Are Quantum Computers able to crack BIP39 Seed Phrases?

19 replies 143 views
moon51Member
Posts: 9 · Reputation: 133
#1Mar 11, 2018, 02:33 PM
So I've been diving into the world of Quantum Computers and their insane capabilities, especially when it comes to cryptography. It got me thinking about how secure wallets are, specifically those BIP39 seed phrases. As far as I know, BIP39 phrases come from strong entropy and are backed by modern cryptographic techniques. But here’s my question: can a really powerful quantum computer potentially figure out or brute-force a BIP39 seed phrase? I'd love to hear your thoughts. And looking ahead, could we even train a specific AI model to crack these seed phrases?
5 Reply Quote Share
just_gangMember
Posts: 44 · Reputation: 245
#2Mar 11, 2018, 02:54 PM
A quantum computer only has a quadratic advantage in cracking the hashing based wallet security. In any case the seed phrase of your wallet should not be your main worry. A scalable quantum computer will be used to drain all utxo with known public keys, which will collapse the bitcoin price and make your wallet nearly worthless even if its specific keys are not yet cracked. Training AI models to crack solid cryptography is an exercise in futility.
3 Reply Quote Share
greglaserFull Member
Posts: 180 · Reputation: 542
#3Mar 11, 2018, 03:59 PM
a bip39 seed phrase just represents a 256 bit number. the number comes 1st, then the seed phrase is derived from that. as for the number itself.. nothing special about it.
4 Reply Quote Share
hodler2019Legendary
Posts: 2182 · Reputation: 12913
#4Mar 11, 2018, 05:38 PM
No quantum pc's are not the method needed to crack sha-256 Think of a magic lucky charm that gives you the luck to pick a seed from the set of seeds available. Magic can do it. Or a better way to say this  is no known  method of math can do it fast enough so the method would appear magical in its nature. here look at this seed generator https://getcoinplate.com/bip39-seed-phrase-mnemonics-generator-offline-online-tool/?srsltid=AfmBOor9jwmrMV_eRThVvlpWcYR8D4COLHDVU_6gtSqi0e0UauJttNNB&v=0b3b97fa6688 it picked the following seed below: wild calm unable luxury nature weasel spy garlic curious glove bottom educate mind pear coil trap sound must work shoot dice tragic current volume if I had unreal good  luck the seed above would work in the first wallet I try it on. if I did this time after time it would be better than unreal good luck it would be magical luck It is just as likely that the paragraph above becomes true as quantum crack sha-256 in under 100 years So as I said you need luck of such quality it needs to be magical. or it certainly would appear to be magical. and if you show it around you will be whacked.
3 Reply Quote Share
ape_2018Senior Member
Posts: 412 · Reputation: 1728
#5Mar 11, 2018, 08:11 PM
Deriving private keys from public keys is the only worrying threat vector, as pointed out by tromp. For brute forcing seed phrases neither QC nor AI are offering any kind of advantage. That being said, the potential of deriving private keys from public keys via QC is a pretty big deal. It still remains to be seen whether QC will get close in our lifetime though, scalability is still a huge issue and may or may not lead to the technology hitting a brick wall.
4 Reply Quote Share
hash_bossLegendary
Posts: 1166 · Reputation: 5261
#6Mar 11, 2018, 11:10 PM
Aside from what @tromp said, IIRC QC allows faster brute-force collision attack on SHA-256 which reduce 2^256 range into 2^128 due to something called Grover style speedup. By default, i would treat it as "snake oil". There are other real and more reliable ways to guess BIP39 seed phrase, such as finding out weak RNG used by one of Bitcoin wallets.
3 Reply Quote Share
moon51Member
Posts: 9 · Reputation: 133
#7Mar 11, 2018, 11:35 PM
Thanks for making it simple @tromp @ABCbits That part about the quantum computers having only Quadratic advantage that was superb 🤯   So if I got that right Even a super powerful like quantum computer wouldn't be able to do the bruteforce a seed phrase & even with Grover’s algorithm speeding things up anytime soon gotcha but what about the wallets that is using these weak RNG or even bad entropy back in the day? So Should people we worry more about that than quantum threats?   And just curious  do you think that the post Quantum crypto wallet will ever become a mainstream ?
3 Reply Quote Share
hash_bossLegendary
Posts: 1166 · Reputation: 5261
#8Mar 12, 2018, 02:58 AM
Threat of using wallet with bad RNG or entropy source always been exist, where it usually can be brute-forced or cracked without quantum computer. The changes need to be done on protocol level, where Bitcoin protocol need to be upgraded to support quantum-resistant cryptography and add new address format. Afterwards, we'll see Bitcoin wallet supporting it. And people need to move their Bitcoin into new address format that use quantum-resistant cryptography.
0 Reply Quote Share
leo69Senior Member
Posts: 134 · Reputation: 820
#9Mar 14, 2018, 07:55 AM
As I see the situation with quantum calculations, the main concerns are: 1)  **P2PK** (Pay-to-PubKey) early Satoshi addresses with much BTC 2) REUSED addresses with some BTC amount (which have already exposed their public key 2) Mempool transactions (with visible public keys) As for the First, a consensus or a Fork Or something like that is needed to block transactions from those addresses As for the Second, mass education for BTC holders is needed to move BTC from reused addresses to New ones. As for the Third, I don't know.. Does anybody know a solution?
2 Reply Quote Share
ape_2018Senior Member
Posts: 412 · Reputation: 1728
#10Mar 14, 2018, 01:54 PM
Old wallets with weak RNG are likely already emptied by now. Note that whether the RNG is solid is a matter of secure implementation rather than software age. The original Bitcoin wallet / Bitcoin Core never had this issue. At least one Android wallet did back in 2013ish (these are the old wallets that are likely already emptied by now). I'm not aware of any cases since then, but it can always happen with whatever new wallet hits the market, especially if the dev team is inexperienced. Quantum resistant candidates for replacing ECDSA exist, however IIRC the issues lies with both performance and signature size. So worst case Bitcoin will switch to one of those, once the threat timeline becomes clearer; best case someone comes up with a better signature scheme in the meantime.
2 Reply Quote Share
sage_moonSenior Member
Posts: 273 · Reputation: 1371
#11Mar 16, 2018, 03:44 AM
For now, I would be more concerned about hackers infecting my computer than about quantum threats in the coming decades. While technology advances quickly, it does not progress as fast as we might think. Additionally, if I were wrong and a quantum computer capable of breaking SHA-256 were to emerge tomorrow, it would most likely be kept secret for national security purposes. Bitcoin would be the least of their concerns, as all modern communications rely on rsa ,ecdsa and others encryption methods. A QC capable of breaking communications would be the weapon that replaces nuclear weapons.
0 Reply Quote Share
ledger23Full Member
Posts: 57 · Reputation: 335
#12Mar 18, 2018, 08:23 AM
Bitcoin will definitely be a serious target. The US states and big companies like Tesla, MSTR, and El Salvador have large bitcoin reserved. They would care deeply if quantum attacks becomes a threat. Imagine national reserves being stolen what will happen to the nations economy. If billions in Bitcoin is lost due to quantum theft, it will reduce the trust in digital assets globally.
4 Reply Quote Share
sage_moonSenior Member
Posts: 273 · Reputation: 1371
#13Mar 18, 2018, 12:00 PM
The amount of crypto reserves these countries have is nothing compared to their reserves in other natural resources. This would not affect them at all; it would only raise national security concerns. When we talk about quantum computers, we mistakenly think of individuals doing evil things, as if such technology were easily accessible to everyone. Look at it this way, no one with access to such power would want to undermine these technologies. Instead, they would try to take advantage of them. It would be far more important to exploit or spy on the enemy’s communications to the point of controlling weapons on foreign soil. While there is a lot of money in crypto, an attack would make it lose its value. It might ruin a few individuals, but the world would continue as usual since cryptocurrencies are used by a minority.
2 Reply Quote Share
john.cobraHero Member
Posts: 408 · Reputation: 2145
#14Mar 18, 2018, 03:38 PM
I'm more concerned that so many people have been looking for some kind of weakness in BTC for so many years and it always ends up on quantum computers that at this point don't have even 1% of the power needed to do something like smash BTC into pieces. Why don't you write how much BTC they have and which US states - and how much does the Mr. Mars company and El Salvador have? Roughly speaking, it seems to me that they have a maximum of 20 000 BTC together (El Salvador has a little over 6000). I think you're worrying about completely unrealistic and pointless things - but if you have nothing else to worry about, that's your choice
4 Reply Quote Share
real_byteSenior Member
Posts: 230 · Reputation: 818
#15Mar 18, 2018, 09:50 PM
I see no danger to Bitcoin anytime soon. Quantum computers having the ability to break bitcoin has been a meme for as long as quantum computers have existed. And it is overhyped. Nobody seems to talk about how the quantum computers that we have are glorified gimmicks that may probably have reached a dead end. It is not physically possible for coherent superposition to be scalable beyond a certain macroscopic threshold, to the level needed to break Bitcoin, as by the uncertainty principle. Which is not just an engineering issue but a physics issue. Roger Penrose, a nobel prize winning physicist, has even written a paper on this. [1] Quantum computing researchers are hoping to discover new, unexplored physical laws that favor a workaround for large scale decoherence. That is their gambit. TLDR; Scientists hope to discover new physics that makes true quantum computers possible. Current physics laws say it is not. [1] gravity collapses quantum states at the macroscopic threshold, preventing large-scale superpositions
4 Reply Quote Share
Posts: 2 · Reputation: 112
#16Mar 19, 2018, 07:03 PM
The IBIT (iShares Bitcoin Trust) filing by BlackRock does mention quantum computing as a potential risk to Bitcoin.  In its S-1 registration statement required by the SEC, BlackRock included this kind of disclosure: "The development of quantum computers could pose a risk to the security of the Bitcoin network, potentially rendering the cryptographic underpinnings of Bitcoin ineffective."
3 Reply Quote Share
sam.bullSenior Member
Posts: 390 · Reputation: 1323
#17Mar 20, 2018, 12:39 AM
It is a potential risk to everyone not just Bitcoin like a sword of Damocles especially to the government. But many seems to think that it's the kryptonite of Bitcoin Anytime you hear about quantum computer, the next is crack bitcoin You rarely (personally haven't) see any that states it would pose a threat to the financial system and government secrets.
4 Reply Quote Share
ninj42016Full Member
Posts: 45 · Reputation: 251
#18Mar 21, 2018, 11:14 AM
Its not a question IF but When those old wallets will be opened (broken into) using various new tech like QT or AGI We have already used various AI tools like passgan where you can find patterns and how encryption is created seeing hidden patterns. --KX
2 Reply Quote Share
SwiftCobraFull Member
Posts: 34 · Reputation: 336
#19Mar 22, 2018, 08:36 PM
The threat of quantum computers is often misunderstood as solely a Bitcoin issue, but its potential effect on the financial system and government secrets is a more pressing concern too. It's essential to recognize the sword of Damocles hanging over our entire digital infrastructure and work towards quantum-resistant cryptography. By adopting quantum resistant cryptography government and other financial systems can proactively protect their systems and sensitive data from these threats but implementing these will require collaboration between both parties.
5 Reply Quote Share
ape_2018Senior Member
Posts: 412 · Reputation: 1728
#20Mar 23, 2018, 02:48 AM
Solid ciphers should by definition not have hidden patterns, so while QC might become a threat eventually I doubt that AI ever will (or AGI for that matter, aside from potential capabilities of social engineering or accelerating research on QC).
4 Reply Quote Share

Related topics