Topic: In light of the NSA's disclosure about ECC, how is cryptocurrency affected? (Read 2655 times)

Frankly saying, it looks like you randomly put N, N/2 and 2N into different places trying to guess the correct formula. Maybe read the quoted whitepaper first? When the difficulty goes up quantum computers will get even a bigger advantage because of increased leverage (from 17 billion to trillions).

One Time Pad without re-use.

The effective bit length is actually 136 bits since good algorithms like SHA 256 will require 2^(bit length/2) computations to brute force a single hash. This effective bit length will also change as the difficulty increases because miners will need to search through more nonces when there is a higher difficulty, so the bitcoin network would adjust to a quantum miner so blocks would still come out at around 10 minutes per block. So if we double the bit length by switching to SHA512, the effective bit length will also double so this will essentially make the quantum miners not anymore powerful than classical miners.

It means exactly this - effective hash width is 68 bits. Sorry, can't provide formal proof, just google around.

I don't see where it says where it uses 68 bits. It says that it must search through on average 2^68 nonces. From what I understand, this does not mean that it is only 68 bits and that the number of nonces to search through will increase with a higher difficulty.

Check the quote from the whitepaper upthread. In layman terms, SHA512 won't help, because at current difficulty Bitcoin operates only on 68 bits, the other zillion bits are completely irrelevant.

Really? Can you back that up with maybe some research?

Last I checked, the only thing that makes quantum computers more efffective at hashing is grover's algorithm, which practically reduces the bit length by half. For the same security, the bit length can just be doubled, so using SHA512 instead of SHA256 on a quantum computer is the same as SHA256 on a classical computer.

I'm not talking about banks man. I'm worried about public transportations, people's sensitive data and so forth.
You could say I'm being paranoid a bit. But, again, if such a thing would be used for the bad you would not care about your BTC wallet.

This is ostrich policy. Banks won't be attacked by agencies that will get QCs.

Ok, that is clear.
Coming back to wait I said at the beginning I would be really afraid if such a thing exists now since it could disrupt the functioning of everything we rely on nowadays, and as I said, bitcoin would be our last concern.
crazy

For easy reference, [7] from the above linked paper can be found here -> https://dl.acm.org/citation.cfm?doid=261342.261346

Yes, with a QC you can invalidate last 1000 blocks, generate 20000 empty blocks and stop mining leaving the others with 20-year block times.

That pdf is a good read, I guess we just have to jump boats to PoS or other protocol before quantum computers hit the mining scene.
But then again how would we secure other protocols if quantum computers could just brute force them?

Come-from-Beyond,
so let's assume you have a quantum computer that you can use to mine BTC.
Can you use it to disrupt the mining process or not?

I don't understand because before you said that such a computer could

and then quoting that pdf you said

So, going back to what I stated at the beginning of this post, if you have a quantum computer could you do that right now or not?

From http://188.138.57.93/tangle.pdf:


Obviously, Bitcoin can't migrate to quantum PoW, miners won't get such hardware in time.

 
 
Oh wow, an actual hardcore mathematician in the wild!  I know I promised not to post anymore until I sobered up, but I would love to hear your opinion on whether moving towards abelian surface cryptography is feasible at all, and whether it would provide any further defense against quantum computers: 
 

My original proposal: https://www.reddit.com/r/math/comments/3451ob/is_it_feasibleworthwhile_to_take_elliptic_curve/ 
 
Shit that's above my head: 
 
http://www.hyperelliptic.org/tanja/conf/ECC08/slides/Peter-Stevenhagen.pdf 
http://research.microsoft.com/pubs/249337/abelian.pdf 
http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.464.9485

Relevant reading from Koblitz and Menezes: https://eprint.iacr.org/2015/1018.pdf

secp256k1 is a Koblitz curve.

Abstract. In August 2015 the U.S. National Security Agency (NSA)
released a major policy statement on the need for post-quantum cryptography
(PQC). This announcement will be a great stimulus to the
development, standardization, and commercialization of new quantumsafe
algorithms. However, certain peculiarities in the wording and timing
of the statement have puzzled many people and given rise to much
speculation concerning the NSA, elliptic curve cryptography (ECC), and
quantum-safe cryptography. Our purpose is to attempt to evaluate some
of the theories that have been proposed.

One possibility:

5.5. The NSA has a political need to distance itself from ECC.
There were some peculiarities in the release of the August 2015 statement
about preparing for post-quantum crypto. Normally all of the big corporations
that do cryptographic work for the U.S. government would have been
given some advance notice, but this was not done. Even more surprising,
the NIST people were not asked about it, and even researchers in IAD were
caught by surprise. It seems that whoever at the NSA prepared the release
did so with minimal feedback from experts, and that includes their own
internal experts.

This suggests that the main considerations might not have been technical
at all, but rather Agency-specific — that is, related to the difficult situation
the NSA was in following the Snowden leaks. The loss of trust and credibility
from the scandal about Dual EC DRBG was so great that the NSA might
have anticipated that anything further it said about ECC standards would
be mistrusted. The NSA might have felt that the quickest way to recover
from the blow to its reputation would be to get a “clean slate” by abandoning
its former role as promoters of ECC and moving ahead with the transition
to post-quantum cryptography much earlier than it otherwise would have.

that's an interesting argument, forgot that the bitcoin network is the most secure on the planet at this moment. That means Bye bye every commercial bank on this planet. Bankers should definitely rethink their "secure" systems.

If such a technology would exist right now I do think that BTC technology would be the least to be exploited: i.e. imagine what such a mess this quantum computers could create to the entire internet/developed world. There would be nothing secure.
Ok, maybe I'm going too sci-fi now but, yes, I think BTC will be the last thing to worry about

A quantum computer wouldn't be doing that to a chain using a hash function that uses quantum cryptography, or is that actually your assertion? That quantum computing is a magical panacea?