Quantum computers to crack SHA256 - when will that become reality?

[onemanatatime]

Can Quantum computers one day break SHA256, and hence cause Bitcoin's death?

When would that be estimated to happen?


(probably won't die since we'll hard/soft-fork then to a new algo or smth, but just for discussion's sake)

[achow101]

This topic has been discussed multiple times already. Please use the search function or google and read up on the subject.

There are no known ways that quantum computers will break sha256.

[jonald_fyookball]

I would find it interesting to read a nice article on how collision attacks are done.

[Decoded]

This topic has been discussed multiple times already. Please use the search function or google and read up on the subject.

There are no known ways that quantum computers will break sha256.

Doesn't the fact that quantum computers are more efficient than classical computers (Taken from https://cs.stackexchange.com/questions/50366/is-there-any-proof-that-quantum-computers-are-more-efficient-than-classical-comp) mean that they will be slightly better than normal computers at hashing? Maybe not exponentially, but slightly more efficient?

[U2]

Let's woodchipper this dead horse rather than kick it, shall we? Quantum does not mean magic. Quantum computers use 1,2,3,4 etc rather than 1 and 0. They aren't magic, they can just make smarter decisions rather than yes no yes no yes no the answer could be infinite. How does this top look on me? How the hell would a computer ever answer that!? A quantum computer could .

It won't be cracked and if it is all banking around the world would be cracked so we'd be a small fish in a big pond. Don't worry about it.

[BitcoinFX]

I would find it interesting to read a nice article on how collision attacks are done.

This one makes for an interesting watch ...

- https://www.youtube.com/watch?v=Lh8OGDNJZQk - Christian Schaffner: Quantum Cryptography 

21:00 = Quantum Cryptography Landscape / Post Quantum Crypto.

[ranochigo]

This topic has been discussed multiple times already. Please use the search function or google and read up on the subject.

There are no known ways that quantum computers will break sha256.

Doesn't the fact that quantum computers are more efficient than classical computers (Taken from https://cs.stackexchange.com/questions/50366/is-there-any-proof-that-quantum-computers-are-more-efficient-than-classical-comp) mean that they will be slightly better than normal computers at hashing? Maybe not exponentially, but slightly more efficient?

The only thing that quantum computers can do is to speed up the calculation of SHA256 hashes. Even if its faster than normal computers by a factor of thousands, the ASICs would still be way faster than quantum computers. The difficulty will rise and the network would continue as per normal.

ECDSA is a bigger problem than this.

[jonald_fyookball]

The only thing that quantum computers can do is to speed up the calculation of SHA256 hashes. Even if its faster than normal computers by a factor of thousands, the ASICs would still be way faster than quantum computers. The difficulty will rise and the network would continue as per normal.
 

i dont think qunatum computers can speed up hashing, but anyway this is not what is meant by 'cracking' sha256.

[fkod]

I hope Quantum computer technology is take under control. Otherwise it will be threatens the world. I fear that all encryption systems, cryptocurrency ecosystems to be threatened.

[rvrl_23]

Scientists have already built basic quantum computers that can perform certain calculations; but a practical quantum computer is still years away..
so we don't know if is is possible..

[Katewind]

I hope Quantum computer technology is take under control. Otherwise it will be threatens the world. I fear that all encryption systems, cryptocurrency ecosystems to be threatened.

it's quite difficult to happen in the near future (maybe 20 years later) and if this issue could happen then They would have some strong tools to prevent this issue. So do not worry about it and it's too early to think about this issue.

[enhu]

Isn't Golem project just like quantum computers? I must be misinformed though but I assume its what the company are going to manufacture base on what I have read on their whitepaper.

I hope Quantum computer technology is take under control. Otherwise it will be threatens the world. I fear that all encryption systems, cryptocurrency ecosystems to be threatened.

it's quite difficult to happen in the near future (maybe 20 years later) and if this issue could happen then They would have some strong tools to prevent this issue. So do not worry about it and it's too early to think about this issue.

Time flies so that 20 years will be just a flash and you won't realize we can casually use these computers and available on local stores.

[coldice]

If not 1 but 10 quantum computers might do it if that efficiency of system gets developed.

[frogger_]

There's no proof yet that a quantum computer in practice can actually do anything faster than a classical computer. Theoretically it might be possible, but there are plenty of computer designs which sound like they could provide exponential speedups, but end up requiring some exponential resource to build or run which eliminates all advantages. It's totally possible the same thing happens with QC.

But even then, QC has it's limits, and it's unlikely that it's going to be able to break all cryptography or hashing.

[carlfebz2]

Majority of people commented above do believe that Quantum computers might crack sha256 but it would need lots of QC (just my own view) and also we are not still on that era to make such assumptions.The right time to say it when we do already test it out when QC is already been here.Just sit and wait for more decades to come before we can able to witness the development of QC's.

[187undercover]

Majority of people commented above do believe that Quantum computers might crack sha256 but it would need lots of QC (just my own view) and also we are not still on that era to make such assumptions.The right time to say it when we do already test it out when QC is already been here.Just sit and wait for more decades to come before we can able to witness the development of QC's.

By the time quantum computing happens that can crack SHA256, I suspect civilization will have already progressed far beyond our current knowledge. Especially with the advent of artificial intelligence and automated systems.

[dinofelis]

The only thing that quantum computers can do is to speed up the calculation of SHA256 hashes. Even if its faster than normal computers by a factor of thousands, the ASICs would still be way faster than quantum computers. The difficulty will rise and the network would continue as per normal.
 

i dont think qunatum computers can speed up hashing, but anyway this is not what is meant by 'cracking' sha256.

Concerning quantum computers and cryptography, there are two totally different aspects.

1) quantum computers, if ever they come into existence with a lot of qubits (which I personally doubt, but ok), can TOTALLY CRACK the current public key systems based on prime factorisation (RSA, Diffie-Hellmann) or based upon discrete logarithms in groups (elliptic curve crypto).  The algorithm to do so is known, it is Shor's algorithm.  By TOTALLY I mean totally: just ANY key can be cracked in a matter of milliseconds, on the condition that the quantum computer has more qubits than (a few times) the key length.  If such a quantum computer exists, there is simply no difficulty in cracking the key, it doesn't take "days" or anything because the difficulty goes LOGARITHMIC with Shor's algorithm.

2) however, for hash functions, and symmetric crypto like AES-256, it can be shown that a quantum computer can AT BEST use Grover's algorithm to crack it.  Grover's algorithm doesn't crack entirely a hash function, but essentially HALVES ITS BIT STRENGTH.  So a SHA-256 hash (with 256 bits) would not require 2^256 trials like on a classical computer, but "only" 2^128 trials on a quantum computer, which is STILL IMPOSSIBLE to do practically.  Most people think that quantum computers will, if ever they exist, run much slower than classical machines, so 2^128 trials on a quantum machine will be much harder to solve than 2^128 trials on a classical machine.

So while quantum computers can speed up hash function searching, they won't crack it entirely.  The interesting thing is that under certain conditions, it has been established that Grover's algorithm is the best possible one on a quantum machine, to attack a random hash function.

==> big hash functions are still secure against quantum attacks ; most current public key crypto is totally broken by quantum attacks.

This is why it is somewhat strange, in the bitcoin protocol, to have hashed the public key to 160 bits, and not have kept the 256 bits.  If the menace of a quantum attack were the reason for this, it would have been wiser to keep the 256 bit hash as an address instead of the 160 ripemd hash, because under grover's algorithm this would become only 80 bits secure, while the 256 bit hash would remain 128 bit secure under a quantum attack, which is the same level of *classical* security offered by the elliptic curve signature scheme - which wouldn't survive, by itself, a quantum attack.  This is one of the peculiar crypto design "features" of bitcoin...

[xsudo23]

Full fledged quantum computers are still years away, I have read a para from a book called "Applied Cryptography" and it does imply that 256 keys are unbreakable as of now. But what we consider as 'secure' today might be compromised in few years so the no can give a definite answer yet. As for the bitcoin address, it is run through several hashes SHA-256, RIPEMD-160. So "when will it become a reality is?" has no proven answer as of now.

[dinofelis]

As for the bitcoin address, it is run through several hashes SHA-256, RIPEMD-160. So "when will it become a reality is?" has no proven answer as of now.

The "it is run through several hashes" doesn't really mean much, apart from the possibility that one of the hash functions has a property that allows one to crack it specifically (which is not excluded of course).   In as much as hash functions are not broken crypt-analytically, there's no benefit in running several of them in series.  What counts is the bit length of the result.  Grover's algorithm doesn't care how many times one has applied how many hash functions: it looks at the global mapping from input to output with the given prescription (OK, practically, it does matter, because the system that has to apply the quantum correlations will be more complex if several hash functions are called successively, which will be a pain for those making the computer), and it doesn't need this prescription to contain any particular property: just the rule that tells you how to calculate the overall result.
In a way, I find it strange that the bitcoin address has a double SHA-256, followed by a RIPEMD-160, which reduces the 'security' from 256 bits to 160 bits.  I guess one of the motives was that there was a fear that there was a back door in SHA-256 (of NIST origin), and another back door in RIPEMD-160 (of Belgian academic origin), but that both of them combined would kill each back door mutually or something of the kind.  The overall structure of RIPEMD and SHA-256 is actually quite analogous, so if there were a structural weakness in one, most probably that weakness would carry over to the other.

For a bitcoin address, the thing that matters is the hardest puzzle for a hash function: pre-image resistance.  In fact, I'm not aware of any "official" hash function that ever had a serious pre-image attack, even for hash functions that are now considered totally broken for collision attacks.  MD5, for instance, has only a very lightly weakened pre-image security, although it is essentially totally broken considering collision attacks (takes only a few seconds on a normal PC).

So this double SHA-256 followed by RIPEMD-160 can only have a meaning for back door paranoia, not for cryptanalytic resistance ; and the true security has been lowered from 256 bits to 160 bits.

[Zeek_W]

I would be more worried about the security of my wifi connection than the BTC chain security.