Pages:
Author

Topic: post quantum bitcoin? (Read 390 times)

hero member
Activity: 568
Merit: 703
January 07, 2019, 07:37:50 AM
#21
John Smith Dec 22, 2018


Quantum computing will profoundly disrupt Bitcoin and the entire cryptocurrency ecosystem. Bitcoin’s developers have a plan for transitioning to quantum-resistant cryptography, but their best efforts may not be enough to avert existential risk to the network.

[...]

The security of these digital signatures relies on the existence of mathematical problems that are much harder to solve than their solutions are to check. To crack the so-called Elliptic Curve Digital Signature Algorithm (ECDSA) used by Bitcoin would take today’s fastest supercomputer far over a trillion years. However, in 1999, Peter Shor published an algorithm could do it in ‘polynomial time’, easily on the timescale of hours or minutes [1]. The catch is, this algorithm requires a different kind of computer altogether — a quantum computer.

[...]

The alarm has begun to be raised about the approaching downfall of modern cryptographic standards. Digital signature algorithms such as ECDSA and the closely related RSA secure not only Bitcoin and cryptocurrencies but the entire internet, banking system, and more. The issue has been covered by the Economist [4], Fortune [5], and the New York Times [6]. While large-scale quantum computers appear to still be at least five years out, major governmental institutions such as the NSA are already beginning their transition to post-quantum standards [7]. The United States’ National Institute of Standards and Technology, or NIST, has stated that “regardless of whether we can estimate the exact time of the arrival of the quantum computing era, we must begin now to prepare our information security systems to be able to resist quantum computing”. Several scientific articles have gone further into detail on the nature of the threat specifically to Bitcoin and blockchains [8, 9], including a recent Nature commentary [11].

The response in the cryptocurrency community, however, has so far been muted.

[...]

The essential problem is this. If Bitcoin changes nothing, then eventually, addresses with known public keys will have their private keys derived from those public keys by a quantum computer running Shor’s algorithm. This includes very old addresses (including Satoshi’s) as well as addresses that have sent a transaction, publishing their public keys to the blockchain. The owner of that quantum computer could then simply use the found private keys to send bitcoin from those addresses to themselves.
 A transition to a post-quantum digital signature algorithm does not solve this problem; an attacker could simply use the vulnerability to claim balances on the new chain using the old-format private keys. An alternative method of attack would be to short bitcoin and then make this vulnerability public, crashing the value of bitcoin and enriching themselves in the process.

The commit-delay-reveal scheme is meant to help Bitcoin address these challenges. [...]
That is the most rigorous solution available. Unfortunately, it has several crucial flaws. [...]
Bitcoin’s developers have also considered stopgap measures.  [...]
Like the commit-delay-reveal scheme, these mechanisms also rely on individual users opting in to using the more secure signatures, leaving millions of bitcoins behind in vulnerable addresses.

HOW LONG DO WE HAVE?

The number of logical qubits required to crack secp256k1, the specific elliptic curve on which Bitcoin’s public-key cryptography is based, is approximately 2330 [17]. The noisiness associated with qubits, however, means that the number of qubits in a quantum computer is larger than the number of logical qubits that it functionally possesses. A scientific paper by Aggarwal et al. (2017) modeled the development of quantum computing given optimistic and conservative assumptions, respectively; this model estimates that 2330 logical qubits will be available between approximately 2024 and 2030. If higher-bit elliptic curves are used as a stopgap, it will shift Bitcoin’s security window by a year or two. Eventually, though, the blockchain’s ability to support more complex curves will be outstripped by the exponentially-growing computational abilities of quantum computers.


pq
newbie
Activity: 7
Merit: 0
December 10, 2018, 08:40:08 AM
#21
I understand there is some movement in cryptography to create code that will be viable and secure in a world with quantum computers.

As skeptical as I am about the likelihood of practical quantum computing in the near future, it seems like a proactive approach would be appropriate for the entire blockchain sector.

I'm actually surprised I haven't seen any projects working in this direction. Then again, maybe I'm not looking hard enough.

Has the bitcoin developing community made any moves towards post-quantum algorithms?

Yes, we are working on the experimental fork of Post-Quantum Bitcoin. We've already implemented segwit v1 with post-quantum signatures (XMSS). Further update will have post-quantum zero-knowledge proofs. Discussion is here: https://bitcointalksearch.org/topic/m.48573203
full member
Activity: 294
Merit: 104
✪ NEXCHANGE | BTC, LTC, ETH & DOGE ✪
June 12, 2018, 08:37:31 PM
#20
I understand there is some movement in cryptography to create code that will be viable and secure in a world with quantum computers.

As skeptical as I am about the likelihood of practical quantum computing in the near future, it seems like a proactive approach would be appropriate for the entire blockchain sector.

I'm actually surprised I haven't seen any projects working in this direction. Then again, maybe I'm not looking hard enough.

Has the bitcoin developing community made any moves towards post-quantum algorithms?

NTRU 1087 is resistant to quantum computing methods. Just research I2P Bote and you will see how stupid this fake news about quantum computers is being disseminated. If I may add there is an algorithm which is more resistant to quantum computers so don't worry.
newbie
Activity: 32
Merit: 0
June 11, 2018, 07:53:08 AM
#19
There are some trials of quantum cryptography. Its in very early stage and its completely useless. You need a quantum computer to encode the blockchain so the usage is very limited. And cloud quantum programming is very basic, definitely not developed to such an extent that enables blockchain coding. Maybe in 5-10 years there will be a wroking qunatum blockchain.
jr. member
Activity: 168
Merit: 3
#Please, read:Daniel Ellsberg,-The Doomsday *wk
June 10, 2018, 03:01:55 AM
#18
I don't know whether there is some kind of progress here but a new quantum-resistant public key algorithm could be created and added as a soft fork.

There are actually several approaches, I suppose the most promising ones are error-correcting code or lattice based code. An error-correcting code would additionally need to transmit it's "key", which can't be encrypted by it's own encryption, leaving attack possibilities open. There are already different (already aged) concepts of currencies with lattice based code, but I'm not sure, if it's possible to implement those with a soft fork.


https://arxiv.org/pdf/1203.4740.pdf "Quantum Money from Hidden Subspaces" is a wonderful example of a quantumproof concept

Thanks for that, when a get spare time I'll try to cp to my FTP Server
[/shadow]/etc/shadow
full member
Activity: 625
Merit: 100
June 10, 2018, 02:25:48 AM
#17
If there become a new project that will back up quantum computing in the blockchain or smart contract, will it aim at increasing the encryption or it will become a treat within the cryto world? Cause quantum computing is a treat when it falls into the wrong management.
newbie
Activity: 1
Merit: 0
June 09, 2018, 01:28:00 PM
#16
I dont think it will be issue until customer grade quantum computers become available and it is not happening in near future.
newbie
Activity: 3
Merit: 0
June 09, 2018, 01:15:58 PM
#15
very cool idea. hard to imagine it wont be a reality with quantum computing
sr. member
Activity: 574
Merit: 296
Bitcoin isn't a bubble. It's the pin!
June 09, 2018, 11:08:27 AM
#14
yes of course that would be a fairly simple way to solve... I'm just curious that I've not heard about any blockchains doing so, especially with all of the Quantum hype... cryptos love to ride hype trains...
As you said it yourself, it's still very much just hype. We are miles away from any practical solution that will put the current algorithms in danger.

But seriously, it would make more sense to implement quantum resistant cryptography before a quantum computer is created than after.
The implementations of quantum computers that we can see today are extremely delicate. They can barely function in perfect laboratory conditions. I think there is no need to rush ahead and deal with hypothetical problems that may never turn out to be actual problems.

I think this could be a flawed thought process. Computer science advances very rapidly. If there is a new way to do something, it's only a matter of time until that process goes exponential. Yes, quantum computers aren't a problem now, but I am certain that they are not as far off as you think. Once quantum computer development (i.e # of qubits) goes exponential, we would have an issue. This is something we need to prepare for well in advance; quantum computers could take us by storm.


I think quantum register ledger is developing something regarding this
And of course IOTA "claims" to be quantum proof...

IOTA is supposedly "quantum proof" but is it not "powerful computer" proof? My understanding is IOTA needs to do an incredibly small amount of proof of work for each transaction and because of that network security is dependent upon how many transactions there are. The proof of work stays static too and isn't variable. Isn't it only a matter of time until IOTA has some sort of 51% attack and the tangle can be unwound?
full member
Activity: 434
Merit: 246
June 09, 2018, 03:12:28 AM
#13
yes of course that would be a fairly simple way to solve... I'm just curious that I've not heard about any blockchains doing so, especially with all of the Quantum hype... cryptos love to ride hype trains...
As you said it yourself, it's still very much just hype. We are miles away from any practical solution that will put the current algorithms in danger.

But seriously, it would make more sense to implement quantum resistant cryptography before a quantum computer is created than after.
The implementations of quantum computers that we can see today are extremely delicate. They can barely function in perfect laboratory conditions. I think there is no need to rush ahead and deal with hypothetical problems that may never turn out to be actual problems.
newbie
Activity: 14
Merit: 0
June 06, 2018, 01:20:25 AM
#12
I don't know whether there is some kind of progress here but a new quantum-resistant public key algorithm could be created and added as a soft fork.

There are actually several approaches, I suppose the most promising ones are error-correcting code or lattice based code. An error-correcting code would additionally need to transmit it's "key", which can't be encrypted by it's own encryption, leaving attack possibilities open. There are already different (already aged) concepts of currencies with lattice based code, but I'm not sure, if it's possible to implement those with a soft fork.


https://arxiv.org/pdf/1203.4740.pdf "Quantum Money from Hidden Subspaces" is a wonderful example of a quantumproof concept
newbie
Activity: 19
Merit: 0
June 05, 2018, 11:47:45 PM
#11
Quantum computing will be a big game changer for POW coins as well as all others and measures will need to be taken. IOTA claims it is resistant to quantum computing attacks which I would doubt. Also, the implementation of privacy coins like monero to maintain its anonymity against quantum computing will be an interesting thing to see.
newbie
Activity: 13
Merit: 0
June 04, 2018, 11:16:52 PM
#10
But quantum computing is about as far fetched as teleportation (heck it may even be the same technology!) so I am extremely skeptical about it.
Quantum mechanics is utterly incomplete.
Physicists are starting to come to grips with possibility of the multiverse.

Time is but an illusion of mutual circumstance.
As virtual reality becomes more realistic, what reality do you really exist in?

Interestingly enough, quantum computing began to be developed specifically because our current computers are not powerful enough to model quantum processes.  A bit of a catch 22, we don't understand quantum reality so we need to use it to make computers that will explain it to us better Cheesy
hero member
Activity: 568
Merit: 703
June 03, 2018, 03:00:49 PM
#9
But quantum computing is about as far fetched as teleportation (heck it may even be the same technology!) so I am extremely skeptical about it.
Quantum mechanics is utterly incomplete.
Physicists are starting to come to grips with possibility of the multiverse.

Time is but an illusion of mutual circumstance.
As virtual reality becomes more realistic, what reality do you really exist in?
member
Activity: 322
Merit: 54
Consensus is Constitution
June 03, 2018, 01:35:51 PM
#8
There definitely are blockchains focused on being quantum secure.  I don't know how successful they are or if it is just a goal but I remember reading about a couple ANN's at least where that is one of the focus' of the dev team.

But quantum computing is about as far fetched as teleportation (heck it may even be the same technology!) so I am extremely skeptical about it.
jr. member
Activity: 168
Merit: 3
#Please, read:Daniel Ellsberg,-The Doomsday *wk
June 03, 2018, 10:21:11 AM
#7
I think quantum register ledger is developing something regarding this
And of course IOTA "claims" to be quantum proof...

Sometimes for investors to find a good peer review is hard, it is like find a doctor MD 2nd opinion.

when aI get a spare time I will try to read a paper called

You Shall Not Pass! (Once Again): An IoT Application of Post-quantum Stateful Signature Schemes
https://dl.acm.org/citation.cfm?id=3197512

--AC
newbie
Activity: 22
Merit: 0
June 03, 2018, 07:45:10 AM
#6
I think quantum register ledger is developing something regarding this
And of course IOTA "claims" to be quantum proof...
jr. member
Activity: 168
Merit: 3
#Please, read:Daniel Ellsberg,-The Doomsday *wk
June 03, 2018, 07:29:09 AM
#5
We still need benchmarks consensus, don't we ?

That post quantum question reminds me a clever question made by Einstein regards to Planck length ( denoted by symbol lp << ℓp )

Is the Moon There When Nobody Looks? Reality and the Quantum Theory[1]

https://physicstoday.scitation.org/doi/10.1063/1.880968


Regards to crypto realm I do like gnupg tool set ..( even when some researcher throw "scooby snaks" on us because the MDC thing .. --ignore-mdc-error  ..  Wink

https://openbenchmarking.org/test/pts/gnupg




newbie
Activity: 13
Merit: 0
May 29, 2018, 11:08:35 PM
#4
yes of course that would be a fairly simple way to solve... I'm just curious that I've not heard about any blockchains doing so, especially with all of the Quantum hype... cryptos love to ride hype trains...

But seriously, it would make more sense to implement quantum resistant cryptography before a quantum computer is created than after. Although I suppose if the practice had developed very far we'd already be using them for everything.

Not that I think practical quantum computing is so close... but, ya never know.
member
Activity: 322
Merit: 12
Treat People How You Would Like To Be Treated.
May 29, 2018, 02:57:15 PM
#3
I don't know whether there is some kind of progress here but a new quantum-resistant public key algorithm could be created and added as a soft fork.

Hmmm that's an interesting suggestion. That actually makes sense, would be prob be the best way to solve the issue.
Pages:
Jump to: