Topic: Is quantum computing threat to Bitcoin ? (Read 1012 times)
copper member
Activity: 33
Merit: 0
Converting Mining over "Internet of Transactions"
well there are just possibilities on paper not on hard-ground since building a successful quantum will take few more years, currently only D-Wave have quantum computer even its on its testing ground, and price is that much high that not everyone can access it,
I think Yes, I agree because The most cryptographic systems are generally vulnerable to quantum computerization, including traditional bank systems. However, the quantum computers do not exist and at least will not be there recently. At the time of quantum computerization can be a serious threat to Bitcoin, the protocol can be increased to the stage of post-quantum algorithm. Because it is importance of this update, it can be expected that this will be an important review for developers and adopted by all Bitcoin users.
Quantum computers doesn't exist into public areas and it will be banned if there are people who tryna make it underground, it is not just a threat to cryptocurrency but it will also be a threat to cyber agencies, so - quantum computers are used by highly secured and private organization. i.e nasa.
Quantum computers pose a major threat to the security of our private data. So can it break bitcoin ? How vulnerable is bitcoin to it ?
Just read the Bitcoin.org's FAQ. You will not ask this question ever again.
I can't help but laughing out loud in my mind for your comment mate. haha
Before the taught of quantum computers, bitcoin and all other crypto currencies are encrypted and transactions cannot not be traced. If quantum computers will be a treat to bitcoin and crypto currencies, it then means it will be a treat to the entire internet and everything connected to it. And if such a machine is created, it can't be like the PCs that everyone can get or buy at anytime, it will have to be restricted and put in control by the government, monitoring everything that is been done with it, otherwise things unspeakable will be done with it.
Quantum computers pose a major threat to the security of our private data. So can it break bitcoin ? How vulnerable is bitcoin to it ?
Just read the Bitcoin.org's FAQ. You will not ask this question ever again.
I do not find it threat to bitcoin.
First , Quantum Computers are not fully developed for any practical purpose.
Second, Even if they are developed, I do not think they will be available to common people. (The cost of quantum computer might be too high.)
Third, Instead of breaking the codes, might be they can be used to create more sophisticated and secure codes.
Your statement is true and probably will never try to meddle with bitcoin's security and extracting private keys. They will surely make use of quantum computers on more specific data researching about science and breakthrough some of the mysteries on galaxy like discovering another habitable planet. Even if Quantum computer will be up on the masses it'll surely cost a huge or worth millions and only a government approved agency will have it. But till now we still don't know if this will happen there's still alot of doubt about this thing but we can't leave it out freely.
[...]
And here's another editorial that further explains Brennen's work (which I shared above) and stresses what I believe: that the threat is real, but has been far overplayed, and that current blockchain tech and iterations have a ten-year head start to improve. And improve they will.
[...]
And here's another editorial that further explains Brennen's work (which I shared above) and stresses what I believe: that the threat is real, but has been far overplayed, and that current blockchain tech and iterations have a ten-year head start to improve. And improve they will.
[...]
I completely missed the link to the "Quantum Attacks on Bitcoin" whitepaper, thanks for sharing. The 10-year-estimate provided by Brennen et al pretty much coincides with Intel's own estimate "five to seven years before the industry gets to tackling engineering-scale problems" [1], assuming that it will take another couple years to reach commercial viability after that.
[1] https://newsroom.intel.com/news/intel-advances-quantum-neuromorphic-computing-research/
Also quantum teleportation would... you know... kill you.
Unless you're a die-hard philosophical materialist that assumes that quantum teleportation transmits information perfectly and assume that the positions of your molecules in spacetime have nothing to do with your being and are pretty sure that a clone of yourself with a perfect copy of your mind would be you as well. That is unless you alternatively assume that the I, ie. the self, is merely a mental construct anyway in which case knock yourself out! (whatever "you" and "yourself" would mean in that case)
But yes, it'd totally kill you.
(sorry for off-topic)
That being said, remember that the future applications of quantum computing is still for the most part speculative; let alone practical applications of quantum physics beyond that.
Unless you're a die-hard philosophical materialist that assumes that quantum teleportation transmits information perfectly and assume that the positions of your molecules in spacetime have nothing to do with your being and are pretty sure that a clone of yourself with a perfect copy of your mind would be you as well. That is unless you alternatively assume that the I, ie. the self, is merely a mental construct anyway in which case knock yourself out! (whatever "you" and "yourself" would mean in that case)
But yes, it'd totally kill you.
(sorry for off-topic)
That being said, remember that the future applications of quantum computing is still for the most part speculative; let alone practical applications of quantum physics beyond that.
Not really off topic, because it underlines the fact that quantum is as you say, very much still in the realm of theory with very little implementation, even under laboratory conditions.
And here's another editorial that further explains Brennen's work (which I shared above) and stresses what I believe: that the threat is real, but has been far overplayed, and that current blockchain tech and iterations have a ten-year head start to improve. And improve they will.
A quote about Bitcoin: "it struck me how precise and intense is the brain trust behind this technology"
And while some may argue quantum teleportation only transmits information, well if you have the exact state information of every atom in your body [...]
The physical body is not just composed of local information.
It is also interwined with gravity which is a macro information phenomenon:
https://steemit.com/science/@anonymint/the-golden-knowledge-age-is-rising
Also quantum teleportation would... you know... kill you.
Unless you're a die-hard philosophical materialist that assumes that quantum teleportation transmits information perfectly and assume that the positions of your molecules in spacetime have nothing to do with your being and are pretty sure that a clone of yourself with a perfect copy of your mind would be you as well. That is unless you alternatively assume that the I, ie. the self, is merely a mental construct anyway in which case knock yourself out! (whatever "you" and "yourself" would mean in that case)
But yes, it'd totally kill you.
(sorry for off-topic)
That being said, remember that the future applications of quantum computing is still for the most part speculative; let alone practical applications of quantum physics beyond that.
So if you can solve quantum computing and make it practical you can also make teleportation practical.
Non-sequitur. (intended in a friendly, not condescending tone)And while some may argue quantum teleportation only transmits information, well if you have the exact state information of every atom in your body [...]
The physical body is not just composed of local information.
It is also interwined with gravity which is a macro information phenomenon:
https://steemit.com/science/@anonymint/the-golden-knowledge-age-is-rising
It is about as big of a risk as people teleporting into bank safes to rob them 
Isn't that what everyone (including @gmaxwell as he admitted) thought about the likelihood of someone solving the Byzantine Generals Problem in that way Bitcoin did.
Curious. Do you have any analysis to share or is that just your personal opinion? Just asking.
The technology of quantum computing is quantum entanglement, the same technology that has been used to teleport matter. So if you can solve quantum computing and make it practical you can also make teleportation practical.
https://en.wikipedia.org/wiki/Quantum_teleportation
And while some may argue quantum teleportation only transmits information, well if you have the exact state information of every atom in your body transmitted into a bank vault you can be recreated there, then recreated back outside the safe with the loot.
So ya I think it is a very similar technology.
https://www.technologyreview.com/s/608252/first-object-teleported-from-earth-to-orbit/
It is about as big of a risk as people teleporting into bank safes to rob them
Isn't that what everyone (including @gmaxwell as he admitted) thought about the likelihood of someone solving the Byzantine Generals Problem in that way Bitcoin did.
Curious. Do you have any analysis to share or is that just your personal opinion? Just asking.
It is about as big of a risk as people teleporting into bank safes to rob them
That paper makes projections about the timing and quantity of qubits that will be available in the world based on what is currently known by the pawns in public academia.
We must look instead to the queens and kings on the chessboard.
The Manhatten Project exemplified that when national security is at stake, governments can mount intensive capital resources to accelerate and focus development of a key technology.
When Bitcoin is the international reserve currency with a $500 trillion marketcap 20 years from now, there will be a huge payoff for the Zionists if they can complete their destiny as preordained in Revelation where all wealth/control will become concentrated on the hill in Jerusalem.
Presumably they will make the necessary investments.
They will already control all ASIC mining because they control the very high capex fabs.
The Chinese recently made an advance in quantum communication encryption insuring that a man-in-the-middle must destroy the information when attempting to read it:
https://www.insidescience.org/news/china-leader-quantum-communications
I'm not implying that the sober assessment isn't worthy. I'm just noting that it shouldn't be taken as 100% certain gospel.
I do not think we should be complacent about trying to eliminate the threat from quantum computing.
Such effort must be open source and it must be widely supported, otherwise those who are successfully working towards such might conveniently die in "accidents".
However, in the past @anonymint thought quantum computer would never likely be any faster on Grover’s algorithm than classical computers with parallel memory tables where he cited a paper by Daniel Berstein, but perhaps that is only until you meet the state.
We must look instead to the queens and kings on the chessboard.
The Manhatten Project exemplified that when national security is at stake, governments can mount intensive capital resources to accelerate and focus development of a key technology.
When Bitcoin is the international reserve currency with a $500 trillion marketcap 20 years from now, there will be a huge payoff for the Zionists if they can complete their destiny as preordained in Revelation where all wealth/control will become concentrated on the hill in Jerusalem.
Presumably they will make the necessary investments.
They will already control all ASIC mining because they control the very high capex fabs.
The Chinese recently made an advance in quantum communication encryption insuring that a man-in-the-middle must destroy the information when attempting to read it:
https://www.insidescience.org/news/china-leader-quantum-communications
I'm not implying that the sober assessment isn't worthy. I'm just noting that it shouldn't be taken as 100% certain gospel.
I do not think we should be complacent about trying to eliminate the threat from quantum computing.
Such effort must be open source and it must be widely supported, otherwise those who are successfully working towards such might conveniently die in "accidents".
However, in the past @anonymint thought quantum computer would never likely be any faster on Grover’s algorithm than classical computers with parallel memory tables where he cited a paper by Daniel Berstein, but perhaps that is only until you meet the state.
I don't trust academia's work in general when it comes to Bitcoin, they lack a lot of context which they refuse to understand, or add their own which they force to fit in despite obviously irrelevancy.
I agree we shouldn't underestimate the will of the state here, but I'm still confident that it no longer has the might to achieve that sort of success with an intervention, at least, not permanently. The state can always attempt to prove this wrong, however, especially when faced with its own survival.
For another slant...
and I don't understand how any slant which doesn't attack other members of this forum can be considering trolling...
a free exchange of ideas is not trolling.
and I don't understand how any slant which doesn't attack other members of this forum can be considering trolling...
a free exchange of ideas is not trolling.
Never mind about what I thought then, just my take on someone trying to draw someone else into an argument on who's who and who's reading this... you don't need to prove anything to anyone trying to draw you into that.
You'll excuse the intrusion into the semi-troll slant of the current conversation, but here's something just published that backs an earlier paper refuting the threat of quantum computing to Bitcoin: https://www.aier.org/article/threat-bitcoin-quantum-computing
The paper referenced: https://arxiv.org/pdf/1710.10377.pdf
The paper referenced: https://arxiv.org/pdf/1710.10377.pdf
For another slant...
and I don't understand how any slant which doesn't attack other members of this forum can be considering trolling...
a free exchange of ideas is not trolling.
That paper makes projections about the timing and quantity of qubits that will be available in the world based on what is currently known by the pawns in public academia.
We must look instead to the queens and kings on the chessboard.
The Manhatten Project exemplified that when national security is at stake, governments can mount intensive capital resources to accelerate and focus development of a key technology.
When Bitcoin is the international reserve currency with a $500 trillion marketcap 20 years from now, there will be a huge payoff for the Zionists if they can complete their destiny as preordained in Revelation where all wealth/control will become concentrated on the hill in Jerusalem.
Presumably they will make the necessary investments.
They will already control all ASIC mining because they control the very high capex fabs.
The Chinese recently made an advance in quantum communication encryption insuring that a man-in-the-middle must destroy the information when attempting to read it:
https://www.insidescience.org/news/china-leader-quantum-communications
I'm not implying that the sober assessment isn't worthy. I'm just noting that it shouldn't be taken as 100% certain gospel.
I do not think we should be complacent about trying to eliminate the threat from quantum computing.
Such effort must be open source and it must be widely supported, otherwise those who are successfully working towards such might conveniently die in "accidents".
However, in the past @anonymint thought quantum computer would never likely be any faster on Grover’s algorithm than classical computers with parallel memory tables where he cited a paper by Daniel Berstein, but perhaps that is only until you meet the state.
Yes, Quantum computing is a threat to bitcoin. Quantum computers are so powerful and really fast and we shouldn't underrate it.
However a crucial feature of Bitcoin is its security. The features Bitcoin uses to secure itself can be solved by a quantum computer.
And Bitcoin is working around this to put everything in place in the future to come.
However a crucial feature of Bitcoin is its security. The features Bitcoin uses to secure itself can be solved by a quantum computer.
And Bitcoin is working around this to put everything in place in the future to come.
I guess we must be not worried about that it will be happen in our lives =) And cryptographic algorithms can be also updated till that moment
Yes, Quantum computing is a threat to bitcoin. Quantum computers are so powerful and really fast and we shouldn't underrate it.
However a crucial feature of Bitcoin is its security. The features Bitcoin uses to secure itself can be solved by a quantum computer.
And Bitcoin is working around this to put everything in place in the future to come.
However a crucial feature of Bitcoin is its security. The features Bitcoin uses to secure itself can be solved by a quantum computer.
And Bitcoin is working around this to put everything in place in the future to come.
what could be the best option to stop such attacks which will have the power end up an era started to promote anonymity?
Anonymity isn't really the killer app of permissionless, trustless ledgers.
They generally disrupt top-down control, gate-keepers, and rent-seeking parasites in many ways.
The page of the Iota whitepaper which @anonymint cited explains that Iota mitigated the vulnerability in their (flawed) DAG design by making the proof-of-work difficulty very low.
But such a low difficulty in a blockchain consensus system would make the block period so fast relative to the network synchrony that
the orphan rate would skyrocket and the chain would no longer converge on a longest chain and/or attacking it would become much easier.
Yet the principle Iota employed could perhaps be applied to a different design that employed some sort of DAG that is not flawed. For example, @anonymint has been researching such designs.
Possibly some non-proof-of-work consensus system could be found that doesn't suffer from the nothing-at-stake vulnerability but that seems unlikely.
If I am not mistaken, perhaps the EquiHash in Zcash had some quantum computing resistance,
but it seemed to have some other flaws, but the details are not fresh in mind at the moment.
I presume that mathematically it must be possible to design a proof-of-work system which is quantum computing resistant. But haven't delved into it.
Mircea Popescu is working on a proof-of-work which is ASIC-resistant but don't know if it would be quantum computing resistant.
My concern is it may introduce a DoS vulnerability because the validator doesn't have a deterministic bound on computation.
A very big threat, indeed.
I had read an article a few weeks ago concerning quantum computing and Bitcoin — if just one quantum processor mins away at Bitcoin, it could mine thousands and thousands of dollars in just one day before the difficulty explodes and Bitcoin drops like a brick in the sky.
I had read an article a few weeks ago concerning quantum computing and Bitcoin — if just one quantum processor mins away at Bitcoin, it could mine thousands and thousands of dollars in just one day before the difficulty explodes and Bitcoin drops like a brick in the sky.
Using quantum computers to mine doesn't make much sense, when they are WAY more efficient at just recovering private keys from public keys and stealing a good fraction of all BTC.
Probably a matter of the way one thinks. This thought came to my mind as well that the speed these computers will be possessing, can boost almost n times the mining speed as well as confirmation speeds to such levels where even these ASICs would fail. If bitcoin is so vulnerable to quantum computing (and as many of us think that this vulnerability has been stocked in intentionally), what could be the best option to stop such attacks which will have the power end up an era started to promote anonymity? Can official institutions commit such (baseless crimes) just to eat everything from everyone? But then, there comes a question of trust. Who will trade any of these things? There will just be a single dump, and then - THE END?!
You'll excuse the intrusion into the semi-troll slant of the current conversation, but here's something just published that backs an earlier paper refuting the threat of quantum computing to Bitcoin: https://www.aier.org/article/threat-bitcoin-quantum-computing
The paper referenced: https://arxiv.org/pdf/1710.10377.pdf
I personally believe that it is a threat, but probably 1 on a scale of 1 to 10. By the time QC catches up, Bitcoin will have inevitably improved. Somewhere, someone, is always working to improve it. I like this quote from the article: “If there is a known problem, there are people working on solutions, with tremendous professional awards accruing to the winner.”
The paper referenced: https://arxiv.org/pdf/1710.10377.pdf
I personally believe that it is a threat, but probably 1 on a scale of 1 to 10. By the time QC catches up, Bitcoin will have inevitably improved. Somewhere, someone, is always working to improve it. I like this quote from the article: “If there is a known problem, there are people working on solutions, with tremendous professional awards accruing to the winner.”
I asked @anonymint in private Crypto.cat to respond one more time, and he was reticent because he said clearly @Ix has some vendetta and the discussion is turning nasty. He agreed to reply one more time for me for this thread, because of the technical errors that need to be corrected. Here follows verbatim the response he wrote to me in Crypto.cat...
No. The longest chain is measured by adding up the difficulty of all blocks. So even though the blocks will be produced more slowly by the attacker, the difficulty of the chain being replaced is constant and the difficulty per unit time of the attacker is not decreasing.
With all due respect, your ideas for fixes Will not work. If you'd like to discuss this with me, you may post comments on Steemit or Medium for me to answer.
Hashed addresses aren't vulnerable until they're spent. After a few unfortunate users are hacked as they attempt to spend, the 99.999% of the UTXO that remains hashed will remain hashed until a fix is in place as word spreads of the attacks.
Your response belies an understanding of what was already written in this thread. As was explained to @tromp when comparing the vulnerability to the signature scheme, the proof-of-work vulnerability doesn't have the protection of the preimage security of a hash which protects the public addresses. Thus the proof-of-work vulnerability is much more severe than the possibility of breaking the security of the private keys. That is the point I made to @tromp at the start.
Your suggested attack is the proof-of-work vulnerability that I raised. Whether the attacker deploys it long-range or short-range, my point to @tromp remains valid, that the proof-of-work is more vulnerable than the private keys.
Also, developer checkpoints are centralization and are futile if the miners refuse to adhere to them. The community would have to fork to a different proof-of-work algorithm because all of their coins would be stolen by rewriting the entire chain. Such an event would likely crater the price. The attacker could for example short the token and/or have other ulterior (externalities) profit/control motives that are achieved with the attack.
Moreover, the attacker could rewrite the chain and steal/burn only the tokens he wants, leaving the vast majority of users unaffected. Since democracy is one vote per human torso, the attacker can steal tokens from for example the Bitcoin $billionaires (that have minimal interleaving with other users´ UTXO from the time they were mined at coinbase or burn those portions of the targeted victims that intervealed) and leave the masses intact so the attacker(s) have political support for their takeover. Bitcoin transactions don’t reference the block hash where they were confirmed, so that makes this variant of a proof-of-work attack plausible.
Look in the mirror to see who has been trying to drag the discussion into the gutter. First by your gross misapplication of Occam’s Razor wherein you argued that the more complex assumptions are the simpler ones, and now by making an incorrect technical argument. And then you have the audacity of injecting offtopic ad hominem inspite of your numerous errors and myopia about about how attacks can interact with externalities (and so for the 3rd time this is linked for you):
https://medium.com/@shelby_78386/the-caveat-though-is-that-when-the-attacker-can-fork-the-vested-interests-of-some-of-the-users-9340dd037a61
As for objectivity, I can only presume based on your statement quoted below that apparently you're still angry at me for discussions with you about your Decrits in 2013.
Is that vindictive behavior indicative of a civil and mature way to conduct a discussion? Since I started responding to posts in this thread via private chat with @Traxo, you've been trying to find a flaw in my technical argument with which you can nail me to an adhominem cross. Just stick to the points in the arguments without personalizing the argument.
It is not taking the thread offtopic to make points about Satoshi’s possible motives. Because motives are possibly relevant to how, why, and when such a quantum computing attack might be deployed.
Come on man. Please elevate your game to a civil discourse. If you want to prove something, then after 5 years finally launch your Decrits. Trying to ego battle me is the affliction of the incapable and isn't going to prove anything nor gain you anything.
Even a quantum computer takes over 2^45 operations to rewrite the chain which has accumulated work of 2^89 hashes. Even at a generous single cycle double SHA computation and 1 Ghz quantum cycle time this will take 2^15 seconds. That's about 10 hours rather than a nanosecond.
Also, wouldn't it take longer since every 2016 blocks, the difficulty of the clandestine network would go up 4x until it took them approximately 10 minutes to mine a block?No. The longest chain is measured by adding up the difficulty of all blocks. So even though the blocks will be produced more slowly by the attacker, the difficulty of the chain being replaced is constant and the difficulty per unit time of the attacker is not decreasing.
Or is this something that just can't be spoofed?
With all due respect, your ideas for fixes Will not work. If you'd like to discuss this with me, you may post comments on Steemit or Medium for me to answer.
But this line of arguing is pretty pedantic if they can just steal all unprotected funds and funds as they are spent from scripts.
Hashed addresses aren't vulnerable until they're spent. After a few unfortunate users are hacked as they attempt to spend, the 99.999% of the UTXO that remains hashed will remain hashed until a fix is in place as word spreads of the attacks.
Your response belies an understanding of what was already written in this thread. As was explained to @tromp when comparing the vulnerability to the signature scheme, the proof-of-work vulnerability doesn't have the protection of the preimage security of a hash which protects the public addresses. Thus the proof-of-work vulnerability is much more severe than the possibility of breaking the security of the private keys. That is the point I made to @tromp at the start.
But really, all they need to do is rewrite recent history to perform double spends at will, and the developer checkpoints will prevent very deep history rewriting.
Your suggested attack is the proof-of-work vulnerability that I raised. Whether the attacker deploys it long-range or short-range, my point to @tromp remains valid, that the proof-of-work is more vulnerable than the private keys.
Also, developer checkpoints are centralization and are futile if the miners refuse to adhere to them. The community would have to fork to a different proof-of-work algorithm because all of their coins would be stolen by rewriting the entire chain. Such an event would likely crater the price. The attacker could for example short the token and/or have other ulterior (externalities) profit/control motives that are achieved with the attack.
Moreover, the attacker could rewrite the chain and steal/burn only the tokens he wants, leaving the vast majority of users unaffected. Since democracy is one vote per human torso, the attacker can steal tokens from for example the Bitcoin $billionaires (that have minimal interleaving with other users´ UTXO from the time they were mined at coinbase or burn those portions of the targeted victims that intervealed) and leave the masses intact so the attacker(s) have political support for their takeover. Bitcoin transactions don’t reference the block hash where they were confirmed, so that makes this variant of a proof-of-work attack plausible.
(anonymint is very good at sending discussions off course.)
Look in the mirror to see who has been trying to drag the discussion into the gutter. First by your gross misapplication of Occam’s Razor wherein you argued that the more complex assumptions are the simpler ones, and now by making an incorrect technical argument. And then you have the audacity of injecting offtopic ad hominem inspite of your numerous errors and myopia about about how attacks can interact with externalities (and so for the 3rd time this is linked for you):
https://medium.com/@shelby_78386/the-caveat-though-is-that-when-the-attacker-can-fork-the-vested-interests-of-some-of-the-users-9340dd037a61
As for objectivity, I can only presume based on your statement quoted below that apparently you're still angry at me for discussions with you about your Decrits in 2013.
(something you went on for days about being a vulnerability - but it's not).
Is that vindictive behavior indicative of a civil and mature way to conduct a discussion? Since I started responding to posts in this thread via private chat with @Traxo, you've been trying to find a flaw in my technical argument with which you can nail me to an adhominem cross. Just stick to the points in the arguments without personalizing the argument.
It is not taking the thread offtopic to make points about Satoshi’s possible motives. Because motives are possibly relevant to how, why, and when such a quantum computing attack might be deployed.
Come on man. Please elevate your game to a civil discourse. If you want to prove something, then after 5 years finally launch your Decrits. Trying to ego battle me is the affliction of the incapable and isn't going to prove anything nor gain you anything.
2. NSA announced in 2015 that it is going to develop a anti Quantum Cryptographic System. ==> A vague hint to my Third point that we can be still secure
3.But it is said that when the Quantum computer is available for everyone it will cost you millions of dollars. For example : D-Wave 2000Q cost around 15 Million USD ==> Directly strengthening my second point.
@anonymint remarked to me that powers-that-be will be able to afford that, and it ties directly into his point about who "Satoshi" probably really was.
Seems this argument offends people who want to believe Satoshi is some inept Japanese hacker who created Bitcoin from his garage located next to his/her/it/their extended family kabota.
Quantum computers pose a major threat to the security of our private data. So can it break bitcoin ? How vulnerable is bitcoin to it ?
The inception of quantum computer is going to signify a whole new age of computers. And they say all our data that we store online is going to be laid bare, in a manner of speaking. That is because the quantum computers are capable to perform incredibly complex calculations at speeds far exceeding those of today's machines. So all existing blockchain-based projects will have to adjust accordingly.
Perhaps there is a way to modify the BTC code or the clock on the rig to spoof the time in the blockheaders. That way, your could make your clandestine chain think it's solving a block about every 10 minutes when it is really mining a block every few seconds. Or is this something that just can't be spoofed?
Of course you can spoof timestamps at will, but difficulty adjustment still only happens once every 2016 blocks, and can then at most quadruple. So you still need to find PoW for 2016 blocks at diff 1, 2016 blocks at diff 2^2, .... , 2016 blocks at diff 2^44, and 2016 blocks at diff 2^46,
which takes the quantum computer 2016 * (2^16 + 2^17 + ... + 2^38 + 2^39) = about 2^51 steps.
Timestamps will just need to be close enough to force the maximum diff increase of 4x at each retargetting.
I do not find it threat to bitcoin.
First , Quantum Computers are not fully developed for any practical purpose.
Second, Even if they are developed, I do not think they will be available to common people. (The cost of quantum computer might be too high.)
Third, Instead of breaking the codes, might be they can be used to create more sophisticated and secure codes.
Well really disagree you on this point, Quantum Computing has ability to break the chain of today supercomputer in fraction of seconds and can easily surpass the block-chain too.
you can check this article : https://www.linkedin.com/pulse/how-quantum-computing-effect-block-chain-ecosystem-ankur-prasad/?lipi=urn:li:page:d_flagship3_profile_view_base_post_details;Unx%2BTs50Sw20Pg8rVDhW7A%3D%3D
If you read your quoted article again, you will find they are strengthening the points that I made.
1. " how and why it will took a decade and a lot of source and hard-work to build a Successful Quantum Computer. He said “This is really, really hard, way harder than building a classical computer,”. " ==> This excerpts from article strengthen my "first" point.
2. NSA announced in 2015 that it is going to develop a anti Quantum Cryptographic System. ==> A vague hint to my Third point that we can be still secure
3.But it is said that when the Quantum computer is available for everyone it will cost you millions of dollars. For example : D-Wave 2000Q cost around 15 Million USD ==> Directly strengthening my second point.
In short , this article strength my belief that we are not in any kind of immediate danger and if some danger come, we will have some alternatives then
https://www.linkedin.com/pulse/how-quantum-computing-effect-block-chain-ecosystem-ankur-prasad/?lipi=urn:li:page:d_flagship3_profile_view_base_post_details;Unx%2BTs50Sw20Pg8rVDhW7A%3D%3D
Oops; I had forgotten about the need to mine 2016 blocks at current difficulty before allowing it to quadruple (and I thought it could at most double). So correcting for both errors, the 10 hours becomes 10000 hours, or well over a year. Throw in more realistic quantum cycle times, constant factor overheads in Grover's algorithm, and quantum error correction slowdowns, and you're looking at many years...
I don't think the 2016 blocks and difficulty adjustments matter for trying to rewrite the history as the attacker will just mimic the existing history. The amount of hashes you calculated would still stand the same to beat the cumulative difficulty of the existing chain. But really, all they need to do is rewrite recent history to perform double spends at will, and the developer checkpoints will prevent very deep history rewriting.
But this line of arguing is pretty pedantic if they can just steal all unprotected funds and funds as they are spent from scripts. (anonymint is very good at sending discussions off course.)
Even a quantum computer takes over 2^45 operations to rewrite the chain which has accumulated work of 2^89 hashes. Even at a generous single cycle double SHA computation and 1 Ghz quantum cycle time this will take 2^15 seconds. That's about 10 hours rather than a nanosecond.
Well, let's hope there are at least two white hats building on top of the BTC blockchain with their Quantum rig before 1 black hat decides to rewrite the entire chain in 10 hours. Also, wouldn't it take longer since every 2016 blocks, the difficulty of the clandestine network would go up 4x until it took them approximately 10 minutes to mine a block?Oops; I had forgotten about the need to mine 2016 blocks at current difficulty before allowing it to quadruple (and I thought it could at most double). So correcting for both errors, the 10 hours becomes 10000 hours, or well over a year. Throw in more realistic quantum cycle times, constant factor overheads in Grover's algorithm, and quantum error correction slowdowns, and you're looking at many years...
Perhaps there is a way to modify the BTC code or the clock on the rig to spoof the time in the blockheaders. That way, your could make your clandestine chain think it's solving a block about every 10 minutes when it is really mining a block every few seconds. Or is this something that just can't be spoofed?
Even a quantum computer takes over 2^45 operations to rewrite the chain which has accumulated work of 2^89 hashes. Even at a generous single cycle double SHA computation and 1 Ghz quantum cycle time this will take 2^15 seconds. That's about 10 hours rather than a nanosecond.
Well, let's hope there are at least two white hats building on top of the BTC blockchain with their Quantum rig before 1 black hat decides to rewrite the entire chain in 10 hours. Also, wouldn't it take longer since every 2016 blocks, the difficulty of the clandestine network would go up 4x until it took them approximately 10 minutes to mine a block?Oops; I had forgotten about the need to mine 2016 blocks at current difficulty before allowing it to quadruple (and I thought it could at most double). So correcting for both errors, the 10 hours becomes 10000 hours, or well over a year. Throw in more realistic quantum cycle times, constant factor overheads in Grover's algorithm, and quantum error correction slowdowns, and you're looking at many years...
Yet the speed-up of the proof-of-work is 17 billion times faster which is sufficient to replace the entire chain in a nanosecond!
Even a quantum computer takes over 2^45 operations to rewrite the chain which has accumulated work of 2^89 hashes. Even at a generous single cycle double SHA computation and 1 Ghz quantum cycle time this will take 2^15 seconds. That's about 10 hours rather than a nanosecond.
Yet the speed-up of the proof-of-work is 17 billion times faster which is sufficient to replace the entire chain in a nanosecond!
Even a quantum computer takes over 2^45 operations to rewrite the chain which has accumulated work of 2^89 hashes. Even at a generous single cycle double SHA computation and 1 Ghz quantum cycle time this will take 2^15 seconds. That's about 10 hours rather than a nanosecond.
I presume @anonymint was speaking figuratively for the dramatic effect.
Thanks for the more plausible estimate.
Probably the quantum computer would be even slower than 1 Ghz, but I think his point about the potential threat remains valid.
When we're real close to perfection in quantum computing, and it starts looking like a big threat to bitcoin, we (the bitcoin community developers) can:
What if we don’t know we're real close? What if quantum computers become a state secret?
Also what if the extant miners at the juncture refuse to change the protocol because they're complicit?
-hardfork bitcoin and create a tangle (like that of IOTA or a better form of DAG) based coin.
Are they better? See this:
https://steemit.com/cryptocurrency/@anonymint/scaling-decentralization-security-of-distributed-ledgers-part-2
Yet the speed-up of the proof-of-work is 17 billion times faster which is sufficient to replace the entire chain in a nanosecond!
Even a quantum computer takes over 2^45 operations to rewrite the chain which has accumulated work of 2^89 hashes. Even at a generous single cycle double SHA computation and 1 Ghz quantum cycle time this will take 2^15 seconds. That's about 10 hours rather than a nanosecond.
Ahh still such a troll. 
Quote
Scripts could contain bare addresses then if your argument was valid.
They can and do. @anonymint recapitulated his point is that only idiots would leave their public keys bare.
And certainly the person who invented Bitcoin is not an idiot and would certainly realize no worthy person would opt to leave addresses bare.
So to presume that he only added hashing because scripts need to be cryptographically compressed when referenced is not really an application of Occam’s Razor.
Occam’s Razor would not presume that Satoshi was so sophisticated as to become ignorant just so that he could fulfill your theory.
Occam’s Razor assumes the simplest and most natural reason.
For all his purported insight, Satoshi left all of his bitcoin in exposed coinbase to public key transactions. Over a million bitcoins just waiting to be stolen by a quantum computer.
Nice deception isn’t it.
So the elite can steal the BTC from themselves and make it look like they stole from this inept Japanese dude who created Bitcoin in his garage next to a kabota.
Double hashing was due to the known SHA2 length extension attacks.
As @anonymint stated, he was very meticulous about cryptographic security. So why would you assume he became non-meticulous in other cases of Bitcoin’s design?
Why is it that you think the anonymous person (or group) who created the technology that is disrupting the entire world was only capable of very limited thoughts compartmentalized to the convenient areas where you would like them to be?
Is it because you really want to believe Satoshi was inept?
You presume Satoshi is compartmentalized in just the areas you need him/her/it/them to be, but that is a very complex proposition.
The simplest assumption is that Satoshi was not perfectly compartmentalized in just the precise areas we need him/her/it/them to be.
For example, to presume he/she/it/them would be too dumb to not put hashing on addresses unintentionally is a very complex assumption in light of someone of Satoshi’s meticulous attention to detail w.r.t. cryptographic security.
I live in Europe, and @anonymint lives in the Philippines.
Please note that I'm not @anonymint.
And mods can verify this because I'm not using a VPN.
Please note that I'm not @anonymint.
And mods can verify this because I'm not using a VPN.
I'm just saying hi because he's obviously reading the thread.
Quote
Scripts could contain bare addresses then if your argument was valid.
They can and do. For all his purported insight, Satoshi left all of his bitcoin in exposed coinbase to public key transactions. Over a million bitcoins just waiting to be stolen by a quantum computer.
Quote
And he put a lot of thought into making sure that the cryptography couldn’t be cracked by for example his paranoid use of double-hashing.
Double hashing was due to the known SHA2 length extension attacks.
Hi anonymint
I live in Europe, and @anonymint lives in the Philippines.Please note that I'm not @anonymint.
And mods can verify this because I'm not using a VPN.
So thus Satoshi designed Bitcoin addresses to be secure against quantum computing by wrapping them in a hash.
Occam's razor, Satoshi designed bitcoin addresses to use hashing because payments are not made to public keys, but to scripts which are of an undefined and unbound length and would make horrible addresses. It had nothing to do with quantum computers which I don't believe he considered at all.
@anonymint says he was wondering where the original creator of Decrits had disappeared.
He remembers the intensive discussions with you in these forums back in 2013.
He said he will look at your whitepaper.
He does not think Satoshi would be so haphazard, footloose, and unpremeditated as you presume him to be.
Scripts could contain bare addresses then if your argument was valid. But instead he always made addresses hashed. And he put a lot of thought into making sure that the cryptography couldn’t be cracked by for example his paranoid use of double-hashing.
So thus Satoshi designed Bitcoin addresses to be secure against quantum computing by wrapping them in a hash.
Occam's razor, Satoshi designed bitcoin addresses to use hashing because payments are not made to public keys, but to scripts which are of an undefined and unbound length and would make horrible addresses. It had nothing to do with quantum computers which I don't believe he considered at all.
Bitcoin will have to move to a new post-quantum signature scheme long before they need to change to a post-quantum PoW.
problem quantum algorithm rough speedup
signatures Shor's 2^240
PoW Grover's 2^40
problem quantum algorithm rough speedup
signatures Shor's 2^240
PoW Grover's 2^40
@anonymint sent me a message in private chat stating that he doesn’t think you are analyzing the vulnerability of Nakamoto proof-of-work correctly
How are the above speedup numbers not accurate?
I rounded up the latter from sqrt(2^74) (iota paper's estimate of 2^68 is obsolete) to a multiple of 2^10.
Note that hese numbers are ignoring potentially FAR slower cycle times for quantum computers.
@anonymint replied to me in private chat and asked you to please kindly note that it's the ratio in speedup that is relevant in proof-of-work, not the security of breaking the preimage of the hash.
Note that to break a Bitcoin public address requires also breaking the preimage of a hash, not just breaking the elliptic curve cryptography.
Thus your ratio comparison is incorrect.
Actually Grover's algorithm applies to breaking the preimage of the hash for a Bitcoin public-key address, which is not sufficient speed-up.
Yet the speed-up of the proof-of-work is 17 billion times faster which is sufficient to replace the entire chain in a nanosecond!
He asks if you could also look at the "Decentralization" section of his recent blog which goes into more detail on the theory and limited evidence that Satoshi did this intentionally:
https://steemit.com/cryptocurrency/@anonymint/scaling-decentralization-security-of-distributed-ledgers
So thus Satoshi designed Bitcoin addresses to be secure against quantum computing by wrapping them in a hash.
But he (intentionally) left proof-of-work mining vulnerable (allegedly so the global elite would have a way to take control if need be).
Iota shows that other designs might have been capable of patching the vulnerability in proof-of-work.
Or at least Satoshi should have mentioned the vulnerability but he was silent on the issue.
I discussed more about the intentional centralized design of Bitcoin here and here.
Bitcoin will have to move to a new post-quantum signature scheme long before they need to change to a post-quantum PoW.
problem quantum algorithm rough speedup
signatures Shor's 2^240
PoW Grover's 2^40
problem quantum algorithm rough speedup
signatures Shor's 2^240
PoW Grover's 2^40
@anonymint sent me a message in private chat stating that he doesn’t think you are analyzing the vulnerability of Nakamoto proof-of-work correctly
How are the above speedup numbers not accurate?
I rounded up the latter from sqrt(2^74) (iota paper's estimate of 2^68 is obsolete) to a multiple of 2^10.
Note that hese numbers are ignoring potentially FAR slower cycle times for quantum computers.
Hi anonymint
As far as I understand it, bitcoin is currently vulnerable to quantum computers, in theory.
The problem isn’t best solved by mining using quantum computers, I’d say, but to change the mining algorithm so that quantum computers have no upper hand. Quantum computers are only good at some kinds of things.
The problem isn’t best solved by mining using quantum computers, I’d say, but to change the mining algorithm so that quantum computers have no upper hand. Quantum computers are only good at some kinds of things.
Bitcoin will have to move to a new post-quantum signature scheme long before they need to change to a post-quantum PoW.
problem quantum algorithm rough speedup
signatures Shor's 2^240
PoW Grover's 2^40
@anonymint sent me a message in private chat stating that he doesn’t think you are analyzing the vulnerability of Nakamoto proof-of-work correctly and it’s much more vulnerable than the signature scheme and this appears to be an intentionally designed vulnerability:
http://iotatoken.com/IOTA_Whitepaper.pdf#page=26
Also he elaborates in the Decentralization section of the following blog:
https://steemit.com/cryptocurrency/@anonymint/scaling-decentralization-security-of-distributed-ledgers
Note @anonymint will not be able to discuss it with you here because he is perma-banned from bitcointalk.org.
As far as I understand it, bitcoin is currently vulnerable to quantum computers, in theory.
The problem isn’t best solved by mining using quantum computers, I’d say, but to change the mining algorithm so that quantum computers have no upper hand. Quantum computers are only good at some kinds of things.
The problem isn’t best solved by mining using quantum computers, I’d say, but to change the mining algorithm so that quantum computers have no upper hand. Quantum computers are only good at some kinds of things.
Bitcoin will have to move to a new post-quantum signature scheme long before they need to change to a post-quantum PoW.
problem quantum algorithm rough speedup
signatures Shor's 2^240
PoW Grover's 2^40
hi everybody!
A very big threat, indeed.
I had read an article a few weeks ago concerning quantum computing and Bitcoin — if just one quantum processor mins away at Bitcoin, it could mine thousands and thousands of dollars in just one day before the difficulty explodes and Bitcoin drops like a brick in the sky.
I had read an article a few weeks ago concerning quantum computing and Bitcoin — if just one quantum processor mins away at Bitcoin, it could mine thousands and thousands of dollars in just one day before the difficulty explodes and Bitcoin drops like a brick in the sky.
Using quantum computers to mine doesn't make much sense, when they are WAY more efficient at just recovering private keys from public keys and stealing a good fraction of all BTC.
Quantum computers cause a problem with bitcoin, and from what I’ve read we need to move to a larger elliptic curve to be able to protect against them.
No; a larger curve doesn't help (much), since Shor's algorithm runs in (quasi) quadratic time.
That means that doubling the number of bits only causes a fourfold slowdown, and 10x as many bits only a factor 100x slowdown.
You'll need to move to some new post-quantum signature scheme to get the needed exponential lower bound on running time.
As far as I understand it, bitcoin is currently vulnerable to quantum computers, in theory.
The problem isn’t best solved by mining using quantum computers, I’d say, but to change the mining algorithm so that quantum computers have no upper hand. Quantum computers are only good at some kinds of things.
This has been done by some crypto currencies, for example Quantum Resistant Ledger (QRL).
The problem isn’t best solved by mining using quantum computers, I’d say, but to change the mining algorithm so that quantum computers have no upper hand. Quantum computers are only good at some kinds of things.
This has been done by some crypto currencies, for example Quantum Resistant Ledger (QRL).
A very big threat, indeed.
I had read an article a few weeks ago concerning quantum computing and Bitcoin — if just one quantum processor mins away at Bitcoin, it could mine thousands and thousands of dollars in just one day before the difficulty explodes and Bitcoin drops like a brick in the sky.
Bitcoin is vulnerable, but only big corps have quantum processors. And with the huge sum of money they have, why would they spend the time to direct a quantum processor just to earn, maybe $50,000 for a day at the very most? To you that may be a lot, but to them, that's quite insignificant.
Of course, there are new cryptos that are defended from quantum processors mining the coins, but those cryptos are quite relatively unknown.
I had read an article a few weeks ago concerning quantum computing and Bitcoin — if just one quantum processor mins away at Bitcoin, it could mine thousands and thousands of dollars in just one day before the difficulty explodes and Bitcoin drops like a brick in the sky.
Bitcoin is vulnerable, but only big corps have quantum processors. And with the huge sum of money they have, why would they spend the time to direct a quantum processor just to earn, maybe $50,000 for a day at the very most? To you that may be a lot, but to them, that's quite insignificant.
Of course, there are new cryptos that are defended from quantum processors mining the coins, but those cryptos are quite relatively unknown.
I do not find it threat to bitcoin.
First , Quantum Computers are not fully developed for any practical purpose.
Second, Even if they are developed, I do not think they will be available to common people. (The cost of quantum computer might be too high.)
Third, Instead of breaking the codes, might be they can be used to create more sophisticated and secure codes.
Well really disagree you on this point, Quantum Computing has ability to break the chain of today supercomputer in fraction of seconds and can easily surpass the block-chain too.
you can check this article : https://www.linkedin.com/pulse/how-quantum-computing-effect-block-chain-ecosystem-ankur-prasad/?lipi=urn:li:page:d_flagship3_profile_view_base_post_details;Unx%2BTs50Sw20Pg8rVDhW7A%3D%3D
If you own blogger account even you can article about it bro. Do not believe these kind of quantum computers to hack the blockchain platform. You can find the news like quantum computer can break blockchain security and private keys.
But if you ask the wallet developers and blockchain experts they will says 1000 number of quantum computers cannot hack the one wallet without private key bro. Even it is not used by big in so far.
Exchanges do indeed use Pay to Public Key Hash, but and it is a big BUT. Most exchanges reuse their addresses and so their public key is visible, and hence they are NOT safe from quantum computers.
All top 5 bitcoin addresses with the largest balances have reused their addresses and hence their public keys are visible. That is more than 600 000 bitcoins. 3 of them are multisig addresses, but even those can be cracked by quantum computer if the public keys are visible.
I would d prefer that exchanges would not re-use their addresses.
All top 5 bitcoin addresses with the largest balances have reused their addresses and hence their public keys are visible. That is more than 600 000 bitcoins. 3 of them are multisig addresses, but even those can be cracked by quantum computer if the public keys are visible.
I would d prefer that exchanges would not re-use their addresses.
That is indeed the biggest problem right now. I do assume that exchanges will get their shit together once Quantum computers get feasible in a big scale, but on the other hand there have been exchanges that didn't even do transaction batching until just recently. At least in theory it shouldn't be that hard to avoid address reuse though, even at the scale of nowadays exchanges.
Well really disagree you on this point, Quantum Computing has ability to break the chain of today supercomputer in fraction of seconds and can easily surpass the block-chain too.
Bullshit and misinformation. Quantum computing will be able to solve some math problems faster than traditional architectures, that still doesn't make them a magic devices that instantly derive private keys from public keys or can "break the chain of today supercomputer in fraction of seconds" whatever that may mean.
Also the article shows complete misunderstanding of how mining works:
...
Traditional computing reaching its physical limit is actually one of the reasons why quantum computing is being heavily researched in the first place. Accordingly we can expect more and more funding being poored into R&D for quantum computing (and other approaches such as neuromorphic computing) as improving traditional architectures becomes less and less feasible.
...
Traditional computing reaching its physical limit is actually one of the reasons why quantum computing is being heavily researched in the first place. Accordingly we can expect more and more funding being poored into R&D for quantum computing (and other approaches such as neuromorphic computing) as improving traditional architectures becomes less and less feasible.
...
I don´t necessarily disagree with this claim, but not everything that is heavily researched also produces the desired results.
The treatment of various lethal diseases is also heavily researched and still there are various illnesses that can´t be cured
using current medicine. Maybe quantum computing will run into similar problems as the traditional computer architecture and
the situation won´t be much different in a few decades than it is now.
Oh definitely. I'm not saying that quantum computing is bound to come into fruition, I'm just saying that the same physical limits (ie. size) that affect traditional architectures don't affect quantum computers -- pretty much by definition.
Besides, it is likely that even if quantum computers become a reality at some point in the future that cryptography will
have also improved.
have also improved.
Candidates for quantum resistant cryptography already exist, it's mostly a matter of standardization and deployment. The latter possibly being the largest challenge.
...
Traditional computing reaching its physical limit is actually one of the reasons why quantum computing is being heavily researched in the first place. Accordingly we can expect more and more funding being poored into R&D for quantum computing (and other approaches such as neuromorphic computing) as improving traditional architectures becomes less and less feasible.
...
Traditional computing reaching its physical limit is actually one of the reasons why quantum computing is being heavily researched in the first place. Accordingly we can expect more and more funding being poored into R&D for quantum computing (and other approaches such as neuromorphic computing) as improving traditional architectures becomes less and less feasible.
...
I don´t necessarily disagree with this claim, but not everything that is heavily researched also produces the desired results.
The treatment of various lethal diseases is also heavily researched and still there are various diseases that can´t be cured
using current medicine. Maybe quantum computing will run into similar problems as the traditional computer architecture and
the situation won´t be much different in a few decades than it is now.
Besides, it is likely that even if quantum computers become a reality at some point in the future that cryptography will
have also improved.
copper member
Activity: 33
Merit: 0
Converting Mining over "Internet of Transactions"
I do not find it threat to bitcoin.
First , Quantum Computers are not fully developed for any practical purpose.
Second, Even if they are developed, I do not think they will be available to common people. (The cost of quantum computer might be too high.)
Third, Instead of breaking the codes, might be they can be used to create more sophisticated and secure codes.
Well really disagree you on this point, Quantum Computing has ability to break the chain of today supercomputer in fraction of seconds and can easily surpass the block-chain too.
you can check this article : https://www.linkedin.com/pulse/how-quantum-computing-effect-block-chain-ecosystem-ankur-prasad/?lipi=urn:li:page:d_flagship3_profile_view_base_post_details;Unx%2BTs50Sw20Pg8rVDhW7A%3D%3D
What is the biggest quantum bounty in bitcoin?
I.e. what is the single largest output that is Pay to Public Key?
I.e. what is the single largest output that is Pay to Public Key?
Bitcoin did not pay to hash until some time after the start of the network - I think 1-2 years. I have seen stats somewhere that something like 40-50% of all bitcoins are stored with public keys, but a big chunk of that is probably active exchange accounts.
All modern outputs, including those used by exchanges, are protected by Pay to Public Key Hash, and are relatively immune from quantum attacks (a quantum computer cannot find hash pre-images in polynomial time).
Exchanges do indeed use Pay to Public Key Hash, but and it is a big BUT. Most exchanges reuse their addresses and so their public key is visible, and hence they are NOT safe from quantum computers.
All top 5 bitcoin addresses with the largest balances have reused their addresses and hence their public keys are visible. That is more than 600 000 bitcoins. 3 of them are multisig addresses, but even those can be cracked by quantum computer if the public keys are visible.
I would d prefer that exchanges would not re-use their addresses.
I do not find it threat to bitcoin.
First , Quantum Computers are not fully developed for any practical purpose.
Second, Even if they are developed, I do not think they will be available to common people. (The cost of quantum computer might be too high.)
Third, Instead of breaking the codes, might be they can be used to create more sophisticated and secure codes.
Hi,
I found this article interesting about a solution to the problem
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-February/015758.html
I found this article interesting about a solution to the problem
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-February/015758.html
All modern outputs, including those used by exchanges, are protected by Pay to Public Key Hash, and are relatively immune from quantum attacks (a quantum computer cannot find hash pre-images in polynomial time).
Right but there is no enforcement against address reuse. I mentioned exchanges because I assume they are a large part of address reuse, and would be very quick to switch to a quantum resistant DSA should it be publicly known that quantum computers are near solving 128-bit DLPs.
I'm curious what order of magnitude of polynomial time quantum computers will be able to solve the DLP - I haven't seen any research delving into it exactly and I'm not smart enough to figure it out myself. Will P2H transactions have time to be accepted into blocks before their private keys are derived? Or will every transaction be contested? Does a ~256-bit security level DSA offer additional protection? Or is it that once someone has enough stable qubits to derive a 128-bit security level imply that doubling it (squaring it?) is trivial? 128 byte sigs vs 64 byte sigs would be preferable to ~3kbyte sigs of XMSS.
Quote
Unspent outputs from the very early years of bitcoin, that expose the public key, will be the prime targets of attack.
Of which there are at least 1-2 million bitcoins available. Very disruptive.
What is the biggest quantum bounty in bitcoin?
I.e. what is the single largest output that is Pay to Public Key?
Is it one of Satoshi's early addresses?
The advent of feasible quantum computing may well be heralded by the claiming of such a bounty.
I.e. what is the single largest output that is Pay to Public Key?
Is it one of Satoshi's early addresses?
The advent of feasible quantum computing may well be heralded by the claiming of such a bounty.
Bitcoin did not pay to hash until some time after the start of the network - I think 1-2 years. I have seen stats somewhere that something like 40-50% of all bitcoins are stored with public keys, but a big chunk of that is probably active exchange accounts.
All modern outputs, including those used by exchanges, are protected by Pay to Public Key Hash, and are relatively immune from quantum attacks (a quantum computer cannot find hash pre-images in polynomial time).
Unspent outputs from the very early years of bitcoin, that expose the public key, will be the prime targets of attack.
Quantum computing is so complex in its nature. But I believe that it would not be possible to break the system of bitcoin.
Well, yes quantum computing is very risky for bitcoin. It can definitely create a negative impact on bitcoin. So I will tell that it is a threat.
What is the biggest quantum bounty in bitcoin?
I.e. what is the single largest output that is Pay to Public Key?
Is it one of Satoshi's early addresses?
The advent of feasible quantum computing may well be heralded by the claiming of such a bounty.
I.e. what is the single largest output that is Pay to Public Key?
Is it one of Satoshi's early addresses?
The advent of feasible quantum computing may well be heralded by the claiming of such a bounty.
Bitcoin did not pay to hash until some time after the start of the network - I think 1-2 years. I have seen stats somewhere that something like 40-50% of all bitcoins are stored with public keys, but a big chunk of that is probably active exchange accounts.
Yes quantum computers pose a threat to bitcoin in the future, but first, we need to even learn how to program software for quantum computers that would be able to decrypt the algorithm... so it's not an immediate threat but in the future it could pose a threat.
The algorithm to solve the discrete log problem - the security basis for ECDSA - is already known for quantum computers, it is called Shor's algorithm. https://en.wikipedia.org/wiki/Shor's_algorithm It means given a quantum computer with enough qubits, a private key can be derived from a public key in polynomial time (fast).
Quantum computers are bad for our security of our private data. that is the main problem actually. but i believe as technology it upgrading day by day. we will find out something to counter it also. 
Yes quantum computers pose a threat to bitcoin in the future, but first, we need to even learn how to program software for quantum computers that would be able to decrypt the algorithm... so it's not an immediate threat but in the future it could pose a threat.
Quantum computers are far from being reality.
Researchers are trying to get these qubits into a stable position. Thats the first which has to happen for quantum computers to become 'realistic'.
Afterwards devices with more than just a few of these qubits have to be developed.
[...]
Researchers are trying to get these qubits into a stable position. Thats the first which has to happen for quantum computers to become 'realistic'.
Afterwards devices with more than just a few of these qubits have to be developed.
[...]
The first step, getting a handful of qubits into a stable position, is already done:
https://newsroom.intel.com/news/intel-advances-quantum-neuromorphic-computing-research/
https://www.technologyreview.com/s/610274/google-thinks-its-close-to-quantum-supremacy-heres-what-that-really-means/
It's a long shot from production ready quantum computing, but there's a reason why NIST is already working on a new standard recommendation for post-quantum cryptography:
https://csrc.nist.gov/Projects/Post-Quantum-Cryptography
It's not around the corner, but we're well on our way. It is worth noting though that quantum computing is not the magic wand that it is often made out to be.
I highly doubt that quantum computing will even become a problem during
our life time. The advances in terms of processing power of current computers
are already slowing down, because companies like Intel are already having problems
to keep up with Moore's law.
our life time. The advances in terms of processing power of current computers
are already slowing down, because companies like Intel are already having problems
to keep up with Moore's law.
Traditional computing reaching its physical limit is actually one of the reasons why quantum computing is being heavily researched in the first place. Accordingly we can expect more and more funding being poored into R&D for quantum computing (and other approaches such as neuromorphic computing) as improving traditional architectures becomes less and less feasible.
Besides, I read somewhere that a Bitcoin private key is so large that it would take more energy
than is produced by the sun in its lifetime to power a computer that would have
enough computing power to successfully crack it.
than is produced by the sun in its lifetime to power a computer that would have
enough computing power to successfully crack it.
That is assuming brute-forcing the private key space of Bitcoin. Quantum computing could make deriving the private key of an address from its public key actually feasible.
You know how Bitcoin is sometimes described as being protected by math? There are math problems at which quantum computing stands to excel compared to traditional computing -- some of which will likely affect asymmetric cryptography as used by Bitcoin.
There are other threats that are a bigger concern to the security of Bitcoin than
quantum computing.
quantum computing.
If you are referring to sociopolitical threats -- yes, definitely.
Basically it will affect all the coins not only bitcoin. Truly, it can have a gigantic negative effect on bitcoin and digital currencies all in all. Be that as it may, take note of that we will have altogether more serious issues with quantum processing. With it, the entire web as a rule is in danger.
Yes this can be a huge threat to bitcoin and not only bitcoin but also to the whole crypto. The whole internet will be at stake if quantum computing comes. Actually the whole encryption procedure is at a threat.
I highly doubt that quantum computing will even become a problem during
our life time. The advances in terms of processing power of current computers
are already slowing down, because companies like Intel are already having problems
to keep up with Moore's law.
Besides, I read somewhere that a Bitcoin private key is so large that it would take more energy
than is produced by the sun in its lifetime to power a computer that would have
enough computing power to successfully crack it.
There are other threats that are a bigger concern to the security of Bitcoin than
quantum computing.
Quantum computers are far from being reality.
Researchers are trying to get these qubits into a stable position. Thats the first which has to happen for quantum computers to become 'realistic'.
Afterwards devices with more than just a few of these qubits have to be developed.
And after years of researching, when (if) finally a working (and usable) quantum computer is developed, there has to be a new algorithm developed which will allow the discrete logarithm and integer factorization to be computed in a way more efficient way than currently possible.
And only then, bitcoin (assuming no changes are being made) will be less secure. It will be about as secure as IOTA is at the moment. Basically Address-reusing will be a vulnerability here.
Researchers are trying to get these qubits into a stable position. Thats the first which has to happen for quantum computers to become 'realistic'.
Afterwards devices with more than just a few of these qubits have to be developed.
And after years of researching, when (if) finally a working (and usable) quantum computer is developed, there has to be a new algorithm developed which will allow the discrete logarithm and integer factorization to be computed in a way more efficient way than currently possible.
And only then, bitcoin (assuming no changes are being made) will be less secure. It will be about as secure as IOTA is at the moment. Basically Address-reusing will be a vulnerability here.
Quantum computers pose a major threat to the security of our private data. So can it break bitcoin ? How vulnerable is bitcoin to it ?
So far it seems like quantum computing will only affect a certain subclass of asymmetric, ie. private / public key cryptography. This means it will become significantly easier to derive private keys from known public keys, which does indeed put bitcoins at risk.
However the public key of a Bitcoin address is not known until the first outgoing transaction is made. Generating a Bitcoin address from a public key involves hashing the key using SHA-256 which is assumed to be fairly quantum-resistant, making your coins save as long as you refrain from reusing addresses -- which, incidentally, is also how Bitcoin is supposed to be used.
That is assuming Bitcoin won't be updated accordingly. I'm fairly confident that Bitcoin will evolve as new security threats arise.
The way i see it quantum computing is an evolutionary thing. The power of
hacking will increase with the power of encryption and protection.
Do people think quantum computers are only going to be available to hackers
and for people to do negative things with?
hacking will increase with the power of encryption and protection.
Do people think quantum computers are only going to be available to hackers
and for people to do negative things with?
Regardless of to whom quantum computing will be available, it will still necessitate to upgrade pretty much all of the internet. A daunting task; quantum computers won't help with that.
What is the biggest quantum bounty in bitcoin?
I.e. what is the single largest output that is Pay to Public Key?
Is it one of Satoshi's early addresses?
The advent of feasible quantum computing may well be heralded by the claiming of such a bounty.
I.e. what is the single largest output that is Pay to Public Key?
Is it one of Satoshi's early addresses?
The advent of feasible quantum computing may well be heralded by the claiming of such a bounty.
The richest addresses are owned by some of the largest exchanges:
https://bitinfocharts.com/top-100-richest-bitcoin-addresses.html
So if one of these piñatas gets cracked a lot of people will get a haircut. I do assume that exchanges will change their address usage policies once quantum attacks are at the verge of becoming feasible.
the dangerous attack by quantum computers is against public key cryptography.
Quantum computers are not for bitcoin. It can hardly solve the tricks. But, yes it can be considered to be threat because the encrypted datas can be realesed due to this computer, So, I hope bitcoin authorities will do something to eradicate this sort of threats.
What is the biggest quantum bounty in bitcoin?
I.e. what is the single largest output that is Pay to Public Key?
Is it one of Satoshi's early addresses?
The advent of feasible quantum computing may well be heralded by the claiming of such a bounty.
I.e. what is the single largest output that is Pay to Public Key?
Is it one of Satoshi's early addresses?
The advent of feasible quantum computing may well be heralded by the claiming of such a bounty.
Yes this can be a huge threat to bitcoin and not only bitcoin but also to the whole crypto. The whole internet will be at stake if quantum computing comes. Actually the whole encryption procedure is at a threat.
From my perspective i think quantum may affect on crypto currency. So we need to sincere about quantum computing they harmful for internet also.
The way i see it quantum computing is an evolutionary thing. The power of
hacking will increase with the power of encryption and protection.
Do people think quantum computers are only going to be available to hackers
and for people to do negative things with?
hacking will increase with the power of encryption and protection.
Do people think quantum computers are only going to be available to hackers
and for people to do negative things with?
We're talking about most encryption systems being rendered useless.
That will only be temporary since it is very likely that in the future, someone will find a way to lessen the risk of being compromised(inventing a more powerful encryption system that cannot be decrypted using quantum computing). So can it break bitcoin ? How vulnerable is bitcoin to it ?
It poses a major threat for bitcoin and crypto as a whole since it might enable hackers to decrypt the private key of a wallet but like what I stated above, encryption by that time might improve to withstand quantum computing and in order for bitcoin to be quantum computing resistant, it will have a fork that will improve the encryption of its private key.
It definitely depends on the rate of adoption of quantum computing on either side as it does for any technology. Governents are usually the first to use technological advancement on a larger scale, but independant developement of bitcoin would even that out by own adoption sooner or later for either bitcoin or another cryptocurrency.
Due to the computational power of the quantum computer, there is a possibility that the encryption technology of the block chain which is the backbone of the virtual currency will be broken.
If the quantum computer invalidates public key encryption, dependent block chain technology and virtual beliefs are also invalidated.
I believe that cryptographic techniques will also improve by the time that quantum computers are a matter of course.
If the quantum computer invalidates public key encryption, dependent block chain technology and virtual beliefs are also invalidated.
I believe that cryptographic techniques will also improve by the time that quantum computers are a matter of course.
a Quantum Computer is not something that is mass produced like PCs and given to all people. it is used for certain things and it is a rare thing. additionally bitcoin is not using some unique cryptography that nobody else uses! the SHA256 for instance is used by a lot of other sectors and if Quantum computers become a risk they become a risk to a lot of different sectors not just bitcoin.
The quantum computer is very sophisticated, but I do not think it will solve bitcoin, and I believe that everything will go well without any hindrance to bitcoin.
Yes. It can definitely have a huge negative impact on bitcoin and cryptocurrencies in general. But note that we're going to have significantly bigger problems with quantum computing. With it, the whole internet in general is at risk. We're talking about most encryption systems being rendered useless.
Relevant article:
Quantum Computing Is the Next Big Security Risk: https://www.wired.com/story/quantum-computing-is-the-next-big-security-risk/
Relevant article:
Quantum Computing Is the Next Big Security Risk: https://www.wired.com/story/quantum-computing-is-the-next-big-security-risk/
Quantum computers pose a major threat to the security of our private data. So can it break bitcoin ? How vulnerable is bitcoin to it ?
Jump to: