Pages:
Author

Topic: Quantum Computer vs Bitcoin - page 3. (Read 2470 times)

newbie
Activity: 46
Merit: 0
January 13, 2018, 04:52:17 AM
#87
Nothing is impossible, though.

If nothing is impossible, then "everything is impossible" is possible, in which case, nothing is possible.

how is "everything impossible" if "nothing is impossible"

shouldn't it be "everything is possible" if "nothing is impossible"?

it's not a paradox really, is it ?


also you are forgetting, quantum computers will in fact speed the arithmetic operations like cracking SHA but it will also bring new age encryption methods with which you can *tell* if someone opened the stream or not .... with all that "until observed" sort of thing... so i wouldn't worry yet. besides we're at least a decade away from commercial quantum computers.
copper member
Activity: 14
Merit: 0
January 12, 2018, 12:22:23 PM
#86
Is it true that IOTA is the only crypto "quantum-proof"?
Just heard that in their bumph..
E

I think IOTA is only quantum resistant, quantum proof would be a whole level up (e.g., like the difference between products that are water resistant vs water proof).

QRL is another crypto that is quantum resistant; supposedly slightly more so than IOTA.
newbie
Activity: 14
Merit: 0
January 03, 2018, 07:49:57 PM
#85
Quantum PCs will really contend with conventional transistor based PCs things being what they are they'll be slower in specific viewpoints than their transistors based partners. This depends on my free investigation of quantum processing yet we'll simply need to pause and watch when these gadgets begin to take off in the market, the extent that bitcoin is concerned the most exceedingly terrible conceivable situation would be a hard fork to make it 'quantum-safe'
copper member
Activity: 630
Merit: 2614
If you don’t do PGP, you don’t do crypto!
January 03, 2018, 02:09:56 PM
#84
Nothing is impossible, though.

If nothing is impossible, then "everything is impossible" is possible, in which case, nothing is possible.

That paradox hit me faster than the speed of light; and my Quantum FUD® got entangled in the superposition of impossibilities.


(@Vigme86, I began writing you a reply earlier; may do later, time permitting.  Your setup sounds decent; good luck with your long-term holding.)
member
Activity: 98
Merit: 26
January 03, 2018, 01:45:32 PM
#83
Nothing is impossible, though.

If nothing is impossible, then "everything is impossible" is possible, in which case, nothing is possible.
newbie
Activity: 252
Merit: 0
January 02, 2018, 09:38:19 PM
#82
Hmmn, I'm not too sure about that. Nothing is impossible, though. Is it really too safe to store our coins on a system for years?
copper member
Activity: 56
Merit: 1
peg-token.com
January 02, 2018, 05:18:36 PM
#81
The main thing here is the possibility and the way that quantum computers will work.

Computers today talk binary they can only be a 0 or a 1 at any time.
Quantum computers have the advantage of being able to be a  0 and a 1 at the same time.
or  0 and 0
or 1 and 1
or 0 and 1
ect ect ect

So this brings the possibility of code cracking to the extreme.
The first quantum computer to start attacking SHA we could be in trouble..

But chances are that will not be for a very long time dew to many complexities around not only the size but the functionality of quantum mechanics.

When we do reach the realm of quantum being the standard - 30-50 years away there will be new quantum security that will be developed.
full member
Activity: 378
Merit: 103
January 02, 2018, 04:39:51 PM
#80

In this particular context (but see below), “address reuse” means reuse of an address from which you have spent.  Transactions to your address contain the public keys of whoever sent you the money—not your public key.  But the only information revealed in the blockchain when you receive money is the Hash160 (RIPEMD160 of SHA256) of your public key.  That is what haltingprobability referred to as the “public-key hash” in the portion you underlined.

(For the sake of simplicity, I here assume only P2PKH and P2WPKH addresses.  What do these stand for?  “Pay To (Witness) Public Key Hash”.)

But this discussion misses the point that the security of public keys is just fine.  It seems that you missed this upthread:

There are excellent reasons to avoid address reuse; but this is not one of them.  I say this as a paranoid security nut:  The security of publicly disclosed public keys is just fine.  That is why they are called public keys.  The only exception I would here make is if you have coins which you intend to potentially leave in cold storage for decades.  Then, yes, you will want the extra security margin of the key being unpublished.

Bingo.

Do you intend to leave the coins in cold storage for decades?  If so, then I recommend that you do what you said you’re doing:  Use the addresses for receiving only.  Not that I expect for secp256k1 to be broken:  If storing something for decades (or longer), I prefer some extra security margin “just in case”.

Otherwise, there is no reason to worry about revealing the public key.  secp256k1 is secure.  You may rely on it.

But there is another, very different reason to avoid reuse of addresses for both sending and receiving:  Privacy.  Blockchain analysis is already easy enough for experts.  Address reuse of all kinds makes it trivial.

To start with, for a bare modicum of privacy, use one HD wallet with the seed and keys generated (and backed up!) on an airgapped computer; and from that wallet, use a different address every time you receive money.  This recommendation has nothing to do with the security of your money against attacks on public keys.

I had not seen the upthread, indeed, but I meant what I said, it's on a long-time basis (maybe not decades, let's say some years) and I'm currently storing my big savings in btc on a paper wallet generated on an offline computer and encrypted via BIP0038 (actually big for me Smiley, maybe for you guys could be a ridiculous sum).
I have always bought my mBTC on different exchanges and then sent to my Address, I've never verified what kind of transactions the exchanges have made, but I suppose it was a P2PKH (is there a way to know that ?). I do that because I've read on "Mastering Bitcoin" this is the way Antonopoulos stores 95% of its bitcoins.

HD Wallet? I've Electrum on my phone but it's just for some bucks I'm not able to move due high fees level of these days, anyway seed is backed up and I have downloaded BIP0032 program to found every private key from that one.

Anyway thanks again for your answer
copper member
Activity: 630
Merit: 2614
If you don’t do PGP, you don’t do crypto!
January 02, 2018, 12:36:43 PM
#79
3) For certain kinds of problems, QC can provide quadratic speedup, which is a massive speedup. For symmetric ciphers, this probably just means you double your key size - where 128 bits of security used to be sufficient, now you need 256. No big deal. The real problem is with public-key encryption. But lay-people often forget that the quantum speedup blade cuts both ways. We can build encryption systems which take advantage of quantum speedup and make quantum cryptanalysis of PKE quadratically more difficult, mooting the theoretical advantage that cryptanalysts get from quantum speedup. In fact, this is why Bitcoin uses the public-key hash instead of the public-key itself and recommends against address-reuse; in the event of working, at-scale QC, your coins are still secured behind 128-bit-equivalent security as long as you don't reuse addresses or publish the public-keys for your addresses.

...

I'm sorry to short your message but I would know at the underlined sentence if I have good understood the point.
The fact that Public Key and Bitcoin Address are different is not a safeguard against Quantum computing, because when you sign a transaction you are revealing on the blockchain your Publickey, so that Adress can be exposed to QC attack, is that correct?

My doubt is when you speak about "address-reuse": what do you mean with that? I have a cold storage paper wallet ecrypted via BIP0038 where I periodically put some cash into that. I've never spent BTC on that but there is not a single but multiple input transactions, so there are multiple utxo transactions on the blockchain. Until I don't spend bitcoin is it still secured or not? Should I use a cold storage paper wallet for every transaction?

Thanks in advance

In this particular context (but see below), “address reuse” means reuse of an address from which you have spent.  Transactions to your address contain the public keys of whoever sent you the money—not your public key.  But the only information revealed in the blockchain when you receive money is the Hash160 (RIPEMD160 of SHA256) of your public key.  That is what haltingprobability referred to as the “public-key hash” in the portion you underlined.

(For the sake of simplicity, I here assume only P2PKH and P2WPKH addresses.  What do these stand for?  “Pay To (Witness) Public Key Hash”.)

But this discussion misses the point that the security of public keys is just fine.  It seems that you missed this upthread:

There are excellent reasons to avoid address reuse; but this is not one of them.  I say this as a paranoid security nut:  The security of publicly disclosed public keys is just fine.  That is why they are called public keys.  The only exception I would here make is if you have coins which you intend to potentially leave in cold storage for decades.  Then, yes, you will want the extra security margin of the key being unpublished.

Bingo.

Do you intend to leave the coins in cold storage for decades?  If so, then I recommend that you do what you said you’re doing:  Use the addresses for receiving only.  Not that I expect for secp256k1 to be broken:  If storing something for decades (or longer), I prefer some extra security margin “just in case”.

Otherwise, there is no reason to worry about revealing the public key.  secp256k1 is secure.  You may rely on it.

But there is another, very different reason to avoid reuse of addresses for both sending and receiving:  Privacy.  Blockchain analysis is already easy enough for experts.  Address reuse of all kinds makes it trivial.

To start with, for a bare modicum of privacy, use one HD wallet with the seed and keys generated (and backed up!) on an airgapped computer; and from that wallet, use a different address every time you receive money.  This recommendation has nothing to do with the security of your money against attacks on public keys.
full member
Activity: 378
Merit: 103
January 02, 2018, 12:02:08 PM
#78
So the general consensus is somewhere along the lines of "if quantum computing cracks Bitcoin, there will be bigger and more serious problems to worry about"?

Pretty close. Here are the facts:

...

3) For certain kinds of problems, QC can provide quadratic speedup, which is a massive speedup. For symmetric ciphers, this probably just means you double your key size - where 128 bits of security used to be sufficient, now you need 256. No big deal. The real problem is with public-key encryption. But lay-people often forget that the quantum speedup blade cuts both ways. We can build encryption systems which take advantage of quantum speedup and make quantum cryptanalysis of PKE quadratically more difficult, mooting the theoretical advantage that cryptanalysts get from quantum speedup. In fact, this is why Bitcoin uses the public-key hash instead of the public-key itself and recommends against address-reuse; in the event of working, at-scale QC, your coins are still secured behind 128-bit-equivalent security as long as you don't reuse addresses or publish the public-keys for your addresses.

...

I'm sorry to short your message but I would know at the underlined sentence if I have good understood the point.
The fact that Public Key and Bitcoin Address are different is not a safeguard against Quantum computing, because when you sign a transaction you are revealing on the blockchain your Publickey, so that Adress can be exposed to QC attack, is that correct?

My doubt is when you speak about "address-reuse": what do you mean with that? I have a cold storage paper wallet ecrypted via BIP0038 where I periodically put some cash into that. I've never spent BTC on that but there is not a single but multiple input transactions, so there are multiple utxo transactions on the blockchain. Until I don't spend bitcoin is it still secured or not? Should I use a cold storage paper wallet for every transaction?

Thanks in advance
newbie
Activity: 5
Merit: 0
January 02, 2018, 11:03:11 AM
#77
Quantum computers are the best medium you can use in order for you to get and mine as much Bitcoins as you can. You need to understand that quantum computers are the best there is.
full member
Activity: 396
Merit: 100
December 30, 2017, 07:06:12 AM
#76
I heard that Quantum Computer can destroy bitcoin.
Is it possible?
Quantum computers could crack Bitcoin, but fixes are available now,actually there is good news about this. its proof-of-work isn't as vulnerable to “quantum speedup” as people think, and the signature can be replaced with something more quantum-resistant before the day of reckoning.
legendary
Activity: 3136
Merit: 1233
Bitcoin Casino Est. 2013
December 29, 2017, 05:02:38 PM
#75
Quantum computers is definitely not a threat to Bitcoin. These computers cost millions of DOLLARS and undoubtedly be able to spread.

Well, but goverments, Google, Microsoft, all of them can use quantum computers.

You can choose to fight back with the little tools at our disposal. TAILS Linux operating system is an OS which has Electrum included and you can keep the seed in a safe place and restore it every time your run TAILS. This operating system doesn't leave any trace on your computer unless you want to, when it connects to the internet it only connects through TOR browser so government cannot do that much to stop anyone from using Bitcoin or be a threat to your Bitcoins.

Quantum computers are not build to be a threat to cryptocurrencies but to help aid NSA and other security agencies do their job better.
sr. member
Activity: 2604
Merit: 338
Vave.com - Crypto Casino
December 29, 2017, 04:49:43 PM
#74
I heard that Quantum Computer can destroy bitcoin.
Is it possible?
Nope, Quantum Computer cant really easily decrypt cryptocurrencies and as being said its much harder to solve out 2x than on x2 which have been mentioned on previous pages of this thread which I do completely agree. This is why I don't really see that these computers would really be a big threat. If it can affect then it would not be on major thing for sure and besides this apparatus is costly.
newbie
Activity: 1
Merit: 0
December 29, 2017, 03:10:53 PM
#73
Short answer: No
Long answer: Bitcoin's proof of work algorithm is secure because they would have to use grovers algorithm to crack sha256 which would take O(2^sqrt(n)) time instead of O(2^n) which is a good speed up but still not enough to crack sha256 (it may give miners using quantum hardware an advantage). However elliptic curves are vulnerable to attack by shor's algorithm so a new signature function would be needed for example lamport signatures, however they will not protect people who have not moved to the new signature scheme before quantum computers are created. On the upside addresses which have not had their public keys revealed are safe1 because of the hash function protects the key but this protection is not present in the early bitcoin accounts because they did not used hashed keys for example satoshi's coins and all other coins pre-2012 which have not been put in a quantum secure could be at risk.

1: but the coins cannot be moved without comprising them
PS: If quantum computers hit the world by surprise we have more to worry about than bitcoin
member
Activity: 112
Merit: 10
December 29, 2017, 01:36:27 PM
#72
Thank you!

Quote
See above. If you owned all the hashing equipment in the entire Bitcoin network and could somehow use that equipment to test keys at the same rate as the hashrate, it would take 585 billion years to brute force any key.

Im just curious but not a professional obviously, that was the first post ive read which puts it in some context Smiley
member
Activity: 98
Merit: 26
December 29, 2017, 01:11:01 PM
#71
Note that I made a mistake on the size of the secp256k1 key space - it is greater than 2255, not approximately 2128.

Bitcoin also need to note an attacker maybe doesent need to brute the entire keyspace if shooting for one key ie rich wallet. What are the odds of hitting a key before the entire key space is bruteforced ?  

"entire key space is bruteforced" --> It's difficult to give a good metaphor for how huge the secp256k1 keyspace is... it's effectively infinite.

The birthday paradox tells us that the average time to collision for an n-bit hash function is 2n/2, in our case, 2128. Fortunately, 2128 is large enough that it can also be treated as "effectively infinite". At this writing, the hash rate is 8.4x1018 hashes per second. The average time to collision if you could test public keys at this rate (you can't) would be 585 billion years.

Quote
Then theres cluster bruteforce - obviously nobody did that in a really madass large scale, at least not publicly yet. Are there even bencharks wha twould be possible?

See above. If you owned all the hashing equipment in the entire Bitcoin network and could somehow use that equipment to test keys at the same rate as the hashrate, it would take 585 billion years to brute force any key. Clusters are powerful systems for computation but their compute power only grows linearly with cluster-size - a cluster of 10,000 nodes is only 10x as powerful as a cluster of 1,000 nodes. The difficulty of breaking cryptosystems grows exponentially in the number of bits of security (assuming there are no mathematical breaks).

Quote
For example a botnet of really large server, 30x raids in a huge cluster. Since one of those boxes costs 50K plus, yeah one has to be serious - for that to happen the loot just has to be big enough and somebody will try.

I think your arithmetic is off by more than you realize.
member
Activity: 112
Merit: 10
December 29, 2017, 07:31:43 AM
#70
I heard that Quantum Computer can destroy bitcoin.
Is it possible?

It's something that Bitcoin's designers need to keep in mind as a "tail risk".

Quantum computers reduce the effective security of our strongest cryptographic primitives (hashes, symmetric ciphers) by about half. That is, a 256-bit hash gives about 128 bits of effective security in a world where quantum computers are used for at-scale computation. 128 bits of security is pretty good security - searching 1037 gives about a 10% chance of breaking a particular hash (finding the hash preimage). 1037 is 10 quadrillion quadrillion quadrillion - that's more than a billion billion times the number of hashes performed by the combined hashpower of all Bitcoin miners in order to mine a block.

The hash address is only 160 bits but it still requires 256 bits of search to break, that is, address=RIPEMD160(SHA256(pubkey)) minus a few technical details. Once you get the pubkey, we typically assume that a quantum computer will easily recover the private key from the public key. However, quantum-resistant public key encryption is still possible. Because of its quadratic advantage (theoretical) over classical computers, we have to double the key space (note that this may more than double key size). IIRC, secp256k1 is 128-bits equivalent security which we have to cut in half in a quantum-computation world - effective security is 64-bits. While 64-bits is too small for securing a large asset (such as all bitcoins), note that each address is secured by 64-bits security. So the cost of breaking all addresses in the UTXO set is at least 64 * nUTXO where nUTXO is the number of unspent transaction outputs. In other words, even with a quantum computer, you still have to break each address separately, and there are a lot of addresses.

Finally, quantum computation will actually help Bitcoin more than it will hurt it. As QC's begin to approach sufficient complexity to be able to mount serious attack against Bitcoin's cryptographic primitives, they are going to force cryptographers to revise usage across many cryptographic applications - traditional banking, government communication and data-storage, military communications systems, and so on. Quantum cryptography offers the promise of new modes of communication that are not possible with classical communication channels. Perhaps you can secure your Bitcoin address with an entangled set of qubits such that only the holder of the originally entangled qubits can prove ownership of the address. So, Bitcoin should not be having FUD about QC.


Bitcoin also need to note an attacker maybe doesent need to brute the entire keyspace if shooting for one key ie rich wallet. What are the odds of hitting a key before the entire key space is bruteforced ?  

Then theres cluster bruteforce - obviously nobody did that in a really madass large scale, at least not publicly yet. Are there even bencharks wha twould be possible? For example a botnet of really large server, 30x raids in a huge cluster. Since one of those boxes costs 50K plus, yeah one has to be serious - for that to happen the loot just has to be big enough and somebody will try.
member
Activity: 98
Merit: 26
December 29, 2017, 01:56:22 AM
#69
I heard that Quantum Computer can destroy bitcoin.
Is it possible?

No. Quantum theory is fake "science" and does not exist, nor do "quantum computers".

I couldn't agree more! no such thing!

Um. Wuuut?

Reality is quantum ... try it for yourself. Also.
newbie
Activity: 41
Merit: 0
December 29, 2017, 01:43:54 AM
#68
Quantum computers will actually compete with traditional transistor based computers as it turns out they'll be slower in certain aspects than their transistors based counterparts. This is based on my independent analysis of quantum computing but we'll just have to wait and watch when these devices start to roll out in the market, as far as bitcoin is concerned the worst possible scenario would be a hard fork to make it 'quantum-resistant'.
Pages:
Jump to: