ComefromBeyond
Legendary
Offline
Activity: 1918
Merit: 1007
Newbie


November 03, 2015, 11:46:08 AM 

and as I said, bitcoin would be our last concern.
This is ostrich policy. Banks won't be attacked by agencies that will get QCs.






Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.

Tstar


November 03, 2015, 11:51:03 AM 

I'm not talking about banks man. I'm worried about public transportations, people's sensitive data and so forth. You could say I'm being paranoid a bit. But, again, if such a thing would be used for the bad you would not care about your BTC wallet.




achow101
Moderator
Legendary
Offline
Activity: 1372
Merit: 1276
3F1Y9yquzvY6RWvKbw2n2zeo9V5mvBhADU


November 03, 2015, 12:06:33 PM 

ComefromBeyond, so let's assume you have a quantum computer that you can use to mine BTC. Can you use it to disrupt the mining process or not?
Yes, with a QC you can invalidate last 1000 blocks, generate 20000 empty blocks and stop mining leaving the others with 20year block times. Really? Can you back that up with maybe some research? Last I checked, the only thing that makes quantum computers more efffective at hashing is grover's algorithm, which practically reduces the bit length by half. For the same security, the bit length can just be doubled, so using SHA512 instead of SHA256 on a quantum computer is the same as SHA256 on a classical computer.




ComefromBeyond
Legendary
Offline
Activity: 1918
Merit: 1007
Newbie


November 03, 2015, 12:16:53 PM 

Really? Can you back that up with maybe some research?
Last I checked, the only thing that makes quantum computers more efffective at hashing is grover's algorithm, which practically reduces the bit length by half. For the same security, the bit length can just be doubled, so using SHA512 instead of SHA256 on a quantum computer is the same as SHA256 on a classical computer.
Check the quote from the whitepaper upthread. In layman terms, SHA512 won't help, because at current difficulty Bitcoin operates only on 68 bits, the other zillion bits are completely irrelevant.




achow101
Moderator
Legendary
Offline
Activity: 1372
Merit: 1276
3F1Y9yquzvY6RWvKbw2n2zeo9V5mvBhADU


November 03, 2015, 12:41:47 PM 

Really? Can you back that up with maybe some research?
Last I checked, the only thing that makes quantum computers more efffective at hashing is grover's algorithm, which practically reduces the bit length by half. For the same security, the bit length can just be doubled, so using SHA512 instead of SHA256 on a quantum computer is the same as SHA256 on a classical computer.
Check the quote from the whitepaper upthread. In layman terms, SHA512 won't help, because at current difficulty Bitcoin operates only on 68 bits, the other zillion bits are completely irrelevant. I don't see where it says where it uses 68 bits. It says that it must search through on average 2^68 nonces. From what I understand, this does not mean that it is only 68 bits and that the number of nonces to search through will increase with a higher difficulty.




ComefromBeyond
Legendary
Offline
Activity: 1918
Merit: 1007
Newbie


November 03, 2015, 12:49:06 PM 

I don't see where it says where it uses 68 bits. It says that it must search through on average 2^68 nonces. From what I understand, this does not mean that it is only 68 bits and that the number of nonces to search through will increase with a higher difficulty.
It means exactly this  effective hash width is 68 bits. Sorry, can't provide formal proof, just google around.




achow101
Moderator
Legendary
Offline
Activity: 1372
Merit: 1276
3F1Y9yquzvY6RWvKbw2n2zeo9V5mvBhADU


November 04, 2015, 04:50:11 AM 

I don't see where it says where it uses 68 bits. It says that it must search through on average 2^68 nonces. From what I understand, this does not mean that it is only 68 bits and that the number of nonces to search through will increase with a higher difficulty.
It means exactly this  effective hash width is 68 bits. Sorry, can't provide formal proof, just google around. The effective bit length is actually 136 bits since good algorithms like SHA 256 will require 2^(bit length/2) computations to brute force a single hash. This effective bit length will also change as the difficulty increases because miners will need to search through more nonces when there is a higher difficulty, so the bitcoin network would adjust to a quantum miner so blocks would still come out at around 10 minutes per block. So if we double the bit length by switching to SHA512, the effective bit length will also double so this will essentially make the quantum miners not anymore powerful than classical miners.




DuddlyDoRight


November 04, 2015, 05:37:57 AM 

One Time Pad without reuse.

I have faith that one day this forum will get threads where people won't just repeat their previous posts or what others have already stated in the same thread. Also that people will stop acting like BTC is toymoney and start holding vendors accountable. Naive? Maybe.



ComefromBeyond
Legendary
Offline
Activity: 1918
Merit: 1007
Newbie


November 04, 2015, 09:49:30 AM 

The effective bit length is actually 136 bits since good algorithms like SHA 256 will require 2^(bit length/2) computations to brute force a single hash. This effective bit length will also change as the difficulty increases because miners will need to search through more nonces when there is a higher difficulty, so the bitcoin network would adjust to a quantum miner so blocks would still come out at around 10 minutes per block. So if we double the bit length by switching to SHA512, the effective bit length will also double so this will essentially make the quantum miners not anymore powerful than classical miners.
Frankly saying, it looks like you randomly put N, N/2 and 2N into different places trying to guess the correct formula. Maybe read the quoted whitepaper first? When the difficulty goes up quantum computers will get even a bigger advantage because of increased leverage (from 17 billion to trillions).




