From the little bit of research I've done into the topic, the main threat to Bitcoin from quantum computing, once it becomes mature, is that there's roughly 2 million bitcoin (including Satoshi's ~1 million btc) that I guess were mostly from coinbase txs (miner rewards) that haven't moved since way back in the early days and are still held in the original pay-to-public-key format that exposed the public key of the receiver.
Eventually quantum computing is supposed to be able to break the public key to find the associated private key in bitcoin's non-quantum-resistant cryptography in a reasonable amount of time. So there's around 2 million bitcoin, most of which are likely "lost" bitcoin, which WILL eventually be stolen by whoever first targets bitcoin once quantum computing is sufficiently powerful. All other bitcoin aren't at risk because we pay to the hashed address which apparently quantum computing isn't supposed to be able to break, but those really old never-moved bitcoin are just waiting to be stolen by quantum computers.
Some of those old ~2 million bitcoin are likely not lost and can be moved before a quantum threat materializes, but probably the vast majority of that amount if up for grabs. Only way I see that threat being nullified is a hard fork that breaks backwards compatibility - something that so far has essentially been seen by devs and the community as never going to happen because it breaks the concept of Bitcoin being immutability. I think you'd need a hard fork to cut those old at-threat bitcoin off and excise them from the supply, leaving bitcoin with roughly 19 million total supply instead of 21 million.
I'm no expert but from the research I've done this is what I understand is the case. So if this is all true then at some point, perhaps as soon as sometime next decade, we are going to have a quantum threat that likely results in a hard fork likely not done by the main bitcoin devs, with bitcoin-core devs and some of the community sticking with original bitcoin and allowing 2 million bitcoin to get stolen and hit the market, and some of the community going with an immutability-broken Bitcoin fork that blacklists those at-threat bitcoin and stays safe from the quantum attack. Will be very interesting to see how the quantum threat and the bitcoin response plays out over the next decade or two. Could be very dangerous, and needless to say the price ramifications would be unimaginable if 2 million lost bitcoin are over a short time stolen and dumped on the market (and whoever did that would be one of the wealthiest entities on earth).
But we've likely got a bunch of years before this happens. And yes as the OP mentioned quantum computing puts at risk basically all our internet security of course, bitcoin is just one small thing in that. But the future of Bitcoin will likely eventually rest on the decisions (perhaps very controversial) made on what to do, if anything, about the quantum threat.
Topic: Quantum Computers Can Not Defeat Bitcoin, not even The Bitcoin Network (Read 255 times)
January 15, 2024, 10:44:01 AM
November 05, 2023, 06:34:35 AM
Put differently, a breakthrough in mathematics that breaks ECDSA requires a lot more priors than a breakthrough in QC.
Curiously, but:- how sure are we that this assertion is true?
- would we still have the necessary resources given we find that breakthrough to accomplish this with classic computers?
Obviously there's always unknown unknowns
But whereas with QC we are seeing gradual improvements, there doesn't even seem to be a way forward towards breaking ECDSA with classical computing, mathematically speaking. The "only" progress we've been seeing is the development of quantum-resistant cryptography schemes, so the consensus seems pretty clear that future threats are more likely to come from QC rather than as-of-yet unknown mathematical properties of ECDSA.
November 04, 2023, 01:32:24 PM
Put differently, a breakthrough in mathematics that breaks ECDSA requires a lot more priors than a breakthrough in QC.
Curiously, but:- how sure are we that this assertion is true?
- would we still have the necessary resources given we find that breakthrough to accomplish this with classic computers?
Yes that's right. Quantum computers will not beat BTC, because quantum technology is needed for world progress, DLT, 4IR (smart city, IOT, AI).
I mean, how is even that relevant? Quantum computers "can" beat Bitcoin in theory, but we miss the resources to do it in practice, as far as I understand. And by the way, if it ever happens, it'd break the entire Internet, not just Bitcoin. Bitcoin can migrate to a quantum resistant algorithm long before it happens. 
November 04, 2023, 10:25:58 AM
The technology clearly isn't there for us to currently worry about the quantum computing threat to Bitcoin, and hopefully, there will indeed be enough time and opportunity to develop better algorithms in case that threat gets more real.
The Twitter thread suggests the tech is decades away, but I think that we actually can't know that at all. Tourist trips to Mars also seemed decades away in the 1970s, and yet here we are nowhere near that point. But I think quantum computing is even more difficult because it really requires a breakthrough in understanding of quantum mechanics, not just a good engineering solution.
The Twitter thread suggests the tech is decades away, but I think that we actually can't know that at all. Tourist trips to Mars also seemed decades away in the 1970s, and yet here we are nowhere near that point. But I think quantum computing is even more difficult because it really requires a breakthrough in understanding of quantum mechanics, not just a good engineering solution.
November 04, 2023, 08:33:05 AM
Quote
Quantum Computers Can Not Defeat Bitcoin, not even The Bitcoin Network
Everything about quantum computers being able to beat bitcoin has only been discussed in theory, there is no reality showing that it is possible. Personally, I never believed that quantum computers could decrypt bitcoin or destroy the blockchain. These speculations have never been reliable. For me until now, blockchain and bitcoin are still sacrosanct and no one can attack or defeat it. It is difficult to predict anything in the future because of technological developments, but currently it is impossible.
It was extraordinary that Satoshi Nakamoto created BTC and immediately changed the global financial order. No wonder there are lots of contradictions, especially since the central side is definitely overheating. All the ways from all corners of the world want to bring down Bitcoin are still increasingly fierce.
November 04, 2023, 08:22:52 AM
You don't need a quantum computer to break it, you just need a mathematical formula which could work for any number, and since private keys are numbers, finding such formula can solve any key by using even a mobile phone.
Humanity developing a quantum computer strong enough to break ECDSA seems far more likely than someone finding an effective alternative to Shor's algorithm for classical computing tho.
Given the hardness of the problem there seems to be a paradigm shift in mathematics required rather than a "simple math formula" though.
Don't get me wrong, I'm not saying that there is absolutely no way that somewhere out there is a solution to breaking ECDSA using consumer hardware, waiting to be discovered. I'm just saying that such an assertion is purely speculative since we have no reason to assume such a possibility given our current state of knowledge. Put differently, a breakthrough in mathematics that breaks ECDSA requires a lot more priors than a breakthrough in QC.
Humanity developing a quantum computer strong enough to break ECDSA seems far more likely than someone finding an effective alternative to Shor's algorithm for classical computing tho.
It is exactly the opposite. Quantum computers are likely never going to do any useful cryptography related stuff.Maybe, but that does not necessarily make the opposite more likely. There's a third option after all: It may just not be possible. In the end we don't even know yet whether P=NP.
November 04, 2023, 07:44:47 AM
I am actually particularly interested if quantum computing can be able to be the tool to eventually destroy Bitcoin. Though, of course, this remains to be seen once the technology is finally revealed before our eyes. As a Bitcoin enthusiast and supporter, I am hoping that Bitcoin will eventually resist quantum computing so we can eventually laid this concern to rest.
November 03, 2023, 06:13:06 PM
Quote
Quantum Computers Can Not Defeat Bitcoin, not even The Bitcoin Network
Everything about quantum computers being able to beat bitcoin has only been discussed in theory, there is no reality showing that it is possible. Personally, I never believed that quantum computers could decrypt bitcoin or destroy the blockchain. These speculations have never been reliable. For me until now, blockchain and bitcoin are still sacrosanct and no one can attack or defeat it. It is difficult to predict anything in the future because of technological developments, but currently it is impossible.
November 03, 2023, 06:03:53 PM
I believe that the topic had been discussed several times and always in a conclusion that Quantum computers is way behind the technology of Bitcoin security to breach its network. It has also been discussed that before the Bitcoin Network is breached by the Quantum Computers, the system used by different financial institution would be the first one to collapse since their security is not on par with Bitcoin technology.
That being said, if ever there is a quantum computer created that is able to breach the financial institution's security, I believe there will be ample time for the Bitcoin developers to improve the Bitcoin security to be QC proof and be able to resist QC attack to its network completely.
This article is also a good read about Quantum Computing and Bitcoin : https://bitpinas.com/feature/quantum-computing-bitcoin/
Some of the discussion on that article:
That being said, if ever there is a quantum computer created that is able to breach the financial institution's security, I believe there will be ample time for the Bitcoin developers to improve the Bitcoin security to be QC proof and be able to resist QC attack to its network completely.
This article is also a good read about Quantum Computing and Bitcoin : https://bitpinas.com/feature/quantum-computing-bitcoin/
Some of the discussion on that article:
Quote
Expert Opinions: Will Quantum Computing Threaten Bitcoin?
“The short answer is, I’m not worried about it,” Tayag stated, while noting that constant research on the subject is required.
According to him, it will take time to acquire the power needed, called qubits, to operate a quantum computer and pose a threat to the crypto industry. Moreover, he stated that there are already some discussions about moving to more quantum-resistant cryptography.
“I often hear what it really is, and I think, quantum computing is more of a threat to the banking system than Bitcoin,” he added.
While for Padilla, quantum computing will be a security threat to Bitcoin, “but in the same manner that it will be a threat to all existing encryption technologies.”
“Therefore, lahat (everything) will be affected. Nevertheless, there are already some designs that are being introduced to make the encryption resistant,” he stated.
Padilla also stressed that due to Bitcoin’s decentralized nature, the community can implement proposals to incorporate quantum-resistant technologies to protect the Bitcoin Network if they deem it necessary and urgent.
“The short answer is, I’m not worried about it,” Tayag stated, while noting that constant research on the subject is required.
According to him, it will take time to acquire the power needed, called qubits, to operate a quantum computer and pose a threat to the crypto industry. Moreover, he stated that there are already some discussions about moving to more quantum-resistant cryptography.
“I often hear what it really is, and I think, quantum computing is more of a threat to the banking system than Bitcoin,” he added.
While for Padilla, quantum computing will be a security threat to Bitcoin, “but in the same manner that it will be a threat to all existing encryption technologies.”
“Therefore, lahat (everything) will be affected. Nevertheless, there are already some designs that are being introduced to make the encryption resistant,” he stated.
Padilla also stressed that due to Bitcoin’s decentralized nature, the community can implement proposals to incorporate quantum-resistant technologies to protect the Bitcoin Network if they deem it necessary and urgent.
November 03, 2023, 05:10:42 PM
That's the problem. You guys assume as if Quantum Computers would adjust to the growth rate that most computers have right now. The thing is, since these mofos solve and compute stuff exponentially compared to the conventional computers, there's a great propensity that even if it weren't able to crack the SHA-256 encryption system from the get-go, it's only going to be time, time that you can even count on your fingers before it could crack the code. So yeah, we can stay deluded and happy that the bitcoin network would be safe against Quantum Computers once these things get commercially available, or we can ready ourselves and prepare harder layer 2 solutions or security systems that would fend off hack attacks that would come from these new-gen tech pieces.
November 03, 2023, 02:17:13 PM
Well you can't reverse sha256 to get the same message back, which means even if you manage to reverse it and find a message that hashes to the same output hash, you have just found a hash collision, because the original message could be anything.
Not sure what you're trying to say here. The thing is: there is no point to talking about "reversal", because it is undefined. Hash functions are simply one-way. There may be an algorithm some day that takes as input a hash and produces as output one pre-image. But, there are theoretically more than that. It is the same as talking about "reversal" to a modulus operation. With current hardware, to even have a theoretical chance at ECDLP, one needs more than 28*1015 qubits
What is the reasoning behind that number? November 03, 2023, 01:59:54 PM
Humanity developing a quantum computer strong enough to break ECDSA seems far more likely than someone finding an effective alternative to Shor's algorithm for classical computing tho.
It is exactly the opposite. Quantum computers are likely never going to do any useful cryptography related stuff. And Shor's algorithm is yet to be implemented, it exists just on paper, and very small and truncated versions happened. With current hardware, to even have a theoretical chance at ECDLP, one needs more than 28*1015 qubits - this is 28 Peta qubits. Even with ideal, zero noise QC, one needs 126*109 Toffoli gates.And something more about the all-hyped Shor's algorithm:
Quote from: https://arxiv.org/abs/2306.10072
We consider Shor's quantum factoring algorithm in the setting of noisy quantum gates. Under a generic model of random noise for (controlled) rotation gates, we prove that the algorithm does not factor integers of the form pq when the noise exceeds a vanishingly small level in terms of n - the number of bits of the integer to be factored, where p and q are from a well-defined set of primes of positive density. We further prove that with probability 1−o(1) over random prime pairs (p,q), Shor's factoring algorithm does not factor numbers of the form pq, with the same level of random noise present.
Well, looks like even quantum error correction wouldn't help with ECDLP. All quantum hope is gone. November 03, 2023, 10:35:49 AM
You don't need a quantum computer to break it, you just need a mathematical formula which could work for any number, and since private keys are numbers, finding such formula can solve any key by using even a mobile phone.
Humanity developing a quantum computer strong enough to break ECDSA seems far more likely than someone finding an effective alternative to Shor's algorithm for classical computing tho.
With current technology, you can not achieve anything remotely close to 1% of the speed of light, so you can't even think about the possibility of time travel.
But guess what? You can time travel by a different way, for example, whenever you look at the sun (hopefully indirectly) you are seeing around 8 minutes in the past, looking at stars will give you thousands and millions of years view of the past, now imagine that all the knowledge and information already exist, we can't just access them all at once. If you don't believe me, do some research on dejavu, something we all have experienced in our lives.
Now how did humanity invent computer? How did humanity invent quantum computer? I'm sure they were all humans working hard to obtain the necessary knowledge to invent such technologies. Whether it is more likely to have a strong QC or a simple math formula, that's debatable.
November 03, 2023, 10:02:10 AM
You don't need a quantum computer to break it, you just need a mathematical formula which could work for any number, and since private keys are numbers, finding such formula can solve any key by using even a mobile phone.
Humanity developing a quantum computer strong enough to break ECDSA seems far more likely than someone finding an effective alternative to Shor's algorithm for classical computing tho.
November 03, 2023, 08:59:44 AM
Well you can't reverse sha256 to get the same message back, which means even if you manage to reverse it and find a message that hashes to the same output hash, you have just found a hash collision, because the original message could be anything.
That's for hash functions, which I know nothing about.
For elliptic curve, which still I don't know anything about but can speculate based on experience.
You don't need a quantum computer to break it, you just need a mathematical formula which could work for any number, and since private keys are numbers, finding such formula can solve any key by using even a mobile phone.
So it doesn't matter if your private key is 256 bit or 40 or 2048 bit numbers, because finding such formula is not related to how big a number is, it depends on mathematical relations between numbers.
Almost everyone base their opinion on already existing algorithm and calculate things based on available data, but I haven't seen anyone working on finding or developing new algorithms.
You might think Einstein invented atomic bombs, or the relativity, no they were there even before the big bang, he just discovered them in 20th century.
That's for hash functions, which I know nothing about.
For elliptic curve, which still I don't know anything about but can speculate based on experience.
You don't need a quantum computer to break it, you just need a mathematical formula which could work for any number, and since private keys are numbers, finding such formula can solve any key by using even a mobile phone.
So it doesn't matter if your private key is 256 bit or 40 or 2048 bit numbers, because finding such formula is not related to how big a number is, it depends on mathematical relations between numbers.
Almost everyone base their opinion on already existing algorithm and calculate things based on available data, but I haven't seen anyone working on finding or developing new algorithms.
You might think Einstein invented atomic bombs, or the relativity, no they were there even before the big bang, he just discovered them in 20th century.
November 03, 2023, 08:24:20 AM
I partially disagree with this argument. Since Bitcoin preserve backward compatibility, that means people need to move their coin to address which use better cryptography. There's also consideration new technology (such as SegWit and Taproot) took many years before it's activated on Bitcoin network. Although for now, there are definitely other higher priority than choose and implement QC-resistant cryptography.
You are right, should we be faced with the possibility of this happen where a quantum computer is created to break the hash then, there is definitely going to be a transfer of addresses to a better and more secure cryptography. Nobody is actually ruling out this possibility but the only thing is it wouldn’t come so sudden and at such there will be more time for a switch away from the current algorithm.
Satoshi himself is looking at that possibility as he clearly stated here
SHA-256 is very strong. It's not like the incremental step from MD5 to SHA1. It can last several decades unless there's some massive breakthrough attack.
If SHA-256 became completely broken, I think we could come to some agreement about what the honest block chain was before the trouble started, lock that in and continue from there with a new hash function.
If the hash breakdown came gradually, we could transition to a new hash in an orderly way. The software would be programmed to start using a new hash after a certain block number. Everyone would have to upgrade by that time. The software could save the new hash of all the old blocks to make sure a different block with the same old hash can't be used.
If SHA-256 became completely broken, I think we could come to some agreement about what the honest block chain was before the trouble started, lock that in and continue from there with a new hash function.
If the hash breakdown came gradually, we could transition to a new hash in an orderly way. The software would be programmed to start using a new hash after a certain block number. Everyone would have to upgrade by that time. The software could save the new hash of all the old blocks to make sure a different block with the same old hash can't be used.
November 03, 2023, 07:05:02 AM
I partially disagree with this argument. Since Bitcoin preserve backward compatibility, that means people need to move their coin to address which use better cryptography. There's also consideration new technology (such as SegWit and Taproot) took many years before it's activated on Bitcoin network. Although for now, there are definitely other higher priority than choose and implement QC-resistant cryptography.
We do not know the capabilities of quantum computers or what may happen in the future, but Bitcoin has the ability to keep pace with variables and is not a rigid technology in a specific thing.
Old addresses (Which was not sent from) can be considered safe, even if quantum computers has developed. Therefore, if you buy Bitcoin, move it to a new address and don't reuse address, then you are safe.
legendary
Activity: 2422
Merit: 1083
Leading Crypto Sports Betting & Casino Platform
November 03, 2023, 02:52:25 AM
Hello Bitcoiners, so today, i thought i should share an information i found online, which i thought to be very insightful and might bring a sigh of relieve to anyone and everyone that have always had the thought of quantum computers being a threat to the long-term existence of Bitcoin and the Bitcoin network at large.
Over the years, there have been some serious discussions around the coming of quantum computers and how it will completely destroy Bitcoin due to its speed in processing data and information, some even believed that quantum computers can reveal the private key to a wallet just by using the public key, and this it can achieve in a matter of days, something normal computers cannot do even if given one million years.
So, while doing some research on this sometime last week, I came across this post on X (formally known as twitter), which completely changed my perspective on this subject, I will repost here the tweet, and in quote.
I personally believe everything he said to be true, though i am less knowledgeable in the technical side of bitcoin, but i trust we have users on this board who are highly Knowledgeable in this aspect, what do you guys think? i will love to further broaden my knowledge on this subject.
Over the years, there have been some serious discussions around the coming of quantum computers and how it will completely destroy Bitcoin due to its speed in processing data and information, some even believed that quantum computers can reveal the private key to a wallet just by using the public key, and this it can achieve in a matter of days, something normal computers cannot do even if given one million years.
So, while doing some research on this sometime last week, I came across this post on X (formally known as twitter), which completely changed my perspective on this subject, I will repost here the tweet, and in quote.
Quote
Not even Quantum computers will be able to defeat Bitcoin and the literal BTC network
hear me out,
Quantum computing represents a fundamental leap from traditional computing,
Unlike classical computers,
which process information in bits (0s or 1s), quantum computers use quantum bits or qubits. Qubits,
Through the principles of superposition and entanglement, can hold and process a vast amount of information more efficiently than classical bits.
This efficiency makes quantum computers particularly adept at solving certain types of problems much faster than classical computers.
Now,
relating this to Bitcoin,
BTC's security largely hinges on cryptographic algorithms like SHA-256 for hashing and the Elliptic Curve Digital Signature Algorithm (ECDSA) for wallet security.
Classical computers, even the most powerful, would require impractical amounts of time to break these algorithms.
But, a sufficiently powerful quantum computer could, in theory, solve these problems much more "rapidly."
in theory.
Particularly,
"Shor's algorithm" in quantum computing poses a theoretical threat to ECDSA, potentially enabling the derivation of private keys from public keys.
I fundamentally disagree with the overstated fears around quantum computing's threat to Bitcoin.
There are several key arguments to consider:
Practicality and Timeframe,
The current state of quantum computing is far from being able to threaten Bitcoin.
The largest quantum computers today are still experimental and nowhere near the number of qubits required to break Bitcoin's cryptography.
This development is likely decades away, giving the Bitcoin community ample time to implement post-quantum cryptographic algorithms.
Network Consensus and Adaptation,
Any changes to Bitcoin's cryptographic algorithms would require network consensus,
which is a cornerstone of Bitcoin's decentralized ethos.
This consensus-driven approach means the community is unlikely to let Bitcoin become vulnerable to quantum attacks.
Misplaced Priorities,
The worry about quantum computing breaking Bitcoin's cryptography often misses a larger point.
If quantum computing reaches such an advanced stage,
Bitcoin will not be the only technology at risk.
The entire fabric of digital security, including banking, national security, and internet privacy, would be in jeopardy.
In such a scenario, Bitcoin's vulnerability would be part of a much larger crisis.
For every measure there is a countermeasure taking place, always remember this.
Bitcoin has substantial economic backing and community.
This support system provides strong incentives to maintain the network's security against all types of threats, including quantum computing.
The narrative that quantum computing will "break" Bitcoin fails to account for the dynamic and resilient nature of Bitcoin's technology and community.
https://x.com/MDBitcoin/status/1720088832660713888?s=20hear me out,
Quantum computing represents a fundamental leap from traditional computing,
Unlike classical computers,
which process information in bits (0s or 1s), quantum computers use quantum bits or qubits. Qubits,
Through the principles of superposition and entanglement, can hold and process a vast amount of information more efficiently than classical bits.
This efficiency makes quantum computers particularly adept at solving certain types of problems much faster than classical computers.
Now,
relating this to Bitcoin,
BTC's security largely hinges on cryptographic algorithms like SHA-256 for hashing and the Elliptic Curve Digital Signature Algorithm (ECDSA) for wallet security.
Classical computers, even the most powerful, would require impractical amounts of time to break these algorithms.
But, a sufficiently powerful quantum computer could, in theory, solve these problems much more "rapidly."
in theory.
Particularly,
"Shor's algorithm" in quantum computing poses a theoretical threat to ECDSA, potentially enabling the derivation of private keys from public keys.
I fundamentally disagree with the overstated fears around quantum computing's threat to Bitcoin.
There are several key arguments to consider:
Practicality and Timeframe,
The current state of quantum computing is far from being able to threaten Bitcoin.
The largest quantum computers today are still experimental and nowhere near the number of qubits required to break Bitcoin's cryptography.
This development is likely decades away, giving the Bitcoin community ample time to implement post-quantum cryptographic algorithms.
Network Consensus and Adaptation,
Any changes to Bitcoin's cryptographic algorithms would require network consensus,
which is a cornerstone of Bitcoin's decentralized ethos.
This consensus-driven approach means the community is unlikely to let Bitcoin become vulnerable to quantum attacks.
Misplaced Priorities,
The worry about quantum computing breaking Bitcoin's cryptography often misses a larger point.
If quantum computing reaches such an advanced stage,
Bitcoin will not be the only technology at risk.
The entire fabric of digital security, including banking, national security, and internet privacy, would be in jeopardy.
In such a scenario, Bitcoin's vulnerability would be part of a much larger crisis.
For every measure there is a countermeasure taking place, always remember this.
Bitcoin has substantial economic backing and community.
This support system provides strong incentives to maintain the network's security against all types of threats, including quantum computing.
The narrative that quantum computing will "break" Bitcoin fails to account for the dynamic and resilient nature of Bitcoin's technology and community.
I personally believe everything he said to be true, though i am less knowledgeable in the technical side of bitcoin, but i trust we have users on this board who are highly Knowledgeable in this aspect, what do you guys think? i will love to further broaden my knowledge on this subject.
Jump to: