Should Bitcoin Ditch ECDSA for Quantum Resistance Now?

9 replies 284 views
key372Newbie
Posts: 15 · Reputation: 18
#1May 28, 2017, 12:02 PM
So I came across some updates on quantum computing this week and wow, it’s getting serious. There’s a new study suggesting that we should move Bitcoin from ECDSA to this ML-DSA type of signature to protect against quantum attacks. A lot of folks think we’ve got about ten years before quantum really poses a threat, but with companies already testing quantum-resistant solutions on test networks, I think we need to chat about this now. If we wait until a real attack happens, a simple update might not cut it. What’s everyone’s take on this? Should Bitcoin devs start considering more flexible crypto options and swappable signature components, or is this just hype fueled by unproven fears? Personally, being late on security feels as bad as being broke.
6 Reply Quote Share
the_chainNewbie
Posts: 64 · Reputation: 15
#2May 28, 2017, 04:43 PM
The developers are not idle in anticipating it, but the current situation has not yet found the best option. However, from the Trezor application, I once discussed on local media that they are ready for quantum. They have created Trezor Safe 7. This Trezor combines a security system between TROPIC01 + EAL6, TROPIC01 is a chip made by Trezor, while EAL6 (security certification). Even the US, through the FEDERAL government, officially bans ECDSA cryptography starting in 2030 with a final deadline in 2035. On the global sub-board at Development & Technical Discussion, @Pmalek also created a thread titled J. Lopp's Post-Quantum Migration BIP. I also read that this situation seems to be neglected because developers apparently have not taken much action yet. But actually, this BIP 360 Proposal has been added to https://github.com/bitcoin/bips. This was also written by him, @ABCbits, in the Thread Quantum threat ignored by Bitcoin developers. Recently, there is a BIP-361 proposal that plans to lock old wallet addresses. This proposal contains a suggestion to freeze more than 6.5 million BTC stored in UTXOs that are vulnerable to quantum attacks, including more than around one million coins related to Satoshi. However, this proposal is still under debate and has sparked controversy between two camps. But this step is considered unlikely to save 1.7 million Bitcoins according to Cardano (ADA) Founder, Charles Hoskinson. Even BIP 361 proposer James Lopp feels that this proposal is not entirely regarded as good. But Lopp also thinks there is no better alternative than the one he made. CMIIW Sources: 1. https://id.beincrypto.com/bip-361-hoskinson-satoshi-bitcoin-kuantum/ 2. https://x.com/lopp/status/2044406134178795748?s=20 3. https://bitcointalk.org/index.php?topic=5550298.0 4. https://www.forbes.com/sites/digital-assets/2026/02/23/bitcoin-took-its-first-step-against-quantum-computers/ 5. https://news.bitcoin.com/id/trezor-safe-7-baru-menawarkan-desain-tahan-kuantum-dan-elemen-aman-ganda/
0 Reply Quote Share
Posts: 77 · Reputation: 22
#3May 28, 2017, 10:30 PM
It will still take at least 4 or 5 year before quantum computers will become a threat to bitcoin but people are just afraid of what they supposed not to be afraid of because bitcoin developers will still upgrade the bitcoin blockchain either through soft fork or hard fork if necessary. Google has also talked about quantum computers to be a threat and that it is near.
3 Reply Quote Share
Posts: 130 · Reputation: 30
#4May 29, 2017, 03:34 AM
I don't think this is tinfoil season anymore, but I also don't think Bitcoin should start ripping out ECDSA because a few headlines got people excited. The sensible answer is to work on crypto agility now, quietly and seriously, so there's a migration path before things start to get bad. That means research, standards, test implementations, wallet support, and ugly discussions about how to deal with old exposed pubkeys and ancient coins that may never move. The worst move would be doing nothing for years and then trying to cram a rushed fix through under panic conditions. Bitcoin is very bad at emergency surgery, by design. Also, not all coins are sitting equally naked here. Coins with exposed pubkeys are the obvious first-class snack if quantum ever gets teeth. Reused addresses and old output types would be the part that keeps me awake, not fresh coins that haven't revealed more than they need to. So yes, start the work now, absolutely. Just don't confuse "prepare now" with "flip the table tomorrow." With Bitcoin, the boring path is usually the path that keeps the chain alive.
3 Reply Quote Share
ravenioHero Member
Posts: 10 · Reputation: 2103
#5May 29, 2017, 01:18 PM
There are no current proposals suggesting a dramatic shift from ECDSA straight to a post-quantum signature scheme. The more realistic path is to first add a new signature scheme, likely using P2MR as the foundation, and then push migration over time. The biggest question is whether that migration should be mandatory or optional. Under an optional scheme, dead Bitcoin cannot be migrated and will eventually be stolen. On the consensus side, we wrote a paper on this topic: The Bitcoin Backbone Protocol Against Quantum Adversaries In the quantum random-oracle model, a quantum adversary can still be handled if its total quantum hashing power is tightly bounded. Relative to the classical analysis, each quantum oracle query is effectively much more valuable, and the security condition worsens by an extra factor on the order of p^(-1/2), where p is the success probability of a single classical hash query. The paper also shows that, to achieve the same negligible failure probability, the required number of rounds or confirmations grows by about p^(-1/6).
5 Reply Quote Share
Posts: 1822 · Reputation: 24
#6May 30, 2017, 11:36 PM
"I do not mind leaving dead btc for a super rich company to grab it all wit a quantum computer" but what's dead BTC? Seems to me defining what dead btc is is more important than losing it or safe guarding it. Have we agreed to a definition of it as of today? Not so sure that we have.
0 Reply Quote Share
bulllab95Member
Posts: 168 · Reputation: 67
#7May 31, 2017, 12:49 AM
Arbitrary definition by people who are bamboozled by centralized systems and are unable to move away from "solving" problems using the same methods that the old fiat system uses. We made Bitcoin to get away from freezing, censorship, and all of that nonsense and here you have idiots proposing to do it all over again. If we do, we are not better than the fiat system -- no amount of arbitrary justifications change anything about that. The key difference between Bitcoin and pretty much all shitcoins is that you can put away your key, come back in 10 years, or soon 20 years and have it all in the same place and ready to go. In the shitcoin world they make all sorts of token changes, transition dates with cutoffs and nonsense in order to manipulate people and steal their tokens or coins. Bitcoin should and must be better than this or there is no point. The centralized shitcoin way: Hide behind a foundation/company or a DAO and pretend you are decentralized and make these moves mandatory for mallicious reasons disguised as virtue signalling ("the DAO voted on it!"). The Bitcoin way: Make it optional, you are your own bank. Your keys, your coin, your responsibility.
4 Reply Quote Share
Posts: 244 · Reputation: 60
#8May 31, 2017, 08:36 AM
There have been many projects focused on post-quantum cryptography for years; we're not behind. These studies are being evaluated, and this topic has been a frequent one here for some time now. My thought is that quantum computing is being developed for other purposes, to generate more money for the investment spent on development. It's pointless for such an entity to compromise Bitcoin, and it's not as if everyone would suddenly have personal access to these computers to do some kind of malicious work. Likewise, simply migrating your funds to a wallet and keeping them unused would suffice. I wish good luck to the quantum computers brute-forcing ECC, double SHA256, and RIPEMD160.
3 Reply Quote Share
Posts: 558 · Reputation: 171
#9May 31, 2017, 01:18 PM
Unpopular opinion: rushing to change Bitcoin's consensus rules poses an orders of magnitude higher risk than migrating to a quantum-safe algorithm just slower overtime. From what I can tell, the biggest question the world will have to answer is whether we will accept the frozen coins concept or not. On one hand, freezing coins is an immediate red flag as a proposal, and on the other hand, the amount of coins that are vulnerable to a quantum attacker could result in a supply shock that would make Strategy's aggressive buying look like regular stacking sats.
3 Reply Quote Share
moonhq227Member
Posts: 334 · Reputation: 57
#10Jun 2, 2017, 09:00 AM
In a nutshell the question is what would cost much Which I believe the former would in the long run It feels like the start of a compromise to turn Bitcoin similar to how centralised money works. They would want to make profit Like good profit So what's the benefit if everything is lower Smart is to sell little by little. I doubt an average person would have access to such level of technology. Bitcoin doesn't really care about the owner but who controls the key.
0 Reply Quote Share
?Reply
Sign in to reply to this topic

Related topics