Quantam: How Long Before Computers Crack Private Keys

[JollyGood]

I think as technology makes bigger strides the time-frame to access Bitcoin by cracking private keys becomes smaller. It is probably sooner than we think but there is every chance an update will be made to counter any threat before it arises. There is no reason crypto will not be able to stay one step ahead of any perceived threat.

In my opinion, the time expected for computers to crack down private keys is dependent on the computing power and since that is limited due to our current technology . not much could be said after that. What's clear, however, is that once one builds up or manages to access as much computer power as required to compute all the different pattern permutations the security will be entirely breached.

Though, this is requires an enormous amount of energy, and also resources we currently don't have, and are in the process of just about understanding what they are.
So it will take at least 10-20 years before private keys become useless.

[Cnut237]

there is every chance an update will be made to counter any threat before it arises

The problems here are a) achieving sufficient consensus on a QC-proof update to avoid a damaging chain-split and, more importantly b) deciding what to do with any coins that remain vulnerable to QCs after the upgrade.
If a QC-proof upgrade of bitcoin is implemented, the coins are not safe until they are moved to QC-proof addresses. Some coins have not been moved in years, and early coins are particularly vulnerable. There is the highly contentious issue of how to resolve this impasse for coins that are not moved in time, or that can no longer be accessed classically. Should they be burned to prevent theft by a QC? Or should they be left alone to be stolen? What constitutes theft anyway? It's been discussed at length and quite some time ago.

Yes, sooner or later a QC will be developed that can run Shor to break public key cryptography. ECDSA is utterly insecure. Private keys can be derived from public keys. A solution is obviously needed in advance of such a QC becoming available. The problem here is that all coins will have to be moved to quantum-proof addresses. What happens to those coins that (for whatever reason) aren't moved? Do we leave them to be stolen by a QC, wreaking havoc and potentially destroying all of crypto? This is not hyperbole; it's a genuine threat. Or do we burn them before they can be stolen? It's a hugely contentious issue that goes right to the heart of bitcoin, cryptocurrencies, and decentralisation.

Theymos, ahead of the (elliptic) curve, posted about this back in 2016 (quote below). The thread that this triggered on bitcointalk was full of misunderstanding and outrage, and is perhaps indicative of the scale of opposition that such a move to QC-safe cryptography will face.

I've been looking for later news on the web, but not found much. Presumably (hopefully) the discussion has moved on considerably since 2016. If anyone is familiar with the latest discussions on this topic, please respond in this thread!

Edit: To be absolutely clear: I am not proposing (and would never propose) a policy that would have the goal of depriving anyone of his bitcoins. Satoshi's bitcoins (which number far below 1M, I think) rightfully belong to him, and he can do whatever he wants with them. Even if I wanted to destroy Satoshi's bitcoins in particular, it's not possible to identify which bitcoins are Satoshi's. I am talking about destroying presumably-lost coins that are going to be stolen, ideally just moments before the theft would occur.

This issue has been discussed for several years. I think that the very-rough consensus is that old coins should be destroyed before they are stolen to prevent disastrous monetary inflation. People joined Bitcoin with the understanding that coins would be permanently lost at some low rate, leading to long-term monetary deflation. Allowing lost coins to be recovered violates this assumption, and is a systemic security issue.

So if we somehow learn that people will be able to start breaking ECDSA-protected addresses in 5 years (for example), two softforks should be rolled out now:

One softfork, which would activate ASAP, would assign an OP_NOP to OP_LAMPORT (or whatever QC-resistant crypto will be used). Everyone would be urged to send all of their bitcoins to new OP_LAMPORT-protected addresses.

One softfork set to trigger in 5 years would convert OP_CHECKSIG to OP_RETURN, destroying all coins protected by OP_CHECKSIG. People would have until then to move their BTC to secure addresses. Anyone who fails to do so would almost certainly have lost their money due to the ECDSA failure anyway -- the number of people who lose additional BTC would be very low. (There might be a whitelist of UTXOs protected by one-time-use addresses, which would remain secure for a long time.)

_{https://www.reddit.com/r/Bitcoin/comments/4isxjr/petition_to_protect_satoshis_coins/d30we6f/}

There's a later discussion here:

I've been looking for later news on the web, but not found much. Presumably (hopefully) the discussion has moved on considerably since 2016. If anyone is familiar with the latest discussions on this topic, please respond in this thread!

I'm unsure if it counts as a considerable move but my imagination has stopped there.

https://bitcointalk.org/index.php?topic=5191219.msg52769870#msg52769870