NSA seeks to build quantum computer that could crack most types of encryption

[iamphoenix]

THIS MUST BE ADDRESSED ASAP

http://www.washingtonpost.com/world/national-security/nsa-seeks-to-build-quantum-computer-that-could-crack-most-types-of-encryption/2014/01/02/8fff297e-7195-11e3-8def-a33011492df2_print.html

[Kenshin]

How? Blow up the NSA?

[BitThink]

Quantum computer cannot be really useful until 20 years later. I am very optimistic by saying 20 years. That's something will dramasticly change the world, and I think bitcoin is the last thing for us to worry in that case.

[Lauda]

You can't address this. Someone seeks to build a time machine, address that?

[oakpacific]

The title itself is already wrong, written by presumably misled journalist, I don't even have to read the article.

Quantum computer cannot crack almost all types of  symmetric encryption, which consists most types of encryption.

[Bigeyeone]

Quantum computers are coming, first gen Quantum computer made by D-wave systems have already hit the markets, although the experts seem to disagree whether this is really a quantum computer, nobody knows the abilities of the NSA, but I think it is safe to assume they would be the first ones to get a hold of a quantum computer

Post quantum cryptography research is already being done : https://en.wikipedia.org/wiki/Post-quantum_cryptography

And I think the bitcoin developers better have a post quantum strategie

[CryptKeeper]

AFAIK bitcoin is already well armed against quantum computing! Please read this:

http://bitcoinmagazine.com/7781/satoshis-genius-unexpected-ways-in-which-bitcoin-dodged-some-cryptographic-bullet/

Quantum computers are capable of breaking elliptic curve DSA (ie. given a public key, a quantum computer can very quickly find the private key), but they cannot similarly reverse hash algorithms (or rather, they can, but it would take one 280 computational steps to crack a Bitcoin address, which is still very much impractical). Thus, if your Bitcoin funds are stored in an address that you have not spent from (so the public key is unknown), they are safe against a quantum computer – at least until you try to spend them.

[TiagoTiago]

AFAIK, that D-Wave thing is not a general purpose quantum computer, it can only solve a small set of types of problems, and the cryptography used by Bitcoin isn't one of them.

[perlboy]

Quantum computer cannot crack almost all types of  symmetric encryption, which consists most types of encryption.

But feasibly with an efficient quantum computer (and I do mean EFFICIENT not some emulation of a quantum computer) the use of superpositioning of qubit the number of instructions to calculate an encryption algorithm is lowered thereby decreasing (potentially significantly) the amount of time it'd take to bruteforce an encrypted data stream.

Of course by then we'll know a lot more about quantum theory allowing us to bend space time thereby allowing for us to go back in time and mine a few thousand cpu coins for a week.

Stu

[timewave0]

But feasibly with an efficient quantum computer (and I do mean EFFICIENT not some emulation of a quantum computer) the use of superpositioning of qubit the number of instructions to calculate an encryption algorithm is lowered thereby decreasing (potentially significantly) the amount of time it'd take to bruteforce an encrypted data stream.

Of course by then we'll know a lot more about quantum theory allowing us to bend space time thereby allowing for us to go back in time and mine a few thousand cpu coins for a week.

You'd think so, but it seems to work the other way around. Peter Shor figured out how to use a quantum computer to factor numbers before such a computer existed. It's like how Babbage developed the analytical engine long before such a thing would be feasible to manufacture, and Ada Lovelace wrote a "program" for it. I suspect if quantum computers were useful for reversing hashes, someone would have shown how to do it, even if the hardware doesn't exist.

[BitThink]

But feasibly with an efficient quantum computer (and I do mean EFFICIENT not some emulation of a quantum computer) the use of superpositioning of qubit the number of instructions to calculate an encryption algorithm is lowered thereby decreasing (potentially significantly) the amount of time it'd take to bruteforce an encrypted data stream.

Of course by then we'll know a lot more about quantum theory allowing us to bend space time thereby allowing for us to go back in time and mine a few thousand cpu coins for a week.

You'd think so, but it seems to work the other way around. Peter Shor figured out how to use a quantum computer to factor numbers before such a computer existed. It's like how Babbage developed the analytical engine long before such a thing would be feasible to manufacture, and Ada Lovelace wrote a "program" for it. I suspect if quantum computers were useful for reversing hashes, someone would have shown how to do it, even if the hardware doesn't exist.

Nothing can reverse hashes cause hashing is not a lossless compression. For example, you could hash a 1G movie into 256 bit hash value. A lot of information has lost during hashing, so no one can reverse it.

[Elwar]

Is it even likely that the US will have any money to spend on such research in the next 20 years?

[perlboy]

But feasibly with an efficient quantum computer (and I do mean EFFICIENT not some emulation of a quantum computer) the use of superpositioning of qubit the number of instructions to calculate an encryption algorithm is lowered thereby decreasing (potentially significantly) the amount of time it'd take to bruteforce an encrypted data stream.

Of course by then we'll know a lot more about quantum theory allowing us to bend space time thereby allowing for us to go back in time and mine a few thousand cpu coins for a week.

You'd think so, but it seems to work the other way around. Peter Shor figured out how to use a quantum computer to factor numbers before such a computer existed. It's like how Babbage developed the analytical engine long before such a thing would be feasible to manufacture, and Ada Lovelace wrote a "program" for it. I suspect if quantum computers were useful for reversing hashes, someone would have shown how to do it, even if the hardware doesn't exist.

Nothing can reverse hashes cause hashing is not a lossless compression. For example, you could hash a 1G movie into 256 bit hash value. A lot of information has lost during hashing, so no one can reverse it.

Umm, maybe I'm reading incorrectly but I never suggested reversing a hash. I simply said that an efficient quantum computer would be in a position to do much more efficient brute forcing of a hash. There's no reversal required just a lot of generation of random hashes until you find the right one. I think someone did a study on how the Bitcoin Mining network itself could probably solve just this problem in a matter of hours for a particular public key. Quantum computing expands the decision making tree beyond a 1 or 0 allowing for many more equivalent logic expressions to be answered within a single cycle.

And I'm going to stress again, an EFFICIENT quantum computer (ie. really a quantum computer whereby the quantum logic gates are defined using light on silicon).

[iamphoenix]

Quantum computers are coming, first gen Quantum computer made by D-wave systems have already hit the markets, although the experts seem to disagree whether this is really a quantum computer, nobody knows the abilities of the NSA, but I think it is safe to assume they would be the first ones to get a hold of a quantum computer

Post quantum cryptography research is already being done : https://en.wikipedia.org/wiki/Post-quantum_cryptography

And I think the bitcoin developers better have a post quantum strategy

THANK YOU! my point exactly.. if this happens sooner than expected or it could be another type of terminal threat to the network we should have some idea of what to expect. THE NETWORK HAVING TO SWITCH FROM SHA256 TO SHA512 WILL NOT WORK (current asic miners limited to 256)

for example do i want to hold 75% of my bitcoins in cold storage or 45% having invested more into SHA512 (PTS, CPL) or other types that may be able to survive (SRC... XPM?) I hold a lot of NXT too..should I hold more or less?
I would like to hear different opinions from the knowledgeable members of the community...

--- on reddit i made same post here is what i get in return:
http://www.reddit.com/r/Bitcoin/comments/1u9wgz/this_must_be_addressed_asap/



[–]Phrenico 1 point 7 hours ago
LOL. The tipping address. I almost didn't see it.
permalinksavereportgive goldreply

[–]yourofl10 1 point 7 hours ago
Spam. Downvoted and reported.
permalinksavereportgive goldreply

[–]SgtFuckface 0 points 7 hours ago
Fucking idiot.
permalinksavereportgive goldreply

[–]kerstn 2 points 7 hours ago
Although imature OP raises a valid point. The encryption securing the private keys are vulnerable to this type of attack.
permalinksaveparentreportgive goldreply
-------------------------------------------------

This news WILL affect the price... the article was posted as the days #1 MAIN STORY on drudgereport.com
I have at least 80-100 BTC total in either BTC or MANY other cryptos. fuck man i must be a "fucking idiot" for asking again when other threads i viewed did not address the problem. How can i make a confident decision regarding substantial asset allocation.... ... ..

[timewave0]

Nothing can reverse hashes cause hashing is not a lossless compression. For example, you could hash a 1G movie into 256 bit hash value. A lot of information has lost during hashing, so no one can reverse it.

Okay, maybe "reversing hashes" was overly simplistic. The quantum attack we currently know of is obtaining the private key from the public key when someone tries to spend, and making a new transaction to spend elsewhere, right? "Hypothetical" attacks involving hash functions would be getting the public key from an address, or mining vastly more efficiently. In either case, we're not talking about retrieving a 1GB movie from a hash. We're talking about points on curves, or nonces and merkle roots (EDIT: and the only thing changing the root is the extra nonce). Keep in mind I agree that quantum computers aren't currently useful for these "hypothetical" attacks, but I wouldn't dismiss them entirely.

[iamphoenix]

Is it even likely that the US will have any money to spend on such research in the next 20 years?

fed "loans/prints" at least 80-100 Billion$ US/Banks every month... 20 years from now no they wont (inflation + economic crash) ...but right now one can make the arguement that money is free/unlimited to to semi-secretly have huge operational budget for the attempt to build an efficient quantum computer (remember the atom bomb project? they had a whole town of scientists/w.e all working on building it) think about it..
can I say that the concern and wish to have more discussion about this topic now is understandable?
 ...instead of what i see a lot of: people  dismissing it as "oh well its like 20 years in the future no worries,  not a threat"

[hotsurfing]

With the amount of money getting thrown at it, it's only a matter of time before they crack it. That's if thry haven't already.  Not good news for my btcs

[iamphoenix]

AFAIK bitcoin is already well armed against quantum computing! Please read this:

http://bitcoinmagazine.com/7781/satoshis-genius-unexpected-ways-in-which-bitcoin-dodged-some-cryptographic-bullet/

Quantum computers are capable of breaking elliptic curve DSA (ie. given a public key, a quantum computer can very quickly find the private key), but they cannot similarly reverse hash algorithms (or rather, they can, but it would take one 280 computational steps to crack a Bitcoin address, which is still very much impractical). Thus, if your Bitcoin funds are stored in an address that you have not spent from (so the public key is unknown), they are safe against a quantum computer – at least until you try to spend them.

thank you for this i feel much more informed on this topic bitcoin looks more beautiful every day

[empoweoqwj]

AFAIK bitcoin is already well armed against quantum computing! Please read this:

http://bitcoinmagazine.com/7781/satoshis-genius-unexpected-ways-in-which-bitcoin-dodged-some-cryptographic-bullet/

Quantum computers are capable of breaking elliptic curve DSA (ie. given a public key, a quantum computer can very quickly find the private key), but they cannot similarly reverse hash algorithms (or rather, they can, but it would take one 280 computational steps to crack a Bitcoin address, which is still very much impractical). Thus, if your Bitcoin funds are stored in an address that you have not spent from (so the public key is unknown), they are safe against a quantum computer – at least until you try to spend them.

thank you for this i feel much more informed on this topic bitcoin looks more beautiful every day

"Safe until you try to spend them" doesn't sound very safe to me, just make me paranoid about spending

[Bytas]

What disturbs me in this thread is that most people here are acting like "chill, it's not gonna happen yet, we are safe for now"
Shouldn't we get a fix in place just in case? The NSA has a massive budget and a lot of scientists, if anyone can build a quantumcomputer it is them, and if they do, they will have it long before anyone else thinks it is even a possibility. If it happens, it can destroy our system in a matter of days, after all, they only have to bruteforce one adress (or even a hash used in something else as bitcoin (password storage, banking, ... )) to cause a massive panic and sell off. Bitcoin will be worth $0 in no time if that happens.

In my opinion, post quantum cryptography should be in place for bitcoin LONG before it ever becomes a threat. as much as we will probably be able to fix the problem right away, we won't be able to undo the damage to the trust of the users in any way.
Once people experience we are in a race against a far more powerfull technology that can break our system, they will lose faith in it and wonder what other technologies can break it in the future and why they trusted in the system in the first place. Even if that feeling is completely unnecessary at that point ( because it has been fixed), there will be nothing we can do about it to convince them otherwise. "It has been broken once and it will be broken again, i'll go back to my government backed fiat please!"