Topic: I don't believe Quantum Computing will ever threaten Bitcoin - page 9. (Read 5476 times)

I think its worth mentioning that we shouldn't not be discrediting @arcmetal as they have demonstrated knowledge I would expect from a seasoned veteran in the quantum mechanic field. Not to assume they aren't of course but its a breath of fresh air as I have been complaining about the state of Bitcoin discussion and serious discussion not being active enough in the past. The two combined are some of the most surprising members of the forum I've come across the amount of effort that goes into their posts I'm unsure why you guys aren't already receiving the attention you deserve.  Most of the other threads discussing quantum computers are filled with generic answers such as "It will never happen" and all that bogus.

My personal view point is it all of this doesn't really matter in the grand scheme of things. I like to be more literal and straight to the point. We know the potential threat that is quantum computers. We know the the weak point in the technology Bitcoin is currently using and finally we know how to combat that. I know we have spoken about using an address only once but the majority of people will not go into that effort so the easiest and most efficient way of dealing with this while continuing the usability of Bitcoin would be to deploy a quantum resistant algorithm which I can guarantee is being worked on in the background as we speak.

Thanks again for your input you definitely have a little bit more knowledge than myself when it comes to algorithms and how they are coming along. I only know the very basic parts of that whole sequence of implementing and testing. I know and understand how quantum resistant algorithms work and that they already exist. However never knew how suitable they were to the Bitcoin project and its "guidelines" that its followed over the years. I've always assumed that there's no rush for implementing an algorithm which could potentially affect the stabilization of Bitcoin so early on when there's no threat at the moment. Especially since when the time comes we might need to change again because as you say this field is a ever evolving system which does bring more discoveries every day. I would actually go forward and say computers in general are the leading industry in new discoveries ever since the basic computer was invented.

The example I quoted I think is the best explanation I've seen when coming to discuss quantum computers and the current limitations within the field. I've always considered that you need a computer to write the code a computer that is capable of writing the code and then the code side of things will evolve beyond the capabilities of the computer. However the linking together is a excellent way of demonstrating how this is actually achieved.

The reasons you have listed here are the exact reasons why I'm very interested in the current price it takes to operate a quantum computer specifically (because its now been mentioned) the D-wave quantum computer which to run requires being housed in a room at an incredible -273° C. The interesting part of this is its not a computer limitation or anything like that but a environment one. No matter how efficient we make things it doesn't look like we'll be able to cheaply make a room at -273° C. Yes with better technology we will probably see quantum computers not having to work so hard but as physics goes the amount of energy that goes into things you can expect less out of it. Which in my eyes I can't see us ever being able to cheaply operate a rooms temperature at such low levels for the duration of the time the quantum computer needs to operate. We could in the future have an unlimited qubit quantum computer able to crack things in seconds and therefore the running time wouldn't be long which in effect would reduce the cost of this however what I'm trying to get at is this will be an extremely long way off and quantum computers on mass will likely not be a problem for many many years.

The reason why I'm concentrating on the operating costs and the logistics of running something capable of breaking algorithms is that even if a quantum computer was theoretically released tomorrow with the required amount of qubits to breach algorithms it would still only limited to a few individuals which might not have any malicious intent meaning it might not even be a threat anyway. Regardless whether this is true or not obviously we would need to be prepared for the worst case scenario which I do believe judging on others comments on this thread we'll be ready with the technology already available at our disposal.   

Who knows what the future might hold. I don't have the technical knowledge that OP and AverageGlabella clearly have but I can say this.

50+ years ago my father used to work on these big bastards, the source says that it could store up to 5 MB of data.
https://www.reddit.com/r/interestingasfuck/comments/6z95zz/first_computer_by_ibm/



He was a programmer and wrote programs for these computers. He had health issues so he had to retire early. He hasn't been interested in computers and never showed any interest in using one ever since which I frankly find unbelievable but it is what it is.

The first time I bought a USB stick and he saw it he asked me what it was.
So how much data can you put on that thing he said?
1GB! He just stopped and looked at me trying to figure out how much that is in B or KB because those are the two important units that mattered to him back when he was working.

What I am trying to say is although it is impossible to imagine quantum computers being a threat to bitcoin now, who knows what advancements will be made in 40-50 years. My father and his partners knew about KBs and a 5MB storage device taking up the whole room was probably the most advanced thing they could ever think about. They probably didn't even dream about a pocket sized device that you can plug in in a small opening at the side of your laptop (what in God's name is a laptop)!

Yes, this will always be true.  The concepts in computer science are clear.  So it goes something like this:

You cannot write code for advanced hardware that doesn't exist yet. You can't run some fancy new hardware without the software to control it.  So, the hardware is built first, then code can be written for it.  But this new code for the fancy new hardware will surpass the hardware at some point.   Maybe its best to explain with an example:

Some new machine is built but the largest number its register's can hold is 1,000,000.  So we can't add two numbers, or multiply two numbers if the result is greater than 1,000,000.  Along comes some code that can use linked lists to create bigger numbers.  One link in the list can hold a number's large lower portion "900,000", the next link can hold the number's upper value of "1,000", put the two links together to get: "1,000,900,000". ... and the algorithms do the rest of adding, multiplying, manipulating those larger numbers even though the hardware can only handle numbers no greater than 1,000,000.  ... And so, we've made code that has surpassed the hardware's capabilities.

I can't go into the details of bitcoin's algorithms since I don't work with those, but some of the comments made by others are easy enough to follow.  I've read that bitcoin uses the family of SHA-2 algorithms, and at some point they can upgrade to the family of SHA-3 algorithms. ...  The total number of private bitcoin addresses is 2^160, which is close to 2^256 (for discussion purposes).  This number is close to 10^75, and for comparison there are about 10^78 atoms in the known universe.  This gives a clue as to how large the search space for locating a private address can be.

From the thread I posted above: It would be possible to build a machine that can search for and find a non-empty private address.
given the 2^256 search space.  But if we simply made the search space bigger, say: 2^512, then we'd be back to requiring the Bremermann computer the size of the Earth to take as long as the age of the universe to try and find a private key.

Most of the work for the next levels of algorithms has already been done.  What is left to do is a bit more testing, and then incorporation into the bitcoin core, this is not trivial.  But with the current state of computers its not really necessary right now, there is plenty of time to get it right.

From my first comment above you can gather that I think the whole "quantum computer" thing is a bit of a silly pursuit, since current classical computers will eventually catch up to the proposed theoretical properties of quantum computers.  But silly pursuits can sometimes hit upon new discoveries, and new technologies, so its not a total waste of time.

Correct.  I don't believe I'll see, in my lifetime, a so called quantum computer big enough to take down bitcoin in its current state.  As we agree, long before any large and powerful machine is constructed, the algorithms for bitcoin can be upgraded to deal with such a threat long before that hardware exists.

I did not want to go down the route of explaining why D-wave quantum computers are ineffective when it comes to the EDCSA because its a controversial topic which always seems to lead to deviating from the original discussion but the D-wave quantum computer has a totally different approach to normal quantum computers. D-wave is a quantum annealing where as the quantum computers which could effect Bitcoin in the future are using quantum circuits. The fundamental difference is that they approach two different solutions differently. They aren't even related to Bitcoin but a lot of people like to throw out d-wave and how 2000qubits is possible currently and basically scare monger that Bitcoin could be cracked at a moments notice which is just down right false. Actually I think most experiments and test runs on the D-wave has lead has to believe that its no more efficient than quantum computers with lesser qubits and is considered a gimmick within the quantum mechanic field.

As far as I'm concerned D-waves shouldn't have to be discussed when relating to Bitcoin because they are irrelevant.

I would like to expand on housing these d-wave quantum computers now that we are on the subject. Last going off they had to be cooled down to -273° C using a cryogenic cooling system which uses liquid nitrogen to sort the hydrogen isotopes. In short this means housing these things let alone getting them to run would be extremely expensive as this sort of cooling system needs to be controlled and done safely.

My main issue was not expanding on D-wave generation quantum computers enough for those that aren't familiar with them. A 2000 qubit quantum computer is a scary thought when first hearing that we are supposedly already capable of manufacturing them on mass. However I wanted to be clear that although it may well be true they don't work in the same way as the quantum computer which would become a threat to Bitcoins algorithm and are not very efficient at factoring.

I'm very familiar with the Schrodinger cat thought experiment and I've seen it mentioned several times here on this forum. I think the conclusion of this discussion is that right now in its current state is that quantum computers are a few years off from becoming a threat to traditional algorithms and even then Bitcoin already has options readily available to combat the issue when it does become a realistic threat.

I did study quantum mechanics, but it is going back a few years and this is a fast-moving field.

With my admittedly limited expertise, I would agree with the point quoted above. Simplistically, outcomes in quantum mechanics occur when the quantum wave function collapses, and the act of interfering with ("measuring") a quantum system triggers this collapse. So whilst a true quantum computer would find cracking any classical encryption to be quite straightforward, using its immense power to simply brute-force its way through, a quantum encryption system is another matter entirely. Quantum encryption methods are theoretically tamper-proof and theoretically 100% secure, as any attempt to break the encryption collapses the wave function and destroys the ability to read the data. (You know the Schrödinger's Cat thought experiment? The cat is neither alive nor dead until the check is made - it exists in a superposed combination of states, and it is the act of checking that collapses the probability function into a definite alive or dead outcome.)

I say "theoretically" tamper-proof and "theoretically" 100% secure because as I say it's a fast-moving field and who knows what advances tomorrow may bring? But certainly quantum cryptography as currently understood should provide a very robust security mechanism.

@averageglabella

Would you be able to elaborate on these issues that you have?

As for the implying that quantum computers are not a direct attack against Bitcoin for the algorithm it uses for encryption I think that's certainly true and the easy way of combating quantum computers would be to just change to a quantum resistant algorithm. I don't know too much about the quantum resistant algorithms out there today and which would be the better option for the Bitcoin community but I'd be interested in hearing some pros and cons from anyone who has knowledge in that field.

Nice to hear from someone who has also studied quantum mechanics though I agree with your analysis and input. Although with your last statement about the code always being able to stay ahead of the machine is that necessarily true? As far as I know there aren't too many algorithms that would be suitable for use with Bitcoin because of some of the limitations and not too many have been developed in recent years however we seeing technology from a quantum computing aspect continue to develop at a rather impressive rate. My counter argument would be that a lot of time, money and energy is being put into quantum computers right now because its both exciting and useful however because currently there's nothing capable of breaking the majority of encryption algorithms out there we aren't necessarily looking to improve upon that yet because the current ones are good enough. Do you think the closer we get to quantum computers becoming a threat to encryption the more work that will be put into developing suitable algorithms?

Just like personal computers used to be the size of the room do you think that quantum computers in the next 20 years will be able to downgrade their size to almost the size of a personal computer? Whenever discussion comes up with quantum computers Bremermann's limit always seems to be the counter argument to those defending Bitcoin's race against quantum computers. The thread you linked seems to have mentioned it fairly early on but that thread puts into perspective just how big the computer would have to be. The only argument is that we get better at producing and manufacturing quantum computers and downsize them.

I have the opinion that quantum computers will only bring positive change to Bitcoin and increase its security by changing to a different algorithm capable of outlasting quantum computers evolution. Its not like quantum computers will be increasing their power at a exponential growth that we won't be able to deploy quantum resistant algorithms. 

Some may not like what I have to say about quantum computing, but so what.  You, Macadonian, may like what I have to say, since after reading my explanation below the simplest conclusion is that bitcoin has nothing to worry about as regards to quantum computing.

And so, here is my brief rant on quantum computing.

After having studied quantum mechanics for a long time I have found that all of those quirks or what they like to call "quantum weirdness", isn't weirdness at all but rather its the limitations of our devices that produce the illusions of weirdness.  All of the technology that has been used in the experiments to study quantum effects suffer from the problem that they are large gross machines compared to the tiny things we are trying to observe.  That is, our machines are crude, and they are taken to the limits of its properties to try and take measurements of stuff that is much smaller than the equipment at hand.  It is our crude observations which end up with what appears to be quantum weirdness.

In more recent experiments it gets continuously shown that things at that level actually behave in a "classical" sense, but appear to produce a more complex emergent behavior.  It is this complex emergent behavior which then gets labeled quantum weirdness.

And so, when it comes to building computing machines that will take advantage of this quantum wierdness, the actual devices will simply be employing a complex emergent classical property.  That is, the quantum computers will just be very advanced, very fast classical computer versions of what we have today. (can you see how I can find this topic of quantum computing to be rather silly).

If you are worried that a quantum computer can cause a collision with a bitcoin private key (like finding a key with someone's bitcoin), sure it could be possible.  But I do like reading about what an incredible machine it would take to do this.  Here is a great thread on this topic:
https://bitcointalksearch.org/topic/m.51224295

Essentially they describe how if someone where to build a big enough computer to crack bitcoin in 2 minutes, say, maybe with a large "quantum computer", the bitcoin code can be upgraded to then make it near impossible again for that new machine to crack it.  The code can always stay ahead of the hardware.

I liked your first response and this one is okay too although there are a few issues but first I particularly like the angle you're coming from when talking about "Bitcoin encryption" the fact of the matter is Bitcoin doesn't have a set in stone encryption method and could move to any quantum resistant algorithm at any given time. This of course will probably cause mass instability like many have talked about and this is why Bitcoin is a great investment point. At the moment we have a growing technology which is far from perfect and will have several limiting factors in the future however the great thing about Bitcoin is it can evolve with new emerging technology and therefore become stronger with it.

I'd like to touch upon something that you avoided with the D-wave quantum computers.I think mentioning D-waves and not expanding on it could lead people to believe that they are a threat and I would like to explain why D-wave computers operate different to quantum computers that are capable of challenging the ECDSA. D-wave quantum computers use a process called annealing to search for solutions. Basically imagine quantum computers being a master of one thing and not a jack of all trades. D-waves are particularly good at finding solutions using quantum annealing while quantum computers that are capable of eventually breaking ECDSA are very efficient at factoring. Regarding the time span in which I think we will hit a 2000+ qubit computer I think it will only be a matter of a few years and will likely be before 2025. Quantum computers are being made more efficent at a rapid pace in the last few years. In 2017 we saw intel release a quantum computer with 17 qubits and then in 2018 we saw Google release a statement that they have a 72 qubit computer. Judging by these stats alone and the increasing enthusiasm behind developing the ultimate quantum computer I think 2025 is a realistic timeframe. However this doesn't mean that its cause for alarm right now but I will say that we should already be looking at solutions and be ready before that deadline is reached.  Don't worry behind the scenes many people are already working tirelessly and we will hopefully come to a unified conclusion however my predictions would be that there will be several splits in the community over which algorithm is used.  

Decided to move this to serious discussion considering the lack of activity but have now decided to move it back to Bitcoin development and technical discussion as I'm interested in hearing others opinions on the quantum computers currently and what they will be like in the future especially some of the links which have been posted in this thread.

I'll be keeping a set of useful quotes here with external links which I find interesting and would love to see some others expand on the existing discussion and hopefully offer some new information and insights.

Useful links posted on this topic:

After having many questions about quantum computing and posting my thoughts here: https://bitcointalksearch.org/topic/m.48810154

I have decided to go into more depth about the situation regarding quantum computers and their viability to disrupt the Bitcoin network in its current state and future state. Just to preface things I'm not an expert and will be only demonstrating knowledge that I believe to be correct and hopefully from this thread I'll also learn a few things and am more than welcome to corrections.

"Quantum computers will be the end of Bitcoin"
Quite the bold statement you say? As well as it being bold it is also completely false and far from the truth. Anyone claiming that quantum computers will be the end of Bitcoin either simply misunderstands how algorithms work or is completely void of any intelligence and just likes to scare monger. I will be honest with you its likely the latter.

First of I'd like to just kick this off with a bang and say Bitcoin currently is not at risk of anything. Quantum computers have not yet reached a level where they would be a threat to technology that Bitcoin uses. Notice how I'm using "technology" that Bitcoin uses and not just "Bitcoin" itself? Well that's because Bitcoin uses the ECDSA algorithm and it is this which will be under threat if quantum computers reach the level that they have been predicted. However Bitcoin itself will be unaffected.

How does quantum computers threaten the ECDSA algorithm?
Basically a quantum computer is extremely efficient at solving certain mathematical problems like factoring integers. However like previously stated in my last post this doesn't mean they are efficient in all areas and pose a threat from all angles.  Unfortunately for us quantum computers will break several current algorithms used in daily life including the ECDSA that Bitcoin uses. However there are definitely ways of avoiding this even if Bitcoin didn't implement a quantum resistant algorithm such as using an address only once to avoid your public key being exposed to the public more than once and thus increasing the likelihood of a quantum computer cracking the algorithm. What might surprise you is doing this increases the security of your Bitcoin without the threat of quantum computers and is actually the recommended practice when sending or receiving Bitcoin.

Quantum computers use the shor's algorithm which is a algorithm that runs on quantum computers for integer factorization. The way it does it is by soling any given integer by finding its prime factors. The fascinating thing about shor's algorithm is the fact that the algorithm runs in polynomial time but I'll spare you the details as that's irrelevant to the topic at hand.

But lets get rid of all that gibberish and keep this simple. Basically if a quantum computer ever reached a certain qubits (qubits are a measurement of the power of quantum computers basically by how many quantum information the computer holds) then it would be able to efficiently operating without the common limitations of other computers and current quantum computers. Which then means the public key that Bitcoin currently uses could very well be compromised. 

How many qubits would a quantum computer need to attack?
I'm not sure on this but my estimate would be anything over 500 and we should be looking at alternatives and seriously thinking about moving to a quantum resistant  algorithm before any issues arise. Many people are estimated that 1500 qubits would be an efficent and realistic amount to crack the EDSCA. Currently I believe the highest qubit quantum computer is around 10 qubits. I've been notified that a company is selling quantum computers called d-waves with 2000 qubits but its worth noting that these aren't designed the same as quantum computers that would be able to efficiently attack the algorithm Bitcoin uses and thus I'm going to ignore them for now. Also its worth noting that its been disputed by many that this company actually holds quantum computers with 2000 qubits.

So finally why are quantum computers nonviable to attack Bitcoin?
So this is one of the least discussed topics when discussing quantum computers and is commonly ignored. However I'm going to go into depth on why quantum computers are not a realistic problem to Bitcoin at least not for a very long time.

First of all there are several algorithms which other cryptocurrencies use that are actually quantum resistant. The simplest way to combat quantum computing breaking the current algorithm would be to change to a quantum resistant one. You might ask why we haven't already changed then? Well its unnecessary and would likely require a fork which have previously provided instability and differing opinions. Currently quantum computers pose no threat and by the time they do we will be well prepared and will likely be able to make changes. Basically the idea will be to judge quantum computers when we are at that stage because we will know exactly how they work and how efficient they are where as now we would be guessing and estimating which could mean we would need to change to a different algorithm in the future and introduce a new fork to the chain which isn't very efficient and we need to be efficient if we are to combat quantum computers! After all quantum computers only have 5-10 qubits at the moment and that would take thousands of years to break the ECDSA.

Secondly quantum computers will be extremely expensive to buy and run. The amount of technology and maintenance that quantum computers need to operate is quite frankly absurd. Its probably true that over time we will be getting better at improving their shortcomings and make them more accessible. However I don't think that quantum computers will ever be a personal computer thing and more a government operated thing. We could potentially see huge companies in possession of them if they believe them to be beneficial however ones that are capable of breaking the ECDSA algorithm aren't going to be very efficient and cost effective for most people because of their limitations in other areas.

Despite the initial cost of buying a quantum computer there's also the cost of maintenance. Current quantum computers are known to have heating issues because of the amount of work they're doing and the only effective cooling solution is to keep the room below 0 degrees. I'm not sure if you have tried to keep a rooms temperature below 0 before that thats extremely hard and expensive to do especially when something like a quantum computer is continuously generating heat when its operating. Thus I believe my point on being accessible to only a select few to be even more valid. Its not just the cost but the logistics of having a room dedicated to the computer and being cooled 24/7 for it to operate.