Do you think quantum computers would break Bitcoin's security?

[sgravina]

This has been talked about a lot.  Quantum computers will not break Bitcoin's security.

But to put it in crude terms:  Quantum computers suck.  They worse than suck because if they sucked that would at least provide some benefit.  Quantum computers do nothing.  And they take a really long time to get that nothing done.  Quantum computing has been around for dozens of years now and still hasn't even done nothing.

And on top of that Quantum computers have the potential of sucking even worse.  In 10 maybe 20 years quantum computers will be wasting more time than all of our blank stares put together.

[1715067881]

1715067881

[Lauda]

now, public key are 128 bit, instead private key are 256, so the first can be brute forced by any quantum computer, and if you have that key you could retrieve the private key, but this only if the targeted public key is send when you spend a transaction

here a link http://bitcoin.stackexchange.com/questions/6062/what-effects-would-a-scalable-quantum-computer-have-on-bitcoin

there are many other confirming this

I see no information about 128 bit keys being broken. Any information found on stackexchange has no guarantee to be correct. It confirms what I said. SHA can't be reversed; it has to be brute forced.
It clearly indicated that quantum computers are more powerful than the computers of today, which is logical. There is no information on there internet about this. You're talking out of a hat.
Yes 128 bit security is 18446744073709551616 times faster to bruteforce than 256 bit. This doesn't mean that it is vulnerable when used.

It's obvious that people are commenting without proper knowledge in quantum related technology. The computers are not nowhere near ready to do any complicated jobs. The main challenge in a Qcomputer is to make sure that the qubits are entangled (if you're familiar with Schrödinger’s cat you will know what I'm talking about; look that up). The computer must stay in this state (for the cat - it can't be simultaneously dead or alive) long enough to perform calculations and get results. The ones that we have can keep the state for miliseconds or maybe a couple of seconds. That's not long enough to do something useful.
To break encryption these computers must have 500-2000qubits. Existing quantum computers operate with 14 qubits at maximum.

I have not forgotten about D-wave though. The company D-Wave claims that it has produced a 512 qubit Qcomputer. That is not a real quantum computer because it uses quantum annealing effect and can't demonstrate full properties of one. It is basically set to do a few specific tasks and represents no danger to encryption.



To summarize: You're wrong. Existing implementations have not shown that they can beat 128bit encryption. They aren't even close. That's the current situation. I'm not saying that in 5 years we won't have better technology. We might operate with 1400 qubits or be stuck at 140. Nobody really knows.
Correction 21-05-2020, for reason reported here. As I said in my reply, I must have unknowingly repeated and paraphrased text that I had previously read and remembered. It was not intentional.

Original of highlighted text:
Serge Malenkovich, Lab.
https://web.archive.org/web/20170824084401/https://www.kaspersky.com/blog/quantum-computers-and-the-end-of-security/2852/

Archive of unedited post:
https://web.archive.org/web/20150514023232/https://bitcointalk.org/index.php?topic=1026125.40#msg11108049


[original post, with paraphrased text highlighted]

[Amph]

now, public key are 128 bit, instead private key are 256, so the first can be brute forced by any quantum computer, and if you have that key you could retrieve the private key, but this only if the targeted public key is send when you spend a transaction

here a link http://bitcoin.stackexchange.com/questions/6062/what-effects-would-a-scalable-quantum-computer-have-on-bitcoin

there are many other confirming this

To summarize: You're wrong. Existing implementations have not shown that they can beat 128bit encryption. They aren't even close. That's the current situation. I'm not saying that in 5 years we won't have better technology. We might operate with 1400 qubits or be stuck at 140. Nobody really knows.

there are many quote that say otherwise, so no i'm not wrong at all, for a quantum computer brute-forcing a 256 key is like for a normal computer brute-forcing 128 key, it's like dividing by two(the exponent not the number, so is equal to a root square of it), this should be clear, and with that in mind you could deduce easily, that a 128 key for a quantum computer is equal to a 64 key for a modern computer, and a 64 key can be brute-forced with a normal computer(not just one i know, but a very big farm can do it)

just simple logic, you don't need to search for anything to deduce this...

[bennybong]

+1 to whoever posts that picture explaining about how the laws of thermodynamics would have to be broken to crack SHA256...

[medUSA]

I watched an old documentary some weeks ago about quantum computers. There is a post graduate in a university somewhere building a quantum computer. It needs to be cooled to a few degrees above absolute zero in order to do calculations. You can never guess what level of maths his quantum computer can just about manage:

factorise 15

We are decades away from a quantum computer brute-forcing a 256bit key.

Edit:
Found an old article - http://www.popsci.com/science/article/2012-08/quantum-processor-calculates-15-3x5-about-half-time

[RodeoX]

This has been talked about a lot.  Quantum computers will not break Bitcoin's security.

But to put it in crude terms:  Quantum computers suck.  They worse than suck because if they sucked that would at least provide some benefit.  Quantum computers do nothing.  And they take a really long time to get that nothing done.  Quantum computing has been around for dozens of years now and still hasn't even done nothing.

And on top of that Quantum computers have the potential of sucking even worse.  In 10 maybe 20 years quantum computers will be wasting more time than all of our blank stares put together.

Oh I don't know man. They are mostly theoretical at the moment but could develop into something beyond what we even think of as computing. Having the Qbit available for computation is a powerful idea. It is already being used as a practical tool in espionage. There is no greater security in messaging than systems using quantum entanglement.
 

[DooMAD]

+1 to whoever posts that picture explaining about how the laws of thermodynamics would have to be broken to crack SHA256...

The original one was posted here and probably a few dozen other places as well.  I thought the background looked a little dull, so I made my own version.

[Hydros]

I think we're a long way from efficient quantum computers that provide real benefits over current systems. However, I think security will have to evolve as computers become more powerful. In terms of Bitcoin, I do not see any real threat.

[Lauda]

there are many quote that say otherwise, so no i'm not wrong at all, for a quantum computer brute-forcing a 256 key is like for a normal computer brute-forcing 128 key, it's like dividing by two(the exponent not the number, so is equal to a root square of it), this should be clear, and with that in mind you could deduce easily, that a 128 key for a quantum computer is equal to a 64 key for a modern computer, and a 64 key can be brute-forced with a normal computer(not just one i know, but a very big farm can do it)

just simple logic, you don't need to search for anything to deduce this...

It's actually the other way around. A 128 bit key for a computer is a 64 bit key for a quantum computer. You obviously didn't understand my previous post.
This is theoretical and does not matter at the time. Doing such calculations is currently not possible. Humanity isn't even really near this achievement.

It is better to avoid replying to a thread, than to make bad (due to language or problems understanding) statements.

The original one was posted here and probably a few dozen other places as well.  I thought the background looked a little dull, so I made my own version.

This doesn't apply to quantum computers. If we could get a quantum computer to operate at the same speeds that we get even mobile processors today we should be able to breach SHA256 with brute force since it is like a 128 bit key for it.

[shorena]

now, public key are 128 bit, instead private key are 256, so the first can be brute forced by any quantum computer, and if you have that key you could retrieve the private key, but this only if the targeted public key is send when you spend a transaction

here a link http://bitcoin.stackexchange.com/questions/6062/what-effects-would-a-scalable-quantum-computer-have-on-bitcoin

there are many other confirming this

To summarize: You're wrong. Existing implementations have not shown that they can beat 128bit encryption. They aren't even close. That's the current situation. I'm not saying that in 5 years we won't have better technology. We might operate with 1400 qubits or be stuck at 140. Nobody really knows.

there are many quote that say otherwise, so no i'm not wrong at all, for a quantum computer brute-forcing a 256 key is like for a normal computer brute-forcing 128 key, it's like dividing by two(the exponent not the number, so is equal to a root square of it), this should be clear, and with that in mind you could deduce easily, that a 128 key for a quantum computer is equal to a 64 key for a modern computer, and a 64 key can be brute-forced with a normal computer(not just one i know, but a very big farm can do it)

just simple logic, you don't need to search for anything to deduce this...

Your logic is severly flawed.

-snip-
here a link http://bitcoin.stackexchange.com/questions/6062/what-effects-would-a-scalable-quantum-computer-have-on-bitcoin
-snip-

Click on your link, click on the link back to bitcointalk.org, read the post by danny.

-snip-

. . . will Quantum computing destroy Bitcoin? . . .

No.

http://lmgtfy.com/?q=quantum+site%3Abitcointalk.org

Need a bit more?

This should be in all stickys and faq's! Seems like every week lately we have a thread on this same old topic. I know the search engine is very bad on this forum, but i think most of the noisemakers are just too lazy to even use it.

I think at least this video from the summit should be compulsory to watch before being able to post on this forum.

...except that the speaker got the question about quantum computing wrong.  I was in the audience, but I was too much of a pussy to stand up and correct him in front of everyone.  Apparently, I should have done so (since he has now been cited by someone), but I'm shy like that -- especially because I was in the back and no one had any idea who I was.  Oh well.

The speaker says that ECDSA is not susceptible to QCs -- that's just wrong.  ECDSA is most definitely broken by QC's, as well as just most asymmetric crypto algorithms on which internet security relies.  But Bitcoin is better prepared to deal with QCs than most other crypto systems: (1) if you never reuse addresses, then no one knows your public keys and thus there's nothing for a QC to solve.  By the time someone gets your public keys, you've already spent the funds, (2) the crypto algorithms in Bitcoin can be changed to quantum-resistant ones.  Given that we'll probably have two decades advance notice before QCs with enough qubits exist to even threaten Bitcoin, we'll have plenty of time to make the switch.

+1 to whoever posts that picture explaining about how the laws of thermodynamics would have to be broken to crack SHA256...

The original one was posted here and probably a few dozen other places as well.  I thought the background looked a little dull, so I made my own version.

Maybe you could fix the errors in it, because we dont need to "count" to 2²⁵⁶ we need to "count" to 2¹⁶⁰ due the use of RIPEMD 160

[biggus dickus]

I think we're a long way from efficient quantum computers that provide real benefits over current systems. However, I think security will have to evolve as computers become more powerful. In terms of Bitcoin, I do not see any real threat.

I think I read that someone might have invented a quantum dot, but that's a very long way from a quantum computer. Considering that a modern laptop is way more powerful than a whole mainframe system from 30 years ago there might be quantum computers in another 30 years.

[Soros Shorts]

We are decades away from a quantum computer brute-forcing a 256bit key.

Edit:
Found an old article - http://www.popsci.com/science/article/2012-08/quantum-processor-calculates-15-3x5-about-half-time

Looks like the qunatum computer solves only one problem, which is to factor 15. This means that it is not even a programmable computer. If we extended this technology to find the private key of a given address then we'd need to build a different computer for each address for which we are trying to find the corresponding private key.

[Hazir]

The risk of quantum computers breaking algorithms is also there not only for cryptocurrencies like bitcoin but also financial institutions, like banks - because they heavily rely on cryptography when doing transactions.
But I know that bitcoin's security was designed in mind to be upgraded in a forward way, in the future, when quantum computers and maybe some other powerful technology will be here and if it were considered an imminent threat to bitcoin security.

[galbros]

It doesn't need to be able to break the algorithms, it just needs to be able to search directory.io.

[amazon4u]

It doesn't need to be able to break the algorithms, it just needs to be able to search directory.io.

Well, sorry to disrupt the techies at work but anyone got time for a history lesson ?


first personal computer : IBM

Release date    August 12, 1981; 33 years ago
Discontinued    April 2, 1987
Operating system    IBM BASIC / PC DOS 1.0
CP/M-86
UCSD p-System
CPU    Intel 8088      @ 4.77 MHz
Memory               16 kB ~ 256 kB
Sound                1-channel PWM




so 33 years ago we were doing 4.77mhz and a 256kb memory was more than enough for anybody...I think we should expect big things in the near future....quantum computers are definitely coming and standard encryption as we know it will go the dinosaur way.....along with it many other things that we consider untouchable today (Bitcoin included)...


the sad part is that by the time a private company would have quantum computers for sale, the NSA/GCHQ would've had years in advance of scorching the net with qbits...who is to say they aren't doing it already ?

http://www.washingtonpost.com/world/national-security/nsa-seeks-to-build-quantum-computer-that-could-crack-most-types-of-encryption/2014/01/02/8fff297e-7195-11e3-8def-a33011492df2_story.html

[Hydros]

I think we're a long way from efficient quantum computers that provide real benefits over current systems. However, I think security will have to evolve as computers become more powerful. In terms of Bitcoin, I do not see any real threat.

I think I read that someone might have invented a quantum dot, but that's a very long way from a quantum computer. Considering that a modern laptop is way more powerful than a whole mainframe system from 30 years ago there might be quantum computers in another 30 years.

Yes I agree, however the government might have quantum computers for all we know.

[Lauda]

Well, sorry to disrupt the techies at work but anyone got time for a history lesson ?
first personal computer : IBM
Release date    August 12, 1981; 33 years ago
Discontinued    April 2, 1987
Operating system    IBM BASIC / PC DOS 1.0
CP/M-86
UCSD p-System
CPU    Intel 8088      @ 4.77 MHz
Memory               16 kB ~ 256 kB
Sound                1-channel PWM

so 33 years ago we were doing 4.77mhz and a 256kb memory was more than enough for anybody...I think we should expect big things in the near future....quantum computers are definitely coming and standard encryption as we know it will go the dinosaur way.....along with it many other things that we consider untouchable today (Bitcoin included)...


the sad part is that by the time a private company would have quantum computers for sale, the NSA/GCHQ would've had years in advance of scorching the net with qbits...who is to say they aren't doing it already ?
http://www.washingtonpost.com/world/national-security/nsa-seeks-to-build-quantum-computer-that-could-crack-most-types-of-encryption/2014/01/02/8fff297e-7195-11e3-8def-a33011492df2_story.html

History is quite useless if you ask me (look what happens to Windows because it isn't rewritten from scratch) . This isn't even relevant. The development might actually slow down. The current processors are reaching a plateau when it comes to speed per core.

When talking about a quantum computer the numbers are quite different. A quantum computer is quite fast at very low speeds (even under a single MHz). Quantum computing will make an impact on asymmetric encryption, but symmetric algorithms are considered safe with a large enough key size e.g. 256 bits. Essentially we could just upgrade it to a very high number which would render quantum computers useless in beating encryption.

Yes I agree, however the government might have quantum computers for all we know.

I hardly doubt that. The are probably using Windows XP with the built in firewall. 

[Amph]

there are many quote that say otherwise, so no i'm not wrong at all, for a quantum computer brute-forcing a 256 key is like for a normal computer brute-forcing 128 key, it's like dividing by two(the exponent not the number, so is equal to a root square of it), this should be clear, and with that in mind you could deduce easily, that a 128 key for a quantum computer is equal to a 64 key for a modern computer, and a 64 key can be brute-forced with a normal computer(not just one i know, but a very big farm can do it)

just simple logic, you don't need to search for anything to deduce this...

It's actually the other way around. A 128 bit key for a computer is a 64 bit key for a quantum computer. You obviously didn't understand my previous post.
This is theoretical and does not matter at the time. Doing such calculations is currently not possible. Humanity isn't even really near this achievement.

It is better to avoid replying to a thread, than to make bad (due to language or problems understanding) statements.

The original one was posted here and probably a few dozen other places as well.  I thought the background looked a little dull, so I made my own version.

This doesn't apply to quantum computers. If we could get a quantum computer to operate at the same speeds that we get even mobile processors today we should be able to breach SHA256 with brute force since it is like a 128 bit key for it.

no you are reading that in a wrong way, i said that a 128 key for a quantum is like a 64 for a standard pc, in the sense that a standard pc can break 64 and a QC can break 128

now, public key are 128 bit, instead private key are 256, so the first can be brute forced by any quantum computer, and if you have that key you could retrieve the private key, but this only if the targeted public key is send when you spend a transaction

here a link http://bitcoin.stackexchange.com/questions/6062/what-effects-would-a-scalable-quantum-computer-have-on-bitcoin

there are many other confirming this

To summarize: You're wrong. Existing implementations have not shown that they can beat 128bit encryption. They aren't even close. That's the current situation. I'm not saying that in 5 years we won't have better technology. We might operate with 1400 qubits or be stuck at 140. Nobody really knows.

there are many quote that say otherwise, so no i'm not wrong at all, for a quantum computer brute-forcing a 256 key is like for a normal computer brute-forcing 128 key, it's like dividing by two(the exponent not the number, so is equal to a root square of it), this should be clear, and with that in mind you could deduce easily, that a 128 key for a quantum computer is equal to a 64 key for a modern computer, and a 64 key can be brute-forced with a normal computer(not just one i know, but a very big farm can do it)

just simple logic, you don't need to search for anything to deduce this...

well my intention was not say that it could break sha256, but all i want to said, is that it could break 128 key, that's it, there is nothing flawed about my logic

[BIT-Sharon]

Now the only quantum computer is at the Silicon Valley which is the home of microsoft and at the pilot phase, and there will be a long time for it to come into use. The heat that the quantum computer produces per hour can make itself increase by 70 celsius, then the temperature of computer case will come to 200 celsius within two hours. Thus the cooling device will melt after six hours' running, which is the most conservative estimation. Therefore, the quantum computer of high enery and short life is far from our life, let's wait and see what happen.

[tyz]

It does not need to break the cryptography. It only needs a quantum machine that can easily create all private keys and store them all into a database to look up every private key for a public key as on http://directory.io where it happens on the fly.
Sure, calculating and storing 10^79 keys is currently impossible without doing it in hundreads of years. But nobody knows what the future brings up. Remeber Moors law.

A more powerful computer doesn't mean that it will break any cryptography.
Remeber that better computers means only faster brute force attacks.