|
|
johnyj
Legendary
 Offline
Activity: 1988
Merit: 1012
Beyond Imagination
|
 |
June 22, 2013, 11:47:44 PM |
|
From this article, their chip's calculated a specific problem, 3600 to 10000 times faster than a seven Xeon Quad core system. Suppose that an Xeon Quad have a 30MH/s speed, and 7 of them is 210MH/s, times 3600, that's at least 756GH/s for a single chip, at least 100 times faster than fastest existing ASIC design So it will be the same impact next time when we go from ASIC to Quantum chips, not that much I thought about |
|
|
|
johnyj
Legendary
Offline
Activity: 1988
Merit: 1012
Beyond Imagination
|
|
June 23, 2013, 03:08:57 AM |
|
Thanks for the first link, seems they are using existing silicon manufacturing process to make quantum computer chips, and it is already quite mature. We might see these chips appear in 1-2 years |
|
|
|
notme
Legendary
Offline
Activity: 1904
Merit: 1002
|
|
June 23, 2013, 05:49:01 AM |
|
Thanks for the first link, seems they are using existing silicon manufacturing process to make quantum computer chips, and it is already quite mature. We might see these chips appear in 1-2 years Except that annoying background energy that requires near absolute zero operating temperatures. |
|
|
|
|
tinus42
|
|
June 23, 2013, 03:31:50 PM |
|
Forget for a second that if you are mainstream, that you love Obama and Alex Jones / InfoWars.com is crazy.
Why do you have to love Obama to not be considered a whackjob?  |
|
|
|
|
dexX7
Legendary
Offline
Activity: 1106
Merit: 1026
|
|
June 23, 2013, 04:19:01 PM |
|
From this article, their chip's calculated a specific problem, 3600 to 10000 times faster than a seven Xeon Quad core system. Suppose that an Xeon Quad have a 30MH/s speed, and 7 of them is 210MH/s, times 3600, that's at least 756GH/s for a single chip, at least 100 times faster than fastest existing ASIC design
So it will be the same impact next time when we go from ASIC to Quantum chips, not that much I thought about
Thanks for the math, bu the the difference between a quantum computer and a quantum optimizer is unclear for me. Not technically, but from an application point of view. What can an optimizer not do, what a real qc can do? |
|
|
|
|
BTCThousandaire
|
|
June 23, 2013, 06:26:01 PM |
|
What's to say the NSA or black budget of some country didn't already secretly build a quantum computer? I'm sure they wouldn't tell anyone so they could take full advantage.
|
|
|
|
symaxian
Newbie
Offline
Activity: 26
Merit: 0
|
|
June 24, 2013, 04:22:33 AM |
|
I believe it's already been establish that this is not an actual quantum computer.
I also remember hearing somewhere that the main reason for this is that its 512 qubits are not entangled with each-other or something. Having 512 individual qubits does not allow for quantum algorithms to be executed.
|
|
|
|
|
|
|
Qoheleth
Legendary
Offline
Activity: 960
Merit: 1028
Spurn wild goose chases. Seek that which endures.
|
|
June 24, 2013, 03:47:30 PM |
|
Grover's Algorithm is the best known SHA2 quantum algorithm. As previously mentioned, all it does is quadruple the difficulty, and then we're back to normal.
The real problem is that Shor's algorithm makes wallet theft by cryptanalysis into something that's actually possible on paper, and the best known quantum-safe digital signature schemes would push each transaction into the tens-of-kilobytes range. Good luck making Bitcoin even work on such schemes without 100MB blocks.
|
If there is something that will make Bitcoin succeed, it is growth of utility - greater quantity and variety of goods and services offered for BTC. If there is something that will make Bitcoin fail, it is the prevalence of users convinced that BTC is a magic box that will turn them into millionaires, and of the con-artists who have followed them here to devour them.
|
|
|
|
BitSmile
|
|
June 24, 2013, 06:16:40 PM |
|
Grover's Algorithm is the best known SHA2 quantum algorithm. As previously mentioned, all it does is quadruple the difficulty, and then we're back to normal.
The real problem is that Shor's algorithm makes wallet theft by cryptanalysis into something that's actually possible on paper, and the best known quantum-safe digital signature schemes would push each transaction into the tens-of-kilobytes range. Good luck making Bitcoin even work on such schemes without 100MB blocks.
I guess we'll have to wait and see  |
|
|
|
DeathAndTaxes
Donator
Legendary
Offline
Activity: 1218
Merit: 1079
Gerald Davis
|
|
June 24, 2013, 06:21:41 PM |
|
The real problem is that Shor's algorithm makes wallet theft by cryptanalysis into something that's actually possible on paper Only if ... a quantum computer capable of implementing Shor's algorithm on a 256 bit key scale (think tens of thousands of qubits) AND said computer can break keys in a reasonable timeframe at reasonable cost AND only if the public key is known the last part is relatively simple assurance. Don't reuse an address.  |
|
|
|
|
Qoheleth
Legendary
Offline
Activity: 960
Merit: 1028
Spurn wild goose chases. Seek that which endures.
|
|
June 24, 2013, 09:21:36 PM |
|
the last part is relatively simple assurance. Don't reuse an address. Mm, no good. See, when you spend from the address, your public key is exposed, but the spend isn't yet committed to the ledger. An attacker will have about a 5-minute window to crack your public key and double-spend your coins (and if they make the window, they're more likely to get into the ledger than you, because they can afford to lose most of the money in transaction fees - you're the one footing the bill, after all). What's worse, they have the ability to attempt a double-spend against every such transaction - against every unconfirmed transaction on the network. Only way around it is if miners stopped taking transactions from the network, and instead switched to a model where you submit your spends to your favorite (trusted!) pools directly. And just like that, Bitcoin loses its trust-free property - which was the whole point from the beginning. |
If there is something that will make Bitcoin succeed, it is growth of utility - greater quantity and variety of goods and services offered for BTC. If there is something that will make Bitcoin fail, it is the prevalence of users convinced that BTC is a magic box that will turn them into millionaires, and of the con-artists who have followed them here to devour them.
|
|
|
DeathAndTaxes
Donator
Legendary
Offline
Activity: 1218
Merit: 1079
Gerald Davis
|
|
June 24, 2013, 10:47:33 PM
Last edit: June 24, 2013, 11:54:17 PM by DeathAndTaxes |
|
the last part is relatively simple assurance. Don't reuse an address. Mm, no good. See, when you spend from the address, your public key is exposed, but the spend isn't yet committed to the ledger. An attacker will have about a 5-minute window to crack your public key and double-spend your coins (and if they make the window, they're more likely to get into the ledger than you, because they can afford to lose most of the money in transaction fees - you're the one footing the bill, after all). What's worse, they have the ability to attempt a double-spend against every such transaction - against every unconfirmed transaction on the network. Only way around it is if miners stopped taking transactions from the network, and instead switched to a model where you submit your spends to your favorite (trusted!) pools directly. And just like that, Bitcoin loses its trust-free property - which was the whole point from the beginning. Your assumption is that you can break a 256 bit key in 5 minutes, can do so economically even with relatively small sums. If possible (and that certainly is not certain) a limited trust model could be used only transitionally. Say one has a large sum of Bitcoins at addresses with an unknown (to the attacker) public keys. The protocol could be expanded to include new address types which are resistant to QC. However how does one transfer to the new address. Well it could be: a) ultra paranoid - mine a transaction myself in secret or under contract. b) send directly to a miner I trust c) send as multiple transactions each emptying a single address under the assumption that it is not possible or economical to break a 256 bit key in the time to create the next block.* * On c if one has 10,000 BTC at a single address it may warrant a real-time attack. However if one has 10,000 BTC spread across 1,000 addresses one could transfer funds more securely one transaction at a time. An attacker would reveal their intent AND capabilities irrevocably at a loss of only 0.1% of total value. Nobody said lack of reuse was a magical bullet but combined with the limited attack opportunity, the cost of an attack, and the ability to design more secure addresses NOT reusing an address at least gives one the option to transfer the funds securely or control the risk of a transfer. |
|
|
|
|
|
calian
|
|
June 25, 2013, 10:31:58 PM |
|
DAndT can you find the exact number of qubits we're looking at to be able to use Shor's algorithm against exposed bitcoin public keys? This link would make it look like it would only take 515 qubits which means the next generation after the current 512 qubit model will certainly be within range. http://arxiv.org/abs/quant-ph/0601097 |
|
|
|
|
Frogcoin
Member
Offline
Activity: 79
Merit: 10
|
|
June 25, 2013, 11:34:39 PM |
|
Can we prove that we can't do better than Grover's Algorithm with a quantum system?
|
|
|
|
|
DeathAndTaxes
Donator
Legendary
Offline
Activity: 1218
Merit: 1079
Gerald Davis
|
|
June 26, 2013, 12:22:24 AM
Last edit: June 26, 2013, 01:07:50 AM by DeathAndTaxes |
|
DAndT can you find the exact number of qubits we're looking at to be able to use Shor's algorithm against exposed bitcoin public keys? This link would make it look like it would only take 515 qubits which means the next generation after the current 512 qubit model will certainly be within range. http://arxiv.org/abs/quant-ph/0601097That paper deals only with integer factorization (like what is used in RSA, factoring primes). Bitcoin uses ECC which requires one to solve the discrete logarithm problem. Generally ECC keys are smaller for the same level of security. 80 bit security = 80 symmetric key (AES) = 128 ECC = 3,076 RSA
128 bit security = 128 symmetric key (AES) = 256 ECC = 3,076 RSA
256 bit security = 256 symmetric key (AES) = 512 ECC = 15,360 RSA
Here is a paper dealing with ECC and Shor's algorithm http://arxiv.org/pdf/quant-ph/0301141v2.pdfalgorithm/keysize # qubits time
ECC 256 1500 6.0*10^9
ECC 512 2800 5.0*10^9
RSA 3072 4096 120.0*10^9
RSA 15360 30720 50.0*10^9 QC changes that dynamic slightly but generally speaking it requires more qubits to break ECC than RSA for a particular keysize. ECC requires roughly 6 qubits per bit of key length (nominal) Note the 1500 qubits to break a 256 bit ECC key (like what is used by Bitcoin) are logical qubits which do not include any error correction so the number of physical qubits would need to be at least one order of magnitude larger. Lastly DWave QC isn't a general purpose QC. AFAIK it can't implement Shor's algorithm for any keysize. It is designed to solve specific problems only, namely probabilistic modeling. So to put it all together, if DWave released a next version which has a true Quantum computer and it is general purpose so it could be programmed for Shor's algorithm and advancements in measuring and cooling dropped the error correction to only 20 physical qubits per logical qubit and it could execute 8 million instructions per second and it was more than 30,000 qubits and available at a reasonable cost then it might be possible to break a known ECC key and attempt a replacement before the transaction was included in a block. |
|
|
|
|
Qoheleth
Legendary
Offline
Activity: 960
Merit: 1028
Spurn wild goose chases. Seek that which endures.
|
|
June 26, 2013, 01:01:59 AM |
|
Can we prove that we can't do better than Grover's Algorithm with a quantum system?
Can we prove that we can't do better than brute force with a Turing machine? |
If there is something that will make Bitcoin succeed, it is growth of utility - greater quantity and variety of goods and services offered for BTC. If there is something that will make Bitcoin fail, it is the prevalence of users convinced that BTC is a magic box that will turn them into millionaires, and of the con-artists who have followed them here to devour them.
|
|
|
|
