Impact of Quantum Computing on Bitcoin Security

19 replies 322 views
chrischainFull Member
Posts: 126 · Reputation: 408
#1Sep 17, 2023, 03:48 AM
They’ve been ramping up quantum computing efforts since 2017. There’s this big competition between China and the USA to see who can come out on top. So far, it looks like China is leading in the quantum computing game. In short, quantum computing can easily crack today’s email security and will pose serious threats to anything relying on current encryption, including banks. The USA hasn’t rolled out its central bank digital currency yet because they’re trying to establish encryption that can withstand quantum attacks. Banks are gonna have to adapt to this new tech as well. Are we getting ready to safeguard Bitcoin in the age of quantum computing?
3 Reply Quote Share
HyperRavenFull Member
Posts: 175 · Reputation: 633
#2Sep 17, 2023, 08:25 AM
Quantum computing will not cripple Bitcoin, at least not in the immediate future. The whole fear about Quantum Computing is with the fact that Shor's algorithm can break Asymmetric Crypto algorithms, which is basically used by everything. Note that this doesn't provide enough speedup for symmetric ones, SHA256 and RIPEMD160 for example. Now, not everything with Bitcoin would be broken, just that it'll be possible to get a speedup on cracking the public key to get the private key. However, the breaking of the keys are not instantaneous. Time is needed to run and the only time that the public key gets exposed when used in a P2PKH, P2WPKH, etc transaction is when a transaction gets sent. So long as you are not reusing your addresses, I don't see this to be an immediate problem that we have to solve. Waiting to evaluate and slowly transitioning will be the best. Currently, I think the amount of qubits is still nowhere near. Probably would need more than 2K with a fairly reliable one to be able to do it. Bitcoin would probably be the least of the target; If governments were to have exclusive access, they would be too busy trying to break the hordes of data rather than trying to get some Bitcoins.
4 Reply Quote Share
humbleledgerLegendary
Posts: 1027 · Reputation: 6554
#3Sep 17, 2023, 09:55 AM
Do you have a source for this? I can think of many more reasons to delay their CBDC plans, and I can also think of many more worries concerning the rest of the banking system than just CBDC. Once more than one actor has access to enough computing power to steal Bitcoins, Bitcoin becomes worthless to them (and anyone else). Let's say someone steals 10,000 Bitcoins using quantum computing. Then he wants to use it, and makes a transaction. Now someone else steals the Bitcoins, after which the process repeats itself. This won't lead to stolen Bitcoins, it will destroy Bitcoin. Unless, of course, the protocol gets an update long before this scenario becomes a reality (in the distant future).
2 Reply Quote Share
HyperRavenFull Member
Posts: 175 · Reputation: 633
#4Sep 17, 2023, 12:18 PM
Yep, that is one of the main concerns. I see only a way to go with this: Introduce new transaction formats and I'm fairly sure proof of ownership for P2PK outputs are difficult or close to impossible, so there is a dilemma: Either you burn them, or you let the adversary take it. Either ways, not particularly ethical. Had several discussions on this, and I think that there are pros and cons to both, just the lesser of both evils.
2 Reply Quote Share
humbleledgerLegendary
Posts: 1027 · Reputation: 6554
#5Sep 17, 2023, 04:53 PM
A (partial) solution would be to require moving all coins to a new encryption long before Bitcoin is at risk, and burning anything else after a certain amount of time. But it goes against everything Bitcoin stands for.
4 Reply Quote Share
chrischainFull Member
Posts: 126 · Reputation: 408
#6Sep 17, 2023, 08:18 PM
I can't remember the source, I read it somewhere however I agree that there could be many other reason. Ultimately we will need a hard fork. From history we saw fork did not work well. Bitcoin never will be the same Bitcoin it is now.
3 Reply Quote Share
HyperRavenFull Member
Posts: 175 · Reputation: 633
#7Sep 20, 2023, 06:53 AM
Actually only two hard forks have happened in Bitcoin, and both of which are a direct result of vulnerabilities that were discovered in Bitcoin. They were done without any resistance because they were especially critical in the circumstances. I’d argue for Bitcoin to undergo a hard fork in the future, solely because it is necessary for its survival. I don’t think Bitcoin has to remain the same nor maintain the status quo. Resistance against QC is probably one of the key issues that the community has to be accepting of.
1 Reply Quote Share
alt21Senior Member
Posts: 398 · Reputation: 1732
#8Sep 20, 2023, 11:49 AM
Just for the sake of accuracy, let me ask the following to clarify whether my thoughts are correct. I thought that the classification in symmetric and asymmetric algorithms only applies to encoding/decoding and encryption algothims. SHA256 and RIPEMD160 are not encoding/decoding algorithms, nor encryption algorithms. They are one-way functions that always produce the same result (digest) for a given input. There isn't an encryption key, in SHA256, nor in RIPEMD160 so they can't be classified as symmetric or asymmetric. Am I wrong?
3 Reply Quote Share
paul.stakeHero Member
Posts: 651 · Reputation: 3798
#9Sep 20, 2023, 12:56 PM
How can you prove ownership of P2PK outputs beyond by having the signature? Modern wallet software which use BIP39 etc., and has an extra layer above key pairs, like seed, can work like proof of ownership. For example, an attacker can work out the private key of a public key, but the true owner knows the seed that derives every key. What is the argument that supports burning coins? Sounds very anti-Bitcoin to me. If the owner has lost access to their bitcoin, then they're already "burned" for them. Why does the network have to speak for them?
2 Reply Quote Share
HyperRavenFull Member
Posts: 175 · Reputation: 633
#10Sep 20, 2023, 03:06 PM
I stand corrected. Moe specifically, they should be under the umbrella of hash functions. You can't. That's why I said it would be impossible to prove P2PK ownership, or P2PKH ownership for that matter. Using seed as a filtering criteria can be very unfair and doesn't exactly allow all of the rightful owner to gain access to their coin. If you allow all of them to be stolen, when QC becomes widely accessible and cheap enough, then you have close to 1 to 2 million Bitcoins being stolen. This is fairly bad if you consider that this would be around 10% of the entire circulation of Bitcoin. This will crash Bitcoin's economy and destabilize a currency that I presume would be somewhat stable by the time this happens. Conversely, if you lock them, then this doesn't happen and giving them 10 years or even 20 years notice would be fairly sufficient. Of course this is anti-Bitcoin, but I suspect that lots of people, specifically businesses and larger coin owners would be in support of this. Personally, I'm on the fence and my opinion is that this would depend on what happens in the future.
4 Reply Quote Share
paul.stakeHero Member
Posts: 651 · Reputation: 3798
#11Sep 20, 2023, 05:57 PM
Sure, I'd be very against on any such protocol. It is practically infeasible and pointless. This is 10% of the entire circulation. They are not provably lost. We should consider that they can potentially enter the market at any time. In fact, I do consider it probable that Satoshi and the rest of the early miners will transfer them to quantum safe addresses when the time comes. Whether the lawful owners of these coins or attackers bring them into circulation, it will be equally bad for the Bitcoin economy.
4 Reply Quote Share
alt21Senior Member
Posts: 398 · Reputation: 1732
#12Sep 20, 2023, 09:02 PM
I have never thought about it, but it sounds very reasonable. That's of course possible, if we take for granted that satoshi is still out there, or that their keys are safe in someone else's hands.
4 Reply Quote Share
HyperRavenFull Member
Posts: 175 · Reputation: 633
#13Sep 21, 2023, 01:15 AM
Correct, it is a non-zero chance. However, they are definitely not equally bad for the economy. If the lawful owner appears and moves the coin, I don’t think users would have an issue with them, since it is still rightfully theirs. However, if we don’t have any answer for it, then it would be an issue as the impending QC doom comes. Firstly, there would be tons of FUD and the price would fall as a result. After the coins are moved, then there would be even more repercussions, since attackers are feasibly stealing coins from the addresses and essentially inducing a supply side shock to the market. I’d think it is a clear decision to just let them steal if its a small percentage, but if more than 10% (consider that people who has lost their private keys will increase until far in the future), then I have doubts that the market would function as per normal and a good proportion would move to another altcoin that is QC resistant from the start, and thereby having no such issues. Now, I’m not advocating for, or against burning these coins. I think that more has to be considered before we make the decision as a community, and even then, I’m sure both camps will split the chain when the time comes. I’m just not particularly convinced that either of them would be the clear choice down the road.
6 Reply Quote Share
paul.stakeHero Member
Posts: 651 · Reputation: 3798
#14Sep 21, 2023, 05:16 AM
I never understood why we treat Satoshi's coins as "unofficially lost". Just because they haven't moved since 2009-2010 doesn't mean he is dead or has lost the keys. To both these scenarios there's an equally probable scenario (as far as we're aware) where Satoshi notices his coins are likely to be stolen, and chooses to either burn them or transfer them to quantum safe addresses. Also, there are posts like this one that demonstrate there exist miners (or Satoshi maybe) who haven't spent their early coinbase rewards but possess the private keys. I take it as granted that they will protect them from quantum computers.
3 Reply Quote Share
hash_bossLegendary
Posts: 1166 · Reputation: 5261
#15Sep 21, 2023, 09:58 AM
FWIW some popular encryption cryptography (such as AES-256) is deemed secure enough against quantum computing. You might want to read this old article, https://en.bitcoin.it/wiki/Quantum_computing_and_Bitcoin. But aside from few government or elite, who dares to steal Bitcoin (which assumed to be mined by Satoshi) and able either to exchange or use it without legal problem?
3 Reply Quote Share
HyperRavenFull Member
Posts: 175 · Reputation: 633
#16Sep 21, 2023, 02:45 PM
This isn't some petty theft, and definitely not just FTX scamming customer of their funds. Stealing over 2 million Bitcoins is a big deal and I'm sure that there would be a way to launder it and ensure that these can be cleaned in the future. I'm guessing that the attack would likely be state-sponsored if it ever happens though, for the fact that they would have first-movers advantage. There is a whole other issue about fungibility as well. Should we still allow hackers access to those Bitcoin, or condemn governments for attempting to censor it? This would be like Ethereum V Ethereum Classic again and hopefully we won't have to reach that stage.
3 Reply Quote Share
chrischainFull Member
Posts: 126 · Reputation: 408
#17Sep 21, 2023, 07:22 PM
Quantum computers are not going to be cheap that average people are going to have one for each. I doubt even millionaires [at-least for the first few decades] will have one for each. It's going to be highly expensive that only government funded agencies can afford it. So when a coin will move, they will not tell it stealing, they will call it breaking bitcoin's security. We can not ignore the fact that it's not going to happen too. Quoting for highlighting from https://en.bitcoin.it/wiki/Quantum_computing_and_Bitcoin
0 Reply Quote Share
HyperRavenFull Member
Posts: 175 · Reputation: 633
#18Sep 24, 2023, 04:11 AM
Depends, we've seen loads of stuff happening on the computing clusters of quite a few university as well. Cost is only going to get cheaper, until the point where someone with malicious intentions have access to it. Besides, it would be a matter of time, and that is unless you think Bitcoin won't survive for that long. Government sponsored attacks are not uncommon, just look at the APTs out there for example, and I wouldn't have a doubt that these gets stolen by a semi-big country to evade sanctions. This is accurate. However, we aren't talking about these Bitcoin addresses in this scenario. Change address is quite commonly used now but P2PK and address reuse was quite prominent previously.  Counting P2PK keys and address reuse, we are looking at more than a million or two Bitcoins, and they aren't necessarily going to be moved before this happens.
4 Reply Quote Share
humbleledgerLegendary
Posts: 1027 · Reputation: 6554
#19Sep 24, 2023, 06:01 AM
Who's talking about owning one? Quantum computing in the cloud will be the future! Perfect for researchers, and perfect for anyone else. Scalable, just select how many qubits you need, and pay per hour
2 Reply Quote Share
chrischainFull Member
Posts: 126 · Reputation: 408
#20Sep 24, 2023, 08:38 AM
People are now more aware about coin controlling and coins privacy than before. I do it always but never had this Quantum Computing awareness before when using change address. Absolutely correct observation. It did not cross my mind. Good thing is perhaps we are looking at it after a few decades, I am confident that not when I am alive LOL
2 Reply Quote Share

Related topics