attacking a bank mean prison. Whereas attacking Bitcoin is a little different laws are different and because you aren't attacking a centralized figure it is handled different. Also we need to remember that the likes of facebooks ceo would be in competition with Bitcoin as he is now releasing his own cryptocurrency. We do have enemies even more than the banks out there and unfortunate they are powerful enemies with seemingly unlimited funds. 

I agree completely. If someone develops a quantum computer that can break existing encryption with ease, then there are much bigger targets than bitcoin. As mentioned by PrimeNumber7 above, if it becomes public knowledge that someone has hacked bitcoin and stolen say $1 million of coins, then crypto will take a nosedive and that $1 million will fall in value very very rapidly. If they steal $1 billion, then I'd be very surprised if they could cash it out to fiat before it lost most of its value.

We all know how volatile crypto prices can be, with even the merest suggestion of a rumour of bad news often enough to cause the whole market to tank. Something like a quantum hack would have a huge impact. If this hypothetical malicious actor with a quantum computer wants to make a huge amount of money, they could go after banks instead - that would be much more lucrative and probably easier. And if it's a government doing the hacking, then again it would be much more advantageous for them to hack a rival government (US vs China for example). They could wreak havoc, with infrastructure a likely target, but in theory any state secrets or corporate data would be vulnerable.

Finally we must also remember that one of the best things about crypto is that good coins are under continuous development, and defences against quantum attack will likely be in place long before it becomes a real risk. These coins are developed by some very smart and very tech-savvy people. If quantum computing becomes a threat, it won't take these people by surprise.

As I've mentioned before, I think that whilst a lot of work has gone into building quantum-resistant systems using classical computers, one of the best avenues of investigation is defence using quantum computers. There has been plenty of research into various methods of Quantum Key Distribution, and this research continues with approaches such as Kak’s three-stage protocol. Perhaps this will be quantum-attack-proof, or perhaps not. But the key here is that defence is actually moving faster than attack.

I posted why I don't think this will happen above. In short, governments have bigger fish to fry than 'destroying' bitcoin. If a government were to use a QC to steal a bunch of bitcoins, it would serve as a warning to the rest of the world to upgrade their encryption algorithms that is Quantum resistant. If a country were to have the ability to break EDSCA but doesn't attack bitcoin, it could silently collect/intercept encrypted data/secrets, and learn the secrets being protected by the now broken encryption.


If you were to operate under the assumption that QCs will be used to attack bitcoin, what you describe will only be a temporary solution. Once QCs have enough qubits to calculate the private key within ~an hour, it will be unsafe to spend any coin. The reason is, it is common enough to see hour to 1.5 hour long blocks (the time between blocks) so that someone with a QC could start trying to break the private key of an address 'containing' a lot of coin that was spent within a few minutes from the time the last block was found, and double spend the transaction with a much larger fee once the private key is calculated. The attacker would be unsuccessful when the block time is less than a hour, however a bitcoin user has no way of knowing the time until the next block will be found, so every transaction will be at risk.

We've mentioned a few times how quickly this field is advancing... yesterday a team at the University of New South Wales announced they have achieved a
200x speed improvement on a 2 qubit gate!

A lot of the discussion around post-quantum cryptography and how to protect against attacks from quantum computers is more 'how can we use conventional computers to protect against quantum attack', rather than 'how can we use quantum computers to protect against quantum attack.'

In this thread we have covered how quantum computers are superior to conventional computers only in certain ways and for certain types of problem, where they can use their quantum nature to effectively take calculation shortcuts. It has also been discussed how quantum computers might be bolted onto conventional computers in a manner similar to GPUs. But this can be done as defence as well as attack.

I am a long way from being an expert, but from my limited understanding of the basics of quantum mechanics I think that one possibly fruitful avenue to pursue is using quantum properties as a pre-emptive defence mechanism. There has already been a lot of work in this area, particularly in Quantum Key Distribution, which uses quantum indeterminacy to ensure that any act of measurement (eavesdropping) is always detected. As with any other 'arms race' type situation where you have two opposing sides competing against one another, there have been many attempts to circumvent and hack quantum cryptographic processes. Whilst these have sometimes been successful, this success is often down to exploiting vulnerabilities in the set-up rather than in the quantum processes themselves. I do wonder as the technology to both defend and attack improves, whether it will reach a point where there is a final barrier in that the laws of quantum mechanics, whether the uncertainty principle or quantum entanglement or some other facet, creates a system that is fundamentally impossible to hack.

The quantum resistant ledger (QRL) is only an example and there are many other projects which are doing different things with the end goal being the same; protecting the ledger from quantum computers. I disagree and think that being able to reuse an address is a security and privacy issue in its own right and has nothing to do with the freedom of the users to reuse the address. By allowing them to reuse addresses we are allowing them the opportunity to be stung but I'm always going to support projects which allow more privacy and can combat cash in that sense but I'm going away from the original point. Implementing a different algorithm might not be necessary until the very late stages of quantum computers and that would allow us to thoroughly test each algorithm while quantum computers are out potentially even using quantum computers to find out the answers to our questions about how well it scales.  The biggest concern with the QRL is that scability might be a big issue and there is no way to really test that. We have the theory of it working and being able to scale up however as we all know more solid theories in the past have been proven wrong. My point is that we could be implementing something which might not even protect us against our issues and then we would have to implement another system anyway which each time is going to affect the adoption and short term value of the currency. The only real benefit of doing it several times over in a short period of time would be media coverage other than that this would affect the daily users of Bitcoin and would be largely not beneficial to the system as a whole.

Water is a big problem and whats worrying is most of the water around the world is privately owned and if a water were to break out these private companies could be bought out in an attempt to harm the civilians and cause unrest in that country. I might actually start a thread about water consumption and the worries if a war broke out but at the moment I'll continue discussing the quantum computers as this is possibly some of the best discussion I have participated in relating to it.

Holy crap! I did not know we had this many people who are knowledgeable in the quantum mechanics field and can discuss quantum computers in such depth. I'll admit that what you have mentioned about factoring and how its actually done is a little over my head currently as I'm only dipping my toes into quantum computers. My knowledge is limited by I know what factoring is and I know quantum computers are exceptionally good at it but that actual specifics of working it out is still gibberish to me but I appreciate the input on the actual solutions and working it out!

The quantum resistant ledger has been running roughly a year and AFAIK as received some excellent praise and has received a lot of media coverage because of that although your point about reusing addresses wouldn't be sufficient in my opinion because we are then relying on the chance of the address not being targeted rather than implementing a system which is completely quantum resistant. It is true that the less you reuse an address the less exposure it has on the public ledger and thus the less likely it is to be a target although this doesn't completely prevent the address from being targeted due to it still being recorded on the address once they receive an amount. By implementing a quantum resistant algorithm we at least prevent this sort of attack from happening and there is no risk whatsoever although I would agree that reusable addresses shouldn't be a thing and you should only be able to use new addresses every time for other privacy issues but the way its implemented into the blockchain right now is the user gets to decide what sort of piracy level they are comfortable with which could possibly be the best approach if we are to stick with the decentralized way of Bitcoin and not limit users of it to specific rules.

Bare with me with this reply has I've been working on it for a while and have dropped it and came back to it a few times over the last few days. Its also taken me a while to get this all down. This discussion actually prompted me to log in to the forum after a while because this quality discussion is a rarity these days on this forum.

What I want to address is the different types of solutions which are currently either being developed or are fully developed and been deployed elsewhere. First I'll talk about the quantum resistant ledger and why Bitcoin doesn't need this and in fact I prefer the way Bitcoin is dealing with the whole quantum computer threat. Lets be clear and say quantum computers actually already exist and are already being used for multiple different things other than cracking algorithms and encryption. However just like its been discussed in this thread quantum computers are a number of years from becoming good enough to be able to threaten most encryption and certainly Bitcoins method of encryption. Estimations by large companies within the field has predicted we'll be seeing quantum computers with 2500+ qubits by the year 2025 but like many of you said these will be only just developed and will require a lot of testing and certainly won't be available to the average joe. However just because the mass population doesn't have access to these superior quantum computers doesn't mean its still not a threat. Governments which are probably funding these quantum computers are known to be pretty hostile towards Bitcoin and could use this to their advantage along with other things on their agenda. What some altcoins have done is included a quantum resistant ledger right from the get go in order to try and appeal to those that are misinformed. Implementing a quantum resistant ledger is all good when the altcoin its protecting is only worth a few cents but imagine implementing a untested and most importantly unproved quantum resistant ledger in a multi million pound industry like Bitcoin. This is the reason why Bitcoin developers and us as users of the software should be encouraging the development of Bitcoin to thoroughly test anything before its added to the "mainframe". The quantum resistant ledger I'm talking about has been implemented by a number of different altcoins but we are still unsure whether they will be ready and scalable without causing too much disruption to the value and of its users. This is why Bitcoin is one of the more respected cryptocurrencies out there because everything which is implemented is thoroughly tested and isn't just trying to appeal to people with new sparkly features. The quantum resistant ledger for example is a complete waste of time right now and isn't much more than a gimmick. It doesn't provide any more level of security than Bitcoin does and when quantum computers are able to break the algorithm Bitcoin uses it will then switch to a quantum resistant one which could in fact be better than the current quantum resistant ledgers we are seeing because its been tested over a number of years instead of just developed and thrown in there even when its not needed.

Despite these quantum resistant ledgers being gimmicks currently because they aren't providing any more security than traditional cryptocurrencies its at least a good idea to provide proof of concepts to the developers of Bitcoin and they can improve on the existing quantum resistant algorithms.The current quantum resistant solutions out there are mostly using eXtended Merkle Signature Scheme a hash-based digital signature system which allows reusable addresses and this is where I think Bitcoin could implement a less invasive algorithm onto the network. The problem with reusing addresses is once they have broadcast themselves onto the network they are then vulnerable to an attack from a quantum computer because they have exposed their public keys onto the network. This hash would then be suspect to quantum computers by using factoring to break the encryption and this is where I think the network could be improved without implementing a fully quantum resistant ledger by only allowing the use of an address once. So you could receive x amount on one address and then the wallet software automatically assigns that to a different address without broadcasting it to the network. I think this is possible and should be the only time an amount isn't broadcast to the network or only allow addresses to be used once by allowing them to receive coin and send from it once this would reduce the probability of a quantum computer finding the public key and attempting to crack it. We could actually do this in the current implementation of Bitcoin but not many people do and they simply reuse addresses even when its recommended to only use addresses once to avoid privacy issues. However if this was fully implemented into the network as a standard I think that would solve most of the problems. Its not completely safe but doesn't have a massive impact like implementing an entire new algorithm. At least for now we all know that Bitcoin will eventually have to adopt a new algorithm to keep up with the hardware being developed but so will many other things in the world.

Secondly lets talk about factoring and how quantum computers actually do it because I've seen this mentioned in a few of the replies but none of them have really gone into enough depth to justify mentioning it. So quantum computers are exceptionally fast at a few things and one of them is factoring. Factoring is used to crack conventional cryptography and this will be the route that quantum computers will take if they were to ever break the algorithm of Bitcoin but just mentioning factoring isn't really explaining how quantum computers are exceptionally good at it. Well quantum computers are very good at solving Discrete Fourier transform which in mathematics is converting a finite sequence of equally spaced samples of a function into a same the exact same length sequence of equally spaced samples of the discrete time Fourier transform which is a complex valued frequency. Discrete time Fourier transform is used to analyze samples of a continuous function. Discrete time is called that because it handles discrete data which their intervals are units of time basically. So using these functions quantum computers factor against the algorithm to find the solution. We have probably studied factoring at one point in our lives which includes multiplication however the factoring that quantum computers are doing is on a completely new level to that. Here's an example of a factoring problem:

The folllowing factoring problem

would be solved by comparing common factors and using multiplication groups There's a great explanation already out there which outlines this problem and provides the sequence of the process to determine the solution: https://quantumcomputing.stackexchange.com/questions/1383/what-makes-quantum-computers-so-good-at-computing-prime-factors

By increasing the amount of qubits a quantum computer has we are effectively making it quicker at solving these problems by using the above mentioned method. This process is a lengthy one using current modern day computers but the idea behind quantum computers is once they have hit 3000 qubits they will be able to break most current day algorithms within a matter of seconds.

Given the ever-increasing effects of climate change, I think it's likely that access to water will be a huge issue as this century progresses. Wars might even start over it. You look at somewhere like Egypt and wonder what would happen if some of the countries upstream started using or diverting more from the Nile, particularly as they grow in population. You look at China and the effort it puts into acquiring and holding Tibet - which is the source of the biggest Chinese rivers - and you wonder what would happen if India, also growing in population, decides it needs more of that Tibetan water...


If commercial fusion power does become possible, then maybe it will be used to resolve the issue of water shortage by providing cheap green power for water desalination plants... These plants already contribute to global warming, and likely will make the problem even worse as they expand in use due to water shortages. So with the way the world is going, if fusion does become possible, I'm not sure governments will be able to hold it back for themselves or even charge excessively for it - as energy demands and resource demands increase, providing access to fusion power may be one of the only ways to avert war.

This is not how quantum computers work however if this was possible then this would be very bad for Bitcoin. The difficulty would have to increase so much that it would outprice almost everyone out of the market meaning only those that can afford the hashrate of these "super computers" that the general consumer would not be able to mine new Bitcoin. Bitcoin would become a currency only used by the very wealthy elite of the world. Luckily quantum computers aren't going to be useful for mining and are currently only good for solving problems using factoring. Which means they will be very good at certain things but overall not that good even for a personal computer. They are very good at cracking algorithms especially the one that Bitcoin is currently using.