Pages:
Author

Topic: Why is Bitcoin safe against a quantum computer? (Read 7822 times)

legendary
Activity: 2142
Merit: 1010
Newbie
Dont worry q-computer can solve algorithms quickly but not crack SHA256 that quickly

The problem is with Elliptic Curve Crypto, not hashing algo.
newbie
Activity: 33
Merit: 0
Dont worry q-computer can solve algorithms quickly but not crack SHA256 that quickly
hero member
Activity: 798
Merit: 1000
Because linear key space expansion exponentially increases brute force difficulty.  /Thread

It's a shame that factorization to prime numbers is not a brute force attack.
hero member
Activity: 793
Merit: 1026
Because linear key space expansion exponentially increases brute force difficulty.  /Thread
legendary
Activity: 1176
Merit: 1005
Even if, in some period of years, it becomes possible to crack Bitcoin (I assume the day will arrive sometime), that is probably not the first thing TPTB would do with it.  In fact, it is more likely they'd sit on the capability and not use it, because it is a capability that is much more useful to have if nobody knows you have it.

I'd assume by the time it becomes possible for the kind of bad guys I'm more worried about to do this, work will be done to transition to some more resistant technology.  I will leave it to those more knowledgeable than I to find these.
full member
Activity: 224
Merit: 100
The real question is if the feds really wanted to shut down Bitcoin there are much easier methods to do so that don't require the use of quantum computation.
member
Activity: 77
Merit: 11
Twitter:@watersNYC
Bitcoin is a living, breathing code-base. Most of the attacks that are discussed could be dealt with quickly - if they occur. Yes some merchants could get hurt by it in the short term.
hero member
Activity: 798
Merit: 1000
As we all know elliptic curve cryptography is vulnerable to a quantum computer. For a conventional computer difficulty of breaking 256-bit key equals 256/2=128 bits. For a quantum computer it's just sqrt(256)=16 bits.
Bitcoin address is a hashed public key of 256-bit EC. Hashes are resistant to quantum algos, so while someone keeps his public key unknown it's OK. But when he wants to transfer his money he must reveal the key.

Some things need clarification:

A 256-bit EC key has an effective security level of 128 bits against brute force attacks. EC keys can be broken in minutes regardless of the number of bits, theoretically as long as the QC has enough qubits. Shor's.

A hashing algorithm such as SHA-256 would be reduced to the sqrt of 256-bits which is 128 bits, not 16. Grover's. So any hashing algorithm or public key system that does not rely on factoring is as secure with double the bits.

Banks do not store your money via public/private keypairs that are accessible to everyone. Arguing that banks will be insecure is downright stupid. Yes their websites will be insecure, but the money will be fine. Bitcoin is far, far more vulnerable than the traditional banking system to quantum computing.
sr. member
Activity: 278
Merit: 251
Real quantum computing will break most existing widespread forms of cryptographic security. If someone is able to jump the gun and realize a full quantum computer (not just quantum annealing like D-Wave) before it's expected, they will wreak havoc on the Internet. It's far more likely that technology innovators will simply replace security layers with quantum-proof ones before then however. Bitcoin's security layer can easily be swapped out with another -- as Litecoin shows.
newbie
Activity: 31
Merit: 0
I just read this thread up to this point.  It is almost all nonsense.  The capabilities of quantum computers have been describe well in other forum topics.

Bottom line:  Quantum computers can't do anything, except this: 15 = 3 * 5;

15 = (3 * 5) 48% of time

http://www.youtube.com/watch?v=Yl3o236gdp8
legendary
Activity: 2142
Merit: 1010
Newbie
As we all know elliptic curve cryptography is vulnerable to a quantum computer. For a conventional computer difficulty of breaking 256-bit key equals 256/2=128 bits. For a quantum computer it's just sqrt(256)=16 bits.
Bitcoin address is a hashed public key of 256-bit EC. Hashes are resistant to quantum algos, so while someone keeps his public key unknown it's OK. But when he wants to transfer his money he must reveal the key.
Let's assume that an attacker with a quantum computer monitors all transactions. The attacker can pick any key while a transaction awaits to be included into a block. Now imagine that miners choose transactions with higher fees. The attacker can issue other transaction (when he picks the private key) that transfer coins to his address and set a higher fee. Or he could switch his mining rig on and try to find a block himself. With 0.1% of all hashpower he needs only 5 days to solve a block with 50% chance.

Seems Bitcoin is NOT safe. Or am I wrong?

If this attack were ever to become a potential threat it would be simple to avoid being a victim without altering the protocol but just with client behavious change. So with your theory, after you do a transaction from an address a quantum computer could break the private key from the transaction and use the remainder of bitcoins in that address.

The answer is not to leave any coins on that address... so when you want to make a payment you give it two outputs, one to the person you want to pay, and the other output is your next generated address which has no transactions to crack.

No. I meant the key could be picked while a transaction is unconfirmed, so an attacker could double-spend the coins. Two outputs won't help.
newbie
Activity: 27
Merit: 0
As we all know elliptic curve cryptography is vulnerable to a quantum computer. For a conventional computer difficulty of breaking 256-bit key equals 256/2=128 bits. For a quantum computer it's just sqrt(256)=16 bits.
Bitcoin address is a hashed public key of 256-bit EC. Hashes are resistant to quantum algos, so while someone keeps his public key unknown it's OK. But when he wants to transfer his money he must reveal the key.
Let's assume that an attacker with a quantum computer monitors all transactions. The attacker can pick any key while a transaction awaits to be included into a block. Now imagine that miners choose transactions with higher fees. The attacker can issue other transaction (when he picks the private key) that transfer coins to his address and set a higher fee. Or he could switch his mining rig on and try to find a block himself. With 0.1% of all hashpower he needs only 5 days to solve a block with 50% chance.

Seems Bitcoin is NOT safe. Or am I wrong?

If this attack were ever to become a potential threat it would be simple to avoid being a victim without altering the protocol but just with client behavious change. So with your theory, after you do a transaction from an address a quantum computer could break the private key from the transaction and use the remainder of bitcoins in that address.

The answer is not to leave any coins on that address... so when you want to make a payment you give it two outputs, one to the person you want to pay, and the other output is your next generated address which has no transactions to crack.
sr. member
Activity: 476
Merit: 250
Quantum Computing is a risk to Bitcoin in 20+ years. For now we are fine as even the newest quantum computer arent even close to catching the Bitcoin Network.

It's not about network , it's about break a private key !
newbie
Activity: 56
Merit: 0
Quantum Computing is a risk to Bitcoin in 20+ years. For now we are fine as even the newest quantum computer arent even close to catching the Bitcoin Network.
legendary
Activity: 960
Merit: 1028
Spurn wild goose chases. Seek that which endures.
Bitcoin has some protections against a quantum computer, although not enough.

The thing about addresses is that they aren't cleartext public keys - they're hashes thereof, which for quantum computers are only slightly less infeasible to brute-force.

So the good news is that until you spend from a particular address, your coins at that address are safe; if you avoid reusing addresses, and if you always empty them out when you spend them, and if you submit your transactions directly to the big pools, the risk of someone stealing your coins with a quantum computer is low (because even if they cracked your private key, stealing the coins would effectively require them to double-spend against you).

Really, a quantum-resistant signature scheme would be ideal, but they all have a digest+public key size in the kilobytes (which would require significant, possibly infeasible, block size increases). Hopefully, as the state of the art advances, a more succinct post-quantum signature algorithm will be found that can be easily rolled into Bitcoin.
hero member
Activity: 546
Merit: 500

They are funding Tor to be able to use it by themselves. They disguise activity of their agents who use Tor making appearance they are ordinary hackers.


The feds made Tor... so sure why not?
legendary
Activity: 2142
Merit: 1010
Newbie
...I would really be interested to hear some peoples' reasoning for WHY the government (CIA) would want to kill bitcoin in the first place? Seems so many people think its a foregone conclusion that if BTC gets big, the Fed will look to kill it. Is that really true?

"Give me control of a nation's money and I care not who makes it's laws." (c) Rockefeller


If the US State Department is directly funding subversive and disruptive technologies such as Tor for the benefit of pro-dem activists in China and the Middle East...

They are funding Tor to be able to use it by themselves. They disguise activity of their agents who use Tor making appearance they are ordinary hackers.
legendary
Activity: 2940
Merit: 1090
Even if quantum does work, it isn't useful for hashing.

So all those SA goons with quantum computers in their mother's basement aren't going to be able to use them for hashing, thus to make money the mining way, they'll have to find other ways to put their toys to use. Such as by breaking all kinds of crypto all over the world, much of which might be even more profitable than hacking bitcoin txouts.

-MarkM-
newbie
Activity: 56
Merit: 0
Setting aside the fallacious leap that quantum computing would be a magic bullet, I would really be interested to hear some peoples' reasoning for WHY the government (CIA) would want to kill bitcoin in the first place? Seems so many people think its a foregone conclusion that if BTC gets big, the Fed will look to kill it. Is that really true?

If the US State Department is directly funding subversive and disruptive technologies such as Tor for the benefit of pro-dem activists in China and the Middle East, it stands to reason that the State Dept would also find Bitcoin beneficial, as it allows them an avenue to fund disruptive activism without the finger falling back on the POTUS.

I don't think you can reconcile an attack against the one truism of BTC, the best use of superior computational power will always be to 'print your own money.'
legendary
Activity: 2940
Merit: 1090
It still seems possible to me that quantum computing cannot really solve stuff the way it likes to claim.

This is because the claims are based on hypothetical spookiness. If really there is no spookiness, just plain old classical geometry of the 7-or-less sphere, once you have gone around the sphere a couple of times (a "double cover") maybe that is all you get, since going around more times still leaves you at a point of that same kind of sphere, and if the cover is only a double cover you only get two "different kinds" of "being there", you're either there with a twist or there without a twist, kind of thing, any larger number of twists unravels into one twist or none.

15 = 3 x 5 only involves the second prime, if you allow 1 to count as the zeroeth prime and 2 as the first prime. I'd like to see at least one more prime get solved otherwise maybe we can only solve for an untwisted case, say, 2 and a twisted case, say 3, and all the rest ahead might just unravel into one of those two cases, blowing all the wonderful quantum algorithms that all think quantum is some spooky thing not just simple geometry / topology of n-spheres.

-MarkM-
Pages:
Jump to: