Bitcoin Forum

The company Dwave (https://www.dwavesys.com/press-releases/d-wave-announces-general-availability-first-quantum-computer-built-business) is now shipping $15M quantum computers with 5000Qbits of processing power. For comparison, the rest of the vendors are at ~50qbits. I know that $15M is quite a lot of money, but in 2 year that figure will be half. As you probably know, quantum calculations can be multiple times faster than any computer we have today. What are the plans for Bitcoin to continue to exist?

Nothing I guess, bitcoin will readjust if dev's know that it is already vulnerable so this so called quantum attacks. And as far as I know ECDSA or secp256k1 is quantum resistance as long as our public is not known. So as a bitcoin user, to protect us from this so called quantum attacks, we shouldn't re-used our bitcoin address. As for brute forcing our private key, those quantum machine will still need more computing power. And if so SHA256 will be broken, then we should go to SHA512 and so on.

This 5000 qubit machine is not a universal quantum computer in the same sense of the ones being developed by other vendors. It is a quantum annealer, which can only be used to perform a few very specific calculations. It is irrelevant to bitcoin. True universal quantum computers which may be able to break elliptic curve multiplication are still a few decades away.

Even so, when we reach the stage that elliptic curve multiplication becomes vulnerable, then there are two things which can happen. One, and very simply, users can stop reusing addresses. The private key is only vulnerable once the public key is known, and the public key is only revealed when a transaction is made. If you haven't made a transaction out of an address yet, then your funds remain safe. Secondly, we can fork to create a new address type which would be quantum resistant, just like we forked to create SegWit addresses.

If Quantum mechanics are being used then for sure it can be integrated in the machinery of the bitcoins itself , an attack from the quantum computer can only be stopped by quantum mechanics itself. I do believe since both cryptocurrencies and quantum mechanics are being hyped for a reason! Many people will be willing to integrate them both.
At the same time as we know :
Not everyone will be able to own it
Government websites are far too weak to handle such attack and therefore I do believe they would closely monitor the people with the power of quantum computers !!

What do you mean needs more computing power? 1 qubit is equal to 2 bits, that is already fast. The current supercomputer will fall out of commission once quamtum computer become available. Although it is still on its cabinet computer phase this will be a breakthrough for computing power. And why think of quantum attacks of all the things? When there is a breakthrough, commercialized quantum computers will not be available for some years. Educational institutions like research, military, and aeronautics will be the first to use this just so you know. And as if low life hackers buy those quantum computers just to get into the network. That is the least thing that we should be wary of in regards to quantum computer.

Quantum computing is still in it early stage, there is no such computer that is advanced in a way to break the ECDSA algorithm of bitcoin as of now. Quantum comouting is only a threat to the future of bitcoin, because in decades to come, there will be advanced and more sophisticated quantum computers that will be able to penetrate bitcoin ECDSA algorithm. But, it is only a panic for people that do not know much about bitcoin, it is nothing to bitcoin developers because quantum resistant soft fork will be created.

It takes bitcoin developers little stress to have a soft fork to create a new address that will be 100% resistant to quantum computer, imo, it will be the best alternative.

Quantum computers currently do not pose any risk to Bitcoin because it would make no sense to use all those resources just to harm a cryptocurrency. In the end, we'd just fork off and all the resources they've spent would have been lost in vain.

Bitcoin will advance alonside technology. Once more powerful computers are released, the hashrate will increase as well. As soon as quantum computing becomes the norm, the hashrate will probably be high enough not to pose any risk anymore from the 51% attack perspective. Private keys may be at a high risk though, but that is something devs can fix.

I don't think anyone is stupid enough to purchase hardware worth so many millions of dollars to attempt a BTC attack when they know escaping the attack is as easy as creating a slightly improved fork.

These machines aren't made to be as flexible as you think it can be. They are not general purpose, and are only intended for very specific calculations and that's it. This cannot be reconfigured into something that can break SHA-256, or try to play with the algorithms and cryptography embedded within bitcoin. We're years or even decades away from a working quantum computer that can try and take the bitcoin cracking challenge, though those operating it may find the effort futile since a fork can just occur and there goes your millions down the drain.

In bitcoin, there are many other difficult problems that are still waiting for a solution. Bitcoin developers should not focus on a potential threat from non-existant sufficiently powerful quantum computers. It is better to focus on code improvements such as Schnorr signatures and Taproot, which really may help bitcoin to survive. Even if developers decided that Bitcoin should be quantum resistant, started to implement quantum resistant addresses, for instance, that would not change anything, anyway. They cannot force people, ordinary bitcoin users, to behave differently, they cannot change people's habits, they cannot forbid them to reuse addresses. People first need to learn how to use bitcoin properly in order to develop their own methods of how to protect yourself from those attack vectors and problems which can't be solved on a protocol level.

The only way one qubit can encode 2 bits of information is if two parties share an entangled qubit prior to transmitting data to each other. For most cases of quantum computing at the moment, 1 qubit is equal to 1 bit.

Breaking SHA256 is not the concern when it comes to quantum computing. At best, a quantum computer running Grover's algorithm could reduce the operations needed to break SHA256 from 2²⁵⁶ to 2¹²⁸, which is still far too large for any computer, and certainly far too large for the small quantum computers we are talking about. Breaking elliptic curve multiplication is the concern, as a quantum computer running Shor's algorithm could reduce the operations required from 2¹²⁸ to somewhere in the region of 128³, which is achievable.

Qubits are using superposition meaning that 1 qubit is equal to 0 and 1 at the same time, much like Schrödinger's cat, qubits are technically two bits. Why would it be equal to 1 bit and be faster than the modern computers?  And yeah, entanglement is reason why qubits can hold up to two bits of data.

Having a superposition of 0 and 1 does not make is equal to 2 bits. When the qubit is measured, it must be either 0 or 1, which is the same as the bit. If anything, n qubits can be thought of as the same as 2ⁿ bits. If you have n bits, then you can represent any one of n² possible combinations. If I have n qubits, I can represent all n² combinations simultaneously.

The speed increase is not because 1 qubit can store more data than simply 0 and 1. The speed increase is because it can simultaneously store both 0 and 1. As I said above, this allows a 16 qubit computer (for example) to simultaneously store 65,536 possible states.

I said on my counter argument that it is technically 2 bits. Sorry if I do not know much about it. I am just fascinated by quantum mechanics so most things that I know is surface level. You didn't consider it in your post.

Here is the link to the one article I have read: https://superposition.com/2017/10/05/seven-things-need-know-about-qubits/


That is what I was trying to say in the first place.

Can we then say that Quantum computing can reach 65,536 times faster speed than a regular one?

Wrong, quantum-resistant cryptography has been known for decades, and it doesn't require quantum computers to work. Quantum computers aren't just more powerful classic computers, they are good for certain things, and worse at doing everything else. They aren't going to change everything, they'll just improve some fields.

There was this very informative thread on the Quantum resistance topic which I found super interesting since QC is something I am deeply fascinated about.
https://bitcointalk.org/index.php?topic=5191219.0

Especially this is important

Not exactly.

If we consider 3 bits, there are 8 possible combinations. 3 qubits could represent all 8 simultaneously, so would theoretically be 8 times faster.
With 4 bits, there are 16 possible combinations. 4 qubits could represent all 16 simultaneously, so would theoretically be 16 times faster.
With 5, it is 32 times.
With 6, 64 times.
And so on.

The more qubits you add, the exponential the speed increase.

Now, it's obviously not quite as simple as this. There are a huge number of other factors to consider such as getting qubits to work together, decoherence, error correction, wave collapse, etc., but the general principle is that for some specific operations (such as reversing elliptic curve multiplication) quantum computers will reduce the operations required exponentially rather than just linearly.

There are quantum resistant encryption cryptography systems that would probably be adopted. Quantum computers are still very basic but these functions are becoming well-tested now:
https://en.wikipedia.org/wiki/Post-quantum_cryptography

Excuse my ignorace, but implying we got through a soft-fork.
Does not it mean that "lost" coins might be moved again in the case of this quatum attack?

If so, it would represent an incrase of supply of BTC and in consequence its price might decrease when/if happens .

 ???

I'm just wondering if this would be sped up, as we see the technological advances now it seems like we are quickly changing from smartphones chipset to microprocessors, even the Moore's law isn't applicable these days due to rapid doubling of computer components. Would this few decades away just be a decade away or just a couple of years away.

Is it possible? we could just fork and fork so we can avoid being broke by quantum computers? is that what you mean?

Sure, the timescale might accelerate, but it isnt going to accelerate to the point that suddenly currently used cryptographic algorithms are all broken overnight with no time to prepare. And if something like that ever did happen, bitcoin would be the least of our worries.

Absolutely. The network softforked to implement a new address type for segregated witness. There is no reason we couldn't softfork to implement a new address type which uses quantum resistant signatures. I think the most commonly suggested solution is using a hash based algorithm such as Lamport signatures.

To me, it's a lot like the spaceships fantasies of the 70s. It seemed that surely people would be flying to nearby planets for vacations by the beginning of this century, and yet we did not move significantly forward since those times at all. So with computers becoming better very fast, it might seem that soon they'll be so much better, and they'll decrypt in a  matter of seconds what would now take centuries, but I feel like we're actually reaching the barrier and won't face that many improvements in this area in the near future. I think Bitcoin is more likely to "die" due to people not caring about it and not feeling encouraged to adopt it than due to quantum computers.

People who are scared of quantum computers breaking Bitcoin encryption are not aware of a few things like the one that quantum computers don't "see" programs we currently use. They can make a lot of calculations but for them to break Bitcoin hash somebody would have to translate that hash for them and then be able to decypher the results that the quantum computer will provide. Now imagine doing that to a public transaction. By the time you'd do it there would be a hundred new transactions on top of it and and you'd still have nothing.

Sure, even once quantum computing can break elliptic curve multiplication, it will likely be years or even decades more before they can break it so quickly that they can calculate a private key and broadcast a double spend all before a transaction is confirmed.

That's not really what most people are worried about, though. Between early coins sents to pay to pubkey addresses, and coins currently sitting on reused addresses in which the public key is already known, there are approximately 5 million bitcoin. All of these coins are potential targets to be stolen by quantum computers. Even if none of those coins are yours, the knock on effect of almost a third the circulating supply being stolen is worth consideration.

The bottom line is, these "quantum computers" do not offer superior calculation capacity at reduced price. GPUs made by NVIDIA or AMD offer significantly better performance at lower cost.

Quantum computers are a vaporware theoretical technology that are nowhere near to existing in the real world. They're like AI, flying cars and neural interfaces for PCs.

You'll know real quantum computers exist the day NVIDIA and AMD GPUs become obsolete. Until then everything said about "quantum computers" is nothing but marketing hype.

It will continue to exist as we know Bitcoin has an algorithm that updates whenever the mining difficulty gets solve faster. So quantum computers, wouldn't be a threat for remaining supply. Also if ever, it actually gets mined faster then it wouldn't be a problem because it will make Butcoin more scarce than any asset making the price skyrocket. So either way its a win, win for everybody.

as processing power develops, cryptographic will develop as well.

If the technology used in bitcoin (cryptography) becomes vulnerable to quantum computers, bitcoin will be the least of our problems. The whole computer cyber security will be vulnerable. No more banking, no more internet, basically everthing you have  a password will be vulnerable.

See, quantum computers are based on the direction of atoms when you measure them. There are laws in physics that allow computers to measure atoms knows qubits at massive rates. You can easily calculate the position of many qubits at the same time.
This allows us to execute parallel computing at insanely fast speeds compared to traditional computers. It’s like moving at light speed. So if they are so fast at testing multiple possible results for a given encryption algorithm, shouldn't we be afraid of them breaking Blockchain's encryption? No, here's the first reason why: there aren't good quantum computers yet, and that kind of innovation will take us years to attain. Even a good quantum computer can only halve the difficulty of the SHA-256 algorithm used on the entire Bitcoin network, among many other Blockchains.
There is a good article which doesn't speak too tech if you wish to delve into it more https://www.fxstreet.com/cryptocurrencies/news/why-the-crypto-community-shouldnt-be-afraid-of-quantum-computers-202010011535

That's not accurate, and that article is also incorrect.

A quantum computer running Grover's algorithm can solve a hash in sqrt(N) operations rather than N operations. Although that article correctly states that SHA-256 could be broken in 2¹²⁸ operations instead of 2²⁵⁶ operations, 2¹²⁸ is not half of 2²⁵⁶. Half of 2²⁵⁶ is 2²⁵⁵. 2¹²⁸ is the square root of 2²⁵⁶. Sqrt(N) is a much greater speed up than N/2, but 2¹²⁸ is still far too many operations to be feasible any time soon.

Still, if you read my post above, breaking hash functions is not the concern with quantum computers - breaking elliptic curve multiplication is. Quantum computers can speed this up exponentially, meaning all coins in P2PK address (including ~1 million coins thought to belong to Satoshi), and all coins on addresses which have previously been used, are vulnerable.

Existing quantum computers are not capable of competing with classical bitcoin mining equipment. The emergence of efficiently powerful quantum miners is very unlikely to happen in a foreseeable future. If they existed today, it would be possible for them to find a target value more easily using two different approaches. Some believe there is a possibility that a quantum algorithm to invert SHA-256 cryptographic hash function will be found in the future. With such algorithm miners doesn't have to search for possible solution anymore, they simply can find an actual input by inverting a hash function. Obviously, it is not desirable future since SHA-256 function is used in many other fields, not in mining alone. However, quantum algorithm poses a threat only if used silently, otherwise bitcoin developers will be ready for that. After all, there are many hash functions that are quantum resistant. The second approach quantum computer may use is trying different inputs using Grover's algorithm for search. This algorithm allows for a quadratic quantum speedup, it is considerable enough when search field is high. However, it requires a lot of quantum hash rate and quantum computers should be run in parallel like it is done today in classical computation.

Thanks for your explanation, after a second read and given your clarifications I can say that article is too simplistic. Going back to what matters here I think the issue regarding satoshi's coins is real: I believe it's easy to implement quantum countermeasure going forward but doing that to those coins is a completely different thing.
 

Exactly. There has been a lot of debate and discussion about what should be done about vulnerable coins, including those presumed to belong to Satoshi, and the suggested solutions vary greatly. Everything from "Leave them alone and if/when they are hacked, so be it" through to "Irreversibly lock them so no one can ever spend them again", and everything in between.

theymos made a controversial post about this on Reddit a few years ago which you can read here: https://www.reddit.com/r/Bitcoin/comments/4isxjr/petition_to_protect_satoshis_coins/d30we6f/. He was essentially saying that if the coins are going to be stolen anyway, it would be better to just lock them instead. Although I can see the merit behind such a proposal, it does not sit right with me at all that the community is choosing to lock/freeze coins which aren't theirs. achow101 has proposed a solution I find very interesting in the last few paragraphs here: https://bitcoin.stackexchange.com/questions/91049/why-does-hashing-public-keys-not-actually-provide-any-quantum-resistance/91050#91050. Essentially it says to lock coins which are vulnerable, but provide some quantum resistant mechanism for the real owner of the coins to recover them, perhaps via a zero knowledge proof of knowing the seed phrase which was used to derive the relevant private key. This wouldn't however work for earlier P2PK addresses which were not derived from a seed phrase.

Yes, that's the thing! I completely agree with you: to lock someone else's coins is not something that should be done easily. I guess the solution suggested by achow finds me well.
Whatever it is, this is something that needs to be addressed.

A qauntum computer does not necessarily perform calculations for all the algorithms. I have read somewhere on the internet that it is not necessary that a quantum computer will be able to crack bitcoin's private key until it is able to break bitcoin's algorithm. We might have more time until this happens. Also, we do have the ability to create a quantum proof algorithm for bitcoin but that will take good amount of efforts, skills and time.
It has been a long debate whether all these possibilities can occur or not and to be honest only time can tell us whether the current bitcoin algorithm can penetrate quantum computers or not.

I think some are missing the key points of quantum computer technology.

#1  Quantum computers promise exponentially greater processing power over today's most powerful supercomputers.

#2  Exponentially greater processing power implies problems related to breaking cryptography that take years to solve with today's technology, would theoretically take only days or weeks.

#3  Every claim to fame associated with quantum computer technology revolves around greater computational capacity at affordable cost. Through a significantly higher bit density of registers. A glance at whitepapers or news stories where quantum computer researchers claim to have made a computer with "100,000 qbit registers" (or whatever they call them) tells you what they're building doesn't resemble a true quantum computer in the least.

Machines the media labels "quantum computers" today offer no advantage in computation or clock speed. They cannot solve problems faster, more efficiently or utilizing less electricity in contrast to normal computers. They're marketing gimmicks with no real proof of concept that can be benchmarked to prove they offer any advantage.

People discuss quantum computers without seeming to recognize the technology for them does not currently exist.