Bitcoin Forum

Hello everyone,
How come that I read several times that quantum computers can't hack the wallet address that has never sent bitcoin, because the address is not on the blockchain. But from the address that sent the bitcoins to this other address never to be used, we can see the public address. So how come that it can't be hacked. Any public address could be hacked with sufficient computer power no? Unless there is something that I miss here, or is it related to the private key?
Thank you!

The theory is a quantum computer needs the address's public key to derive the private key and thus do its thing. The public key is only published for others to see when a transaction out of an address takes place. It can't crack information that it doesn't have so as long as you don't move it can't obtain that info. And that's why you'll need to empty your address when you send.

First, you need to understand that quantum computers that can crack the current EC cryptography don't exist and aren't going to exist anytime soon. Maybe they even will never exist. All these cutting edge quantum computers are just expensive prototypes with very little practical applications.

Bitcoin addresses are not public keys, they are the hashes of public keys, and quantum computers can't reverse hashes as well as they can theoretically crack EC cryptography.

However, if attackers can nearly instantly find a private key from a public key, it is a big problem, because they can immediately make a competing transaction that sends coins to their own wallet, and if they will manage to get it confirmed instead of the original one, the coins will be stolen. This can happen if the hackers send the transaction directly to miners and add a huge fee to tempt them.

Thank you very much. This is what I needed to understand: the Bitcoin addresses are not the public keys. I thought they were the same. Now that makes sense to me.
Yeah I mean the only way to hack an unused wallet is to be able to get instantly a private key from a public key during a transaction. I think that would never be a problem since if that is possible then the hack would simply attack addresses that have already sent a transaction would be much easier.

The reason is because moving from private key to public key uses asymmetric cryptography, while moving from public key to address uses SHA256. These differ in how much easier they would be to "break" using quantum computing.

Using Shor's algorithm, a quantum computer could reduce the number of operations required to find the private key for a specific public key by many orders of magnitude. This would allow a sufficiently powerful quantum computer to find the private key to any address which had exposed its public key, which is done whenever coins are spent from that address.

Conversely, using Grover's algorithm, the smallest number of operations needed with a quantum computer to convert a bitcoin address back to its public key is still 2¹²⁸. This number of operations is so large as to essentially be impossible.

And add to that, that quantum computers would be much slower in going through 2¹²⁸ operations than a "traditional" computer.
Quantum computer's magic lies elsewhere. With Shor's algorithm QC can "see" the right private key from public key without going through all the possibilities. But with SHA256 it can't do the same.

Quantum computers are the flying cars of the computing world. There has never been demonstrated real world application of the technology being feasible in the real world. And there probably never will be.

AFAIK claims of achieving "quantum supremacy" are defined by google creating a non functioning "quantum" processor that is hundreds or thousands of registers in length. These "researchers" claim if they extended their "quantum processor" to have millions of registers, in theory, they would have a "true" quantum CPU. But none of it works.

If quantum computing technology were viable, it would become a holy grail to major powers of the world. A new arms race would begin where china, russia the united states, eu and others would throw billions in funding to develop quantum computing technology. It would resemble the space race.

The reason we don't see that happening is, even researchers in the field don't have any real idea or concept of how a quantum computer might be built. Or whether it is even feasible.



Bitcoin public keys are the address the coins are sent to/from.

Those long strings of random looking alphanumeric characters are the public key.

 ;)

The problem are those old "Satoshi coins" that are Pay-to-Public-Key,
they look like addresses if you view the transactions using a blockexplorer, but they are actually bare Public key which can be "hacked" by a functional Quantum Computer.

One example of old P2PK transaction: c4d2b02e5696fa17674d288923f6b0bddbc7218456a5279e8d62fbd5ee793626 (https://www.blockchain.com/btc/tx/c4d2b02e5696fa17674d288923f6b0bddbc7218456a5279e8d62fbd5ee793626)
It's unspent and never been used to send any transaction but the public key is already available:
04211609c602d9f3f9e1f97d0e341a7d906fa704da5904bdd0403ede0b276834f8040b3ce27872d52b0eef8cfd95ffbee7fcdfe2655b60ab2ba91df5c13448add5

Some day there might be computers the size of galaxies, or that actually are galaxies themselves, that can pull that off in seconds, not that we'd likely need money of any sort by that stage.

"emptying your address when you send" will not protect Bitcoin users from quantum computers that can derive a private key from a public key, because the transaction must be confirmed in a block before it is safely protected by a public key using a signature scheme that is QC resistant, which takes an amount of time (probably long enough for a QC attack to compute the private key from more than just 1 public key in the list of current unconfirmed transactions relayed across the bitcoin network).

A QC attacker can simply spend the BTC to a public key hash under their control but using a higher fee than the user's original tx, before it is confirmed in a block. If the victim notices this taking place (unlikely for many), then the obvious outcome is several rounds of the same process, until the miner gets all the BTC in all outputs as fees.

tl;dr: nooooooooooo

I'm not sure that's a fair statement to work. There has been no demonstrated real world application because the technology doesn't really even exist yet. Back in the 1700s there had been no application of electricity in the real world because we hadn't harnessed it and experimented with it. We don't know what we can feasibly apply quantum computing to until we build one and start experimenting with it. Never is far too strong a word. Think of all the discoveries made in the last hundred years. Given another hundred, thousand, ten thousand years, you think a quantum computer will never exist?

Insufficient data for meaningful answer. (https://www.multivax.com/last_question.html)

True, but the first quantum computer which is capable of obtaining a private key from a public key will likely take hours. It will be many years after that that we can build a quantum computer which can "hack" a key in under 10 minutes.

statistical variance in mining means any given block can take as long as a miner takes to find it, I think the longest time between blocks is somewhere around 2 hours. Conversely, blocks are often found 1 or 2 seconds after the previous block. It's only the relatively stability of the hashrate that prevents very long durations (i.e. hours or days) between blocks, in the event of a sustained & significant drop in the hashrate, longer intervals between blocks would be quite typical (difficulty adjustments would also take longer, and there's nothing written into the fabric of space-time that says hashrate drops cannot be sustained over multiple difficulty adjustment periods)

In discussing two different possible scenarios affecting the Bitcoin network, I would suggest that a sustained hashrate drop is more likely than QC attacks on secp256k1 private keys before significant amounts of BTC are moved to private keys with QC-resistant public key pairs. The former is all but guaranteed at some point, the hashrate cannot grow forever

A real quantum computer.

Would function identical to a GPU or ASIC.

Except, it would perform exponentially faster.

You'll know the technology is real when you see real and independently verified benchmarks confirming it.

The only thing google is releasing to verify them "achieving" quantum supremacy are theoretical vaporware whitepapers. There are no benchmarks, no tests. There is no functioning hardware that can be tested.

I don't think this is quite correct. A classical bit can be 0 or 1, either/or. A qubit, because of quantum superposition, is in a sense partially both values, a probability smear across the two, until it is measured, when it resolves to a definite classical 0 or 1 outcome. In a system with multiple entangled qubits, the number of values covered increases 2^n. Two entangled qubits cover 2^2=4 possibilities, 00, 01, 10, 11. Three entangled qubits cover 2^3=8, 000, 001, 010, 011, 100, 101, 110, 111. And so on. A QC will assess the probabilities associated with all possible classical values.

---
Edit:
It might also be worth mentioning the distinction between universal gate quantum computers, and quantum annealers. A universal, gate-based QC is what you would use to run Shor's algorithm to attack asymmetric cryptography. Quantum annealers on the other hand (such as D-Wave), would be used to solve optimisation problems (e.g., travelling salesman). If we hear a news report about a breakthrough QC that has x qubits, but it is an annealer, then it is not going to run Shor against bitcoin.