Topic: The Quantum Threat to Bitcoin: Implications for Miners, Nodes, and Wallets - page 2. (Read 851 times)

I just don't understand why would any government attack bitcoin network, that would be a huge scandal because millions of people have savings in bitcoin, there are tons of bitcoin related businesses, there are lots of multi millionaires and billionaires in crypto world, they can't just ruin their life so easily.


First of all, such a rapid development and attack can't happen overnight. If technology advances to such extent, it will happen in a timeframe that will give us enough time to be ready and adapt to new changes and make quantum resistant bitcoin. If it happens otherwise and this technology comes out of nowhere, then not only bitcoin but whole world wide web will be destroyed because you have to think about not only bitcoin but other websites, absolutely every email/account will get hacked, every content management system will get hacked, it will be like the intense earthquake in virtual world.
So, that won't happen, relax and chill guys.

You can take it like that NSA developed SHA256 for security of data. They may have the algorithms to break the SHA256 but there is more profit in not revealing that they have algorithm to break SHA256.
If Quantum computing becomes a reality we have bigger things to worry about then security of our wallets since nothing will be spared by this new computing model.

I am not familiar with tech related stuff behind the scene of various block chain / hash functions, but I know they are separate from EC, while DSA depends on them.
IMO, if proof of work is compromised, it will remain secret because there is much greater benefits by both having a successful network and a backdoor to this network, so I doubt if anyone is stupid enough to try and attack when they can own everything.

In the case of mining operations, I had similar concerns until  vjudeu  replied and explained some solutions to some of the problems.
IMHO, nothing is more important than EC and safety of private keys, because that's supposed to be a safe vault inside user's houses, whatever happens to them, means someone broke in and stole from them, that kind of event has no turning back, but if way before that ever happens we could have plans and suggestions ( operational code ) in place as an upgrade, then people could be ready for anything.
It would be like when governments fortify their cash reserve vaults with new material and tech, it's a normal and expected change.

But again when you think about it, why would anyone interrupt the process of his own money printing machine if they can break EC?  As a conclusion, I doubt we see anything compromising crypto system any time soon because their profit depends on the safety of such systems.

---

Who says different addresses in the same wallet have no connection? Maybe you need to think about the reason as to why mixers exist. Sha256 is unrelated to privacy concerns about connecting addresses/ wallets.

And about transition to new algo/ network, I'm not an expert, so I don't know.

my question is less about how likely it is or if it would be fast. It's more about a possbile transition.
Lets say it get broken some distant time in the future (sha256 and EC), but slowly and the public is aware of it:
Now people would start migrating to stronger encryption all over the internet and also bitcoin would introduce an update with a more secure algorithm.
Now all coins on old addresses would possibly be in danger, because over time people could get access to it. At first it would take really long to do but it will get faster.

How could a possible transition look like? Or would it be the end of bitcoin.
Normally if you want your coins safe you would send them to a new wallet that has its sk/pk generated by the new algorithm. But everybody would need to do that and that would flood the mempool if every living owner of btc would suddenly try to move his coins.


right now you can have multiple addresses on one wallet without any connection between them. My question was if breaking sha256 would make it possible to connect them.

Actually, it's used in both private keys and elliptic curve. Modern wallet software uses SHA256 to calculate checksum of the mnemonic, and it is also used to calculate k value in signatures by following the RFC 6979 standard.

If SHA is compromised, then shit has hit the fan, to put it in laymen terms. It is used in every single corner of cryptography, but even if it wasn't, Bitcoin would still not survive, as Proof-of-Work is completely dependent on a secure hash algorithm. It's orders of magnitude worse than being able to work out a private key in a time span of a month.

You should read previous page to understand, but it's technical, sha256 proven to be strong enough at least so far, many experts work on breaking it, if one of them finds a weakness, the whole world will know about it and will have time to use a stronger hash function.

If a weakness is found in EC, it should be revealed for everyone, then if everyone wants to continue using crypto, they will have to use another type of curve, a different and stronger one. If it happens gradually bitcoin can survive, if it gets exploited in mass and suddenly, it would be difficult to restore things back to normal. These are speculations, not expert's opinions.

About wallet tracking, it is unrelated to this topic, but if you don't want anyone to connect your wallets to  certain transactions, use a mixer.

thank you for the explanation.
So an update to a new secure hash algorithm would be a problem from a mempool point of view, but a new EC would be?
Would comprimising sha256 be a privacy concern if it is used for generating addresses? Would it mean someone could connect all addresses from one wallet?

Computers used to fill an entire room, now better computers are in everyones pocket, so we never know how accessible quantum computing could get

IBM last year launched 'IBM Osprey', a new 433-quantum bit (qubit) processor and this is quite a progress in development of Quantum Computers, in 2001 we have 7 qubit quantum computers. There is predictions from experts that 2500-4000 logical Qubits would break ECDSA (source). Bitcoin is composed of many technologies, SHA256 is used to encrypt blocks of Bitcoin and in case any technology get compromised we have problem.  

Quantum computing is in its early stages and may take some years before getting launch. We cant deny it.

Sha256 hash function is used in bitcoin signatures/transactions, mining and generating addresses, it has nothing to do with private keys and elliptic curve. They are different. Have you ever seen a quantum computer? It's like some sort of alien spaceship engine, I don't think those who can build one enough powerful would use it to target crypto.

If hash functions are compromised there is a chance to survive for  bitcoin, but with EC compromised, the whole concept of public key cryptography is doomed. So there will be no transferring of anything.😑

lets say quantum computing comes slowly and a new algorithm is found that is secure against it. Then bitcoin would most likely change from sha256 to it. So all new wallets/addresses are secure by the new algorithm. What happens with the old ones? If sha256 is broken, you could get the private key from the public Key. Or am i wrong with that? So everyone would need to transfer their funds from their old addresses to new ones. Wouldnt that completly blow up the mempool and with that the transaction prices? Most people would lose a lot of their value just to transact to a safer address or they would leave their funds in the open for anyone with the algorithm to get them.

Advancements in technology are never welcomed in the start. Not many are taking Quantum computing seriously at the moment. But Quantum computing is a reality though it may take time to arrive. Quantum is not only a threat to crypto but to many other technologies like blockchain, VPNs and more. The idea behind Quantum is that its targeting the hard problem behind cryptography like Integer Factorisation and once it solves the problem there is no point in increasing the key size.

Yeah I always run two nodes on and off. so I always have 1 offline for 10 days.

So i always have a full chain backup off line which is 1 to 10 days old.

I cant be the only one that does this.

Bitcoin on it's own will survive any attack, even attacks such as rewriting the whole chain, because it's a distributed ledger, whatever happens people won't simply say Ok this experiment was fun, now that it's under serious attack lets just forget about hundreds of billions and move on to a new experiment, No there will be lots of bankruptcies and thousands of lives will be destroyed but it will rise from the ashes, because "decentralization" is what they signed up for, meaning no central crisis management organization (unit) will step in to handle the situation.

Problem is with mining machines, any new algo, solution should be based on one thing; whatever developers and manufacturers do, they need to make it compatible with current infrastructure in place, because if I am mining and suddenly they pull the plug and say you no longer can use these miners because there was an attack, well what am I supposed to do now?

Of course the usual answer is, "developers will fix it don't worry", developers can't keep their wallets safe, how can they keep a giant network safe when it's under attack?
(We knew these risks when we signed up for Bitcoin.)

 

we can argue quantum threat and the implications and one implication is

a quantum miner can increase the diff to 1000t vs the 55t it is now.

it is 2040 and btc diff has jumped to 1000t.

China has quantum mining in effect. as they developed a 200ph miner that uses 3000 watts.

just like they tore the top off btc rally in April 2021 they do it in 2040

they drop the diff down from 1000t to 100t the blockchain effectively freezes

and miners have to switch to a non quantum algo say scrypt with the ltc/doge stuff set up and ready.

Btc may not recover from that type of attack as it involves quantum only inlplace on the sha-256 mining Asic.

title of thread mean what effects can a quantum pc do to btc.

so a twofold attack would be trash btc sha256 and offer a replacement  algo scrypt

this is a two prong attack which needs quantum pc mining and a replacement algo

I suppose btc would need to alter its algo in an immediate move and the alternate would need to be an in place working algo. that has a lot of gear.

It would be a true mess.
Another way to fight a difficulty attack could be an emergency difficulty adjustment.

There is a topic about tail supply, good luck: https://bitcointalksearch.org/topic/surprisingly-tail-emission-is-not-inflationary-a-post-by-peter-todd-5405755
Also, there is another topic, which popped up more recently: https://bitcointalksearch.org/topic/can-tail-emmision-be-a-soft-fork-5466502
Which means, there are many better places to discuss it, than this topic.

What if diff is 200t it is the year 2040 and miners simply realize ltc/doge algo is far superior due to Doge never lowering its 10000 coin reward.

Doge is progressively lower % wise in inflation every year but always has a decent reward level for miners.


This threat above is greater than any other. Miners are the value bodyguards for a coin.  They will simply follow profits.  Much more threatening than a 'special' computer cracking address and taking fund out.

Has anyone ever thought that "quantum computing" (as we are being sold it, destroyer of worlds) might just be complete pseudo-science?

Should we sit around debating what will happen when the first mining farm discovers free energy?

You can easily find it out, if you see someone that is trying to break some altcoin. Or you can feel the same thing, if you try to solve security-related puzzles, like those ones: http://www.wechall.net/ (in general, we had many people on forums, who thought that someone successfully broke ECDSA, hash functions, and things like that; they were all wrong, but their feelings were probably genuine).

In case of altcoins, the right way of doing that, is full disclosure on forums. Inform anyone and everyone about a particular weakness, and create a situation, where a statistical CPU owner can mount a successful attack. And then, if developers are wise, they will fix it immediately, and everyone will be safe and happy again. But if they will try to ignore that constructive criticism, then such altcoin should be burned, and all attackers can just destroy it. I saw that many times on bitcointalk, there are whole groups that collect a lot of Bitcoins, just by finding and destroying half-baked altcoins, which are full of security holes.

This is bad idea. That means, someone else will just discover the same thing, and it will be worse, because the coin with that weakness will reach higher values, and more people will be harmed, when it will be destroyed in the future.

This is never the case. First, as vjudeu mentioned, it is not "secure vs broken" game. There is always some particular attack, and your defense will depend on that particular attack. Look at hardened SHA-1. Why it was created? Because of backward-compatibility. How it was created? Of course, based on the attack from 2017. If that would not happen, and if we would have a different attack in 2023, then hardened SHA-1 would use a completely different algorithm, designed specifically for that 2023 attack.

Exactly the same, as with every other security issue. First, write to the developers, inform them, give them some time to fix it. And if nothing will happen, then reveal everything publicly on forum. If it is still not sufficient, then demonstrate a practical attack on some test network, if there is any. And then, if messed up testnet is ignored, attack the mainnet. Because you revealed everything, and reached every previous stage of "inform and wait for the fix", you can publicly, and openly attack and destroy everything, to bring all of us into a world, that is safer, and resistant to this particular attack. Because if you won't, then that coin will grow further, and collapse in a worse way in the future.

Those steps in the middle can vary a little bit, but the general approach is simple: contact with developers, give them some time, and then publish it in a full disclosure model. You can find a list of previous BTC issues, and see, how exactly they were submitted in the past, how they evolved, which of them are solved, and which of them are still wide open, and wait for the future solution: https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures

Edit: https://www.youtube.com/watch?v=4k1GcX1cqMg

This scenario isn't particularly realistic as first powerful enough quantum computers will most probably be owned by governments or corporations not cybercriminals. So Bitcoin devs will have time to migrate to another more safe protocol which would withstand a quantum attack.