Bitcoin Forum
August 06, 2020, 04:20:28 PM *
News: Latest Bitcoin Core release: 0.20.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: 1 2 3 4 5 6 7 8 [All]
  Print  
Author Topic: I don't believe Quantum Computing will ever threaten Bitcoin  (Read 4126 times)
Macadonian
Member
**
Offline Offline

Activity: 115
Merit: 320


View Profile
June 23, 2019, 09:08:46 PM
Merited by Welsh (20), AverageGlabella (10), Saidasun (10), LoyceV (8), Zedpastin (6), vapourminer (5), arcmetal (5), franckuestein (3), Cnut237 (3), joniboini (3), DdmrDdmr (3), mr_random (2), Halab (2), ETFbitcoin (1), Pmalek (1), Baofeng (1), xtraelv (1), o_e_l_e_o (1), MagicByt3 (1), sncc (1)
 #1

After having many questions about quantum computing and posting my thoughts here: https://bitcointalk.org/index.php?topic=5087640.msg48810154#msg48810154

I have decided to go into more depth about the situation regarding quantum computers and their viability to disrupt the Bitcoin network in its current state and future state. Just to preface things I'm not an expert and will be only demonstrating knowledge that I believe to be correct and hopefully from this thread I'll also learn a few things and am more than welcome to corrections.

"Quantum computers will be the end of Bitcoin"
Quite the bold statement you say? As well as it being bold it is also completely false and far from the truth. Anyone claiming that quantum computers will be the end of Bitcoin either simply misunderstands how algorithms work or is completely void of any intelligence and just likes to scare monger. I will be honest with you its likely the latter.

First of I'd like to just kick this off with a bang and say Bitcoin currently is not at risk of anything. Quantum computers have not yet reached a level where they would be a threat to technology that Bitcoin uses. Notice how I'm using "technology" that Bitcoin uses and not just "Bitcoin" itself? Well that's because Bitcoin uses the ECDSA algorithm and it is this which will be under threat if quantum computers reach the level that they have been predicted. However Bitcoin itself will be unaffected.

How does quantum computers threaten the ECDSA algorithm?
Basically a quantum computer is extremely efficient at solving certain mathematical problems like factoring integers. However like previously stated in my last post this doesn't mean they are efficient in all areas and pose a threat from all angles.  Unfortunately for us quantum computers will break several current algorithms used in daily life including the ECDSA that Bitcoin uses. However there are definitely ways of avoiding this even if Bitcoin didn't implement a quantum resistant algorithm such as using an address only once to avoid your public key being exposed to the public more than once and thus increasing the likelihood of a quantum computer cracking the algorithm. What might surprise you is doing this increases the security of your Bitcoin without the threat of quantum computers and is actually the recommended practice when sending or receiving Bitcoin.

Quantum computers use the shor's algorithm which is a algorithm that runs on quantum computers for integer factorization. The way it does it is by soling any given integer by finding its prime factors. The fascinating thing about shor's algorithm is the fact that the algorithm runs in polynomial time but I'll spare you the details as that's irrelevant to the topic at hand.

But lets get rid of all that gibberish and keep this simple. Basically if a quantum computer ever reached a certain qubits (qubits are a measurement of the power of quantum computers basically by how many quantum information the computer holds) then it would be able to efficiently operating without the common limitations of other computers and current quantum computers. Which then means the public key that Bitcoin currently uses could very well be compromised. 

How many qubits would a quantum computer need to attack?
I'm not sure on this but my estimate would be anything over 500 and we should be looking at alternatives and seriously thinking about moving to a quantum resistant  algorithm before any issues arise. Many people are estimated that 1500 qubits would be an efficent and realistic amount to crack the EDSCA. Currently I believe the highest qubit quantum computer is around 10 qubits. I've been notified that a company is selling quantum computers called d-waves with 2000 qubits but its worth noting that these aren't designed the same as quantum computers that would be able to efficiently attack the algorithm Bitcoin uses and thus I'm going to ignore them for now. Also its worth noting that its been disputed by many that this company actually holds quantum computers with 2000 qubits.

So finally why are quantum computers nonviable to attack Bitcoin?
So this is one of the least discussed topics when discussing quantum computers and is commonly ignored. However I'm going to go into depth on why quantum computers are not a realistic problem to Bitcoin at least not for a very long time.

First of all there are several algorithms which other cryptocurrencies use that are actually quantum resistant. The simplest way to combat quantum computing breaking the current algorithm would be to change to a quantum resistant one. You might ask why we haven't already changed then? Well its unnecessary and would likely require a fork which have previously provided instability and differing opinions. Currently quantum computers pose no threat and by the time they do we will be well prepared and will likely be able to make changes. Basically the idea will be to judge quantum computers when we are at that stage because we will know exactly how they work and how efficient they are where as now we would be guessing and estimating which could mean we would need to change to a different algorithm in the future and introduce a new fork to the chain which isn't very efficient and we need to be efficient if we are to combat quantum computers! After all quantum computers only have 5-10 qubits at the moment and that would take thousands of years to break the ECDSA.

Secondly quantum computers will be extremely expensive to buy and run. The amount of technology and maintenance that quantum computers need to operate is quite frankly absurd. Its probably true that over time we will be getting better at improving their shortcomings and make them more accessible. However I don't think that quantum computers will ever be a personal computer thing and more a government operated thing. We could potentially see huge companies in possession of them if they believe them to be beneficial however ones that are capable of breaking the ECDSA algorithm aren't going to be very efficient and cost effective for most people because of their limitations in other areas.

Despite the initial cost of buying a quantum computer there's also the cost of maintenance. Current quantum computers are known to have heating issues because of the amount of work they're doing and the only effective cooling solution is to keep the room below 0 degrees. I'm not sure if you have tried to keep a rooms temperature below 0 before that thats extremely hard and expensive to do especially when something like a quantum computer is continuously generating heat when its operating. Thus I believe my point on being accessible to only a select few to be even more valid. Its not just the cost but the logistics of having a room dedicated to the computer and being cooled 24/7 for it to operate.

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1596730828
Hero Member
*
Offline Offline

Posts: 1596730828

View Profile Personal Message (Offline)

Ignore
1596730828
Reply with quote  #2

1596730828
Report to moderator
1596730828
Hero Member
*
Offline Offline

Posts: 1596730828

View Profile Personal Message (Offline)

Ignore
1596730828
Reply with quote  #2

1596730828
Report to moderator
1596730828
Hero Member
*
Offline Offline

Posts: 1596730828

View Profile Personal Message (Offline)

Ignore
1596730828
Reply with quote  #2

1596730828
Report to moderator
Macadonian
Member
**
Offline Offline

Activity: 115
Merit: 320


View Profile
June 25, 2019, 08:26:14 AM
Last edit: August 01, 2019, 01:02:08 PM by Macadonian
 #2

Decided to move this to serious discussion considering the lack of activity but have now decided to move it back to Bitcoin development and technical discussion as I'm interested in hearing others opinions on the quantum computers currently and what they will be like in the future especially some of the links which have been posted in this thread.

I'll be keeping a set of useful quotes here with external links which I find interesting and would love to see some others expand on the existing discussion and hopefully offer some new information and insights.

Useful links posted on this topic:


First — probably you will be interested in reading about Neven's law (https://www.quantamagazine.org/does-nevens-law-describe-quantum-computings-rise-20190618/). It is not a "law" of course but an interesting thing to keep in mind.
Second — the most powerful quantum chip for today is 128-qubit chip produced by Rigetti (https://medium.com/rigetti/the-rigetti-128-qubit-chip-and-what-it-means-for-quantum-df757d1b71ea).
Third — how many quits you need to crack a blockchain. It depends on a type of encryption, but the point is, it is 2300+ (https://en.wikipedia.org/wiki/Elliptic-curve_cryptography#Quantum_computing_attacks)
Fourth — Intel thinks we'll get 1000 quits by 2024 (https://spectrum.ieee.org/nanoclast/computing/hardware/intels-new-path-to-quantum-computing) and ECDSA will be at risk by 2027 (https://arxiv.org/pdf/1710.10377.pdf).
Fifth — implement post-quantum encryption to existing blockchains? This is a close to impossible task.
Sixth — That's what NIST says about PQC in their project (probably all of you aware of it but https://csrc.nist.gov/Projects/Post-Quantum-Cryptography):


We've mentioned a few times how quickly this field is advancing... yesterday a team at the University of New South Wales announced they have achieved a
200x speed improvement on a 2 qubit gate!




As I've mentioned before, I think that whilst a lot of work has gone into building quantum-resistant systems using classical computers, one of the best avenues of investigation is defence using quantum computers. There has been plenty of research into various methods of Quantum Key Distribution, and this research continues with approaches such as Kak’s three-stage protocol. Perhaps this will be quantum-attack-proof, or perhaps not. But the key here is that defence is actually moving faster than attack.
AverageGlabella
Hero Member
*****
Offline Offline

Activity: 494
Merit: 651



View Profile
June 25, 2019, 08:56:42 AM
Merited by Macadonian (5), Welsh (4), vapourminer (3), LoyceV (3)
 #3

I liked your first response and this one is okay too although there are a few issues but first I particularly like the angle you're coming from when talking about "Bitcoin encryption" the fact of the matter is Bitcoin doesn't have a set in stone encryption method and could move to any quantum resistant algorithm at any given time. This of course will probably cause mass instability like many have talked about and this is why Bitcoin is a great investment point. At the moment we have a growing technology which is far from perfect and will have several limiting factors in the future however the great thing about Bitcoin is it can evolve with new emerging technology and therefore become stronger with it.

I'd like to touch upon something that you avoided with the D-wave quantum computers.I think mentioning D-waves and not expanding on it could lead people to believe that they are a threat and I would like to explain why D-wave computers operate different to quantum computers that are capable of challenging the ECDSA. D-wave quantum computers use a process called annealing to search for solutions. Basically imagine quantum computers being a master of one thing and not a jack of all trades. D-waves are particularly good at finding solutions using quantum annealing while quantum computers that are capable of eventually breaking ECDSA are very efficient at factoring. Regarding the time span in which I think we will hit a 2000+ qubit computer I think it will only be a matter of a few years and will likely be before 2025. Quantum computers are being made more efficent at a rapid pace in the last few years. In 2017 we saw intel release a quantum computer with 17 qubits and then in 2018 we saw Google release a statement that they have a 72 qubit computer. Judging by these stats alone and the increasing enthusiasm behind developing the ultimate quantum computer I think 2025 is a realistic timeframe. However this doesn't mean that its cause for alarm right now but I will say that we should already be looking at solutions and be ready before that deadline is reached.  Don't worry behind the scenes many people are already working tirelessly and we will hopefully come to a unified conclusion however my predictions would be that there will be several splits in the community over which algorithm is used.  
arcmetal
Member
**
Offline Offline

Activity: 189
Merit: 79


View Profile
June 25, 2019, 09:50:51 AM
Merited by AverageGlabella (8), Welsh (6), LoyceV (5), Macadonian (3), vapourminer (2)
 #4

Some may not like what I have to say about quantum computing, but so what.  You, Macadonian, may like what I have to say, since after reading my explanation below the simplest conclusion is that bitcoin has nothing to worry about as regards to quantum computing.

And so, here is my brief rant on quantum computing.

After having studied quantum mechanics for a long time I have found that all of those quirks or what they like to call "quantum weirdness", isn't weirdness at all but rather its the limitations of our devices that produce the illusions of weirdness.  All of the technology that has been used in the experiments to study quantum effects suffer from the problem that they are large gross machines compared to the tiny things we are trying to observe.  That is, our machines are crude, and they are taken to the limits of its properties to try and take measurements of stuff that is much smaller than the equipment at hand.  It is our crude observations which end up with what appears to be quantum weirdness.

In more recent experiments it gets continuously shown that things at that level actually behave in a "classical" sense, but appear to produce a more complex emergent behavior.  It is this complex emergent behavior which then gets labeled quantum weirdness.

And so, when it comes to building computing machines that will take advantage of this quantum wierdness, the actual devices will simply be employing a complex emergent classical property.  That is, the quantum computers will just be very advanced, very fast classical computer versions of what we have today. (can you see how I can find this topic of quantum computing to be rather silly).

If you are worried that a quantum computer can cause a collision with a bitcoin private key (like finding a key with someone's bitcoin), sure it could be possible.  But I do like reading about what an incredible machine it would take to do this.  Here is a great thread on this topic:
https://bitcointalk.org/index.php?topic=5147514.msg51224295#msg51224295

Essentially they describe how if someone where to build a big enough computer to crack bitcoin in 2 minutes, say, maybe with a large "quantum computer", the bitcoin code can be upgraded to then make it near impossible again for that new machine to crack it.  The code can always stay ahead of the hardware.
AverageGlabella
Hero Member
*****
Offline Offline

Activity: 494
Merit: 651



View Profile
June 25, 2019, 10:52:21 AM
Merited by Macadonian (4)
 #5

If you are worried that a quantum computer can cause a collision with a bitcoin private key (like finding a key with someone's bitcoin), sure it could be possible.  But I do like reading about what an incredible machine it would take to do this.  Here is a great thread on this topic:
https://bitcointalk.org/index.php?topic=5147514.msg51224295#msg51224295

Essentially they describe how if someone where to build a big enough computer to crack bitcoin in 2 minutes, say, maybe with a large "quantum computer", the bitcoin code can be upgraded to then make it near impossible again for that new machine to crack it.  The code can always stay ahead of the hardware.
Just like personal computers used to be the size of the room do you think that quantum computers in the next 20 years will be able to downgrade their size to almost the size of a personal computer? Whenever discussion comes up with quantum computers Bremermann's limit always seems to be the counter argument to those defending Bitcoin's race against quantum computers. The thread you linked seems to have mentioned it fairly early on but that thread puts into perspective just how big the computer would have to be. The only argument is that we get better at producing and manufacturing quantum computers and downsize them.

I have the opinion that quantum computers will only bring positive change to Bitcoin and increase its security by changing to a different algorithm capable of outlasting quantum computers evolution. Its not like quantum computers will be increasing their power at a exponential growth that we won't be able to deploy quantum resistant algorithms. 
Macadonian
Member
**
Offline Offline

Activity: 115
Merit: 320


View Profile
June 25, 2019, 11:10:29 AM
Merited by AverageGlabella (6), Welsh (4)
 #6

@averageglabella

Would you be able to elaborate on these issues that you have?

As for the implying that quantum computers are not a direct attack against Bitcoin for the algorithm it uses for encryption I think that's certainly true and the easy way of combating quantum computers would be to just change to a quantum resistant algorithm. I don't know too much about the quantum resistant algorithms out there today and which would be the better option for the Bitcoin community but I'd be interested in hearing some pros and cons from anyone who has knowledge in that field.

Essentially they describe how if someone where to build a big enough computer to crack bitcoin in 2 minutes, say, maybe with a large "quantum computer", the bitcoin code can be upgraded to then make it near impossible again for that new machine to crack it.  The code can always stay ahead of the hardware.
Nice to hear from someone who has also studied quantum mechanics though I agree with your analysis and input. Although with your last statement about the code always being able to stay ahead of the machine is that necessarily true? As far as I know there aren't too many algorithms that would be suitable for use with Bitcoin because of some of the limitations and not too many have been developed in recent years however we seeing technology from a quantum computing aspect continue to develop at a rather impressive rate. My counter argument would be that a lot of time, money and energy is being put into quantum computers right now because its both exciting and useful however because currently there's nothing capable of breaking the majority of encryption algorithms out there we aren't necessarily looking to improve upon that yet because the current ones are good enough. Do you think the closer we get to quantum computers becoming a threat to encryption the more work that will be put into developing suitable algorithms?
Cnut237
Hero Member
*****
Offline Offline

Activity: 1092
Merit: 621



View Profile
June 25, 2019, 12:17:55 PM
Last edit: June 25, 2019, 01:33:29 PM by Cnut237
Merited by DarkStar_ (4), Macadonian (4), Welsh (2)
 #7

the easy way of combating quantum computers would be to just change to a quantum resistant algorithm.

Nice to hear from someone who has also studied quantum mechanics.

I did study quantum mechanics, but it is going back a few years and this is a fast-moving field.

With my admittedly limited expertise, I would agree with the point quoted above. Simplistically, outcomes in quantum mechanics occur when the quantum wave function collapses, and the act of interfering with ("measuring") a quantum system triggers this collapse. So whilst a true quantum computer would find cracking any classical encryption to be quite straightforward, using its immense power to simply brute-force its way through, a quantum encryption system is another matter entirely. Quantum encryption methods are theoretically tamper-proof and theoretically 100% secure, as any attempt to break the encryption collapses the wave function and destroys the ability to read the data. (You know the Schrödinger's Cat thought experiment? The cat is neither alive nor dead until the check is made - it exists in a superposed combination of states, and it is the act of checking that collapses the probability function into a definite alive or dead outcome.)

I say "theoretically" tamper-proof and "theoretically" 100% secure because as I say it's a fast-moving field and who knows what advances tomorrow may bring? But certainly quantum cryptography as currently understood should provide a very robust security mechanism.


"Let all men know how empty and worthless is the power of kings."
Macadonian
Member
**
Offline Offline

Activity: 115
Merit: 320


View Profile
June 25, 2019, 06:49:03 PM
 #8

(You know the Schrödinger's Cat thought experiment? The cat is neither alive nor dead until the check is made - it exists in a superposed combination of states, and it is the act of checking that collapses the probability function into a definite alive or dead outcome.)

I say "theoretically" tamper-proof and "theoretically" 100% secure because as I say it's a fast-moving field and who knows what advances tomorrow may bring? But certainly quantum cryptography as currently understood should provide a very robust security mechanism.


I'm very familiar with the Schrodinger cat thought experiment and I've seen it mentioned several times here on this forum. I think the conclusion of this discussion is that right now in its current state is that quantum computers are a few years off from becoming a threat to traditional algorithms and even then Bitcoin already has options readily available to combat the issue when it does become a realistic threat.
AverageGlabella
Hero Member
*****
Offline Offline

Activity: 494
Merit: 651



View Profile
June 25, 2019, 06:53:01 PM
 #9

@averageglabella

Would you be able to elaborate on these issues that you have?
My main issue was not expanding on D-wave generation quantum computers enough for those that aren't familiar with them. A 2000 qubit quantum computer is a scary thought when first hearing that we are supposedly already capable of manufacturing them on mass. However I wanted to be clear that although it may well be true they don't work in the same way as the quantum computer which would become a threat to Bitcoins algorithm and are not very efficient at factoring.
Macadonian
Member
**
Offline Offline

Activity: 115
Merit: 320


View Profile
June 25, 2019, 07:53:54 PM
Merited by AverageGlabella (8), Welsh (6)
 #10

I did not want to go down the route of explaining why D-wave quantum computers are ineffective when it comes to the EDCSA because its a controversial topic which always seems to lead to deviating from the original discussion but the D-wave quantum computer has a totally different approach to normal quantum computers. D-wave is a quantum annealing where as the quantum computers which could effect Bitcoin in the future are using quantum circuits. The fundamental difference is that they approach two different solutions differently. They aren't even related to Bitcoin but a lot of people like to throw out d-wave and how 2000qubits is possible currently and basically scare monger that Bitcoin could be cracked at a moments notice which is just down right false. Actually I think most experiments and test runs on the D-wave has lead has to believe that its no more efficient than quantum computers with lesser qubits and is considered a gimmick within the quantum mechanic field.

As far as I'm concerned D-waves shouldn't have to be discussed when relating to Bitcoin because they are irrelevant.

I would like to expand on housing these d-wave quantum computers now that we are on the subject. Last going off they had to be cooled down to -273° C using a cryogenic cooling system which uses liquid nitrogen to sort the hydrogen isotopes. In short this means housing these things let alone getting them to run would be extremely expensive as this sort of cooling system needs to be controlled and done safely.
arcmetal
Member
**
Offline Offline

Activity: 189
Merit: 79


View Profile
June 26, 2019, 07:46:20 AM
 #11

If you are worried that a quantum computer can cause a collision with a bitcoin private key (like finding a key with someone's bitcoin), sure it could be possible.  But I do like reading about what an incredible machine it would take to do this.  Here is a great thread on this topic:
https://bitcointalk.org/index.php?topic=5147514.msg51224295#msg51224295

Essentially they describe how if someone where to build a big enough computer to crack bitcoin in 2 minutes, say, maybe with a large "quantum computer", the bitcoin code can be upgraded to then make it near impossible again for that new machine to crack it.  The code can always stay ahead of the hardware.
Just like personal computers used to be the size of the room do you think that quantum computers in the next 20 years will be able to downgrade their size to almost the size of a personal computer? Whenever discussion comes up with quantum computers Bremermann's limit always seems to be the counter argument to those defending Bitcoin's race against quantum computers. The thread you linked seems to have mentioned it fairly early on but that thread puts into perspective just how big the computer would have to be. The only argument is that we get better at producing and manufacturing quantum computers and downsize them.

I have the opinion that quantum computers will only bring positive change to Bitcoin and increase its security by changing to a different algorithm capable of outlasting quantum computers evolution. Its not like quantum computers will be increasing their power at a exponential growth that we won't be able to deploy quantum resistant algorithms. 
Correct.  I don't believe I'll see, in my lifetime, a so called quantum computer big enough to take down bitcoin in its current state.  As we agree, long before any large and powerful machine is constructed, the algorithms for bitcoin can be upgraded to deal with such a threat long before that hardware exists.
arcmetal
Member
**
Offline Offline

Activity: 189
Merit: 79


View Profile
June 26, 2019, 08:52:37 AM
Last edit: June 26, 2019, 09:02:56 AM by arcmetal
Merited by AverageGlabella (10), Welsh (8)
 #12

Essentially they describe how if someone where to build a big enough computer to crack bitcoin in 2 minutes, say, maybe with a large "quantum computer", the bitcoin code can be upgraded to then make it near impossible again for that new machine to crack it.  The code can always stay ahead of the hardware.
Nice to hear from someone who has also studied quantum mechanics though I agree with your analysis and input. Although with your last statement about the code always being able to stay ahead of the machine is that necessarily true? As far as I know there aren't too many algorithms that would be suitable for use with Bitcoin because of some of the limitations and not too many have been developed in recent years however we seeing technology from a quantum computing aspect continue to develop at a rather impressive rate.
Yes, this will always be true.  The concepts in computer science are clear.  So it goes something like this:

You cannot write code for advanced hardware that doesn't exist yet. You can't run some fancy new hardware without the software to control it.  So, the hardware is built first, then code can be written for it.  But this new code for the fancy new hardware will surpass the hardware at some point.   Maybe its best to explain with an example:

Some new machine is built but the largest number its register's can hold is 1,000,000.  So we can't add two numbers, or multiply two numbers if the result is greater than 1,000,000.  Along comes some code that can use linked lists to create bigger numbers.  One link in the list can hold a number's large lower portion "900,000", the next link can hold the number's upper value of "1,000", put the two links together to get: "1,000,900,000". ... and the algorithms do the rest of adding, multiplying, manipulating those larger numbers even though the hardware can only handle numbers no greater than 1,000,000.  ... And so, we've made code that has surpassed the hardware's capabilities.

I can't go into the details of bitcoin's algorithms since I don't work with those, but some of the comments made by others are easy enough to follow.  I've read that bitcoin uses the family of SHA-2 algorithms, and at some point they can upgrade to the family of SHA-3 algorithms. ...  The total number of private bitcoin addresses is 2^160, which is close to 2^256 (for discussion purposes).  This number is close to 10^75, and for comparison there are about 10^78 atoms in the known universe.  This gives a clue as to how large the search space for locating a private address can be.

From the thread I posted above: It would be possible to build a machine that can search for and find a non-empty private address.
If you build a Bremermann computer the size of Earth, you could crack a key in 2 minutes.
given the 2^256 search space.  But if we simply made the search space bigger, say: 2^512, then we'd be back to requiring the Bremermann computer the size of the Earth to take as long as the age of the universe to try and find a private key.

My counter argument would be that a lot of time, money and energy is being put into quantum computers right now because its both exciting and useful however because currently there's nothing capable of breaking the majority of encryption algorithms out there we aren't necessarily looking to improve upon that yet because the current ones are good enough. Do you think the closer we get to quantum computers becoming a threat to encryption the more work that will be put into developing suitable algorithms?
Most of the work for the next levels of algorithms has already been done.  What is left to do is a bit more testing, and then incorporation into the bitcoin core, this is not trivial.  But with the current state of computers its not really necessary right now, there is plenty of time to get it right.

From my first comment above you can gather that I think the whole "quantum computer" thing is a bit of a silly pursuit, since current classical computers will eventually catch up to the proposed theoretical properties of quantum computers.  But silly pursuits can sometimes hit upon new discoveries, and new technologies, so its not a total waste of time.

Pmalek
Legendary
*
Offline Offline

Activity: 1386
Merit: 1358



View Profile
June 26, 2019, 10:26:08 AM
Merited by Welsh (4), AverageGlabella (2)
 #13

Who knows what the future might hold. I don't have the technical knowledge that OP and AverageGlabella clearly have but I can say this.

50+ years ago my father used to work on these big bastards, the source says that it could store up to 5 MB of data.
https://www.reddit.com/r/interestingasfuck/comments/6z95zz/first_computer_by_ibm/



He was a programmer and wrote programs for these computers. He had health issues so he had to retire early. He hasn't been interested in computers and never showed any interest in using one ever since which I frankly find unbelievable but it is what it is.

The first time I bought a USB stick and he saw it he asked me what it was.
So how much data can you put on that thing he said?
1GB! He just stopped and looked at me trying to figure out how much that is in B or KB because those are the two important units that mattered to him back when he was working.

What I am trying to say is although it is impossible to imagine quantum computers being a threat to bitcoin now, who knows what advancements will be made in 40-50 years. My father and his partners knew about KBs and a 5MB storage device taking up the whole room was probably the most advanced thing they could ever think about. They probably didn't even dream about a pocket sized device that you can plug in in a small opening at the side of your laptop (what in God's name is a laptop)!

Macadonian
Member
**
Offline Offline

Activity: 115
Merit: 320


View Profile
June 26, 2019, 07:26:41 PM
Last edit: June 26, 2019, 07:42:20 PM by Macadonian
Merited by Welsh (20), AverageGlabella (10), Saidasun (5), Cnut237 (1)
 #14

Some new machine is built but the largest number its register's can hold is 1,000,000.  So we can't add two numbers, or multiply two numbers if the result is greater than 1,000,000.  Along comes some code that can use linked lists to create bigger numbers.  One link in the list can hold a number's large lower portion "900,000", the next link can hold the number's upper value of "1,000", put the two links together to get: "1,000,900,000". ... and the algorithms do the rest of adding, multiplying, manipulating those larger numbers even though the hardware can only handle numbers no greater than 1,000,000.  ... And so, we've made code that has surpassed the hardware's capabilities.
Thanks again for your input you definitely have a little bit more knowledge than myself when it comes to algorithms and how they are coming along. I only know the very basic parts of that whole sequence of implementing and testing. I know and understand how quantum resistant algorithms work and that they already exist. However never knew how suitable they were to the Bitcoin project and its "guidelines" that its followed over the years. I've always assumed that there's no rush for implementing an algorithm which could potentially affect the stabilization of Bitcoin so early on when there's no threat at the moment. Especially since when the time comes we might need to change again because as you say this field is a ever evolving system which does bring more discoveries every day. I would actually go forward and say computers in general are the leading industry in new discoveries ever since the basic computer was invented.

The example I quoted I think is the best explanation I've seen when coming to discuss quantum computers and the current limitations within the field. I've always considered that you need a computer to write the code a computer that is capable of writing the code and then the code side of things will evolve beyond the capabilities of the computer. However the linking together is a excellent way of demonstrating how this is actually achieved.

Who knows what the future might hold. I don't have the technical knowledge that OP and AverageGlabella clearly have but I can say this.

50+ years ago my father used to work on these big bastards, the source says that it could store up to 5 MB of data.
https://www.reddit.com/r/interestingasfuck/comments/6z95zz/first_computer_by_ibm/
The reasons you have listed here are the exact reasons why I'm very interested in the current price it takes to operate a quantum computer specifically (because its now been mentioned) the D-wave quantum computer which to run requires being housed in a room at an incredible -273° C. The interesting part of this is its not a computer limitation or anything like that but a environment one. No matter how efficient we make things it doesn't look like we'll be able to cheaply make a room at -273° C. Yes with better technology we will probably see quantum computers not having to work so hard but as physics goes the amount of energy that goes into things you can expect less out of it. Which in my eyes I can't see us ever being able to cheaply operate a rooms temperature at such low levels for the duration of the time the quantum computer needs to operate. We could in the future have an unlimited qubit quantum computer able to crack things in seconds and therefore the running time wouldn't be long which in effect would reduce the cost of this however what I'm trying to get at is this will be an extremely long way off and quantum computers on mass will likely not be a problem for many many years.

The reason why I'm concentrating on the operating costs and the logistics of running something capable of breaking algorithms is that even if a quantum computer was theoretically released tomorrow with the required amount of qubits to breach algorithms it would still only limited to a few individuals which might not have any malicious intent meaning it might not even be a threat anyway. Regardless whether this is true or not obviously we would need to be prepared for the worst case scenario which I do believe judging on others comments on this thread we'll be ready with the technology already available at our disposal.   
AverageGlabella
Hero Member
*****
Offline Offline

Activity: 494
Merit: 651



View Profile
June 26, 2019, 08:14:09 PM
Merited by Welsh (8), arcmetal (3), Macadonian (3), Cnut237 (1)
 #15

Who knows what the future might hold. I don't have the technical knowledge that OP and AverageGlabella clearly have but I can say this.
I think its worth mentioning that we shouldn't not be discrediting @arcmetal as they have demonstrated knowledge I would expect from a seasoned veteran in the quantum mechanic field. Not to assume they aren't of course but its a breath of fresh air as I have been complaining about the state of Bitcoin discussion and serious discussion not being active enough in the past. The two combined are some of the most surprising members of the forum I've come across the amount of effort that goes into their posts I'm unsure why you guys aren't already receiving the attention you deserve.  Most of the other threads discussing quantum computers are filled with generic answers such as "It will never happen" and all that bogus.

The reason why I'm concentrating on the operating costs and the logistics of running something capable of breaking algorithms is that even if a quantum computer was theoretically released tomorrow with the required amount of qubits to breach algorithms it would still only limited to a few individuals which might not have any malicious intent meaning it might not even be a threat anyway. Regardless whether this is true or not obviously we would need to be prepared for the worst case scenario which I do believe judging on others comments on this thread we'll be ready with the technology already available at our disposal.  
My personal view point is it all of this doesn't really matter in the grand scheme of things. I like to be more literal and straight to the point. We know the potential threat that is quantum computers. We know the the weak point in the technology Bitcoin is currently using and finally we know how to combat that. I know we have spoken about using an address only once but the majority of people will not go into that effort so the easiest and most efficient way of dealing with this while continuing the usability of Bitcoin would be to deploy a quantum resistant algorithm which I can guarantee is being worked on in the background as we speak.
Cnut237
Hero Member
*****
Offline Offline

Activity: 1092
Merit: 621



View Profile
June 27, 2019, 02:11:04 PM
Last edit: June 27, 2019, 02:35:26 PM by Cnut237
Merited by Macadonian (2)
 #16

cheaply make a room at -273° C.

... Then we get into the possibility of power from nuclear fusion. I know it's one of those things that is always 'a few years away' - but cheap energy (free? unlimited?) is getting closer all the time.

I think this kind of highlights the fact that technology is racing ahead of us, and it won't be long before it goes way beyond the ability of mere humans to understand, and it is computers themselves doing the thinking and theorising. The most promising form of defence against quantum attacks currently under development seems to be NTRU, which relies on some quite esoteric lattice-based maths which is frankly already beyond my ability to comprehend. In a few years' time I can imagine that it is computers themselves coming up with these models, and humans struggling to keep up. It's an infinite arms race into the distance really. So long as there is one side attacking and another side defending, it's difficult to see where it will stop - unless there is some fundamental facet of quantum mechanics that provides a final barrier to one or both sides.

"Let all men know how empty and worthless is the power of kings."
arcmetal
Member
**
Offline Offline

Activity: 189
Merit: 79


View Profile
June 28, 2019, 02:46:50 AM
Merited by vapourminer (1), Cnut237 (1), Macadonian (1)
 #17

... In a few years' time I can imagine that it is computers themselves coming up with these models, and humans struggling to keep up. It's an infinite arms race into the distance really. So long as there is one side attacking and another side defending, it's difficult to see where it will stop - unless there is some fundamental facet of quantum mechanics that provides a final barrier to one or both sides.
To a certain extent I've already seen this starting to happen.   Smiley  I spend my time dealing with learning algorithms, pattern recognition, sometimes termed AI.  Within the process of training these little AI networks, the algorithms produce their own algorithms to then produce the results I'm trying to make them achieve.  But at the end of this training, I, "the human", does not understand how the AI decided to produce these final algorithms. Or rather I struggle to find the reasons for its internal organization.  I did program it, but my programming is just a crucible I've created to foster the growth of these AI networks.  (I have been told by some of my benefactors that I musn't mention this odd behavior of my working networks to others.  The higher ups may not like it.  But I still find it curious.)

This concept exists throughout the AI algorithms that are currently spreading into almost everywhere it can fit.

...

Getting back to the OP.  My first reaction to having read that "someday some quantum computer may break bitcoin", was to think that the commentator doesn't understand "quantum" computers, and doesn't understand that bitcoin is programmable.  Regardless, I see it as just a comment to spread fud, to make people think that bitcoin was going to crack under a large enough computer.  Its almost as bad as the fud remark that says "any day now bitcoin's creator is going to show up and use his back door to steal your bitcoins".  In this case the commentator does not understand what is open source.   These sorts of fud remarks will continue to spread until the majority become informed about bitcoin's basics.  Until then, its up to us here to continue to teach the rest.
Cnut237
Hero Member
*****
Offline Offline

Activity: 1092
Merit: 621



View Profile
June 28, 2019, 07:29:06 AM
Merited by Welsh (2), vapourminer (1)
 #18

the algorithms produce their own algorithms to then produce the results I'm trying to make them achieve.  But at the end of this training, I, "the human", does not understand how the AI decided to produce these final algorithms.

Just a quick comment on this because I don't want to derail the thread. The evolution of AlphaGo I think demonstrates how quickly things are moving. A few years ago everyone was saying a machine could never beat the world's best Go players. Then (2015?) AlphaGo was developed and trained initially by humans through the input of a vast number of previous games. Learning algorithms subsequently built on this, but there was a big human input, guided by Go experts, and a lot of reliance on just brute-forcing the calculations. In 2016 it beat the world's best human player quite comprehensively.

The 2017 follow-up was AlphaGo Zero. This time they just fed it the rules and nothing else. They got it to teach itself. Within a short time they put it up against the original AlphaGo, and the entirely self-taught version won 100-0. It is indeed reaching the stage where computers aren't just better than humans at calculating, they're also better at learning how to calculate, and at learning how to learn. There is some exciting (scary?) emergent behaviour coming out of this.

"Let all men know how empty and worthless is the power of kings."
arcmetal
Member
**
Offline Offline

Activity: 189
Merit: 79


View Profile
June 28, 2019, 08:17:43 AM
Merited by Welsh (4), Macadonian (2), Zedpastin (1)
 #19

the algorithms produce their own algorithms to then produce the results I'm trying to make them achieve.  But at the end of this training, I, "the human", does not understand how the AI decided to produce these final algorithms.

Just a quick comment on this because I don't want to derail the thread. The evolution of AlphaGo I think demonstrates how quickly things are moving. A few years ago everyone was saying a machine could never beat the world's best Go players. Then (2015?) AlphaGo was developed and trained initially by humans through the input of a vast number of previous games. Learning algorithms subsequently built on this, but there was a big human input, guided by Go experts, and a lot of reliance on just brute-forcing the calculations. In 2016 it beat the world's best human player quite comprehensively.

The 2017 follow-up was AlphaGo Zero. This time they just fed it the rules and nothing else. They got it to teach itself. Within a short time they put it up against the original AlphaGo, and the entirely self-taught version won 100-0. It is indeed reaching the stage where computers aren't just better than humans at calculating, they're also better at learning how to calculate, and at learning how to learn. There is some exciting (scary?) emergent behaviour coming out of this.

It is this very interesting emergent behavior that I find curious.  One can write code to enable these artificial networks to learn on their own, even though it is very tricky to do so.  A slight change in the parameters for the network's environment and we end up with large instabilities in the network's internal architecture, which produce garbage.  These systems are difficult to stabilize, but once the right parameters are found the networks can produce solutions on their own.

And so, some seem so worried about the fast and powerful quantum computers, but maybe some should actually be worried about an AI building its own algorithm to find a private key, and us humans are left not understanding how it did it.

hehe, of course, I know full well that AIs are still too primitive for any such silly notions.  And I ignore to comment on those that mention "the singularity" since its just nonsensical fantasy.
Cnut237
Hero Member
*****
Offline Offline

Activity: 1092
Merit: 621



View Profile
June 28, 2019, 08:32:20 AM
Last edit: June 28, 2019, 09:11:26 AM by Cnut237
 #20

I suppose the final question that sits beneath everything else is: is self-consciousness itself an emergent behaviour? I'm still unsure about the singularity, I take your point, but I won't dismiss it completely until this question has a definitive answer. Stuff that seems magical fantasy today could be mundane and commonplace to the AIs of the future.

"Let all men know how empty and worthless is the power of kings."
Macadonian
Member
**
Offline Offline

Activity: 115
Merit: 320


View Profile
June 28, 2019, 07:58:35 PM
Merited by Welsh (8), AverageGlabella (5), Saidasun (4), ETFbitcoin (1)
 #21

... Then we get into the possibility of power from nuclear fusion. I know it's one of those things that is always 'a few years away' - but cheap energy (free? unlimited?) is getting closer all the time.

I think this kind of highlights the fact that technology is racing ahead of us, and it won't be long before it goes way beyond the ability of mere humans to understand, and it is computers themselves doing the thinking and theorising. The most promising form of defence against quantum attacks currently under development seems to be NTRU, which relies on some quite esoteric lattice-based maths which is frankly already beyond my ability to comprehend. In a few years' time I can imagine that it is computers themselves coming up with these models, and humans struggling to keep up. It's an infinite arms race into the distance really. So long as there is one side attacking and another side defending, it's difficult to see where it will stop - unless there is some fundamental facet of quantum mechanics that provides a final barrier to one or both sides.
Nuclear fusion is something which is getting closer by the day in fact in Boston they recently got a 50 million dollar dollar investment for their nuclear reactor. They believe they've sussed out the laws and its only a matter of building the plant. The theory has always been there and theoretically its safer than other traditional nuclear power management systems however we must consider chernobyl was considered safe no matter what due to the fail safe system they had in place. A great program was recently released which showed how out of depth they really were and this start up in Boston that claims to have all the answers and the only missing puzzle piece is actually building it has no track record. Therefore despite the claims of nuclear fusion being the future we have to consider how far and how many hurdles we are yet to hit.

Despite the lack of experience lets assume that all goes well and nuclear fusion becomes a thing. How accessible will this be to the public? Do we really believe energy companies will be providing cheap energy via nuclear fusion or will this still be reserved for the elite very much like quantum computers?

We also have to consider the moral obligations and the public viewpoint of nuclear power. At the moment there are multiple different organizations which are trying to combat the development of nuclear power plans and which could put a halt to nuclear fusion. I'm actually for the development of nuclear energy and providing a more efficient energy system but I can understand the concerns about accidents and management of waste and how it can literally destroy the environment it is in.

In conclusion even if nuclear fusion becomes a thing in the next few years and quantum computers could be cooled at the temperature required at a decent price I highly doubt that other than the wealthy elite the power of nuclear energy will not be easily accessible.
UnruffledST
Member
**
Offline Offline

Activity: 235
Merit: 18


View Profile
July 06, 2019, 08:22:23 PM
Merited by AverageGlabella (1)
 #22

Didnt bother to read all the replies but seriously you think Bitcoin has a option at the moment to really implement quantum resistant cryptography? Bitcoin beings so slow, would we even slower due to transactions taking lonher to verify due to the complexity in confirming such transactions.

AverageGlabella
Hero Member
*****
Offline Offline

Activity: 494
Merit: 651



View Profile
July 08, 2019, 05:32:27 PM
Merited by Macadonian (4)
 #23

Didnt bother to read all the replies but seriously you think Bitcoin has a option at the moment to really implement quantum resistant cryptography? Bitcoin beings so slow, would we even slower due to transactions taking lonher to verify due to the complexity in confirming such transactions.



That's the point of reading all the replies. This not a discussion about quantum computers becoming a problem currently but in the future and how we would deal with that. We have touched upon why it hasn't been implemented currently a few times in the discussion and although you do bring up a point of making Bitcoin unnecessarily slow right now in the future it is something that will have to happen if we ever do reach the point of a 2000+ qubit quantum computer or whatever would be the required amount to become a serious threat to the algorithm.
TimeBits
Member
**
Offline Offline

Activity: 224
Merit: 62


View Profile
July 08, 2019, 08:54:36 PM
Last edit: July 08, 2019, 09:40:28 PM by TimeBits
 #24

Decided to move this to serious discussion considering the lack of activity on Bitcoin Discussion I'm interested in hearing others opinions on the quantum computers currently and what they will be like in the future.

Anything compiled using AES is already crackable with the computers we have today, When satoshi created bitcoin he did not know wtf a Asic was, he Had no clue asics would come into existence. Wait till asic2.0`s come online. They will be able to crack AES even easier. There will be a single chip made that has more hashing power than all of the bitcoin farms combined in the next 20 years.
arcmetal
Member
**
Offline Offline

Activity: 189
Merit: 79


View Profile
July 09, 2019, 03:29:48 AM
Last edit: July 09, 2019, 04:01:54 AM by arcmetal
 #25

Didnt bother to read all the replies but seriously you think Bitcoin has a option at the moment to really implement quantum resistant cryptography? Bitcoin beings so slow, would we even slower due to transactions taking lonher to verify due to the complexity in confirming such transactions.



That's the point of reading all the replies. This not a discussion about quantum computers becoming a problem currently but in the future and how we would deal with that. We have touched upon why it hasn't been implemented currently a few times in the discussion and although you do bring up a point of making Bitcoin unnecessarily slow right now in the future it is something that will have to happen if we ever do reach the point of a 2000+ qubit quantum computer or whatever would be the required amount to become a serious threat to the algorithm.
Quite correct AverageGlabella.  Concerning whether adding more complexity to bitcoin's code would slow it down in the future: I hate to state the obvious but, whatever. In the future, if or when it is necessary to add more code, the hardware in general will be orders of magnitudes faster.  That is, processing and therefore communications will be much faster, and so increasing the amount of code necessary to complete a transaction will be of no consequence.  It is difficult for humans to discern the difference between 10 nanoseconds and 100 nanoseconds, adding more code will not be noticed with much faster hardware.
arcmetal
Member
**
Offline Offline

Activity: 189
Merit: 79


View Profile
July 09, 2019, 03:44:50 AM
Merited by Macadonian (3)
 #26

I suppose the final question that sits beneath everything else is: is self-consciousness itself an emergent behaviour? I'm still unsure about the singularity, I take your point, but I won't dismiss it completely until this question has a definitive answer. Stuff that seems magical fantasy today could be mundane and commonplace to the AIs of the future.
The problem is that we are extremely far from understanding how our brains function.  So far in fact from knowing, that we could be thousands of years or maybe millions of years from this type of understanding.  We just don't know how much we don't know.

Take for example, having read recently that they have discovered tiny tubules at the ends of dendrites.  They suspect that besides transferring chemicals and electrical impulses at the synapses, we may also be transmitting bits of light (some call it photons) across that junction.  This could mean that our brains are actually photonic in nature.  This is what I mean by "we have no clue".

We can't replicate it or build it into a machine until we have a full understanding of it.

It is still fun to ponder what self-consciousness might be, but to say we can build a machine to mimic this, or that one of our machines will happen upon it one day is just silly.
myternity
Member
**
Offline Offline

Activity: 95
Merit: 25

Yo!


View Profile
July 09, 2019, 03:13:54 PM
Merited by Welsh (10), Macadonian (3), arcmetal (1), Zedpastin (1)
 #27

Hello everybody. Nice to meet so many people interested in quantum threat to a blockchain in one place. We've been working on one post-quantum project for 2 years and of course we're talking with physicists, pq-cryptographers and other academic minds. And I just want to add a couple things and links you guys might like.
 
First — probably you will be interested in reading about Neven's law (https://www.quantamagazine.org/does-nevens-law-describe-quantum-computings-rise-20190618/). It is not a "law" of course but an interesting thing to keep in mind.
Second — the most powerful quantum chip for today is 128-qubit chip produced by Rigetti (https://medium.com/rigetti/the-rigetti-128-qubit-chip-and-what-it-means-for-quantum-df757d1b71ea).
Third — how many quits you need to crack a blockchain. It depends on a type of encryption, but the point is, it is 2300+ (https://en.wikipedia.org/wiki/Elliptic-curve_cryptography#Quantum_computing_attacks)
Fourth — Intel thinks we'll get 1000 quits by 2024 (https://spectrum.ieee.org/nanoclast/computing/hardware/intels-new-path-to-quantum-computing) and ECDSA will be at risk by 2027 (https://arxiv.org/pdf/1710.10377.pdf).
Fifth — implement post-quantum encryption to existing blockchains? This is a close to impossible task.
Sixth — That's what NIST says about PQC in their project (probably all of you aware of it but https://csrc.nist.gov/Projects/Post-Quantum-Cryptography):
Quote
Historically, it has taken almost two decades to deploy our modern public key cryptography infrastructure.  Therefore, regardless of whether we can estimate the exact time of the arrival of the quantum computing era, we must begin now to prepare our information security systems to be able to resist quantum computing.

So, yes, quantum threat is a thing to be aware (and probably afraid of) and yes, we gotta start working on it now. Plus, thanks to smart people from NIST we're in good hands. Btw we're working on a utility to secure all of the blockchains from it. I hope this week we'll publish an article about quantum thief where we will explain why the only thing that will save us from it is game theory (and PQC, of course).

I hope I didn't miss anything. Will be happy to answer your questions (but I can get here only a couple times per week max so don't wait for fast replies, sorry)

Kelvin
TheWolf666
Full Member
***
Offline Offline

Activity: 503
Merit: 133


Author & Prog of Franc / Prog of Kryptofranc


View Profile WWW
July 09, 2019, 06:16:20 PM
 #28

Quantum computers are not going to replace the computers as we know them. They can be considered like a GPU that will be attached to a normal computer, providing speed for some limited operations. Their usage will be very limited specially at the beginning and their price very high.


Macadonian
Member
**
Offline Offline

Activity: 115
Merit: 320


View Profile
July 09, 2019, 07:18:22 PM
 #29

Hello everybody. Nice to meet so many people interested in quantum threat to a blockchain in one place. We've been working on one post-quantum project for 2 years and of course we're talking with physicists, pq-cryptographers and other academic minds. And I just want to add a couple things and links you guys might like.
 
First — probably you will be interested in reading about Neven's law (https://www.quantamagazine.org/does-nevens-law-describe-quantum-computings-rise-20190618/). It is not a "law" of course but an interesting thing to keep in mind.
Second — the most powerful quantum chip for today is 128-qubit chip produced by Rigetti (https://medium.com/rigetti/the-rigetti-128-qubit-chip-and-what-it-means-for-quantum-df757d1b71ea).
Third — how many quits you need to crack a blockchain. It depends on a type of encryption, but the point is, it is 2300+ (https://en.wikipedia.org/wiki/Elliptic-curve_cryptography#Quantum_computing_attacks)
Fourth — Intel thinks we'll get 1000 quits by 2024 (https://spectrum.ieee.org/nanoclast/computing/hardware/intels-new-path-to-quantum-computing) and ECDSA will be at risk by 2027 (https://arxiv.org/pdf/1710.10377.pdf).
Fifth — implement post-quantum encryption to existing blockchains? This is a close to impossible task.
Sixth — That's what NIST says about PQC in their project (probably all of you aware of it but https://csrc.nist.gov/Projects/Post-Quantum-Cryptography):
Quote
Historically, it has taken almost two decades to deploy our modern public key cryptography infrastructure.  Therefore, regardless of whether we can estimate the exact time of the arrival of the quantum computing era, we must begin now to prepare our information security systems to be able to resist quantum computing.

So, yes, quantum threat is a thing to be aware (and probably afraid of) and yes, we gotta start working on it now. Plus, thanks to smart people from NIST we're in good hands. Btw we're working on a utility to secure all of the blockchains from it. I hope this week we'll publish an article about quantum thief where we will explain why the only thing that will save us from it is game theory (and PQC, of course).

I hope I didn't miss anything. Will be happy to answer your questions (but I can get here only a couple times per week max so don't wait for fast replies, sorry)
I'm interested on your take on your 5th point. Its quite a bold claim that has been disputed over in the development sub forum and here by some pretty bright minds. Why do you think its an impossible task? I think its difficult for a number of reasons including but not limited to the consumer issues that would come with bigger such a big change. As far as I know there are many different projects working on including quantum resistant algorithms into the existing infrastructure of Bitcoin and they are making good progress. The only issue with that is this would require a hard fork and there will be multiple different options to choose from. I would be interested in getting achows opinion on the matter but I'm afraid that discussion about quantum computers would quickly get buried.

myternity
Member
**
Offline Offline

Activity: 95
Merit: 25

Yo!


View Profile
July 10, 2019, 03:26:27 AM
 #30

I'm interested on your take on your 5th point. Its quite a bold claim that has been disputed over in the development sub forum and here by some pretty bright minds. Why do you think its an impossible task? I think its difficult for a number of reasons including but not limited to the consumer issues that would come with bigger such a big change. As far as I know there are many different projects working on including quantum resistant algorithms into the existing infrastructure of Bitcoin and they are making good progress. The only issue with that is this would require a hard fork and there will be multiple different options to choose from. I would be interested in getting achows opinion on the matter but I'm afraid that discussion about quantum computers would quickly get buried.
Yes, I should've probably disclose in more details.
When we say "it is quantum safe signature" we imply "it is probably quantum safe signature" due to the fact that someone had already mentioned in this thread, we don't have a quantum computer yet. What we need here is a solution with an encryption variability to have the opportunity to transfer new keys for the analogues of old addresses after hard fork. If we won't have this feature we'll have to make multiple hard forks with every "new" quantum computer. Another reason is a performance decline because a lot of PQ sigs are "heavier". Everybody are waiting for NIST PQC results. Actually this is what one of our products is about and this is one point of the articles. So it is difficult as a one time task but if you do it several times it requires an architecture rebuilt to make it easy and reliable. Plus we're talking not only Bitcoin but any other blockchain.
So it is an issue.

Kelvin
PrimeNumber7
Copper Member
Hero Member
*****
Offline Offline

Activity: 532
Merit: 759


Am I real?


View Profile
July 10, 2019, 06:53:00 AM
Merited by Welsh (6), Macadonian (3)
 #31

The reason why I'm concentrating on the operating costs and the logistics of running something capable of breaking algorithms is that even if a quantum computer was theoretically released tomorrow with the required amount of qubits to breach algorithms it would still only limited to a few individuals which might not have any malicious intent meaning it might not even be a threat anyway.
I speculate, most likely it will be a government - one of the five eyes, or China - or an entity that is a de-facto arm of a government, and I think they will absolutely be a malicious actor. It will be in this entity's interest to keep the fact they have the QC technology sufficient to break ECDSA and other encryption algorithms a state secret because it will allow their government to spy on their enemies for longer.

If a government develops QC technology that can be run efficiently, and use said technology to steal a few hundred thousand bitcoins, the coin they steal would be worth billions as of when they steal the coin, but its value would quickly plummet once many people start complaining their coin was stolen after practicing good security practices. It would also be a warning to other governments, banks, communications companies, and others to upgrade their encryption systems ASAP, and to stop using "now broken" encryption systems immediately, even if this means taking services offline for some time.

If a government were to develop QC tech that can efficiently break modern encryption algorithms, I think they would prefer to use it to decrypt intercepted communications via the internet and elsewhere, with the hope their enemies will continue using "broken" encryption algorithms. Last month, a bunch of European internet traffic was rerouted via China for two hours, and there have been similar incidents before. These incidents could be true errors, or they could have been the Chinese government collecting encrypted internet traffic hoping to decrypt it, with current or future technology.

███████████████████████████
██████████▄▄███▄▄██████████
████████▄█████████▄████████
██████▄█████████████▄██████
███████████████████████████
███████████████████████████
█████▄███████████████▄█████
███████████████████████████
█████▀███████████████▀█████
███████▀███████████▀███████
█████████▀███████▀█████████
███████████▀███▀███████████
███████████████████████████
.
.BITAMP..
   BITAMP BITCOIN WALLET   
Easy to use, client-side, &
open-source Bitcoin wallet
███████████████████████████
████████▄▄▄▀▀▀▀▀▄▄▄████████
████▄▀▀▀   ▄▄█▄▄   ▀▀▀▄████
█████ ▀▄▄▀▀     ▀▀▄▄▀ █████
█████  █    ███    █  █████
█████  █   ▄███▄   █  █████
█████  █  ███████  █  █████
████▀▄ ▀▄ ███████ ▄▀ ▄▀████
█████▀▄ ▀▄       ▄▀ ▄▀█████
██████▀▄  ▀▄▄ ▄▄▀  ▄▀██████
████████▀▄   █   ▄▀████████
██████████▀▀▄▄▄▀▀██████████
███████████████████████████
███████████████████████████
███████████████████████████
███████████████████████████
████▄▀▀▀▄  ▄███▄  ▄▀▀▀▄████
█████   █ ▐█████▌ █   █████
███▄▄▀ ▀▄  ▀███▀  ▄▀ ▀▄▄███
██      ▄██▀▀▀██▄      ███
██     ███▄███ ███     ███
███▄▄▄▄ █████▄▄████ ▄▄▄▄███
██████████████████████████
███████████████████████████
███████████████████████████
███████████████████████████
███████████████████████████
█████████████████▄▄▄▄█▄████
███████████████████████▀███
█████▀▀▀▀██▀▀▀▀▀▄▄████████
███████▄▀  ▄█▄█▄  ▀▄███████
██████▄▀   █    █  ▀▄██████
███████    █▀▀▀▀▄   ███████
██████▀▄   █    █  ▄▀██████
███████▀▄  ▀█▀█▀  ▄▀███████
████████▀▀▄▄▄▄▄██▄▄▄▄█████
███▄███████████████████████
████▀█▀▀▀▀█████████████████
███████████████████████████
|SECURE
ANONYMOUS
INSTANT
Cnut237
Hero Member
*****
Offline Offline

Activity: 1092
Merit: 621



View Profile
July 10, 2019, 07:45:17 AM
Last edit: July 10, 2019, 11:58:14 AM by Cnut237
Merited by Welsh (5), vapourminer (1)
 #32

Nuclear fusion [...] theoretically its safer than other traditional nuclear power management systems however we must consider chernobyl was considered safe

We also have to consider the moral obligations and the public viewpoint of nuclear power. [...]  I can understand the concerns about accidents and management of waste and how it can literally destroy the environment it is in.

Fusion is an entirely different process to traditional nuclear power - in fact it's the exact opposite. It doesn't use radioactive decay at all.

Nuclear power as we know it today is produced by fission. Essentially fission is where heavy atoms (uranium) are bombarded by neutrons, which causes them to split and release energy. The neutrons that come out of this fission then hit other heavy atoms and can cause a chain reaction. It can be a runaway process, and controlling it is kind of analogous to a brake pedal - someone at the plant always has their foot on this metaphorical pedal in order to keep the reactions under control. There are obviously a lot of dangerous by-products, partly the leftover split atoms, but also (more dangerous) heavy atoms that absorb neutrons but don't split, and can become some nasty forms of plutonium.

Fusion is the opposite. This is where light atoms (hydrogen isotopes) are fused together to form helium, neutrons and vast amounts of energy - a lot more than fission. Two further benefits are that a) there is no dangerous waste as both the source materials and the waste products (helium plus neutrons) are non-radioactive, and b) there is no danger of an uncontrollable chain reaction because fusion relies on the continuous input of power, if the power stops then the reaction cools and stops.


Do we really believe energy companies will be providing cheap energy via nuclear fusion

Not sure about this one. In theory if fusion becomes straightforward and it's an open marketplace, then companies will compete to drive the price down. If it's all state-controlled or a monopoly though, who knows...

"Let all men know how empty and worthless is the power of kings."
Cnut237
Hero Member
*****
Offline Offline

Activity: 1092
Merit: 621



View Profile
July 10, 2019, 08:30:45 AM
Last edit: July 10, 2019, 08:58:31 AM by Cnut237
Merited by arcmetal (1)
 #33

Quantum computers are not going to replace the computers as we know them. They can be considered like a GPU that will be attached to a normal computer, providing speed for some limited operations. Their usage will be very limited specially at the beginning and their price very high.

I agree that quantum computing doesn't offer an advantage in every situation. I think there is often a perception that quantum computers are just faster than conventional computers, but that's not really the case. Where they excel is in dealing with extremely complex problems. The advantage of a quantum computer is that the complexity scales differently.

A conventional computer can solve a problem 'x' in 'y' seconds, taking 'z' number of steps.
If you build a faster conventional computer, it can maybe solve problem 'x' in 'y/2' seconds, so twice as fast - but it will still take 'z' number of computational steps to do so.
The advantage of a quantum computer is that it can drastically reduce 'z', the number of steps required. This is why they are 'faster'.

It's quite fascinating when you get into it. If you are interested, have a look at Grover's algorithm.

"Let all men know how empty and worthless is the power of kings."
arcmetal
Member
**
Offline Offline

Activity: 189
Merit: 79


View Profile
July 10, 2019, 09:10:23 AM
Last edit: July 10, 2019, 09:28:57 AM by arcmetal
Merited by bitbunnny (5), Welsh (2), Cnut237 (1)
 #34

Do we really believe energy companies will be providing cheap energy via nuclear fusion

Not sure about this one. In theory if fusion becomes straightforward and it's an open marketplace, then companies will compete to drive the price down. If it's all state-controlled or a monopoly though, who knows...


The problem has always simply been that power generation is centralized, concentrated in a few hands.  Large power plants producing it, and large elaborate distribution lines to deliver it.  This is not how it could have been, but a few decided it should be this way, for obvious reasons, for the sake of profit.

But things have been slowly changing since solar panels have been mass produced, getting cheaper, and gaining in efficiencies.  With decentralized power ( ... decentralized, funny aye  Tongue)  there would be no need for large power plants or expansive distribution networks.  At worst there may still be a need for small local power distribution centers for emergencies, but nothing more.  ... The cost would solely be the production, and installation of the solar panel hardware, and the energy free.  There has always been animosity from those that wish to profit from centralized power, and this will continue until the end.  The end being fully decentralized power.

Throughout history energy has been commoditized, but in this modern age this is no longer necessary.   In this universe, besides space and time, energy is the most abundant thing.  The water we drink, or the oxygen we breathe is far more rare than energy, and yet we pay each month for power.

Nuclear power, fission or fusion, when developed enough, and made small enough will be useful for areas that have little to no access to the sun.  Like maybe Pluto.  Smiley   Or, interstellar travel.

I don't see free power as a threat to bitcoin.  Free power may seem to make the cost of producing btc less, but then any extra cash a miner has would be used for more mining hardware, increasing btc's difficulty, which increases its cost of production, which helps to increase its price, and so on.  
michellee
Hero Member
*****
Offline Offline

Activity: 1400
Merit: 508


★Bitvest.io★ Play Plinko or Invest!


View Profile
July 10, 2019, 11:09:47 AM
 #35

I don't make a research about quantum computing and I don't have any knowledge about that, I only user but I know a little about computer. My opinion, no matter if there are the newest computer design or technology, it will not threaten bitcoin but it will support the network so bitcoin or cryptocurrency could grow more than we thought.

Maybe the newest computer will solve the calculation of bitcoin mining so it could break every problem in the bitcoin mining. Like what we see on the bitcoin mining process, we see the newest GPU release and help the mining process. That will happen too with the quantum computing so it will support and help cryptocurrency.



.
.BIG WINNER!.
[15.00000000 BTC]


▄████████████████████▄
██████████████████████
██████████▀▀██████████
█████████░░░░█████████
██████████▄▄██████████
███████▀▀████▀▀███████
██████░░░░██░░░░██████
███████▄▄████▄▄███████
████▀▀████▀▀████▀▀████
███░░░░██░░░░██░░░░███
████▄▄████▄▄████▄▄████
██████████████████████

▀████████████████████▀
▄████████████████████▄
██████████████████████
█████▀▀█▀▀▀▀▀▀██▀▀████
█████░░░░░░░░░░░░░████
█████░░░░░░░░░░░░▄████
█████░░▄███▄░░░░██████
█████▄▄███▀░░░░▄██████
█████████░░░░░░███████
████████░░░░░░░███████
███████░░░░░░░░███████
███████▄▄▄▄▄▄▄▄███████

██████████████████████
▀████████████████████▀
▄████████████████████▄
███████████████▀▀▀▀▀▀▀
███████████▀▀▄▄█░░░░░█
█████████▀░░█████░░░░█
███████▀░░░░░████▀░░░▀
██████░░░░░░░░▀▄▄█████
█████░▄░░░░░▄██████▀▀█
████░████▄░███████░░░░
███░█████░█████████░░█
███░░░▀█░██████████░░█
███░░░░░░████▀▀██▀░░░░
███░░░░░░███░░░░░░░░░░

██░▄▄▄▄░████▄▄██▄░░░░
████████████▀▀▀▀▀▀▀██
█████████████░█▀▀▀█░███
██████████▀▀░█▀░░░▀█░▀▀
███████▀░▄▄█░█░░░░░█░█▄
████▀░▄▄████░▀█░░░█▀░██
███░▄████▀▀░▄░▀█░█▀░▄░▀
█▀░███▀▀▀░░███░▀█▀░███░
▀░███▀░░░░░████▄░▄████░
░███▀░░░░░░░█████████░░
░███░░░░░░░░░███████░░░
███▀░██░░░░░░▀░▄▄▄░▀░░░
███░██████▄▄░▄█████▄░▄▄

██░████████░███████░█
▄████████████████████▄
████████▀▀░░░▀▀███████
███▀▀░░░░░▄▄▄░░░░▀▀▀██
██░▀▀▄▄░░░▀▀▀░░░▄▄▀▀██
██░▄▄░░▀▀▄▄░▄▄▀▀░░░░██
██░▀▀░░░░░░█░░░░░██░██
██░░░▄▄░░░░█░██░░░░░██
██░░░▀▀░░░░█░░░░░░░░██
██░░░░░▄▄░░█░░░░░██░██
██▄░░░░▀▀░░█░██░░░░░██
█████▄▄░░░░█░░░░▄▄████
█████████▄▄█▄▄████████

▀████████████████████▀




Rainbot
Daily Quests
Faucet
Macadonian
Member
**
Offline Offline

Activity: 115
Merit: 320


View Profile
July 12, 2019, 05:31:24 PM
Merited by Saidasun (2), ETFbitcoin (1), Welsh (1)
 #36


Maybe the newest computer will solve the calculation of bitcoin mining so it could break every problem in the bitcoin mining. Like what we see on the bitcoin mining process, we see the newest GPU release and help the mining process. That will happen too with the quantum computing so it will support and help cryptocurrency.
This is not how quantum computers work however if this was possible then this would be very bad for Bitcoin. The difficulty would have to increase so much that it would outprice almost everyone out of the market meaning only those that can afford the hashrate of these "super computers" that the general consumer would not be able to mine new Bitcoin. Bitcoin would become a currency only used by the very wealthy elite of the world. Luckily quantum computers aren't going to be useful for mining and are currently only good for solving problems using factoring. Which means they will be very good at certain things but overall not that good even for a personal computer. They are very good at cracking algorithms especially the one that Bitcoin is currently using.

Macadonian
Member
**
Offline Offline

Activity: 115
Merit: 320


View Profile
July 14, 2019, 04:04:19 PM
Merited by Welsh (25), Saidasun (5), Zedpastin (4)
 #37

The problem has always simply been that power generation is centralized, concentrated in a few hands.  Large power plants producing it, and large elaborate distribution lines to deliver it.  This is not how it could have been, but a few decided it should be this way, for obvious reasons, for the sake of profit.

But things have been slowly changing since solar panels have been mass produced, getting cheaper, and gaining in efficiencies.  With decentralized power ( ... decentralized, funny aye  Tongue)  there would be no need for large power plants or expansive distribution networks.  At worst there may still be a need for small local power distribution centers for emergencies, but nothing more.  ... The cost would solely be the production, and installation of the solar panel hardware, and the energy free.  There has always been animosity from those that wish to profit from centralized power, and this will continue until the end.  The end being fully decentralized power.

Throughout history energy has been commoditized, but in this modern age this is no longer necessary.   In this universe, besides space and time, energy is the most abundant thing.  The water we drink, or the oxygen we breathe is far more rare than energy, and yet we pay each month for power.

Nuclear power, fission or fusion, when developed enough, and made small enough will be useful for areas that have little to no access to the sun.  Like maybe Pluto.  Smiley   Or, interstellar travel.

I don't see free power as a threat to bitcoin.  Free power may seem to make the cost of producing btc less, but then any extra cash a miner has would be used for more mining hardware, increasing btc's difficulty, which increases its cost of production, which helps to increase its price, and so on.  

Although most countries charge for power they also charge for water and can sometimes be very expensive depending on the country that you live in. I would essentially agree with most of your points other than the statement that bigger and more industrialized power plants won't be needed when we are relating it back to quantum computers. In general life I would agree but when providing the energy necessary to house a quantum computer and run it at its most efficient conditions this would probably not be sufficient with solar panels or would be a logistical nightmare.  Nuclear fusion will probably be used but as you touched upon this will be in the hands of the few and I don't think a cheap and efficient solution like nuclear fusion (in theory) will be distributed to the masses. This will probably be something which is exclusive to governments and I can see them justifying this by stating that nuclear fusion is dangerous and is frowned upon by most of the world however they need to have emergency fail safes in place just in case their country goes without power. Playing on peoples heartstrings about keeping hospitals running and saving lives and that will be the only reason I can see nuclear fusion being first of all accepted by the community and secondly developed by the government. They'll use it for emergencies and military operations only. However who's not to say that they won't run their quantum computers off of this energy and deem it military operations. After all factoring could break many different algorithms and they could potentially get intel from their enemies. Bitcoin will probably be an enemy to the governments and who's to say they won't try attacking it. This is all based on assumption and is all theoretically however I do like to imagine the sort of power which would come with quantum computers running on nuclear fusion. Luckily the masses won't have access to both of these technologies and only governments and possibly the wealthy elite will which means there aren't too many potential attackers to the current algorithm that Bitcoin uses. Which probably means that we have an increased amount of time to figure out the steps in protecting against quantum computers.

Quantum computers are not going to replace the computers as we know them. They can be considered like a GPU that will be attached to a normal computer, providing speed for some limited operations. Their usage will be very limited specially at the beginning and their price very high.

I agree that quantum computing doesn't offer an advantage in every situation. I think there is often a perception that quantum computers are just faster than conventional computers, but that's not really the case. Where they excel is in dealing with extremely complex problems. The advantage of a quantum computer is that the complexity scales differently.

A conventional computer can solve a problem 'x' in 'y' seconds, taking 'z' number of steps.
If you build a faster conventional computer, it can maybe solve problem 'x' in 'y/2' seconds, so twice as fast - but it will still take 'z' number of computational steps to do so.
The advantage of a quantum computer is that it can drastically reduce 'z', the number of steps required. This is why they are 'faster'.

It's quite fascinating when you get into it. If you are interested, have a look at Grover's algorithm.

I have mentioned in a couple of my replies that quantum computers are exceptional at only certain tasks but actually quite lackluster in other areas. They are not personal computers and wouldn't be useful to the majority of people. However those that are looking to crack currently used algorithms and via using the quantum computers exceptional talent at factoring they are very useful. Even if quantum computers became available to the masses it just wouldn't appeal to them. I don't have any interest in cracking algorithms for an example but militaries and governments probably do. Enemies to Bitcoin probably do.

I speculate, most likely it will be a government - one of the five eyes, or China - or an entity that is a de-facto arm of a government, and I think they will absolutely be a malicious actor. It will be in this entity's interest to keep the fact they have the QC technology sufficient to break ECDSA and other encryption algorithms a state secret because it will allow their government to spy on their enemies for longer.

If a government develops QC technology that can be run efficiently, and use said technology to steal a few hundred thousand bitcoins, the coin they steal would be worth billions as of when they steal the coin, but its value would quickly plummet once many people start complaining their coin was stolen after practicing good security practices. It would also be a warning to other governments, banks, communications companies, and others to upgrade their encryption systems ASAP, and to stop using "now broken" encryption systems immediately, even if this means taking services offline for some time.

If a government were to develop QC tech that can efficiently break modern encryption algorithms, I think they would prefer to use it to decrypt intercepted communications via the internet and elsewhere, with the hope their enemies will continue using "broken" encryption algorithms. Last month, a bunch of European internet traffic was rerouted via China for two hours, and there have been similar incidents before. These incidents could be true errors, or they could have been the Chinese government collecting encrypted internet traffic hoping to decrypt it, with current or future technology.
There are currently a number of different countries and governments which are extremely hostile to Bitcoin and others which aren't sure what to do in terms of banning it or allowing the people to use it. China is a scary one due to their history of not caring what others think and how they severely limit and censor their population. You make a excellent point that anyone with a quantum computer capable of breaking algorithms will probably not do it on a mass scale and will probably make targeted attacks to prevent everyone switching over to a quantum resistant algorithm.
Cnut237
Hero Member
*****
Offline Offline

Activity: 1092
Merit: 621



View Profile
July 15, 2019, 02:34:04 PM
Merited by Welsh (4)
 #38

The water we drink, or the oxygen we breathe is far more rare than energy, and yet we pay each month for power.

Although most countries charge for power they also charge for water and can sometimes be very expensive depending on the country that you live in.

Given the ever-increasing effects of climate change, I think it's likely that access to water will be a huge issue as this century progresses. Wars might even start over it. You look at somewhere like Egypt and wonder what would happen if some of the countries upstream started using or diverting more from the Nile, particularly as they grow in population. You look at China and the effort it puts into acquiring and holding Tibet - which is the source of the biggest Chinese rivers - and you wonder what would happen if India, also growing in population, decides it needs more of that Tibetan water...

I don't think a cheap and efficient solution like nuclear fusion (in theory) will be distributed to the masses. This will probably be something which is exclusive to governments

If commercial fusion power does become possible, then maybe it will be used to resolve the issue of water shortage by providing cheap green power for water desalination plants... These plants already contribute to global warming, and likely will make the problem even worse as they expand in use due to water shortages. So with the way the world is going, if fusion does become possible, I'm not sure governments will be able to hold it back for themselves or even charge excessively for it - as energy demands and resource demands increase, providing access to fusion power may be one of the only ways to avert war.

"Let all men know how empty and worthless is the power of kings."
Saidasun
Member
**
Offline Offline

Activity: 68
Merit: 147


View Profile
July 16, 2019, 09:56:02 AM
Merited by Welsh (25), Macadonian (20), Zedpastin (7), AverageGlabella (3), vapourminer (1), Cnut237 (1)
 #39

Bare with me with this reply has I've been working on it for a while and have dropped it and came back to it a few times over the last few days. Its also taken me a while to get this all down. This discussion actually prompted me to log in to the forum after a while because this quality discussion is a rarity these days on this forum.

What I want to address is the different types of solutions which are currently either being developed or are fully developed and been deployed elsewhere. First I'll talk about the quantum resistant ledger and why Bitcoin doesn't need this and in fact I prefer the way Bitcoin is dealing with the whole quantum computer threat. Lets be clear and say quantum computers actually already exist and are already being used for multiple different things other than cracking algorithms and encryption. However just like its been discussed in this thread quantum computers are a number of years from becoming good enough to be able to threaten most encryption and certainly Bitcoins method of encryption. Estimations by large companies within the field has predicted we'll be seeing quantum computers with 2500+ qubits by the year 2025 but like many of you said these will be only just developed and will require a lot of testing and certainly won't be available to the average joe. However just because the mass population doesn't have access to these superior quantum computers doesn't mean its still not a threat. Governments which are probably funding these quantum computers are known to be pretty hostile towards Bitcoin and could use this to their advantage along with other things on their agenda. What some altcoins have done is included a quantum resistant ledger right from the get go in order to try and appeal to those that are misinformed. Implementing a quantum resistant ledger is all good when the altcoin its protecting is only worth a few cents but imagine implementing a untested and most importantly unproved quantum resistant ledger in a multi million pound industry like Bitcoin. This is the reason why Bitcoin developers and us as users of the software should be encouraging the development of Bitcoin to thoroughly test anything before its added to the "mainframe". The quantum resistant ledger I'm talking about has been implemented by a number of different altcoins but we are still unsure whether they will be ready and scalable without causing too much disruption to the value and of its users. This is why Bitcoin is one of the more respected cryptocurrencies out there because everything which is implemented is thoroughly tested and isn't just trying to appeal to people with new sparkly features. The quantum resistant ledger for example is a complete waste of time right now and isn't much more than a gimmick. It doesn't provide any more level of security than Bitcoin does and when quantum computers are able to break the algorithm Bitcoin uses it will then switch to a quantum resistant one which could in fact be better than the current quantum resistant ledgers we are seeing because its been tested over a number of years instead of just developed and thrown in there even when its not needed.

Despite these quantum resistant ledgers being gimmicks currently because they aren't providing any more security than traditional cryptocurrencies its at least a good idea to provide proof of concepts to the developers of Bitcoin and they can improve on the existing quantum resistant algorithms.The current quantum resistant solutions out there are mostly using eXtended Merkle Signature Scheme a hash-based digital signature system which allows reusable addresses and this is where I think Bitcoin could implement a less invasive algorithm onto the network. The problem with reusing addresses is once they have broadcast themselves onto the network they are then vulnerable to an attack from a quantum computer because they have exposed their public keys onto the network. This hash would then be suspect to quantum computers by using factoring to break the encryption and this is where I think the network could be improved without implementing a fully quantum resistant ledger by only allowing the use of an address once. So you could receive x amount on one address and then the wallet software automatically assigns that to a different address without broadcasting it to the network. I think this is possible and should be the only time an amount isn't broadcast to the network or only allow addresses to be used once by allowing them to receive coin and send from it once this would reduce the probability of a quantum computer finding the public key and attempting to crack it. We could actually do this in the current implementation of Bitcoin but not many people do and they simply reuse addresses even when its recommended to only use addresses once to avoid privacy issues. However if this was fully implemented into the network as a standard I think that would solve most of the problems. Its not completely safe but doesn't have a massive impact like implementing an entire new algorithm. At least for now we all know that Bitcoin will eventually have to adopt a new algorithm to keep up with the hardware being developed but so will many other things in the world.

Secondly lets talk about factoring and how quantum computers actually do it because I've seen this mentioned in a few of the replies but none of them have really gone into enough depth to justify mentioning it. So quantum computers are exceptionally fast at a few things and one of them is factoring. Factoring is used to crack conventional cryptography and this will be the route that quantum computers will take if they were to ever break the algorithm of Bitcoin but just mentioning factoring isn't really explaining how quantum computers are exceptionally good at it. Well quantum computers are very good at solving Discrete Fourier transform which in mathematics is converting a finite sequence of equally spaced samples of a function into a same the exact same length sequence of equally spaced samples of the discrete time Fourier transform which is a complex valued frequency. Discrete time Fourier transform is used to analyze samples of a continuous function. Discrete time is called that because it handles discrete data which their intervals are units of time basically. So using these functions quantum computers factor against the algorithm to find the solution. We have probably studied factoring at one point in our lives which includes multiplication however the factoring that quantum computers are doing is on a completely new level to that. Here's an example of a factoring problem:

The folllowing factoring problem
Code:
Given a number $N = pq$ where $p,q$ are primes, how do you recover $p$ and $q$?

would be solved by comparing common factors and using multiplication groups There's a great explanation already out there which outlines this problem and provides the sequence of the process to determine the solution: https://quantumcomputing.stackexchange.com/questions/1383/what-makes-quantum-computers-so-good-at-computing-prime-factors

By increasing the amount of qubits a quantum computer has we are effectively making it quicker at solving these problems by using the above mentioned method. This process is a lengthy one using current modern day computers but the idea behind quantum computers is once they have hit 3000 qubits they will be able to break most current day algorithms within a matter of seconds.
Macadonian
Member
**
Offline Offline

Activity: 115
Merit: 320


View Profile
July 16, 2019, 12:23:15 PM
Merited by Welsh (10), Saidasun (5), vapourminer (1)
 #40

Given the ever-increasing effects of climate change, I think it's likely that access to water will be a huge issue as this century progresses. Wars might even start over it. You look at somewhere like Egypt and wonder what would happen if some of the countries upstream started using or diverting more from the Nile, particularly as they grow in population. You look at China and the effort it puts into acquiring and holding Tibet - which is the source of the biggest Chinese rivers - and you wonder what would happen if India, also growing in population, decides it needs more of that Tibetan water...

If commercial fusion power does become possible, then maybe it will be used to resolve the issue of water shortage by providing cheap green power for water desalination plants... These plants already contribute to global warming, and likely will make the problem even worse as they expand in use due to water shortages. So with the way the world is going, if fusion does become possible, I'm not sure governments will be able to hold it back for themselves or even charge excessively for it - as energy demands and resource demands increase, providing access to fusion power may be one of the only ways to avert war.
Water is a big problem and whats worrying is most of the water around the world is privately owned and if a water were to break out these private companies could be bought out in an attempt to harm the civilians and cause unrest in that country. I might actually start a thread about water consumption and the worries if a war broke out but at the moment I'll continue discussing the quantum computers as this is possibly some of the best discussion I have participated in relating to it.

Bare with me with this reply has I've been working on it for a while and have dropped it and came back to it a few times over the last few days. Its also taken me a while to get this all down. This discussion actually prompted me to log in to the forum after a while because this quality discussion is a rarity these days on this forum.
Holy crap! I did not know we had this many people who are knowledgeable in the quantum mechanics field and can discuss quantum computers in such depth. I'll admit that what you have mentioned about factoring and how its actually done is a little over my head currently as I'm only dipping my toes into quantum computers. My knowledge is limited by I know what factoring is and I know quantum computers are exceptionally good at it but that actual specifics of working it out is still gibberish to me but I appreciate the input on the actual solutions and working it out!

The quantum resistant ledger has been running roughly a year and AFAIK as received some excellent praise and has received a lot of media coverage because of that although your point about reusing addresses wouldn't be sufficient in my opinion because we are then relying on the chance of the address not being targeted rather than implementing a system which is completely quantum resistant. It is true that the less you reuse an address the less exposure it has on the public ledger and thus the less likely it is to be a target although this doesn't completely prevent the address from being targeted due to it still being recorded on the address once they receive an amount. By implementing a quantum resistant algorithm we at least prevent this sort of attack from happening and there is no risk whatsoever although I would agree that reusable addresses shouldn't be a thing and you should only be able to use new addresses every time for other privacy issues but the way its implemented into the blockchain right now is the user gets to decide what sort of piracy level they are comfortable with which could possibly be the best approach if we are to stick with the decentralized way of Bitcoin and not limit users of it to specific rules.

Saidasun
Member
**
Offline Offline

Activity: 68
Merit: 147


View Profile
July 16, 2019, 01:34:47 PM
Merited by Welsh (10), Macadonian (6), Zedpastin (3)
 #41

The quantum resistant ledger has been running roughly a year and AFAIK as received some excellent praise and has received a lot of media coverage because of that although your point about reusing addresses wouldn't be sufficient in my opinion because we are then relying on the chance of the address not being targeted rather than implementing a system which is completely quantum resistant. It is true that the less you reuse an address the less exposure it has on the public ledger and thus the less likely it is to be a target although this doesn't completely prevent the address from being targeted due to it still being recorded on the address once they receive an amount. By implementing a quantum resistant algorithm we at least prevent this sort of attack from happening and there is no risk whatsoever although I would agree that reusable addresses shouldn't be a thing and you should only be able to use new addresses every time for other privacy issues but the way its implemented into the blockchain right now is the user gets to decide what sort of piracy level they are comfortable with which could possibly be the best approach if we are to stick with the decentralized way of Bitcoin and not limit users of it to specific rules.


The quantum resistant ledger (QRL) is only an example and there are many other projects which are doing different things with the end goal being the same; protecting the ledger from quantum computers. I disagree and think that being able to reuse an address is a security and privacy issue in its own right and has nothing to do with the freedom of the users to reuse the address. By allowing them to reuse addresses we are allowing them the opportunity to be stung but I'm always going to support projects which allow more privacy and can combat cash in that sense but I'm going away from the original point. Implementing a different algorithm might not be necessary until the very late stages of quantum computers and that would allow us to thoroughly test each algorithm while quantum computers are out potentially even using quantum computers to find out the answers to our questions about how well it scales.  The biggest concern with the QRL is that scability might be a big issue and there is no way to really test that. We have the theory of it working and being able to scale up however as we all know more solid theories in the past have been proven wrong. My point is that we could be implementing something which might not even protect us against our issues and then we would have to implement another system anyway which each time is going to affect the adoption and short term value of the currency. The only real benefit of doing it several times over in a short period of time would be media coverage other than that this would affect the daily users of Bitcoin and would be largely not beneficial to the system as a whole.
Cnut237
Hero Member
*****
Offline Offline

Activity: 1092
Merit: 621



View Profile
July 17, 2019, 08:10:09 PM
Merited by Welsh (2)
 #42

A lot of the discussion around post-quantum cryptography and how to protect against attacks from quantum computers is more 'how can we use conventional computers to protect against quantum attack', rather than 'how can we use quantum computers to protect against quantum attack.'

In this thread we have covered how quantum computers are superior to conventional computers only in certain ways and for certain types of problem, where they can use their quantum nature to effectively take calculation shortcuts. It has also been discussed how quantum computers might be bolted onto conventional computers in a manner similar to GPUs. But this can be done as defence as well as attack.

I am a long way from being an expert, but from my limited understanding of the basics of quantum mechanics I think that one possibly fruitful avenue to pursue is using quantum properties as a pre-emptive defence mechanism. There has already been a lot of work in this area, particularly in Quantum Key Distribution, which uses quantum indeterminacy to ensure that any act of measurement (eavesdropping) is always detected. As with any other 'arms race' type situation where you have two opposing sides competing against one another, there have been many attempts to circumvent and hack quantum cryptographic processes. Whilst these have sometimes been successful, this success is often down to exploiting vulnerabilities in the set-up rather than in the quantum processes themselves. I do wonder as the technology to both defend and attack improves, whether it will reach a point where there is a final barrier in that the laws of quantum mechanics, whether the uncertainty principle or quantum entanglement or some other facet, creates a system that is fundamentally impossible to hack.

"Let all men know how empty and worthless is the power of kings."
Cnut237
Hero Member
*****
Offline Offline

Activity: 1092
Merit: 621



View Profile
July 18, 2019, 06:42:27 PM
Last edit: July 18, 2019, 08:17:28 PM by Cnut237
Merited by Welsh (2)
 #43

We've mentioned a few times how quickly this field is advancing... yesterday a team at the University of New South Wales announced they have achieved a
200x speed improvement on a 2 qubit gate!



"Let all men know how empty and worthless is the power of kings."
PrimeNumber7
Copper Member
Hero Member
*****
Offline Offline

Activity: 532
Merit: 759


Am I real?


View Profile
July 21, 2019, 07:59:24 PM
Merited by Welsh (5), vapourminer (2), Saidasun (2), Cnut237 (1)
 #44

However just because the mass population doesn't have access to these superior quantum computers doesn't mean its still not a threat. Governments which are probably funding these quantum computers are known to be pretty hostile towards Bitcoin and could use this to their advantage along with other things on their agenda.
I posted why I don't think this will happen above. In short, governments have bigger fish to fry than 'destroying' bitcoin. If a government were to use a QC to steal a bunch of bitcoins, it would serve as a warning to the rest of the world to upgrade their encryption algorithms that is Quantum resistant. If a country were to have the ability to break EDSCA but doesn't attack bitcoin, it could silently collect/intercept encrypted data/secrets, and learn the secrets being protected by the now broken encryption.


The problem with reusing addresses is once they have broadcast themselves onto the network they are then vulnerable to an attack from a quantum computer because they have exposed their public keys onto the network. This hash would then be suspect to quantum computers by using factoring to break the encryption and this is where I think the network could be improved without implementing a fully quantum resistant ledger by only allowing the use of an address once.
If you were to operate under the assumption that QCs will be used to attack bitcoin, what you describe will only be a temporary solution. Once QCs have enough qubits to calculate the private key within ~an hour, it will be unsafe to spend any coin. The reason is, it is common enough to see hour to 1.5 hour long blocks (the time between blocks) so that someone with a QC could start trying to break the private key of an address 'containing' a lot of coin that was spent within a few minutes from the time the last block was found, and double spend the transaction with a much larger fee once the private key is calculated. The attacker would be unsuccessful when the block time is less than a hour, however a bitcoin user has no way of knowing the time until the next block will be found, so every transaction will be at risk.

███████████████████████████
██████████▄▄███▄▄██████████
████████▄█████████▄████████
██████▄█████████████▄██████
███████████████████████████
███████████████████████████
█████▄███████████████▄█████
███████████████████████████
█████▀███████████████▀█████
███████▀███████████▀███████
█████████▀███████▀█████████
███████████▀███▀███████████
███████████████████████████
.
.BITAMP..
   BITAMP BITCOIN WALLET   
Easy to use, client-side, &
open-source Bitcoin wallet
███████████████████████████
████████▄▄▄▀▀▀▀▀▄▄▄████████
████▄▀▀▀   ▄▄█▄▄   ▀▀▀▄████
█████ ▀▄▄▀▀     ▀▀▄▄▀ █████
█████  █    ███    █  █████
█████  █   ▄███▄   █  █████
█████  █  ███████  █  █████
████▀▄ ▀▄ ███████ ▄▀ ▄▀████
█████▀▄ ▀▄       ▄▀ ▄▀█████
██████▀▄  ▀▄▄ ▄▄▀  ▄▀██████
████████▀▄   █   ▄▀████████
██████████▀▀▄▄▄▀▀██████████
███████████████████████████
███████████████████████████
███████████████████████████
███████████████████████████
████▄▀▀▀▄  ▄███▄  ▄▀▀▀▄████
█████   █ ▐█████▌ █   █████
███▄▄▀ ▀▄  ▀███▀  ▄▀ ▀▄▄███
██      ▄██▀▀▀██▄      ███
██     ███▄███ ███     ███
███▄▄▄▄ █████▄▄████ ▄▄▄▄███
██████████████████████████
███████████████████████████
███████████████████████████
███████████████████████████
███████████████████████████
█████████████████▄▄▄▄█▄████
███████████████████████▀███
█████▀▀▀▀██▀▀▀▀▀▄▄████████
███████▄▀  ▄█▄█▄  ▀▄███████
██████▄▀   █    █  ▀▄██████
███████    █▀▀▀▀▄   ███████
██████▀▄   █    █  ▄▀██████
███████▀▄  ▀█▀█▀  ▄▀███████
████████▀▀▄▄▄▄▄██▄▄▄▄█████
███▄███████████████████████
████▀█▀▀▀▀█████████████████
███████████████████████████
|SECURE
ANONYMOUS
INSTANT
Cnut237
Hero Member
*****
Offline Offline

Activity: 1092
Merit: 621



View Profile
July 22, 2019, 05:38:02 PM
Merited by Welsh (10), vapourminer (1)
 #45

However just because the mass population doesn't have access to these superior quantum computers doesn't mean its still not a threat. Governments which are probably funding these quantum computers are known to be pretty hostile towards Bitcoin and could use this to their advantage along with other things on their agenda.
I posted why I don't think this will happen above. In short, governments have bigger fish to fry than 'destroying' bitcoin.

I agree completely. If someone develops a quantum computer that can break existing encryption with ease, then there are much bigger targets than bitcoin. As mentioned by PrimeNumber7 above, if it becomes public knowledge that someone has hacked bitcoin and stolen say $1 million of coins, then crypto will take a nosedive and that $1 million will fall in value very very rapidly. If they steal $1 billion, then I'd be very surprised if they could cash it out to fiat before it lost most of its value.

We all know how volatile crypto prices can be, with even the merest suggestion of a rumour of bad news often enough to cause the whole market to tank. Something like a quantum hack would have a huge impact. If this hypothetical malicious actor with a quantum computer wants to make a huge amount of money, they could go after banks instead - that would be much more lucrative and probably easier. And if it's a government doing the hacking, then again it would be much more advantageous for them to hack a rival government (US vs China for example). They could wreak havoc, with infrastructure a likely target, but in theory any state secrets or corporate data would be vulnerable.

Finally we must also remember that one of the best things about crypto is that good coins are under continuous development, and defences against quantum attack will likely be in place long before it becomes a real risk. These coins are developed by some very smart and very tech-savvy people. If quantum computing becomes a threat, it won't take these people by surprise.

As I've mentioned before, I think that whilst a lot of work has gone into building quantum-resistant systems using classical computers, one of the best avenues of investigation is defence using quantum computers. There has been plenty of research into various methods of Quantum Key Distribution, and this research continues with approaches such as Kak’s three-stage protocol. Perhaps this will be quantum-attack-proof, or perhaps not. But the key here is that defence is actually moving faster than attack.

"Let all men know how empty and worthless is the power of kings."
Saidasun
Member
**
Offline Offline

Activity: 68
Merit: 147


View Profile
July 23, 2019, 10:17:38 AM
Merited by Welsh (10), Macadonian (9), Zedpastin (4), vapourminer (3), AverageGlabella (2), Cnut237 (1)
 #46

I agree completely. If someone develops a quantum computer that can break existing encryption with ease, then there are much bigger targets than bitcoin. As mentioned by PrimeNumber7 above, if it becomes public knowledge that someone has hacked bitcoin and stolen say $1 million of coins, then crypto will take a nosedive and that $1 million will fall in value very very rapidly. If they steal $1 billion, then I'd be very surprised if they could cash it out to fiat before it lost most of its value.

We all know how volatile crypto prices can be, with even the merest suggestion of a rumour of bad news often enough to cause the whole market to tank. Something like a quantum hack would have a huge impact. If this hypothetical malicious actor with a quantum computer wants to make a huge amount of money, they could go after banks instead - that would be much more lucrative and probably easier. And if it's a government doing the hacking, then again it would be much more advantageous for them to hack a rival government (US vs China for example). They could wreak havoc, with infrastructure a likely target, but in theory any state secrets or corporate data would be vulnerable.

Finally we must also remember that one of the best things about crypto is that good coins are under continuous development, and defences against quantum attack will likely be in place long before it becomes a real risk. These coins are developed by some very smart and very tech-savvy people. If quantum computing becomes a threat, it won't take these people by surprise.

As I've mentioned before, I think that whilst a lot of work has gone into building quantum-resistant systems using classical computers, one of the best avenues of investigation is defence using quantum computers. There has been plenty of research into various methods of Quantum Key Distribution, and this research continues with approaches such as Kak’s three-stage protocol. Perhaps this will be quantum-attack-proof, or perhaps not. But the key here is that defence is actually moving faster than attack.
I get your point that you and primenumber7 are putting across although lets not forget that Bitcoin has already had some very serious bugs in the past which involved basically printing off Bitcoin. This was a big thing at the time and luckily wasn't abused. You would think such negative press would have destroyed Bitcoin but it didn't. If money was stolen then Bitcoin would take a dive but I wouldn't say it would be the end of Bitcoin. Cash is stolen everyday and fiat currencies gets printed off fairly regular but that doesn't stop people using it. Bitcoin has its strengths and god forbid we will probably have incidents such as the earlier issue with printing off Bitcoin. I use printing off as a comparisons but really you could double spend coins and keep them and therefore create Bitcoins out of thin air.

The hypothetical person with the quantum computer able to break traditional encryption would probably not go after banks for multiple reasons. First of all banks would have definitely already switched to a quantum resistant encryption method and also the person who has access to the quantum computer will probably not be a ordinary person. They will be involved with the government or one of the wealthy elite in the world. Think facebook's CEO and while he may not agree with banks him attacking a bank mean prison. Whereas attacking Bitcoin is a little different laws are different and because you aren't attacking a centralized figure it is handled different. Also we need to remember that the likes of facebooks ceo would be in competition with Bitcoin as he is now releasing his own cryptocurrency. We do have enemies even more than the banks out there and unfortunate they are powerful enemies with seemingly unlimited funds. 
Macadonian
Member
**
Offline Offline

Activity: 115
Merit: 320


View Profile
July 25, 2019, 10:49:51 AM
 #47

The hypothetical person with the quantum computer able to break traditional encryption would probably not go after banks for multiple reasons. First of all banks would have definitely already switched to a quantum resistant encryption method and also the person who has access to the quantum computer will probably not be a ordinary person. They will be involved with the government or one of the wealthy elite in the world. Think facebook's CEO and while he may not agree with banks him attacking a bank mean prison. Whereas attacking Bitcoin is a little different laws are different and because you aren't attacking a centralized figure it is handled different. Also we need to remember that the likes of facebooks ceo would be in competition with Bitcoin as he is now releasing his own cryptocurrency. We do have enemies even more than the banks out there and unfortunate they are powerful enemies with seemingly unlimited funds. 
I definitely agree with you that there will only be a few wealthy individuals that will have access to quantum computers and although I think its a good example that Mark Z would be a competitor against Bitcoin I think its fairly unrealistic in reality. Mark already has the marketing power and exposure that he needs for Libra and Bitcoin really isn't competing against him in that way. The only similarities they share is its a digital currency but as far as I know Libra isn't generated using encryption techniques and therefore can't be considered a cryptocurrency. Besides even if Bitcoin was a competitor I think the platform both Facebook and Instagram give him will knock spots off Bitcoins marketing techniques and he probably wouldn't have to invest as much into it compared to a quantum computer. I doubt he would have any other tasks to be completed with a quantum computer.
hd49728
Hero Member
*****
Offline Offline

Activity: 714
Merit: 594



View Profile
July 30, 2019, 12:18:42 PM
 #48

All mechanics made by human, bitcoin made by human, Quantum computers made by human. Human can made, so human can destroy it, adjust it, improve it to make its stronger. If someday, Quantum computers become really dangerous to bitcoin, then bitcoin core developers will do find ways to improve bitcoin source codes, and strengthen protective mechanism of bitcoin network to potential attacks from Quantum computers.
Governments, I don't think we should over worry about governements. The history of bitcoin and crypto currencies show that bitcoin made by a man/ woman, foundation/ company, whatever, but it was definitely not made by government(s). My implication is governments are always falling farther behind bitcoin core developers, and crypto developers. They just want to use their power, legal power to control crypto currency world, but they will not completely reach their purposes. Addtiionally, governments are greedy to learn blockchain technology from @Satoshi Nakamoto, bitcoin core developers, and other crypto developers.

.freebitcoin.       ▄▄▄█▀▀██▄▄▄
   ▄▄██████▄▄█  █▀▀█▄▄
  ███  █▀▀███████▄▄██▀
   ▀▀▀██▄▄█  ████▀▀  ▄██
▄███▄▄  ▀▀▀▀▀▀▀  ▄▄██████
██▀▀█████▄     ▄██▀█ ▀▀██
██▄▄███▀▀██   ███▀ ▄▄  ▀█
███████▄▄███ ███▄▄ ▀▀▄  █
██▀▀████████ █████  █▀▄██
 █▄▄████████ █████   ███
  ▀████  ███ ████▄▄███▀
     ▀▀████   ████▀▀
BITCOIN
DICE
EVENT
BETTING
WIN A LAMBO !

.
            ▄▄▄▄▄▄▄▄▄▄███████████▄▄▄▄▄
▄▄▄▄▄██████████████████████████████████▄▄▄▄
▀██████████████████████████████████████████████▄▄▄
▄▄████▄█████▄████████████████████████████▄█████▄████▄▄
▀████████▀▀▀████████████████████████████████▀▀▀██████████▄
  ▀▀▀████▄▄▄███████████████████████████████▄▄▄██████████
       ▀█████▀  ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  ▀█████▀▀▀▀▀▀▀▀▀▀
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
.PLAY NOW.
Cnut237
Hero Member
*****
Offline Offline

Activity: 1092
Merit: 621



View Profile
August 01, 2019, 08:47:38 AM
Merited by Welsh (4), Heisenberg_Hunter (2), vapourminer (1), ETFbitcoin (1), squatter (1)
 #49

Hi all  Smiley I thought I’d try to summarise Bitcoin's vulnerabilities to Quantum Computers, as well as some potential defences, and get it all in one post. Apologies for the wall of text, but hopefully it is useful...


Mining can potentially be much quicker with QCs.
The current PoW difficulty system can be exploited by a Quantum Computer using Grover’s algorithm to drastically reduce the number of computational steps required to solve the problem. The theorised advantage that a quantum computer (or parallelised QCs) have over classical computers is a couple of orders of magnitude, so ~x100 easier to mine. This isn’t necessarily a game-changer, as this QC speed advantage is likely to be some years away, by which time classical computers will surely have increased speed to reduce the QC advantage significantly. It is worth remembering that QCs aren’t going up against run-of-the-mill standard equipment here, but rather against the very fast ASICs that have been set up specifically for mining.

Re-used BTC addresses are 100% vulnerable to QCs.
Address Re-Use. Simply, any address that is re-used is 100% vulnerable because a QC can use Shor’s algorithm to break public-key cryptography. This is a quantum algorithm designed specifically to solve for prime factors. As with Grover’s algorithm, the key is in dramatically reducing the number of computational steps required to solve the problem. The upshot is that for any known public key, a QC can use Shor’s approach to derive the private key. The vulnerability cannot be overstated here. Any re-used address is utterly insecure.

Processed (accepted) transactions are theoretically somewhat vulnerable to QCs.
Theoretically possible because the QC can derive private keys from used addresses. In practice however processed transactions are likely to be quite secure as QCs would need to out-hash the network to double spend.

Unprocessed (pending) transactions are extremely vulnerable to QCs.
As above, a QC can derive a private key from a public key. So for any unprocessed transaction, a QC attacker can obtain the private key and then create their own transaction whilst offering a much higher fee, so that the attacker’s transaction gets onto the blockchain first, ahead of the genuine transaction. So block interval and QC speed are both crucial here – it all depends on whether or not the a QC can hack the key more quickly than the block is processed.


Possible defences...

Defences using classical computers.
  • Modify the PoW system such that QCs don’t have any advantage over classical computers. Defending PoW is not as important as defending signatures (as above), because PoW is less vulnerable. However various approaches that can protect PoW against QCs are under development, such as Cuckoo Cycle, Momentum and Equihash.
  • Modify the signature system to prevent easy derivation of private keys. Again, various approaches are under development, which use some pretty esoteric maths. There are hash-based approaches such as XMSS and SPHINCS, but more promising (as far as I can tell) are the lattice-based approaches such as Dilithium, which I think is already used by Komodo.

Defences using quantum computers.
As I’ve said a few times, I’m more of a bumbling enthusiast than an expert, but exploiting quantum properties to defend against QC attack seems to me a very good idea. In theory properties such as entanglement and the uncertainty principle can offer an unbreakable defence. Again, people are busy researching this area. There are some quite astonishing ideas out there, such as this one.


I’ll leave it there. Apologies for all the external links, but hopefully this has summarised a few things.

"Let all men know how empty and worthless is the power of kings."
Macadonian
Member
**
Offline Offline

Activity: 115
Merit: 320


View Profile
August 01, 2019, 01:14:46 PM
Merited by Welsh (5)
 #50

Thanks cnut237! I was thinking of summarising the thread and what we have discussed in the reserve post I made but I decided to just include useful quotes and links which I would like to hear more about and more differing opinions on if possible. I have moved this to Bitcoin development & technical discussion hopefully finding a few new people who can expand on the on going discussion and hopefully provide new useful information.

Defences using quantum computers.
As I’ve said a few times, I’m more of a bumbling enthusiast than an expert, but exploiting quantum properties to defend against QC attack seems to me a very good idea. In theory properties such as entanglement and the uncertainty principle can offer an unbreakable defence. Again, people are busy researching this area. There are some quite astonishing ideas out there, such as this one.

I have done some research in this particular field of quantum physics myself and had come across Rajan and Matt Visser proposed idea of implementing a blockchain which relied on transaction records being represented by pairs of entangled photons which would be ordered in a chronological way. Their idea is very smart and by preventing quantum computers from using data in the Blockchain by removing previous photons is a very unique solution to the problem. However I am a little concerned that this complex blockchain would be too hard for the public to grasp and usability could be compromised. The most important thing with Bitcoin is getting people trusting the software and investing in it with a solution as complex as this you would need a quantum computing degree to even grasp it which could result in the loss of faith from the public due to the complexity of the Blockchain. Currently the Blockchain is fairly easy to understand and can be explained in a concise matter but with a entangled photons based blockchain this would be lost.

This is one of my major concerns about Bitcoin being adopted by the masses. Its not the potential security risks because they will be combated with various different techniques. Its the problem of making Bitcoin too hard to understand and therefore losing the trust of the general user.
qubitasic
Newbie
*
Offline Offline

Activity: 48
Merit: 0


View Profile
August 01, 2019, 02:46:36 PM
 #51

We will have a quantum secure network. That is not an issue, but the 'shalecoins', coins with no owner, will become active. https://bitcointalk.org/index.php?topic=5134441.0

And that will be the most challenging thing. https://bitcointalk.org/index.php?topic=5166180.0
mda
Member
**
Offline Offline

Activity: 138
Merit: 12


View Profile
August 01, 2019, 11:30:37 PM
Last edit: August 04, 2019, 02:25:29 AM by mda
 #52

A possible approach to deal with quantum threat would be a multi-tier encryption system. For small amounts (90% of the total) don't change anything, for medium amounts (9% of the total) use weaker and lighter Lamport signatures and for the rest use stronger and heavier Lamport signatures.

https://en.bitcoin.it/wiki/Quantum_computing_and_Bitcoin
cfbtcman
Member
**
Offline Offline

Activity: 238
Merit: 14


View Profile
August 02, 2019, 05:31:05 AM
Merited by Welsh (1)
 #53

All mechanics made by human, bitcoin made by human, Quantum computers made by human. Human can made, so human can destroy it, adjust it, improve it to make its stronger. If someday, Quantum computers become really dangerous to bitcoin, then bitcoin core developers will do find ways to improve bitcoin source codes, and strengthen protective mechanism of bitcoin network to potential attacks from Quantum computers.
Governments, I don't think we should over worry about governements. The history of bitcoin and crypto currencies show that bitcoin made by a man/ woman, foundation/ company, whatever, but it was definitely not made by government(s). My implication is governments are always falling farther behind bitcoin core developers, and crypto developers. They just want to use their power, legal power to control crypto currency world, but they will not completely reach their purposes. Addtiionally, governments are greedy to learn blockchain technology from @Satoshi Nakamoto, bitcoin core developers, and other crypto developers.

Looking for the time that man takes to answer many times i would not be so positive, we never know what is being made secretly like USA Area 51 and so on...

Biggest project to hack cryptography in WW2 ENIGMA was something never thought by germans, but ENIGMA was cracked.

Looking for the way bitcoin works now and who makes decisions i would say maybe we are in danger, just look the time we start to talk about scalling and the time it really scalled (not yet).

Cracking bitcoin could be a good project for all governments to prove they are right about Bitcoin not be a good thing, and governments have a lot of resources!
crwth
Copper Member
Hero Member
*****
Offline Offline

Activity: 1386
Merit: 854


Trade Crypto 24/7 with Gunbot! https://gunbot.ph


View Profile WWW
August 16, 2019, 03:11:27 AM
Merited by Welsh (2)
 #54

This topic has got me thinking.

We all know that Quantum Computing could significantly improve the power of computers. Imagine that you are using this technology to have multiple nodes/computers. Then having those various computers, maybe roughly the amount of "enough users" to accept a new software that probably coded a bug or an exploit. Would we ever arrive at the part where Bitcoin has already formed to the right software where it could prevent this type of attack? Could bitcoin also recover? I think if this is successful, more trust would be broken not just with Bitcoin, but with Cryptocurrencies in general. It is knowing that there are a lot of people who don't understand this type of subject matter.

Anyway, why believe that Quantum Computing will end Bitcoin? Why not help it?





.
.




░██████████████████░
████████████████████
█████████▀░░░███████
█████████░░▄████████
███████▀▀░░▀▀███████
███████▄▄░░▄▄███████
█████████░░█████████

█████████░░█████████

█████████▄▄█████████

████████████████████

░██████████████████░
░██████████████████░
████████████████████
████████████▀▀▀█▀███
███░▀█████▀░░░░░▀███
███▌░░░▀▀▀░░░░░░████
████▄░░░░░░░░░░░████
█████▀░░░░░░░░░█████

██████▄░░░░░▄▄██████

█████▄▄▄▄███████████

████████████████████

░██████████████████░
░██████████████████░
████████████████████
████████████████████
███████████▀▀░░▐████
███████▀▀░░░░░█████
████▀░░░▄█▀░░░▐█████
█████▄▄█▀░░░░░██████

███████▌▄▄▄▐██████

████████████████████

████████████████████

░██████████████████░
cfbtcman
Member
**
Offline Offline

Activity: 238
Merit: 14


View Profile
August 17, 2019, 02:19:34 AM
 #55

This topic has got me thinking.

We all know that Quantum Computing could significantly improve the power of computers. Imagine that you are using this technology to have multiple nodes/computers. Then having those various computers, maybe roughly the amount of "enough users" to accept a new software that probably coded a bug or an exploit. Would we ever arrive at the part where Bitcoin has already formed to the right software where it could prevent this type of attack? Could bitcoin also recover? I think if this is successful, more trust would be broken not just with Bitcoin, but with Cryptocurrencies in general. It is knowing that there are a lot of people who don't understand this type of subject matter.

Anyway, why believe that Quantum Computing will end Bitcoin? Why not help it?

Bitcoin can answer to a crack, that was done before with a rollerback, but some attack would be bad for the business could be a complete CAOS for a while.

Hope the guys in command knows what they are doing, IOTA for example was lunched as anti-Quntum Attack, hope bitcoin improve in time.
aplistir
Full Member
***
Offline Offline

Activity: 373
Merit: 175



View Profile
August 17, 2019, 04:31:30 PM
Merited by PrimeNumber7 (1)
 #56


Bitcoin can answer to a crack, that was done before with a rollerback, but some attack would be bad for the business could be a complete CAOS for a while.

With the amount of transactions bitcoin currently has >300k/day, a rollback is almost impossible. Planning a rollback and getting everyone to agree with it would take some time, and what would you do with the >300-2000k transactions that were confirmed before the rollback?
There is a lot of money moving in bitcoin. How can anyone justify cancelling than many transactions?
Imagine. You sell your car for bitcoins, wait for it to confirm hand over your car and then the next day you don't have your coins anymore  Angry
What would that do to the reputation of bitcoin?

Maybe, if there would be a HUGE theft that would be noticed immediately, but that would have to be REALLY huge. I cant imagine such a thing happening anymore.
When a rollback was done bitcoin was a lot of smaller and there weren't as many transactions then. And the bug would have destroyed bitcoin if it had not been fixed. (someone created ridiculous amounts of new bitcoins from nothing. IF I remember correctly he created hundreds of millions of bitcoins...  Huh so something had to be done)


My Address: 121f7zb2U4g9iM4MiJTDhEzqeZGHzq5wLh
crwth
Copper Member
Hero Member
*****
Offline Offline

Activity: 1386
Merit: 854


Trade Crypto 24/7 with Gunbot! https://gunbot.ph


View Profile WWW
August 20, 2019, 05:04:25 AM
Merited by Welsh (4)
 #57

Bitcoin can answer to a crack, that was done before with a rollerback, but some attack would be bad for the business could be a complete CAOS for a while.
It's not a crack what I'm talking about, it's physically tricking the network or something like that. I doubt that it's going to work but in theory, it sounds plausible. That's why I suggested, instead of using Quantum computers to make normal computers, hashes, obsolete, why not make it more powerful using that technology? It's far ahead into the future but it's better than destroying things.



With the amount of transactions bitcoin currently has >300k/day, a rollback is almost impossible. Planning a rollback and getting everyone to agree with it would take some time, and what would you do with the >300-2000k transactions that were confirmed before the rollback?
That's the thing, you can't. Maybe if we are talking about theories, certainly, we can but it's all a theory unless you have enough power to hack everything and Bitcoin would turn inside out and all those things that you sold for BTC, wouldn't be worth it anymore. That's only true if it happens, which is impossible to do.

Maybe, if there would be a HUGE theft that would be noticed immediately, but that would have to be REALLY huge. I cant imagine such a thing happening anymore.
We will never know unless something happens unexpectedly, knowing the will of other people just to destroy other peoples hard work, it's just the reality anymore. What we need to worry about is what hackers do with their knowledge.





.
.




░██████████████████░
████████████████████
█████████▀░░░███████
█████████░░▄████████
███████▀▀░░▀▀███████
███████▄▄░░▄▄███████
█████████░░█████████

█████████░░█████████

█████████▄▄█████████

████████████████████

░██████████████████░
░██████████████████░
████████████████████
████████████▀▀▀█▀███
███░▀█████▀░░░░░▀███
███▌░░░▀▀▀░░░░░░████
████▄░░░░░░░░░░░████
█████▀░░░░░░░░░█████

██████▄░░░░░▄▄██████

█████▄▄▄▄███████████

████████████████████

░██████████████████░
░██████████████████░
████████████████████
████████████████████
███████████▀▀░░▐████
███████▀▀░░░░░█████
████▀░░░▄█▀░░░▐█████
█████▄▄█▀░░░░░██████

███████▌▄▄▄▐██████

████████████████████

████████████████████

░██████████████████░
j2002ba2
Jr. Member
*
Online Online

Activity: 42
Merit: 19


View Profile
August 23, 2019, 03:38:23 PM
 #58

We all know that Quantum Computing could significantly improve the power of computers.
QC could not improve computing power.

Classical computing will always be cheaper and faster than QC.

It is very simple physics, noise ruins all and every extrapolated prediction of QC efficiency.

IMO, quantum physics is not the reality, but rather a set of very useful statistical tools.

Due to the imaginary nature of quantum physics, people easily get confused.
crwth
Copper Member
Hero Member
*****
Offline Offline

Activity: 1386
Merit: 854


Trade Crypto 24/7 with Gunbot! https://gunbot.ph


View Profile WWW
August 24, 2019, 10:52:56 AM
Merited by Macadonian (2)
 #59

Due to the imaginary nature of quantum physics, people easily get confused.
And using that imagination, computers were invented. Imagine living in the 1800's; they probably imagined how they are going to talk to other people from another side Of the world? How is mathematics going to be easy? I wish there were some machine or equipment for that

Don't be so negative with things that are not yet adequately realized. It all starts with a theory and a what-if.

It's hard yet to realize since there are only two ways to do quantum computing and you need an expensive device to experiment. It needs to be in a vacuum chamber etc. The human race would get there, for sure. (unless we have destroyed our home, Earth) Lol





.
.




░██████████████████░
████████████████████
█████████▀░░░███████
█████████░░▄████████
███████▀▀░░▀▀███████
███████▄▄░░▄▄███████
█████████░░█████████

█████████░░█████████

█████████▄▄█████████

████████████████████

░██████████████████░
░██████████████████░
████████████████████
████████████▀▀▀█▀███
███░▀█████▀░░░░░▀███
███▌░░░▀▀▀░░░░░░████
████▄░░░░░░░░░░░████
█████▀░░░░░░░░░█████

██████▄░░░░░▄▄██████

█████▄▄▄▄███████████

████████████████████

░██████████████████░
░██████████████████░
████████████████████
████████████████████
███████████▀▀░░▐████
███████▀▀░░░░░█████
████▀░░░▄█▀░░░▐█████
█████▄▄█▀░░░░░██████

███████▌▄▄▄▐██████

████████████████████

████████████████████

░██████████████████░
2double0
Legendary
*
Offline Offline

Activity: 1750
Merit: 1056



View Profile
August 28, 2019, 12:38:08 PM
Merited by Welsh (1)
 #60

Due to the imaginary nature of quantum physics, people easily get confused.
And using that imagination, computers were invented. Imagine living in the 1800's; they probably imagined how they are going to talk to other people from another side Of the world? How is mathematics going to be easy? I wish there were some machine or equipment for that

Don't be so negative with things that are not yet adequately realized. It all starts with a theory and a what-if.

It's hard yet to realize since there are only two ways to do quantum computing and you need an expensive device to experiment. It needs to be in a vacuum chamber etc. The human race would get there, for sure. (unless we have destroyed our home, Earth) Lol

When devs are getting their hands on these devices, can't a counter-defence (or attack) be introduced by them even at their understanding of 2 qubits to help figure out what type of actual attacks can destruct the memorandum code for Bitcoin? Can it be just attacking the value of Bitcoin or it will also destroy the whole economy? Considering that over 84% of BTC has already been mined, I see it to be least affecting the niche but the thing is, Bitcoin is still 'not fully, but to some extent' vulnerable to this type of *imagination* and we should prepare ourselves for a situation if occurs in near future. Why not find out a technology that can prevent us from the attacks of QC? If QC and other things were imagined and have become truth now, there must be something that can abolish their twitches and burst the bubble before it becomes too big to stop you from breathing.

                                   
                                  
                                   
                                  
                                  
                                   
                                   
                                   
                                   
                                   
                                   
                                  
                                   
                                  
                                   
.
sCASINEOS    Blockchain Powered Betting    25% First Deposit Bonus 
.
s PLAY NOW    
crwth
Copper Member
Hero Member
*****
Offline Offline

Activity: 1386
Merit: 854


Trade Crypto 24/7 with Gunbot! https://gunbot.ph


View Profile WWW
August 28, 2019, 04:11:06 PM
Merited by Welsh (2)
 #61

When devs are getting their hands on these devices, can't a counter-defence (or attack) be introduced by them even at their understanding of 2 qubits to help figure out what type of actual attacks can destruct the memorandum code for Bitcoin? Can it be just attacking the value of Bitcoin or it will also destroy the whole economy?
So are you saying that developers are going to use it for good or not? I don’t quite understand what you are trying to say. With the use of QC, you would use it to see what “type” of attacks would work on Bitcoin and how it could be prevented? (That’s the good part).

What memorandum are you talking about? Maybe you are talking about integrity of the code? Altering it would cause a lot of economical tragedy with Bitcoin. Loss in value etc.

Considering that over 84% of BTC has already been mined, I see it to be least affecting the niche but the thing is, Bitcoin is still 'not fully, but to some extent' vulnerable to this type of *imagination* and we should prepare ourselves for a situation if occurs in near future.
I think time will come when it does that but we are probably not alive anymore when it happens. Maybe there would be a great change with regards how we are currently using cryptocurrencies now.

Why not find out a technology that can prevent us from the attacks of QC? If QC and other things were imagined and have become truth now, there must be something that can abolish their twitches and burst the bubble before it becomes too big to stop you from breathing.
Approaching it where the problem is QC (theory only) it should be answered by the same powerful thing, QC. It’s like fighting fire with fire, but everything is digital.

We are not there yet where it’s applicable already.





.
.




░██████████████████░
████████████████████
█████████▀░░░███████
█████████░░▄████████
███████▀▀░░▀▀███████
███████▄▄░░▄▄███████
█████████░░█████████

█████████░░█████████

█████████▄▄█████████

████████████████████

░██████████████████░
░██████████████████░
████████████████████
████████████▀▀▀█▀███
███░▀█████▀░░░░░▀███
███▌░░░▀▀▀░░░░░░████
████▄░░░░░░░░░░░████
█████▀░░░░░░░░░█████

██████▄░░░░░▄▄██████

█████▄▄▄▄███████████

████████████████████

░██████████████████░
░██████████████████░
████████████████████
████████████████████
███████████▀▀░░▐████
███████▀▀░░░░░█████
████▀░░░▄█▀░░░▐█████
█████▄▄█▀░░░░░██████

███████▌▄▄▄▐██████

████████████████████

████████████████████

░██████████████████░
Macadonian
Member
**
Offline Offline

Activity: 115
Merit: 320


View Profile
August 31, 2019, 01:29:11 PM
 #62

So are you saying that developers are going to use it for good or not? I don’t quite understand what you are trying to say. With the use of QC, you would use it to see what “type” of attacks would work on Bitcoin and how it could be prevented? (That’s the good part).
Because of the issue discussed of only the wealthy elite being able to get their hands on quantum computers that are capable of threatening the algorithm Bitcoin uses its not realistic to use it for good. Especially because the easy solution would be changing to a different algorithm which would be capable of defending against a quantum computer. If someone wants to help Bitcoin against the future threat of quantum computers it would be contributing to the projects which are intending on implementing the quantum resistant algorithms or Bitcoin itself.
crwth
Copper Member
Hero Member
*****
Offline Offline

Activity: 1386
Merit: 854


Trade Crypto 24/7 with Gunbot! https://gunbot.ph


View Profile WWW
September 01, 2019, 06:21:44 AM
 #63

Because of the issue discussed of only the wealthy elite being able to get their hands on quantum computers that are capable of threatening the algorithm Bitcoin uses its not realistic to use it for good.
I have never thought of the economics aspect towards how the Quantum Computers are going to be a threat towards the different kind of computing systems. I agree that the ones who can be the first customers of QC's might probably be the richest people. Addition to the people researching on that subject, they are going to be the first ones.

If someone wants to help Bitcoin against the future threat of quantum computers it would be contributing to the projects which are intending on implementing the quantum resistant algorithms or Bitcoin itself.
I know that we are far away from that reality but preventing the possible QC attacks to the network is more viable. I'm just not sure how they are going to do it because knowing the computing capabilities of QC, and it could outsmart any problems faster than normal.





.
.




░██████████████████░
████████████████████
█████████▀░░░███████
█████████░░▄████████
███████▀▀░░▀▀███████
███████▄▄░░▄▄███████
█████████░░█████████

█████████░░█████████

█████████▄▄█████████

████████████████████

░██████████████████░
░██████████████████░
████████████████████
████████████▀▀▀█▀███
███░▀█████▀░░░░░▀███
███▌░░░▀▀▀░░░░░░████
████▄░░░░░░░░░░░████
█████▀░░░░░░░░░█████

██████▄░░░░░▄▄██████

█████▄▄▄▄███████████

████████████████████

░██████████████████░
░██████████████████░
████████████████████
████████████████████
███████████▀▀░░▐████
███████▀▀░░░░░█████
████▀░░░▄█▀░░░▐█████
█████▄▄█▀░░░░░██████

███████▌▄▄▄▐██████

████████████████████

████████████████████

░██████████████████░
cfbtcman
Member
**
Offline Offline

Activity: 238
Merit: 14


View Profile
September 03, 2019, 03:41:27 AM
 #64


Bitcoin can answer to a crack, that was done before with a rollerback, but some attack would be bad for the business could be a complete CAOS for a while.

With the amount of transactions bitcoin currently has >300k/day, a rollback is almost impossible. Planning a rollback and getting everyone to agree with it would take some time, and what would you do with the >300-2000k transactions that were confirmed before the rollback?
There is a lot of money moving in bitcoin. How can anyone justify cancelling than many transactions?
Imagine. You sell your car for bitcoins, wait for it to confirm hand over your car and then the next day you don't have your coins anymore  Angry
What would that do to the reputation of bitcoin?

Maybe, if there would be a HUGE theft that would be noticed immediately, but that would have to be REALLY huge. I cant imagine such a thing happening anymore.
When a rollback was done bitcoin was a lot of smaller and there weren't as many transactions then. And the bug would have destroyed bitcoin if it had not been fixed. (someone created ridiculous amounts of new bitcoins from nothing. IF I remember correctly he created hundreds of millions of bitcoins...  Huh so something had to be done)



I was speaking in the case of a big attack, if it happens a little one its the same as you be hacked in your browser with a keylogger, that happens everyday or some guys stoling exchangers.

I think should exist some link in bitcoin.org website to complaint about transactions maybe hacked and should be marked as under investigation if we discover a padroon maybe can help to catch the bad guys.
LUCKMCFLY
Legendary
*
Offline Offline

Activity: 1036
Merit: 1026



View Profile
September 05, 2019, 10:21:52 PM
Merited by Welsh (2)
 #65

I want to share this article where they talk that the NSA wants to develop a cryptocurrency with quantum resistance:


Source: https://cointelegraph.com/news/nsa-working-to-develop-quantum-resistant-cryptocurrency-report

It is necessary to emphasize that the development of quantum computers has always attracted my attention, and I can only imagine that by having a Quantum Computer, and this quantum resistance coin is taken, the potential that will be developed will be incredible.

I have always thought that development calls for development and innovation, the algorithms will be with much more optimal codes, and if we add the artificial intelligence that helps to continue developing the improvements in a quantum computer, bitcoin would in turn have a prolonged growth, Well, if we assume that all altcoins depend on Bitcoin directly or indirectly combined with superior technology, it could be said that the market in general would enter a higher level where the price of Bitcoin would be much higher, since people pay whatever To have security.


███████████████████████████
█████████▀▄▄▄▄▄██▀▀████████
█████▀▄█▀▀▄▄▄▄▄▄▄▀▀▄▄▀█████
████ █▀▄███████████▄▀██████
███▄█ ███████▀ ██████ █ ███
██▀█ ███  ▀▀█  ▀██████ █ ██
██ █ ████▄▄      ▀▀▀██ █ ██
██ █ █████▌        ▄██ ████
███▄█ █████▄▄   ▄▄███ █▀███
████▀█▄▀█████▌  ▀██▀▄█ ████
█████▄▀▀▄▄▀▀▀▀   ▄▄█▀▄█████
████████▄██▀▀▀▀▀▀██████████
███████████████████████████
        █▄
  ▀▀█▀█▄▄█ ▄ ▄▄▄
   ▄▄▄▄▄████▄▄
 ▄▀▀ ▀▄██▄▀▀▀█▄
    ▄████▌▀█▄  ▀
    ▀▀
█▌  █
     ▄  ▀

    ▄
    █
    ▄▄▄▄▄█▀▀██
   ████████████▄█████
 ▄███████████▄████████████▄
 █████████████▄█████▄███████▄
█████████████████████████████
★ ‎
‎ ★
UP
TO
15%...CASH BACK
EVERY SPIN

‎ ★
      ▄▄██▄█▄        ▄██████▄
   ▀██████████▄     ██████████
      ▄▄▄▄▄     ▐██████████▌
   ▄███████████▄   ██████████
  ████████████████▄  ▀███▀▀▄██▄
     ▀▀█████████████  ▀██████████▄
          █▀▀▀▀▀▀▀▀▀
         ▐▌
         █
        ▐▌
        █       ▄▄▄▄▄▄
   ▄▄▄▄██████████████████▄▄▄
▄█████████████████████████████▄▄▄▄
..PLAY NOW..
ETFbitcoin
Legendary
*
Offline Offline

Activity: 2086
Merit: 2456

Use SegWit and enjoy lower fees.


View Profile WWW
September 06, 2019, 05:23:59 AM
 #66

I want to share this article where they talk that the NSA wants to develop a cryptocurrency with quantum resistance:
--snip--

NSA and cryptocurrency is weird pair and i have some skepticism.

But effort to make quantum-resistant cryptocurrency cryptography already happened for years and even few cryptocurrency claim cryptography they use is quantum-resistant.
For reference, there are some promising candidate for quantum resistant cryptography signature, such as :
1. Lamport Signature
2. Lattice-based Cryptography
3. Multivariate-based cryptography

satoquotes
Newbie
*
Offline Offline

Activity: 11
Merit: 1


View Profile
September 09, 2019, 01:26:14 PM
 #67

For reference, there are some promising candidate for quantum resistant cryptography signature, such as :
1. Lamport Signature
2. Lattice-based Cryptography
3. Multivariate-based cryptography

These would be temporary solutions. Therefore they are developing new cryptos.

Postquantum, nobody will be able to prove that he/she/they was/were the owner/s in the old system, because everyone will be able to reproduce the privatekeys of old blockchains.

We will have a quantum secure network.
This will be the new beginning.

edited
ETFbitcoin
Legendary
*
Offline Offline

Activity: 2086
Merit: 2456

Use SegWit and enjoy lower fees.


View Profile WWW
September 09, 2019, 06:18:23 PM
 #68

For reference, there are some promising candidate for quantum resistant cryptography signature, such as :
1. Lamport Signature
2. Lattice-based Cryptography
3. Multivariate-based cryptography

These would be temporary solutions. Therefore they are developing new cryptos.

Postquantum, nobody will be able to prove that he/she/they was/were the owner/s in the old system, because everyone will be able to reproduce the privatekeys of old blockchains.

We will have a quantum secure network.
This will be the new beginning.

edited

It's partially wrong, ECDSA is partially secure against quantum computer as long as the public key of an bitcoin address isn't known.
The real risks is when quantum computer is fast enough to obtain private key from public key in few minutes, which allow double-spend or re-org attack.

Using new cryptocurrency which only use quantum resistant cryptography isn't bad idea, but :
1. Is moving to different cryptocurrency every-time when there's known critical/unfixable vulnerability on current cryptocurrency is good solution?
2. Some cryptocurrency is dominated by developer and investor (with pre-mine and coin distribution) which makes wealth distribution far worse than Bitcoin or today's fiat.

Macadonian
Member
**
Offline Offline

Activity: 115
Merit: 320


View Profile
October 22, 2019, 12:46:32 PM
Merited by suchmoon (7), Welsh (6), AverageGlabella (3), vapourminer (1), ETFbitcoin (1)
 #69

I want to share this article where they talk that the NSA wants to develop a cryptocurrency with quantum resistance:
--snip--

NSA and cryptocurrency is weird pair and i have some skepticism.

But effort to make quantum-resistant cryptocurrency cryptography already happened for years and even few cryptocurrency claim cryptography they use is quantum-resistant.
For reference, there are some promising candidate for quantum resistant cryptography signature, such as :
1. Lamport Signature
2. Lattice-based Cryptography
3. Multivariate-based cryptography
Skepticism is valid because they are the NSA but remember that not every american government related organization is bad for the development of Bitcoin or cryptocurrency. The Tor Browser project was first made by the US Navy and their goal was to create a circuit based network which was capable of operating on low latency which would provide anonymity to its users. This quickly turned into a very good project for those wanting to conceal their identity while browsing the web and expanded beyond military use. The military has probably moved away from using the tor browser project because of exit nodes showing plain data and can be used by anyone unless they have control of their own nodes and only connect to them. The point I'm trying to make despite these projects being anti government in certain areas they were still developed by organizations close to the government. The Tor Browser went against NSA's principles of wanting all the information they can on everyone just like Bitcoin and other cryptocurrencies encourage anonymity.

The funding that NSA can bring will certainly help the development towards a better alternative to lamport, lattice and multivariate based cryptocurrency if it doesn't provide a better alternative its always better to have more minds contributing to a issue because other projects like lamport or does not have the funding that the NSA does will be able to learn and integrate additions that the NSA have proposed.
funsponge
Hero Member
*****
Offline Offline

Activity: 760
Merit: 530


CryptoTalk.Org - Get Paid for every Post!


View Profile
November 05, 2019, 12:06:33 AM
Merited by Saidasun (1)
 #70

A lot of people mention it here but how exactly is a quantum computer so good at one specific task? How are the developed differently? I have been studying quantum computers recently after the recent announcement of the Google quantum computer ground breaking qbits but whenever someone says quantum computers are only good at one specific task they never go into detail why that is true.

I would have thought that quantum computers would be good at all tasks just like a normal computer because they have better hardware than personal computers. How could that possibly have a detrimental effect on the computer if the hardware is much better?

Does it have something to do with the heat that the computer generates because of the amount of work that the hardware is putting in?

 
                                . ██████████.
                              .████████████████.
                           .██████████████████████.
                        -█████████████████████████████
                     .██████████████████████████████████.
                  -█████████████████████████████████████████
               -███████████████████████████████████████████████
           .-█████████████████████████████████████████████████████.
        .████████████████████████████████████████████████████████████
       .██████████████████████████████████████████████████████████████.
       .██████████████████████████████████████████████████████████████.
       ..████████████████████████████████████████████████████████████..
       .   .██████████████████████████████████████████████████████.
       .      .████████████████████████████████████████████████.

       .       .██████████████████████████████████████████████
       .    ██████████████████████████████████████████████████████
       .█████████████████████████████████████████████████████████████.
        .███████████████████████████████████████████████████████████
           .█████████████████████████████████████████████████████
              .████████████████████████████████████████████████
                   ████████████████████████████████████████
                      ██████████████████████████████████
                          ██████████████████████████
                             ████████████████████
                               ████████████████
                                   █████████
.CryptoTalk.org.|.MAKE POSTS AND EARN BTC!.🏆
tromp
Hero Member
*****
Offline Offline

Activity: 657
Merit: 568


View Profile
November 05, 2019, 08:53:13 AM
Merited by vapourminer (2), ETFbitcoin (1), Saidasun (1)
 #71

A lot of people mention it here but how exactly is a quantum computer so good at one specific task?

Quantum computers are often compared with massively (exponentially so) parallel computers.

Their states are actually superpositions of classical states, each of which has a complex amplitude, which can be thought of as a complex analogue of probability.

Unlike classical parallelism, states in superposition are NOT individually observable.
You need to orchestrate the quantum computation so that states you don't want to observe CANCEL each other in amplitude.

Only problems with a very particular structure, such as integer factorization, allow for cancellation of all but an exponentially small fraction of desirable states, i.e. states from which we can extract the problem answer.
Saidasun
Member
**
Offline Offline

Activity: 68
Merit: 147


View Profile
November 05, 2019, 11:31:41 AM
Merited by Welsh (8), Macadonian (7), funsponge (3), vapourminer (2), NotFuzzyWarm (1), ETFbitcoin (1)
 #72

A lot of people mention it here but how exactly is a quantum computer so good at one specific task? How are the developed differently?
Computers are made with a layering system which determines what is on the computer. More layers does not necessarily mean a slower computer but in general terms when comparing a personal computer and a quantum computer it is the case. A personal computer has more layers and operates off high level programming instead of low level. Low level programming is sometimes called machine code and high level programming is called byte code. You are familiar with byte code because you use it every day. Byte code is on a operating system level and usually requires an operating system to be present. Look at windows and Ubuntu these are the operating systems which bytecode interacts with. These operating systems are designed to be a jack of all trades unlike super computers and quantum computers which excel at only a couple of things.

Just think that your computer that has these operating systems on them have useful programs like calculators and UI's and all kinds of things that help you as a daily user. However when quantum computers come into the frame they consider these programs useless. Even if a quantum computer has more powerful hardware it would still be a waste of resources to install a operating system. Instead they will use machine code and machine code is usually used for specific tasks. Your TV remote for a example as machine code and does not have a operating system. Automatic doors on a car would only have machine code. They are designed for speed in mind and to perform only a few tasks. Your tv remote flicks over channels but it cant surf the web or have a built in calculator same goes for a locking mechanism on a car it only has two jobs and that is to lock or unlock the door.

These are simple examples and ways of explaining this but this is the general idea of quantum computers vs a personal computer. A quantum computer will not have an operating system and they will be designed like your tv remote to carry out specific tasks as efficiently as possible. The biggest quantum computer development is factoring and they are extremely good at solving factoring problems but they can't calculate anything else except for what they are told to do. Combing this with the hardware of a quantum computer gives you what they are today. Qbits is a measurement of the processing power of these computers.
Macadonian
Member
**
Offline Offline

Activity: 115
Merit: 320


View Profile
November 05, 2019, 12:22:14 PM
 #73

-snip-
This is a good explanation at a very basic level but quantum computers are much more than just a layered system but I would agree that this is probably the best way of explaining the differences between normal computers and quantum computers and  I would like to say that because of this layering system targeted attacks would be more probable than large scale attacks due to having to rework what you call the machine code. I would call these super states which tromp goes into a little detail about. The only thing that newcomers to Bitcoin need to know is quantum computers aren't the end of Bitcoin and at a basic level they are made different than to your computer at home. They are only capable of targeted attacks and Bitcoin is probably at the lower end of priorities for a potential attacker. EDSCA is not going to be a big target for someone with a quantum computer and despite the media claims Bitcoin will not be in danger for at least another 10 years unless there is some groundbreaking breakthroughs in the scene of quantum mechanics.
Cnut237
Hero Member
*****
Offline Offline

Activity: 1092
Merit: 621



View Profile
November 24, 2019, 09:41:19 AM
Last edit: November 24, 2019, 07:19:24 PM by Cnut237
Merited by Welsh (10), ETFbitcoin (3), vapourminer (2), Danydee (2)
 #74

When considering the security impact of quantum computers, we do need to make the distinction between post-quantum cryptography, which uses classical computers to provide quantum-resistant algorithms,  and quantum cryptography, which uses quantum computers to provide quantum-resistant algorithms.

If we consider quantum computers as a means of attack, we are generally thinking about the phenomenal factoring power which can swamp traditional security measures. As we have discussed, there has been a lot of work in post-quantum cryptography to establish robust classical defences, ranging across a number of different approaches using some quite sophisticated maths, be it lattice, Lamport/Merkle sig or (deep breath) supersingular-isogeny-graph-Diffie-Hellman-key-exchange.

Some of these approaches show a lot of promise. However quantum cryptography - building fundamentally unbreakable security measures by using the laws of quantum mechanics - is for me a hugely important strategy. I say fundamentally unbreakable because the act of observation (or eavesdropping, or hacking) is an integral component in any quantum mechanical system. The observer impacts the results, as in the Schrodinger's Cat thought experiment (incidentally the theoretical cat is not both alive and dead at the same time, rather it is in a superposition of the states, a probability function that only resolves upon being observed).
Any attempt to observe/hack/eavesdrop on the quantum state alters the data, and it's impossible to pull the data out and copy it, either. This is demonstrated by the no-cloning theorem.

I've already mentioned Kak's 3-stage protocol, which is entirely quantum, unlike the more commonly used approach of Quantum Key Distribution... but I'd like to go into QKD a bit here, just to demystify it a bit.

The standard terrestrial approach to QKD is essentially to send photons one-by-one down a normal fibre-optic cable. If someone tries to read (hack) the communication, then this act of observation alters the polarity of the photon, and so the recipient becomes aware of the hacker's presence. This is simple QM, it's a basic physical law that can't be bypassed. Of course you wouldn't send a whole message in this way, but it is a perfect method for establishing a shared key.

There is also a satellite approach to QKD that China is developing, which relies on quantum entanglement so that two photons both have the same physical state. Again, anyone eavesdropping disrupts the communication.

... so whilst understandably a lot of focus is on the dangers posed by attacks that exploit the properties of quantum mechanics, it is (in mainstream opinion) sometimes overlooked that those same properties can provide a phenomenal (and as we understand QM, perfect) defence.



[image sourced from this article: https://www.sciencemag.org/news/2017/06/china-s-quantum-satellite-achieves-spooky-action-record-distance ]


"Let all men know how empty and worthless is the power of kings."
Voland.V
Member
**
Offline Offline

Activity: 196
Merit: 95


View Profile WWW
December 01, 2019, 05:09:05 PM
Merited by ETFbitcoin (2), Welsh (2), vapourminer (1)
 #75

Why is everyone discussing cryptography but not dividing the systems into symmetric and asymmetric? Not taking into account quantum computing, which today is a greater reality than this summer (https://ai.googleblog.com/2019/10/quantum-supremacy-using-programmable.html), for a cryptanalyst, any asymmetric system can be hacked. It all depends on the amount of plaintext and the corresponding code, the availability of a public key.

Sooner or later, this problem is solved mathematically, and not by exhaustive search of the code, which everyone fears. Even if the problem is not completely solved by mathematical analysis, thanks to it, the remaining options for exhaustive search are greatly reduced in comparison with the initial ones. Here is a look at the old material that has become relevant today: https://www.schneier.com/essays/archives/2018/09/cryptography_after_t.html This is the genius of the entire science of cryptography writes, and not the simple owner of bitcoin. Of all existing systems, only AES-256 (symmetric) remains in today's post-quantum world.

And do not forget that all systems with public and private keys are much more resource-intensive than any symmetric one. How you are going to use the post-quantum asymmetric system on a regular computer is not clear. And in blockchain technology, it’s even more incomprehensible.

To fantasize and expect ready-made solutions, to doubt the progress of computing technology, not to know that the entire blockchain is built on an unproven assumption, about the lack of a mathematical solution to the asymmetric encryption used, and not to know about the danger of elliptic cryptography based on the assumption that there are no collisions in the selected elliptical ( there are a lot of examples, including errors of standardization of these curves by NIST itself) - this is sticking your head in the sand.

Long live ostriches, the most daring birds in the world!
Danydee
Legendary
*
Offline Offline

Activity: 1288
Merit: 1043


C.D.P.E.M.


View Profile
December 02, 2019, 11:14:01 PM
Last edit: December 02, 2019, 11:49:36 PM by Danydee
 #76

Great's to read OP,
This is what you think !

Now can you imagine if certains parties wants to targets someone, there is simply just nothing that he can do. Do this is not a field that discourage the using of Bitcoin !?

And here's is the question, as there's already Quantum-Proof cryptocurrencies existing.





 [.... ]
If someone wants to help Bitcoin against the future threat of quantum computers it would be contributing to the projects which are intending on implementing the quantum resistant algorithms or Bitcoin itself.
I know that we are far away from that reality but preventing the possible QC attacks to the network is more viable. I'm just not sure how they are going to do it because knowing the computing capabilities of QC, and it could outsmart any problems faster than normal.
What do you think of a graduated upgrade that could implement the core/network with a protocol using a second private key for an address, so the core recognise if a address is upgraded to/(have adopted the protocol), and then alow or not the task from that address. As that's would be operated gradually, from a proper adoption of the wallets owners, anybody will forgotten!  Huh


.
.
Voland.V
Member
**
Offline Offline

Activity: 196
Merit: 95


View Profile WWW
December 03, 2019, 01:38:29 PM
Merited by Welsh (4), ETFbitcoin (1)
 #77

When considering the security impact of quantum computers, we do need to make the distinction between post-quantum cryptography, which uses classical computers to provide quantum-resistant algorithms,  and quantum cryptography, which uses quantum computers to provide quantum-resistant algorithms.

If we consider quantum computers as a means of attack, we are generally thinking about the phenomenal factoring power which can swamp traditional security measures. As we have discussed, there has been a lot of work in post-quantum cryptography to establish robust classical defences, ranging across a number of different approaches using some quite sophisticated maths, be it lattice, Lamport/Merkle sig or (deep breath) supersingular-isogeny-graph-Diffie-Hellman-key-exchange.

Some of these approaches show a lot of promise. However quantum cryptography - building fundamentally unbreakable security measures by using the laws of quantum mechanics - is for me a hugely important strategy. I say fundamentally unbreakable because the act of observation (or eavesdropping, or hacking) is an integral component in any quantum mechanical system. The observer impacts the results, as in the Schrodinger's Cat thought experiment (incidentally the theoretical cat is not both alive and dead at the same time, rather it is in a superposition of the states, a probability function that only resolves upon being observed).
Any attempt to observe/hack/eavesdrop on the quantum state alters the data, and it's impossible to pull the data out and copy it, either. This is demonstrated by the no-cloning theorem.

I've already mentioned Kak's 3-stage protocol, which is entirely quantum, unlike the more commonly used approach of Quantum Key Distribution... but I'd like to go into QKD a bit here, just to demystify it a bit.

The standard terrestrial approach to QKD is essentially to send photons one-by-one down a normal fibre-optic cable. If someone tries to read (hack) the communication, then this act of observation alters the polarity of the photon, and so the recipient becomes aware of the hacker's presence. This is simple QM, it's a basic physical law that can't be bypassed. Of course you wouldn't send a whole message in this way, but it is a perfect method for establishing a shared key.

There is also a satellite approach to QKD that China is developing, which relies on quantum entanglement so that two photons both have the same physical state. Again, anyone eavesdropping disrupts the communication.

... so whilst understandably a lot of focus is on the dangers posed by attacks that exploit the properties of quantum mechanics, it is (in mainstream opinion) sometimes overlooked that those same properties can provide a phenomenal (and as we understand QM, perfect) defence.



[image sourced from this article: https://www.sciencemag.org/news/2017/06/china-s-quantum-satellite-achieves-spooky-action-record-distance ]



--------------
Creating a shared key over fiber? Quantum methods? But what's revolutionary here. These experiments are already 40 years old. This method is not for the average user with a device connected to a wifi point. This is for special organizations. And not at great distances. In addition, there should be a mass of photon amplifiers and other equipment on the track.

And is this just to create a shared key?
It’s easier to find an open communication channel that no one has been controlling for a long time ... no one will track an ordinary paper letter “to the grandfather’s village”, not a single hacker.

Mankind likes methods that require a ton of money and technology. This gives rise to new value. This gives rise to the consumer. This spins the economy. Well, where is the development of cryptography?

But in essence, for us, for ordinary users of cryptography, this method of technology development is similar to building a fortified fortress only for protection against one mosquito, and not for life.

It seems to me that the future is not for technological solutions in this area, but for logical ones.

In technology, humanity has long been “grazing behind”, so far an electric drone can be in autonomous flight for a limited time, measured in hundreds of minutes. Guys, this chemical method of storing electrons is already 3000 years old. The Nobel Prize in Chemistry was given for the molding of electrical power supplies, for a lithium-ion battery. Previously, for this “invention” they would only give a patent. And now the Nobel Prize. Awesome!

Do not feel the lack of development? Today everyone considers development a thinner smartphone case and they are proud of it. But this is the level of molding. Is evolution reversed?

Especially, this degradation became noticeable with the development of digital communications. Instead of coming up with new encryption methods, everyone comes up with an increase in the key length (and candidates for post-quantum systems have keys of phenomenal length), and work in the fields of huge, "astronomical" numbers that do not exist in the universe, which load our skinny smartphones. Aw, people, wake up ... There must be "human", reasonable decisions.
Danydee
Legendary
*
Offline Offline

Activity: 1288
Merit: 1043


C.D.P.E.M.


View Profile
December 04, 2019, 12:04:12 AM
 #78


It seems to me that the future is not for technological solutions in this area, but for logical ones.

That's if there is no need for a "WW3" before !

.
.
Danne87
Jr. Member
*
Offline Offline

Activity: 41
Merit: 1


View Profile
December 04, 2019, 01:17:30 PM
 #79

I want to share this article where they talk that the NSA wants to develop a cryptocurrency with quantum resistance:


Source: https://cointelegraph.com/news/nsa-working-to-develop-quantum-resistant-cryptocurrency-report

It is necessary to emphasize that the development of quantum computers has always attracted my attention, and I can only imagine that by having a Quantum Computer, and this quantum resistance coin is taken, the potential that will be developed will be incredible.

I have always thought that development calls for development and innovation, the algorithms will be with much more optimal codes, and if we add the artificial intelligence that helps to continue developing the improvements in a quantum computer, bitcoin would in turn have a prolonged growth, Well, if we assume that all altcoins depend on Bitcoin directly or indirectly combined with superior technology, it could be said that the market in general would enter a higher level where the price of Bitcoin would be much higher, since people pay whatever To have security.



I can not agree. They must protect every transaction from hacking, and such a button is needed
sureBitcoin
Newbie
*
Offline Offline

Activity: 2
Merit: 0


View Profile
December 04, 2019, 02:45:49 PM
 #80

Quote
I don't believe Quantum Computing will ever threaten Bitcoin

We think that the developers had made huge gains in that area and that they - large enough for any calculation - already exist. But the digital world is not prepared for quantum computing so they are introducing it step by step - like Google's sycamore - to have a smooth change to post quantum computing.
Voland.V
Member
**
Offline Offline

Activity: 196
Merit: 95


View Profile WWW
December 04, 2019, 07:15:16 PM
Merited by Welsh (2), vapourminer (1)
 #81

Quote
I don't believe Quantum Computing will ever threaten Bitcoin

We think that the developers had made huge gains in that area and that they - large enough for any calculation - already exist. But the digital world is not prepared for quantum computing so they are introducing it step by step - like Google's sycamore - to have a smooth change to post quantum computing.
------------------------------------------
Quantum computers are not as far from life as you think. Look at Amazon's new services. Offer for commercial use. And why is everyone obsessed with these qubit calculators?

Cryptography on elliptic curves has compromised itself for a long time, they just don’t write about it.
The discovery was made not by full-time employees of GCHQ (a division of the special services of England), but by mathematicians of the CESG division, which is responsible for national ciphers and the protection of government communications systems in the UK. And the close interaction between the GCHQ and the NSA of the USA takes place primarily along the lines of joint intelligence activities. In other words, since the NSA also has its own IAD (Information Assurance Directorate) department, specializing in the development of cryptographic algorithms and information protection, the discovery of British colleagues was a complete surprise for the mathematicians of this unit. And for the first time they learned about it from their fellow spies who closely interact with the British ...
Blockchain is hanging by a thread. The blockchain is saved by the non-compromised hashing function and its massive use.
The most secret and powerful special service in the world (USA) back in 2015 FORBIDDEN to use ECC on which the ECDSA in Bitcoin is based. This organization just does nothing.
Cnut237
Hero Member
*****
Offline Offline

Activity: 1092
Merit: 621



View Profile
December 05, 2019, 01:56:44 PM
 #82

QKD
-snip-

This method is not for the average user with a device connected to a wifi point. This is for special organizations.
It's for the average user. If the average user is connecting to wifi, to the internet, then they can connect to an unhackable quantum internet, too. There is a lot of work going on in this area, using the fundamental properties of quantum mechanics to create an inherently unhackable network. It's not just the Chinese, take Europe's Quantum Internet Alliance as another example - a summary of their work is here... and there's a more mainstream-friendly article here.



"Let all men know how empty and worthless is the power of kings."
Voland.V
Member
**
Offline Offline

Activity: 196
Merit: 95


View Profile WWW
December 06, 2019, 07:23:05 AM
Merited by Welsh (4), Halab (2), o_e_l_e_o (2), ETFbitcoin (1), Danydee (1), Heisenberg_Hunter (1)
 #83

QKD
-snip-

This method is not for the average user with a device connected to a wifi point. This is for special organizations.
It's for the average user. If the average user is connecting to wifi, to the internet, then they can connect to an unhackable quantum internet, too. There is a lot of work going on in this area, using the fundamental properties of quantum mechanics to create an inherently unhackable network. It's not just the Chinese, take Europe's Quantum Internet Alliance as another example - a summary of their work is here... and there's a more mainstream-friendly article here.

----------------------
Yes everything is correct.
Quantum Internet, more correctly called photon.
This is a network section having either physical optical fiber, or photons can be transmitted via "air", within sight. It is this version of the quantum-photon Internet "over the air" that has been successfully tested in the United States, it seems back in 1987. Then they transmitted 300 meters a signal from the roof of one building to the roof of another. Then they experienced photon amplifiers, and it seems to be successful.
This is an old, well-known, tested technology, based on fundamental knowledge of physics at the level of secondary general education.

Yes, no one will attack you in the photon communication channel, there is no sense. Your wifi, your device will attack, everything is as usual. Just like it is doing now.
In addition, the photon Internet, in the case of a Wifi access point, does not save you from phishing (81% of all attacks), nor from a person in the middle, or from the danger of quantum computing of your key information.

There is no way to do without a new post-quantum cryptography.
Therefore, I think that this method is not for us, ordinary users, moreover, it will not give anything if you have a wifi next. But for special organizations - what you need.

The tasks that this Internet performs in the foreseeable future are limited to the task of transmitting the secret key for symmetric systems, without using asymmetric ones.
Such an Internet, or rather a section of the Internet, since we have to use either Wi-Fi, or the 3,4,5G Internet, does not solve the problem of a system of trust in your public key. With all the ensuing consequences.
What's bad about this is that the user is even more careless.
Yes, we also forgot the attacks on the server side of the network.
In addition, we, everyday users of cryptography are always using in our interests, not negotiating us everything that they know.
So, there are interesting facts about the dangers of cryptography on elliptic curves. And on this cryptography our blockchain is based (more precisely, its digital signature). If there is interest in what we are not being negotiated with, you can read my post dated December 04: https://bitcointalk.org/index.php?topic=5204368.40

You need to be careful about all offers, especially in the field of digital security. Our safety is only in our hands.
Voland.V
Member
**
Offline Offline

Activity: 196
Merit: 95


View Profile WWW
December 06, 2019, 07:30:46 AM
 #84

At the link above, in a post dated December 04, the question is described:

"This material reasonably answers important 2 questions:

1. Is cryptography on elliptic curves so safe as we think?

2. Are quantum computations really dangerous for
modern public key cryptosystems?"

https://bitcointalk.org/index.php?topic=5204368.40
Cnut237
Hero Member
*****
Offline Offline

Activity: 1092
Merit: 621



View Profile
December 06, 2019, 09:54:49 AM
 #85

There is no way to do without a new post-quantum cryptography.

Some approaches to post-quantum cryptography do show huge promise, I'll agree with that, as we've covered on previous pages.

I was trying to make the distinction between post-quantum cryptography which uses classical approaches, and quantum cryptography, which exploits the inherent 'unhackability' of quantum mechanics. Significant progress is being made in QC as well as in PQC.

The difference is between PQC being theoretically unhackable because of complex and esoteric maths, and QC being fundamentally unhackable because of the underlying laws of physics. Both approaches have merit, but the discussion is always around PQC. I thought it was time that QC had a voice, too.

"Let all men know how empty and worthless is the power of kings."
TechPriest
Sr. Member
****
Offline Offline

Activity: 383
Merit: 276


Finis coronat opus


View Profile
December 06, 2019, 11:07:29 AM
Last edit: December 15, 2019, 11:30:46 AM by TechPriest
 #86

Why not find out a technology that can prevent us from the attacks of QC? If QC and other things were imagined and have become truth now, there must be something that can abolish their twitches and burst the bubble before it becomes too big to stop you from breathing.
Approaching it where the problem is QC (theory only) it should be answered by the same powerful thing, QC. It’s like fighting fire with fire, but everything is digital.
We are not there yet where it’s applicable already.

I would not so optimistic about QC. The main problem of their realization, is the problem of symmetry. FT transformations (its composition of Fredkin gate and Toffoli gate) will destroy quantum entanglement in bosons. "raw" fermions can't be used for QC too because, if we have more than 3 qubits, than their result vector will be 0, so we can't calculate anything with it.

As i read last time, scientists want to use "fermionic lattices" . But it will be really hard to impelement it in real technology, because it much harder to control such "lattice". In "lattice" you need to control n states in n qubits, but in "raw" QC without such lattices it would be enough to control just 2 states in n qubits.

And for "ECDSA hack" we need thousands of qubits (and now have just a 50 qubits, after 40 year of QC research start).

my understanding is that ECDSA will eventually be vulnerable to quantum computers. SHA-256 not so much.

You're right. But let us be more specific:
Every public key cryptography is vunerable to quantum computing due to Shor's algorithm (for integer factorization and discrete logarithm). SHA 256 is not vunerable in meaning that there is not any quantum algorithm which breaks it fast. But it's vunerable in meaning that quantum computers may be incomparably powerful (in million times) compared to today's computer.

Also, it's interesting that we don't have any quantum computer for now (and i doubt that we will have one, with all it's "magical" capabilities) but we already have post quantum RSA


In science we trust!
Voland.V
Member
**
Offline Offline

Activity: 196
Merit: 95


View Profile WWW
December 06, 2019, 03:29:02 PM
Merited by Welsh (4), Cnut237 (2), o_e_l_e_o (2), vapourminer (1), Danydee (1)
 #87

You are mistaken if you think that ESDSA can be wrecked only by exhaustive search (brute force attack). This is a common misconception, which is supported by the majority.
And if I allow myself to object.

In the sense that there are other dangers in this area of ​​cryptography.
The danger of cryptography on elliptic curves lies in the elliptic curves themselves. They have collisions. That is why, back in 2015, the NSA (USA) opposed this type of cryptography, despite the fact that it had previously campaigned only for this cryptography. And after 2015, she again returned to the old SAR system. And this despite the very long key length relative to the ECC keys.
Let's do it in order.

1. Collisions of elliptic curves themselves.
The National Institute of Standards and Technology (USA) NIST is involved in the development of standards and specifications. The problem is that some classes of elliptic curves are weak. Specialists have a question, where do the random generating values ​​for the elliptic curves of standardized NIST come from? Answer: unfortunately, we do not know. These values ​​have no justification.

For this reason, the following question arises: is it possible that NIST detected a “significantly larger” class of weak elliptic curves than is commonly believed, tried various possible variants of generating values ​​and found vulnerabilities and is silent? After all, such finds can be used for "their own purposes", these are holes in the security system.

I do not have an answer to this question either, but this is a logical and important question. We know that NIST has at least successfully standardized a vulnerable random number generator (a generator that, oddly enough, is based on the same elliptic curves).

Perhaps he successfully standardized many other weak elliptic curves?
How to check it?
No way.

For example, there are standard NIST curves based on numbers, verifiable random, of understandable origin:
- random numbers for MD5 (hashing algorithm) are obtained from the sine of integers;
- random numbers for Blowfish (a symmetric block encryption algorithm with a variable key length) are obtained from the first numbers of Pi;
- random numbers for RC5 (a block cipher with a variable number of rounds, a variable length of a key and a block) are obtained from the "Euler number" and the golden ratio numbers.
It is important to understand that “verifiable random” and “protected” are not synonyms, but here we at least understand their origin.

2. The situation around this system is very ambiguous.
I do not want to repeat a very large text with verifiable facts. But if you are not afraid, then you can read how it was and check the information.
I described this in my post on December 04, there are 2 posts from one number, read the second, topic:
--------------------
This material reasonably answers important 2 questions:
1. Is cryptography on elliptic curves so safe as we think?
2. Are quantum computations really dangerous for
modern public key cryptosystems?
..............................
Link: https://bitcointalk.org/index.php?topic=5204368.40

3. What gives us the expected quantum Internet?
It would be correct to call it photonic. Photons can be transmitted not only via fiber optic cable, but also "over the air." Which was tested successfully in the last century.
But, this technology is applicable only to special organizations, in the option "only photon interent". We, in everyday life, will have to use sections of wifi or 3-5G to the fiber optic section. And this means all the problems - come back, phishing, attacks on devices, a person in the middle, etc.

Moreover, quantum Internet is needed only for the safe transfer of a symmetric key, in the absence of a post-quantum cryptosystem with a pair of keys. Symmetric cryptography is able to create a closed communication channel, safe, easier, more practical, cheaper than the proposed technology of quantum Internet.

For this reason, post-quantum cryptography cannot be dispensed with, especially in the post-quantum world.
Cnut237
Hero Member
*****
Offline Offline

Activity: 1092
Merit: 621



View Profile
December 13, 2019, 10:18:12 AM
Merited by Welsh (14), o_e_l_e_o (2), vapourminer (1)
 #88

3. What gives us the expected quantum Internet?
It would be correct to call it photonic. Photons can be transmitted not only via fiber optic cable, but also "over the air." Which was tested successfully in the last century.
But, this technology is applicable only to special organizations, in the option "only photon interent". We, in everyday life, will have to use sections of wifi or 3-5G to the fiber optic section. And this means all the problems - come back, phishing, attacks on devices, a person in the middle, etc.

It depends what we are sending over traditional hackable channels. Thinking in classical terms, you send the entire communication through that route, and so you introduce vulnerabilites. But using a quantum approach, it doesn't have to be that way. Quantum entanglement offers a solution - if the entangled photons are sent one to each party, sender and recipient, then the sender can make their photon interact with the data they want to transmit. This measurement alters the entangled photon at the other end as well - transmission of information via this method is Einstein's famous 'spooky action at a distance', a.k.a. quantum teleportation. The thing that is then sent through the classical channel is only the result of the measurment, the interaction between the sender's entangled photon and the information they wish to transmit. Anyone who hacks this message gains nothing, as it is meaningless by itself.

However once the legitimate recipient receives this information, they can then decode the message, because they have the other photon. It is fundamentally unhackable because only sender and recipient have the entangled photons, and because the laws of quantum mechanics mean that any act of measurement, which includes any attempt at hacking or eavesdropping at either the sender's or the recipients' end, alters the state of the entangled photon at the other end, too.

It's this sort of approach that makes me think that quantum cryptography (as opposed to post-quantum cryptography) has a lot of merit. Lattices and elliptic curves and so forth are not fundamentally unhackable due to laws of nature, whereas processes exploiting the laws of quantum mechanics are - or at least can be.

There will of course be huge technical challenges in implementing a quantum-cryptography approach... but work is underway, not just by the Chinese but also at QuTech in the Netherlands (where they are trying out quantum teleportation, as in the link I gave previously).

Here's a diagram giving a brief summary of how quantum entanglement can lead to an unhackable solution (again from my previous link). The pictures are perhaps more eloquent than my chaotic rambling:


"Let all men know how empty and worthless is the power of kings."
Voland.V
Member
**
Offline Offline

Activity: 196
Merit: 95


View Profile WWW
December 13, 2019, 02:01:46 PM
 #89

3. What gives us the expected quantum Internet?
It would be correct to call it photonic. Photons can be transmitted not only via fiber optic cable, but also "over the air." Which was tested successfully in the last century.
But, this technology is applicable only to special organizations, in the option "only photon interent". We, in everyday life, will have to use sections of wifi or 3-5G to the fiber optic section. And this means all the problems - come back, phishing, attacks on devices, a person in the middle, etc.

It depends what we are sending over traditional hackable channels. Thinking in classical terms, you send the entire communication through that route, and so you introduce vulnerabilites. But using a quantum approach, it doesn't have to be that way. Quantum entanglement offers a solution - if the entangled photons are sent one to each party, sender and recipient, then the sender can make their photon interact with the data they want to transmit. This measurement alters the entangled photon at the other end as well - transmission of information via this method is Einstein's famous 'spooky action at a distance', a.k.a. quantum teleportation. The thing that is then sent through the classical channel is only the result of the measurment, the interaction between the sender's entangled photon and the information they wish to transmit. Anyone who hacks this message gains nothing, as it is meaningless by itself.

However once the legitimate recipient receives this information, they can then decode the message, because they have the other photon. It is fundamentally unhackable because only sender and recipient have the entangled photons, and because the laws of quantum mechanics mean that any act of measurement, which includes any attempt at hacking or eavesdropping at either the sender's or the recipients' end, alters the state of the entangled photon at the other end, too.

It's this sort of approach that makes me think that quantum cryptography (as opposed to post-quantum cryptography) has a lot of merit. Lattices and elliptic curves and so forth are not fundamentally unhackable due to laws of nature, whereas processes exploiting the laws of quantum mechanics are - or at least can be.

There will of course be huge technical challenges in implementing a quantum-cryptography approach... but work is underway, not just by the Chinese but also at QuTech in the Netherlands (where they are trying out quantum teleportation, as in the link I gave previously).

Here's a diagram giving a brief summary of how quantum entanglement can lead to an unhackable solution (again from my previous link). The pictures are perhaps more eloquent than my chaotic rambling:


---------------------------------
You probably know more than me.

Explain how you can have a photon associated with the transmitted, if you are not connected directly to the photon transmission channel?

If you, more precisely your device, are the locator in the same “photon” system with the transmitting device, then physics will work.

And if you hold in your hand a smartphone that is connected to the Internet via 3,4,5-G, then how will you have a coupled photon?

In addition, it is such an expensive pleasure that quantum cryptography (photon transmission), as far as I know, is needed only in order to exchange the same private keys in this way to use a symmetric encryption system. For the reason that the symmetric AES-256 is not opened by any quantum computer, because in the symmetric key any variant of a key of two to the power of 256 is possible.

And in asymmetric - far from it. For example, in RCA, a key length of 15,300 bits is equal in strength to a 256-bit key in AES.

I do not discuss elliptic cryptography - it is probably hacked for a long time and completely not by exhaustive search, but by cryptanalysis and the presence of vulnerabilities in the elliptic curves themselves.
In serious organizations, it is prohibited for use.

If in a symmetric AES system you increase the key by 2 times (256-512), then the load on the computer will increase by about 2 times.

If you increase the key by 2 times in RCA, then the load will increase by 8 times with a key length of 1024 bits - 2048 bits.

Therefore, in quantum cryptography - it makes no sense. There is a post-quantum AES system, and all she needs is to exchange keys without using dangerous asymmetric cryptography.

Therefore, if you have a smartphone with Wi-Fi, then no quantum Internet will help you, only post-quantum cryptography.
Cnut237
Hero Member
*****
Offline Offline

Activity: 1092
Merit: 621



View Profile
December 16, 2019, 08:46:29 AM
Last edit: December 16, 2019, 06:36:29 PM by Cnut237
Merited by Welsh (2), o_e_l_e_o (2), vapourminer (1)
 #90

You probably know more than me.
I know a little about quantum mechanics, and next to nothing about cryptography.

Explain how you can have a photon associated with the transmitted, if you are not connected directly to the photon transmission channel?
And if you hold in your hand a smartphone that is connected to the Internet via 3,4,5-G, then how will you have a coupled photon?
Micius has demonstrated QKD wirelessly via satellite. There have been demonstrations using traditional fibre-optic lines, but the entangled state is more vulnerable to collapse using this approach, so satellite may be the better option.

A pair of entangled photons is generated using an interferometer, and one photon is sent to each party in the communication. If in the Micius example you can communicate with the satellite, then you can receive the photon.

They aim to have a global quantum network in place by 2030. I have no opinion on whether or not 2030 is realistic.

If in a symmetric AES system you increase the key by 2 times (256-512), then the load on the computer will increase by about 2 times.
If you increase the key by 2 times in RCA, then the load will increase by 8 times with a key length of 1024 bits - 2048 bits.

Therefore, in quantum cryptography - it makes no sense.
Quantum cryptography doesn't rely so much on key complexity, it relies more on quantum entanglement, and the fact that a measurement of one photon disturbs the other photon. Hacking is not possible based on the laws of quantum mechanics as we understand them.

I'm not suggesting that quantum cryptography is the only or best approach, just that work is progressing here and it's not necessarily only post-quantum cryptography that should be discussed. There have been objections to QKD itself, but again work is progressing towards better solutions - Kak's 3 stage protocol for example (basically a quantum version of double-lock):


https://www.researchgate.net/profile/Partha_Basuchowdhuri/publication/1960902/figure/fig2/AS:279938969161741@1443754059593/Kaks-three-stage-protocol.png

"Let all men know how empty and worthless is the power of kings."
Thekool1s
Legendary
*
Offline Offline

Activity: 1414
Merit: 1208


Segwit or your mum gay!


View Profile WWW
December 18, 2019, 04:55:48 PM
 #91

I have really learnt so much from this thread. I feel like the discussion now needs to heads towards Mining. How Quantum Computers could affect mining and Decentralized aspect of the CryptoCurrencies. One of the thing which is mainly agreed in this thread is a move will be made towards "Quantum resistant Algo", which will prevent Quantum computers to break private keys but what about mining? Given that Quantum computers will be only a few in numbers, Basically these few "companies" would become the centralized figurehead for "Cryptocurrencies". Since there won't be a mining competition how will "cryptocurrencies" survive? Since currently, One of the reasons why people use Cryptos is their Decentralized aspect.

I will give FB's Libra's example. E.g FB gets their hand on one of few early "Quantum computers" they could basically make Libra stand out because it will be the only coin with the most "hashing" power / most secure, but they could easily decide which coin lives and which dies. Basically, if mark then wanted to mine BTCs, even after implementing the "Quantum Resistant" algos, Mark could just mine every block since he will have the most "hashing" power. I'm not familiar with How "Anti Asic" algos for mining work, but could in theory "Anti Quantum" algos could be made for Mining which could prevent this Centralization?
QuickReview
Newbie
*
Offline Offline

Activity: 6
Merit: 0


View Profile
December 18, 2019, 05:50:10 PM
 #92

I have really learnt so much from this thread. I feel like the discussion now needs to heads towards Mining. How Quantum Computers could affect mining

The first quantum computers won't be able to mine Bitcoin because they will not have enough qubits to get the hash of the next block. For that task 2^128 basic quantum operations are needed. That is something for the "second generation quantum computers".
But to get the privatekey only 128^3 basic quantum operations are sufficient and will be within the range of "first generation quantum computers".
https://en.bitcoin.it/wiki/Quantum_computing_and_Bitcoin

edit

The only thing that quantum computers can do is to speed up the calculation of SHA256 hashes. Even if its faster than normal computers by a factor of thousands, the ASICs would still be way faster than quantum computers. The difficulty will rise and the network would continue as per normal.
 

i dont think qunatum computers can speed up hashing, but anyway this is not what is meant by 'cracking' sha256.

Concerning quantum computers and cryptography, there are two totally different aspects.

1) quantum computers, if ever they come into existence with a lot of qubits (which I personally doubt, but ok), can TOTALLY CRACK the current public key systems based on prime factorisation (RSA, Diffie-Hellmann) or based upon discrete logarithms in groups (elliptic curve crypto).  The algorithm to do so is known, it is Shor's algorithm.  By TOTALLY I mean totally: just ANY key can be cracked in a matter of milliseconds, on the condition that the quantum computer has more qubits than (a few times) the key length.  If such a quantum computer exists, there is simply no difficulty in cracking the key, it doesn't take "days" or anything because the difficulty goes LOGARITHMIC with Shor's algorithm.

2) however, for hash functions, and symmetric crypto like AES-256, it can be shown that a quantum computer can AT BEST use Grover's algorithm to crack it.  Grover's algorithm doesn't crack entirely a hash function, but essentially HALVES ITS BIT STRENGTH.  So a SHA-256 hash (with 256 bits) would not require 2^256 trials like on a classical computer, but "only" 2^128 trials on a quantum computer, which is STILL IMPOSSIBLE to do practically.  Most people think that quantum computers will, if ever they exist, run much slower than classical machines, so 2^128 trials on a quantum machine will be much harder to solve than 2^128 trials on a classical machine.

So while quantum computers can speed up hash function searching, they won't crack it entirely.  The interesting thing is that under certain conditions, it has been established that Grover's algorithm is the best possible one on a quantum machine, to attack a random hash function.

==> big hash functions are still secure against quantum attacks ; most current public key crypto is totally broken by quantum attacks.

This is why it is somewhat strange, in the bitcoin protocol, to have hashed the public key to 160 bits, and not have kept the 256 bits.  If the menace of a quantum attack were the reason for this, it would have been wiser to keep the 256 bit hash as an address instead of the 160 ripemd hash, because under grover's algorithm this would become only 80 bits secure, while the 256 bit hash would remain 128 bit secure under a quantum attack, which is the same level of *classical* security offered by the elliptic curve signature scheme - which wouldn't survive, by itself, a quantum attack.  This is one of the peculiar crypto design "features" of bitcoin...
gogxmagog
Legendary
*
Offline Offline

Activity: 1400
Merit: 1009


View Profile
December 19, 2019, 10:50:55 AM
 #93

(Frequently Asked Quantum Questions)

https://faqq.info  Cool Wink
Thekool1s
Legendary
*
Offline Offline

Activity: 1414
Merit: 1208


Segwit or your mum gay!


View Profile WWW
December 19, 2019, 01:05:20 PM
 #94

Quote
That is something for the "second generation quantum computers".

Even if you say these will be "The  Second generation of Quantum Computers" the fact remains that these will be only a few in numbers at first, It took decades for "Personal Computers" to roll out after the invention of first few generations. It will be same with the Quantum Computers I believe, Just like its mentioned in this thread currently a Below 0 degree temperature is required to run today's "Quantum Computers". So when these 2nd, 3rd or 4th whatever generation it may be, become a reality. Everybody won't have these in their basements... Only a select few will have the opportunity to work with them. What will happen to the "Decentralized" nature of the CryptoCurriences?

I mean if you look at companies like Bitmain, they use their Asics first and mine the S**t out of them, driving up the hash rate, Once they are done they sell their stuff to the public. All I am saying is will we be able to "save" the decentralized nature of Cryptocurrencies. Once these "Super Machines" become a reality?
QuickReview
Newbie
*
Offline Offline

Activity: 6
Merit: 0


View Profile
December 19, 2019, 03:52:41 PM
 #95

I mean if you look at companies like Bitmain, they use their Asics first and mine the S**t out of them, driving up the hash rate, Once they are done they sell their stuff to the public.
Guess, what some private quantum computer developers will make before maybe selling it.
I do not know why people think that Bitcoin security will stop as is and too worried about quantum computers.  It maybe a threat but I am sure, Bitcoin developers will find way to level Bitcoin's security up before that happen.
That's not an issue. Bitcoin developers have already post quantum solutions.
But there are lots of 'shalecoins', https://bitcointalk.org/index.php?topic=5134441.0 coins with no owner. With quantum computers, these coins will become active and change the Bitcoin ecosystem.

Satoshi had already thought of the quantum computers, and the possible decoding of the privatekeys if it became available, ..
His coins would be quantum secured, if he sent them to P2PKH addresses. But he did not and isn't doing.

All I am saying is will we be able to "save" the decentralized nature of Cryptocurrencies. Once these "Super Machines" become a reality?
Yes, we will still have decentralized cryptos. It depends on us which coins will exist pre- and post-quantum. What we need is a quantum resistant signature system on the Bitcoin network now, even if we don't have to use it but it should be possible if we wanted to.

And for the "second generation quantum computers" people are already developing post SHA-hash signature systems. So we would then change to post SHA-hash signature systems before "second generation quantum computers" exist.
Voland.V
Member
**
Offline Offline

Activity: 196
Merit: 95


View Profile WWW
December 21, 2019, 04:12:03 PM
Merited by vapourminer (1)
 #96

You probably know more than me.
I know a little about quantum mechanics, and next to nothing about cryptography.

Explain how you can have a photon associated with the transmitted, if you are not connected directly to the photon transmission channel?
And if you hold in your hand a smartphone that is connected to the Internet via 3,4,5-G, then how will you have a coupled photon?
Micius has demonstrated QKD wirelessly via satellite. There have been demonstrations using traditional fibre-optic lines, but the entangled state is more vulnerable to collapse using this approach, so satellite may be the better option.

A pair of entangled photons is generated using an interferometer, and one photon is sent to each party in the communication. If in the Micius example you can communicate with the satellite, then you can receive the photon.

They aim to have a global quantum network in place by 2030. I have no opinion on whether or not 2030 is realistic.

If in a symmetric AES system you increase the key by 2 times (256-512), then the load on the computer will increase by about 2 times.
If you increase the key by 2 times in RCA, then the load will increase by 8 times with a key length of 1024 bits - 2048 bits.

Therefore, in quantum cryptography - it makes no sense.
Quantum cryptography doesn't rely so much on key complexity, it relies more on quantum entanglement, and the fact that a measurement of one photon disturbs the other photon. Hacking is not possible based on the laws of quantum mechanics as we understand them.

I'm not suggesting that quantum cryptography is the only or best approach, just that work is progressing here and it's not necessarily only post-quantum cryptography that should be discussed. There have been objections to QKD itself, but again work is progressing towards better solutions - Kak's 3 stage protocol for example (basically a quantum version of double-lock):


https://www.researchgate.net/profile/Partha_Basuchowdhuri/publication/1960902/figure/fig2/AS:279938969161741@1443754059593/Kaks-three-stage-protocol.png
------------------
Quantum cryptography and quantum internet are photonic systems.
There are no quants there, there are quantum states of photons, such as the spin of a photon.

This is a game of words - "quantum Internet" or "quantum cryptography" - which greatly confuses its understanding by amateurs.

Let's see the essence, photonic systems are a lowering of hands before the call that quantum computers of modern public key cryptography have put.

It's like you used to have an elegant key to your house door, and now you've knocked down your door with a giant stone, counting on the thief not moving it.

That's a step back. Mankind loves these steps because they are man-made, because they create new value in the mass of new equipment, because the Internet can be made both safe and expensive.

Of course, it's the way of the monkey.
This is the path that mankind will leave behind like an old lamp TV when there is a new safe cryptography.

I support the idea that the mind always conquers power.
See if you want to make God laugh, tell him your plans...

In other words, they're systems that transmit light waves:

1) or via fiber optic cable (second half of the 20th century, soon this technology will turn 100 years old), without the possibility of wi-fi points at the end of this path;
2) or transmitting light photons by laser within line of sight.

The example you're looking at: "Micius has demonstrated QKD wirelessly via satellite" is very unhelpful for us ordinary users, but very much liked by rich and government organizations - there's plenty to write off "our" money. The monkey's way, but the rich monkey's way.

In this case, there is a problem, the receiver and the transmitter must be constantly on the same line! And that with a moving satellite!
They must be oriented strictly parallel to each other, which is very difficult to do when the source (satellite) moves at high speed on a circular trajectory.

Such an accurate mutual orientation of the quantum receiver and transmitter is similar to getting a coin from an airplane flying at an altitude of 100 thousand meters - exactly in the slot of the piggy bank, which, moreover, rotates.

It wasn't my idea," says Wang Jianyu, QUESS Project Manager.

 These and other achievements, not only are very expensive, they are absolutely unacceptable for us who own devices connected to wi-fi.

This is not the side of progress that the future holds.

Especially since all these experiments have been carried out successfully a long time ago, many of them, not later than 1987. 
But in those distant times, people still knew how to think, and this technology was postponed, it was waiting for a more appropriate time, our time.

That's your idea:
"So in quantum cryptography, it doesn't make sense.
Quantum cryptography doesn't rely so much on the complexity of the key, it relies more on the quantum complexity and the fact that measuring one photon interferes with another photon. "
- Cryptography is necessary because stealing information from this channel is not prohibited, it is just a fact that participants will know about it. In other words, this quantum (photon) cryptography does not protect the information, but on the contrary highlights it so that it can be seen with the naked eye, literally. Photons we see...

Your idea:
"There were objections to QKD itself, but again the work is moving towards better solutions, like the three-step Kaka protocol (mainly the quantum version of the double lock):"
- is a logical use of photon states, again with all the resulting disadvantages for us ordinary users to use photons, fiber, direct line of sight and so on, but not wi-fi or 3,4,5,6G is not the way for us.

Our way is keyless cryptography and password-free authentication, my topic is here:
https://bitcointalk.org/index.php?topic=5204368.0.
Voland.V
Member
**
Offline Offline

Activity: 196
Merit: 95


View Profile WWW
December 24, 2019, 09:30:09 PM
 #97

Not only quantum computing is dangerous.

The development of illegal attack techniques on networks and the large finances of cybercrime are much more dangerous.

Although the most famous specialists put quantum computing first.

I don't agree with them.
Saidasun
Member
**
Offline Offline

Activity: 68
Merit: 147


View Profile
December 27, 2019, 08:46:18 PM
 #98

Not only quantum computing is dangerous.

The development of illegal attack techniques on networks and the large finances of cybercrime are much more dangerous.

Although the most famous specialists put quantum computing first.

I don't agree with them.
I agree there are other bigger threats to Bitcoin than quantum computing but what are you hinting to when you say "illegal attacks"?
Voland.V
Member
**
Offline Offline

Activity: 196
Merit: 95


View Profile WWW
December 27, 2019, 10:11:21 PM
 #99

Not only quantum computing is dangerous.

The development of illegal attack techniques on networks and the large finances of cybercrime are much more dangerous.

Although the most famous specialists put quantum computing first.

I don't agree with them.
I agree there are other bigger threats to Bitcoin than quantum computing but what are you hinting to when you say "illegal attacks"?
----------------------------------------------
It's the complexity of machine translation, all attacks are illegal, that's right.

Including attacks on cryptography using quantum computing (using a quantum computer).

And by "more dangerous" attacks, I mean exploiting for criminal purposes the weaknesses of cryptography itself on elliptic curves.

I don't understand it, why one part of people consider it reliable, and officials of special organizations categorically prohibit its use.

I do not understand why there is one cryptography for all of us, it is like household cryptography, and why there is another cryptography for special organizations and government agencies.

I don't understand why for so many years, long before the quantum computer was going to be built, so many serious people and organizations around the world are looking for a replacement for existing encryption methods.

After all, from an attack with quantum computing, it is enough to simply increase the length of the key.

After all the key in AES 256 bits long is not afraid of quantum computers (it is left as a working mechanism on post quantum period) because the method of encryption itself is very successful.

And cryptography on elliptical curves with any key length is not suitable.
And that's with the fact that the key length of even 512,000 bits or more - post quantum cryptography suits everyone!!!

So there's something wrong with ECC?
Cnut237
Hero Member
*****
Offline Offline

Activity: 1092
Merit: 621



View Profile
December 28, 2019, 07:34:17 AM
Merited by LoyceV (5), Welsh (4), vapourminer (3), ETFbitcoin (2)
 #100

from an attack with quantum computing, it is enough to simply increase the length of the key.
No, it's not. QC processing power increases exponentially with each new qubit. This is why scaling up a QC can produce such phenomenal power.
Where a classical computer with 'n' bits can represent 'n' states, a quantum computer can represent (2n) states.
So as we increase complexity, the number of states that can be represented are as follows:
Classical: 1,2,3,4,5,6,7,8 etc
Quantum: 1,2,4,8,16,32,64,128 etc.


So there's something wrong with ECC?
Yes, there is. A QC can use Shor's algorithm to break ECC.

There is a lot of good work being done in post-quantum cryptography, as we've covered previously:

  • Modify the PoW system such that QCs don’t have any advantage over classical computers. Defending PoW is not as important as defending signatures (as above), because PoW is less vulnerable. However various approaches that can protect PoW against QCs are under development, such as Cuckoo Cycle, Momentum and Equihash.
  • Modify the signature system to prevent easy derivation of private keys. Again, various approaches are under development, which use some pretty esoteric maths. There are hash-based approaches such as XMSS and SPHINCS, but more promising (as far as I can tell) are the lattice-based approaches such as Dilithium, which I think is already used by Komodo.

... and I do think that many of these approaches look promising. My main concern is that post-quantum-cryptography solutions are based merely on being very difficult to hack, whereas quantum-cryptography is in theory fundamentally unhackable due to the immutable physical laws of quantum mechanics.

"Let all men know how empty and worthless is the power of kings."
Voland.V
Member
**
Offline Offline

Activity: 196
Merit: 95


View Profile WWW
December 28, 2019, 12:45:11 PM
Merited by Welsh (4), Cnut237 (3)
 #101

from an attack with quantum computing, it is enough to simply increase the length of the key.
No, it's not. QC processing power increases exponentially with each new qubit. This is why scaling up a QC can produce such phenomenal power.
Where a classical computer with 'n' bits can represent 'n' states, a quantum computer can represent (2n) states.
So as we increase complexity, the number of states that can be represented are as follows:
Classical: 1,2,3,4,5,6,7,8 etc
Quantum: 1,2,4,8,16,32,64,128 etc.


So there's something wrong with ECC?
Yes, there is. A QC can use Shor's algorithm to break ECC.

There is a lot of good work being done in post-quantum cryptography, as we've covered previously:

  • Modify the PoW system such that QCs don’t have any advantage over classical computers. Defending PoW is not as important as defending signatures (as above), because PoW is less vulnerable. However various approaches that can protect PoW against QCs are under development, such as Cuckoo Cycle, Momentum and Equihash.
  • Modify the signature system to prevent easy derivation of private keys. Again, various approaches are under development, which use some pretty esoteric maths. There are hash-based approaches such as XMSS and SPHINCS, but more promising (as far as I can tell) are the lattice-based approaches such as Dilithium, which I think is already used by Komodo.

... and I do think that many of these approaches look promising. My main concern is that post-quantum-cryptography solutions are based merely on being very difficult to hack, whereas quantum-cryptography is in theory fundamentally unhackable due to the immutable physical laws of quantum mechanics.
----------------------
In my opinion, post quantum cryptography should not be confused with cryptography based on the mutual relation of quantum states of photons.
Post-quantum cryptography uses mathematical coding methods.
Physical laws of the quantum world are used in quantum cryptography.

Post quantum systems, most of them, were developed 10-20 years ago. Some of them are new, developed recently. But they're all based on mathematics.

They should not be confused with related quantum states, it's a completely different approach to the problem.

We are not interested in quantum cryptography, it is not our level, it is not intended for ordinary users.
And it's not even planned for us.

It's post quantum mathematical cryptography that we are planning.

You are very mistaken about the length of the key if you think that a quantum computer can solve the problem of a complete search for a key only 256 bits long. No quantum computer can do that. That's why the AES-256 remains a post quantum system.

If cryptography on elliptical curves, as well as any other cryptography with a public and private key was reliable, and everything depended only on the length of the key, then no search for post quantum systems would be done by mankind.

Moreover, a large number of cryptographic systems that were candidates for post quantum encryption systems were not cracked by quantum computers, but by good old cryptanalysis, mathematical methods.

The key which is not broken by full search in system AES length 256 bits - corresponds to a key 15300-16400 bits in system RSA. If it were only for the speed of quantum computing, you could use an RSA with a key length of 16400 bits or more, or cryptography on elliptical curves (ECC) with a length of 512 bits.

Instead, AES-256 with only 256 bits of key is definitely left (it's a symmetric system), but all our asymmetric systems (including RSA and ECC) are not.

Moreover, for serious secrets 5 years ago they were forbidden to use, this is only what has already leaked to the press.
Neither ECC, nor RSA have ever been used in serious cases 10 years ago.
Details here, post dated December 04, see:
https://bitcointalk.org/index.php?topic=5204368.0.

Therefore, there is only one conclusion - all modern asymmetric systems with a pair of public and private keys - do not fit with any length of the key precisely because they are weak, but the details of this circumstance are not specified and few people know.
Cnut237
Hero Member
*****
Offline Offline

Activity: 1092
Merit: 621



View Profile
December 28, 2019, 04:06:26 PM
Last edit: December 28, 2019, 05:15:57 PM by Cnut237
Merited by LoyceV (5), vapourminer (1)
 #102

In my opinion, post quantum cryptography should not be confused with cryptography based on the mutual relation of quantum states of photons.
Post-quantum cryptography uses mathematical coding methods.
Physical laws of the quantum world are used in quantum cryptography.

Post quantum systems, most of them, were developed 10-20 years ago. Some of them are new, developed recently. But they're all based on mathematics.

They should not be confused with related quantum states, it's a completely different approach to the problem.
I agree, and I'm well aware of the distinction. Post-quantum cryptography and quantum cryptography are completely different things. It's unfortunate that they have such similar names!


We are not interested in quantum cryptography, it is not our level, it is not intended for ordinary users.
And it's not even planned for us.

It's post quantum mathematical cryptography that we are planning.
Not sure I agree with this point. I would contend, as I have previously, that work in quantum cryptography is progressing at pace and whilst there are technical issues to overcome, it does potentially offer a fundamentally unhackable solution to quantum attacks, and one which can be used in the mainstream. Having said that, of course post-quantum cryptography is hugely important as well, and work is progressing there, too. There's no need to focus on just the one approach, though, and dismiss the other.


You are very mistaken about the length of the key if you think that a quantum computer can solve the problem of a complete search for a key only 256 bits long. No quantum computer can do that. That's why the AES-256 remains a post quantum system.
I think we agree, but are coming at this from different angles. An increase in key length is trivial to overcome if we're talking about asymmetric cryptography, where a quantum computer can apply Shor's algorithm. But as you state below, AES-256 is symmetric.


AES-256 with only 256 bits of key is definitely left (it's a symmetric system), but all our asymmetric systems (including RSA and ECC) are not.
AES-256 security may be fine currently, it may be resistant to the best current attack (Grover search), but that's my point. Quantum cryptography uses the laws of quantum mechanics to make a system absolutely unhackable for all time, whereas post-quantum cryptography makes a system secure against current attacks, with no guarantee of security against future technology or future algorithms.

If AES-256 can beat Grover, what about other approaches? Quantum Square Attacks? Biclique Attacks? How about all mathematical attacks that haven't yet been devised?

I'm being flippant, and I do agree that there is certainly a chance that a post-quantum cryptography solution will remain forever secure, but we can't know for certain. My point is merely that we should investigate both quantum cryptography and post-quantum cryptography. It seems wasteful to focus solely on one approach.

I value the discussion immensely, by the way - thank you Smiley

"Let all men know how empty and worthless is the power of kings."
Voland.V
Member
**
Offline Offline

Activity: 196
Merit: 95


View Profile WWW
December 28, 2019, 08:34:03 PM
 #103

In my opinion, post quantum cryptography should not be confused with cryptography based on the mutual relation of quantum states of photons.
Post-quantum cryptography uses mathematical coding methods.
Physical laws of the quantum world are used in quantum cryptography.

Post quantum systems, most of them, were developed 10-20 years ago. Some of them are new, developed recently. But they're all based on mathematics.

They should not be confused with related quantum states, it's a completely different approach to the problem.
I agree, and I'm well aware of the distinction. Post-quantum cryptography and quantum cryptography are completely different things. It's unfortunate that they have such similar names!


We are not interested in quantum cryptography, it is not our level, it is not intended for ordinary users.
And it's not even planned for us.

It's post quantum mathematical cryptography that we are planning.
Not sure I agree with this point. I would contend, as I have previously, that work in quantum cryptography is progressing at pace and whilst there are technical issues to overcome, it does potentially offer a fundamentally unhackable solution to quantum attacks, and one which can be used in the mainstream. Having said that, of course post-quantum cryptography is hugely important as well, and work is progressing there, too. There's no need to focus on just the one approach, though, and dismiss the other.


You are very mistaken about the length of the key if you think that a quantum computer can solve the problem of a complete search for a key only 256 bits long. No quantum computer can do that. That's why the AES-256 remains a post quantum system.
I think we agree, but are coming at this from different angles. An increase in key length is trivial to overcome if we're talking about asymmetric cryptography, where a quantum computer can apply Shor's algorithm. But as you state below, AES-256 is symmetric.


AES-256 with only 256 bits of key is definitely left (it's a symmetric system), but all our asymmetric systems (including RSA and ECC) are not.
AES-256 security may be fine currently, it may be resistant to the best current attack (Grover search), but that's my point. Quantum cryptography uses the laws of quantum mechanics to make a system absolutely unhackable for all time, whereas post-quantum cryptography makes a system secure against current attacks, with no guarantee of security against future technology or future algorithms.

If AES-256 can beat Grover, what about other approaches? Quantum Square Attacks? Biclique Attacks? How about all mathematical attacks that haven't yet been devised?

I'm being flippant, and I do agree that there is certainly a chance that a post-quantum cryptography solution will remain forever secure, but we can't know for certain. My point is merely that we should investigate both quantum cryptography and post-quantum cryptography. It seems wasteful to focus solely on one approach.

I value the discussion immensely, by the way - thank you Smiley
---------------------
Dear opponent!
This is the first qualitative version of the discussion with my participation.  I am very pleased that there are interesting interlocutors on this business cryptographic platform.

When I wrote my posts on this topic, I thought that superficial knowledge was more successful than deeper knowledge.

But after reading your post, I realized that I was wrong.

But you know, I read a lot of opinions on "what cryptography we will need".

Of course, quantum cryptography is a technical, scientific, technological step forward. Although, in fact, nothing new is observed from the knowledge that we had 40 years ago.

Let me tell you something else.  Quantum cryptography, not only in my opinion, is it a big, powerful mechanism that needs to lift a big load. Simple, not tricky, the engineer's reasoning is this:
- if the load is 10 times heavier, then you need a crane 10 times more powerful. Scrap against scrap. It works. It's convincing. But it's not exactly an engineering approach, I think. It's force versus force.

I'm a supporter of beautiful engineering, I'm a supporter of ingenuity and cunning, intelligence and innovation - and against brute force.

For this reason, I don't like the solution of the problem with quantum cryptography, but I'd really like the solution with post quantum mathematical, logical, unusual solutions.

No matter how actively quantum encryption methods are developed, if a solution is found in the direction of post quantum (mathematical) cryptography, this solution will be cheaper, simpler, more elegant, more attractive, and will have a much greater commercial success than physical quantum cryptography.

Especially since quantum methods (actually old photonic systems, but words are always ahead of the curve, it's the golden law of advertising) plan to be used as a transport protocol, not as encryption itself.
Or as an encryption key exchange system for reliable mathematical symmetric encryption systems.
As a replacement for cryptography with a pair of open and private keys.
No more than that.
Especially since quantum cryptography is ABSOLUTELY not protected from information theft. It simply informs the recipient how much information is lost, but does not protect against theft!!!

Unlike some post quantum (mathematical) encryption systems.

Weighing all of the above, I am in favor of a future dominated by post quantum cryptographic systems, not quantum cryptography.
 
Otherwise, it is the surrender of progressive human thought to brute physical force.

And if you look even deeper, I am a supporter of new geometric principles of encryption, without a key, and principles of new authentication without a password.
It's my theme:
https://bitcointalk.org/index.php?topic=5204368.0.
и
https://bitcointalk.org/index.php?topic=5209297.0   
Cnut237
Hero Member
*****
Offline Offline

Activity: 1092
Merit: 621



View Profile
January 02, 2020, 01:40:40 PM
Last edit: January 03, 2020, 09:51:07 AM by Cnut237
Merited by Welsh (4)
 #104

23 December: The first demonstration of chip-to-chip quantum teleportation has been achieved.

A team at Bristol University have been able to use quantum entanglement to transmit information (4 qubits) between two silicon computer chips, and they have achieved fidelity of 91%, which is very encouraging. Even more encouraging, the functionality that was demonstrated included entanglement swapping and four-photon Greenberger-Horne-Zeilinger entanglement, which are important requirements for the establishment of future quantum networks.

This is the instant, fundamentally unhackable data transfer that I've mentioned in previous posts (see here for a very simple overview of how entanglement works). There is no reliance on the esoteric cryptographic protocols of PQC that may or may not be broken in future, but rather a simpler dependency on the basic laws of quantum mechanics.

Admittedly the experiment was done with expensive specialised equipment, but it is early days, and there is no reason in theory why in future quantum cryptography using entanglement can't become a secure communications standard used by everyday users on cheap, mass-produced hardware.


"Let all men know how empty and worthless is the power of kings."
Voland.V
Member
**
Offline Offline

Activity: 196
Merit: 95


View Profile WWW
January 08, 2020, 10:47:11 PM
 #105

23 December: The first demonstration of chip-to-chip quantum teleportation has been achieved.

A team at Bristol University have been able to use quantum entanglement to transmit information (4 qubits) between two silicon computer chips, and they have achieved fidelity of 91%, which is very encouraging. Even more encouraging, the functionality that was demonstrated included entanglement swapping and four-photon Greenberger-Horne-Zeilinger entanglement, which are important requirements for the establishment of future quantum networks.

This is the instant, fundamentally unhackable data transfer that I've mentioned in previous posts (see here for a very simple overview of how entanglement works). There is no reliance on the esoteric cryptographic protocols of PQC that may or may not be broken in future, but rather a simpler dependency on the basic laws of quantum mechanics.

Admittedly the experiment was done with expensive specialised equipment, but it is early days, and there is no reason in theory why in future quantum cryptography using entanglement can't become a secure communications standard used by everyday users on cheap, mass-produced hardware.


----------------------
Transmission from one chip to another is quantum entanglement, it's always the transmission of photons.
They transfer photons between chips.
At a very, very short distance, it seems to be within a centimeter. It's a normal waveguide. That's it.
 
It's a path to the photonic Internet, not quantum networks. No one's dealing with quanta networks. It's a mix-up.
They're dealing with quantum states of photons. It's technology of the future, but not ours.
Hardly anyone would make you give up your favorite smartphone with a wi-fi or 3.4.5.6G internet and sit behind a stationary device.

Without post quantum mathematical (not quantum) cryptography, which encrypts on an ordinary smartphone, computer (not a quantum computer), no one will do. No ordinary user, no VIP.

It's just science. It won't make the world safe, even if it works tomorrow.
We're being given another illusion.
These successful experiments are needed for secure communication between government and large corporations.

What do you and I need it for?
A network based on ordinary light rays, photons of light?

It's a mistaken and commercial distortion of reality to call it "quantum networks". It sounds beautiful, but it's not true, it's expensive and stupid.
tromp
Hero Member
*****
Offline Offline

Activity: 657
Merit: 568


View Profile
January 09, 2020, 11:53:41 AM
 #106

> I know how to calculate the genesis private key

Sign the message "i no money" with said key as proof of knowledge, or take your scam elsewhere.
Cnut237
Hero Member
*****
Offline Offline

Activity: 1092
Merit: 621



View Profile
January 09, 2020, 02:29:09 PM
 #107

It's a path to the photonic Internet, not quantum networks. No one's dealing with quanta networks. It's a mix-up.
They're dealing with quantum states of photons. It's technology of the future, but not ours.
Hardly anyone would make you give up your favorite smartphone with a wi-fi or 3.4.5.6G internet and sit behind a stationary device.

What do you and I need it for?
A network based on ordinary light rays, photons of light?

It's a mistaken and commercial distortion of reality to call it "quantum networks". It sounds beautiful, but it's not true, it's expensive and stupid.

A quantum internet (with its unhackable absolute security) isn't a complete replacement for the internet we have now, in the same way that quantum computers aren't a replacement for classical computers.

The team at Delft whom I've referenced before have devised a six-stage roadmap (below). A quantum internet can be built incrementally on top of what we already have, with different levels of functionality at each stage.

Quote
SIX STEPS TO A QUANTUM INTERNET

0 Trusted-node network: Users can receive quantum-generated codes but cannot send or receive quantum states. Any two end users can share an encryption key (but the service provider will know it, too).

1 Prepare and measure: End users receive and measure quantum states (but the quantum phenomenon of entanglement is not necessarily involved). Two end users can share a private key only they know. Also, users can have their password verified without revealing it.

2 Entanglement distribution networks: Any two end users can obtain entangled states (but not to store them). These provide the strongest quantum encryption possible.

3 Quantum memory networks: Any two end users to obtain and store entangled qubits (the quantum unit of information), and can teleport quantum information to each other. The networks enable cloud quantum computing.

4 & 5 Quantum computing networks: The devices on the network are full-fledged quantum computers (able to do error correction on data transfers). These stages would enable various degrees of distributed quantum computing and quantum sensors, with applications to science experiments.


So stage 0 is kind of a pre-cursor to a quantum internet, where the only quantum activity is undertaken by the ISP. The quantum cryptographic key is created, but the ISP is like a trusted node. This stage is already live in parts of China.

In stage 1 the quantum key is generated by the sender, so it is truly encrypted, with no middle-man. This has already been tested successfully as I mentioned above with Micius (China again).

I am happy to concede that there is a huge amount of work required to progress to the end of the roadmap, quantum repeaters being just one example, but the direction of travel is encouraging.

A functioning and useful quantum internet won't need a massive expensive multi-qubit quantum computer in every home at all, but simply a means of transmitting and receiving quantum information. IBM has already had a simple quantum computer in the cloud since 2016.


"Let all men know how empty and worthless is the power of kings."
2020quantumdecade
Newbie
*
Offline Offline

Activity: 1
Merit: 0


View Profile
January 09, 2020, 03:08:52 PM
 #108


We also know how to calculate it
https://en.wikipedia.org/wiki/Shor's_algorithm
but we don't have the device. Not yet, but soon, this decade.
Voland.V
Member
**
Offline Offline

Activity: 196
Merit: 95


View Profile WWW
January 09, 2020, 07:40:01 PM
 #109


SIX STEPS TO A QUANTUM INTERNET

0 Trusted-node network: Users can receive quantum-generated codes but cannot send or receive quantum states. Any two end users can share an encryption key (but the service provider will know it, too).

1 Prepare and measure: End users receive and measure quantum states (but the quantum phenomenon of entanglement is not necessarily involved). Two end users can share a private key only they know. Also, users can have their password verified without revealing it.

2 Entanglement distribution networks: Any two end users can obtain entangled states (but not to store them). These provide the strongest quantum encryption possible.

3 Quantum memory networks: Any two end users to obtain and store entangled qubits (the quantum unit of information), and can teleport quantum information to each other. The networks enable cloud quantum computing.

4 & 5 Quantum computing networks: The devices on the network are full-fledged quantum computers (able to do error correction on data transfers). These stages would enable various degrees of distributed quantum computing and quantum sensors, with applications to science experiments.


So stage 0 is kind of a pre-cursor to a quantum internet, where the only quantum activity is undertaken by the ISP. The quantum cryptographic key is created, but the ISP is like a trusted node. This stage is already live in parts of China.

In stage 1 the quantum key is generated by the sender, so it is truly encrypted, with no middle-man. This has already been tested successfully as I mentioned above with Micius (China again).

I am happy to concede that there is a huge amount of work required to progress to the end of the roadmap, quantum repeaters being just one example, but the direction of travel is encouraging.

A functioning and useful quantum internet won't need a massive expensive multi-qubit quantum computer in every home at all, but simply a means of transmitting and receiving quantum information. IBM has already had a simple quantum computer in the cloud since 2016.


[/quote]
----------------------
Yes, I agree with your conclusions, it's all true.
But this is good for the part of the network that is far from the end user, the backbone part of the network.
In this part of the network, indeed, any change in information will be impossible.

I am for progress, for everything technological, especially when the laws of physics are the basis of these innovations.
But I draw conclusions, I watch intentions diverge from reality.
How loud promises actually turn into advertising tricks.

Let's find out where we are most often attacked? As of today.  Among other things, I am talking about the most dangerous attack - the "man in the middle" technology. 
Most often it is not carried out on a segment of the network remote from us.
I think that from what I have learned, the most common places to attack are those that are close to the user: routers, other network access points, the end devices themselves.

None of these threats aimed at the end user, at the specified attack points, the quantum (photon) Internet offered to us - does not solve anything.

Modern protocols, based on modern cryptography, provide everything you expect from the "quantum Internet", except one thing - discreet copying of information, eavesdropping on your channel.

But this danger is solved by reliable cryptography, methods that are simpler and smarter than the mass of new equipment for the transmission of linked photons (quantum Internet).

If you are subject to a competent attack, information, any, before the Internet, before encryption, will be stolen invisibly directly from your devices, not from the backbone networks of the Internet.
All scammers and criminals working for governments are looking for easy ways to get information.

For example, fresh information, all Samsung devices are secretly spying on their users, on the government of China, not the government of South Korea. You see what a serious approach to espionage is. How will the quantum internet save you?

I think that all such technologies, except the quantum computer, are of scientific interest and will only be prepared for commercial success.

We need a good secret communication channel, which should be protected by post quantum cryptography. Cheap, reliable, affordable way.
Voland.V
Member
**
Offline Offline

Activity: 196
Merit: 95


View Profile WWW
January 09, 2020, 08:05:17 PM
 #110

Hello, i know how to calculate..


We also know how to calculate it
https://en.wikipedia.org/wiki/Shor's_algorithm
but we don't have the device. Not yet, but soon, this decade.
----------------------
How cryptanalysis works, especially against asymmetric encryption systems, will not be written to you on the Internet, let alone on Wikipedia.  It's a mystery that cryptanalysis is all about.

The life and work of cryptoanalysts is classified. Even their family doesn't know what they do, the results of their work are so important.

If they did not work well, asymmetric cryptography would be solved for serious questions. But it's not allowed.

Why is that?

Because it's used by those in power, and it's not written on public bulletin boards.
Cnut237
Hero Member
*****
Offline Offline

Activity: 1092
Merit: 621



View Profile
February 12, 2020, 08:29:41 AM
Last edit: February 12, 2020, 10:15:04 AM by Cnut237
 #111

There has been a potentially important advance in qubit stability, published yesterday in Nature.

Anyone with a passing interest knows that maintaining the qubit state is a big problem in quantum computing. The quantum system is quite fragile, and any interaction with the wider environment can cause the state to decohere (decoherence meaning not actual wave function collapse, but rather the leaking of information across the boundary between the quantum system and its surroundings).

There have been various attempts in the past to increase stability, some (such as magnetic containment) being more successful than others.

The new experiment from the University of New South Wales uses quantum dots rather than normal silicon atoms, and they've built artificial atoms around these quantum dots - it's this approach that has increased the stability hugely.

The problem with 'traditional' (I say traditional, but really QC is all quite new!) devices built on silicon atoms is that there are always atomic imperfections, which disrupt the qubits and lead to a high chance of decoherence. This new experiment removes the atomic nucleus entirely, and instead applies a voltage to pull in spare electrons to orbit the dot. This is then repeated until the inner electron shells have formed. So instead of a normal atom, with a nucleus surrounded by spherical electron shells, you end up with a quantum dot surrounded by flat 2D circular electron shells. So they are mimicking the atomic structure but doing away with the messy nuclear stuff so it's essentially just clean shells around the dot.

This done, the key step is to build up the complete inner shells and then add one more electron to the next outer shell. This is a bit like painting multiple coats on a wall, you build up the thickness to smooth everything out. Complete shells always sum to zero, but the added electron in the incomplete outer shell can be used for the spin measurement for the qubit.

Basically it's a variant of the standard approach that removes the problem of atomic imperfections, and then improves stability further by building complete orbital electron shells beneath the final electron.

Apologies if this is either too technical or not technical enough, it's difficult to strike a balance, and as always with QC it can be a challenge to make sure you've understood everything correctly - I think I have, but please let me know if I've made some false connections here.

Anyway, it's an interesting approach and could end up being quite an important marker on the road towards stable large-scale QC production.

"Let all men know how empty and worthless is the power of kings."
2ndGENQC
Newbie
*
Offline Offline

Activity: 2
Merit: 0


View Profile
February 13, 2020, 03:59:50 PM
 #112

And for the "second generation quantum computers" people are already developing post SHA-hash signature systems. So we would then change to post SHA-hash signature systems before "second generation quantum computers" exist.

The development of "second generation quantum computers" will bring the most exciting times, hashing will be history. We will make all "lost" coins active.
Cnut237
Hero Member
*****
Offline Offline

Activity: 1092
Merit: 621



View Profile
February 24, 2020, 09:54:39 AM
 #113

the most exciting times, hashing will be history. We will make all "lost" coins active.

"Exciting times" brings to mind the Chinese curse of living in interesting times.

Lost coins on the chain will indeed be vulnerable to QCs as these are the ones that won't be moved to quantum-safe addresses following a bitcoin upgrade. Making these coins available for theft by QCs could be terrible for bitcoin's price, but more so for faith in crypto as a whole, similarly if anything not moved was burned to prevent theft by QCs. There's no easy answer here.

"Let all men know how empty and worthless is the power of kings."
qubitasic
Newbie
*
Offline Offline

Activity: 48
Merit: 0


View Profile
February 27, 2020, 03:06:14 PM
 #114

Re: I don't believe Quantum Computing will ever threaten Bitcoin

McAfee’s chief technology officer: Start protecting against quantum computing hacks now
https://venturebeat.com/2020/02/25/mcafee-start-protecting-against-quantum-computing-hacks-now/
McAfee’s chief technology officer warned that it’s time for companies to start worrying about quantum computing attacks that can break common forms of encryption available today, even if quantum computing isn’t going to be practical for a while.
Grobman said. “Now I know what you are thinking: Quantum is not coming anytime soon. But we can’t think of quantum in terms of eventually or tomorrow."
“We need quantum-resistant algorithms as soon as possible,” Grobman said.

Voland.V
Member
**
Offline Offline

Activity: 196
Merit: 95


View Profile WWW
March 10, 2020, 05:31:25 AM
 #115

Re: I don't believe Quantum Computing will ever threaten Bitcoin

McAfee’s chief technology officer: Start protecting against quantum computing hacks now
https://venturebeat.com/2020/02/25/mcafee-start-protecting-against-quantum-computing-hacks-now/
McAfee’s chief technology officer warned that it’s time for companies to start worrying about quantum computing attacks that can break common forms of encryption available today, even if quantum computing isn’t going to be practical for a while.
Grobman said. “Now I know what you are thinking: Quantum is not coming anytime soon. But we can’t think of quantum in terms of eventually or tomorrow."
“We need quantum-resistant algorithms as soon as possible,” Grobman said.

-------------------------------------
What exactly are the dangers of quantum computing?
It's very simple.
I'm talking about the global, the danger to a lot of people, not to private cases.

All protection protocols, I'm talking about cryptographic methods of protection, built on a principle:
1. Asymmetric cryptography is the first step in any protocol to agree on a common session key for symmetric cryptography.
2. The second step is symmetric cryptography encryption, where secrets are encrypted securely (AES).

Why is a quantum computer dangerous today that will work far tomorrow?

Because all of our encrypted messages are stored.
Details:
- those encryptions that are very interesting - stored many times, it's communication between interesting and big people of our time;
- all other messages are also stored, just in case, they can be interesting, probably.

Now how quantum cheaters will work:
1) they will only crack the first stage of the encryption protocol - only asymmetric cryptography, where the shared session encryption key was encrypted. That's it.
2) They use the resulting key to quietly read the AES cipher, the second step of the encryption protocol.

And now, everything falls into place: AES-256, the symmetric system, is not cracked, and RSA (with any length of key) or ECC (with any length of key), the asymmetric system is cracked without a doubt, even by very weak, first quantum computers.

That's why everyone is so concerned, that's why post quantum asymmetric encryption systems are already needed.

Yes, not all people encrypt good messages, there are so many that lead two lives at once and one of those lives is very bad.
But the bad thing is to read and decide what's bad and what's good will be guys with the same questionable reputation as the first ones.

Here is the real vulnerability of all the key encryption methods: everything secret, sooner or later, becomes known and not secret.

This vulnerability is completely devoid of new keyless encryption systems.
fabiorem
Sr. Member
****
Offline Offline

Activity: 1204
Merit: 333


View Profile
March 10, 2020, 07:37:39 PM
 #116

I don't believe anymore that quantum computing exists. It looks more like a fancy showdown to scare people.
Ryutaro
Full Member
***
Offline Offline

Activity: 205
Merit: 175


It's precious, protect it!


View Profile
March 10, 2020, 08:39:49 PM
Merited by Welsh (3), Cnut237 (1)
 #117

I don't believe anymore that quantum computing exists. It looks more like a fancy showdown to scare people.


there already exist several working ones ( google sycamore, D-wave, IBM Q...) and they are continuously being improved. Companies like D-wave succeeded in using quantum computing to solves real-world problems such as minimizing error in a voice recognition system, controlling risk in a financial portfolio, or reducing energy loss in an electrical grid. source

also, leading countries from all over the world are investing insane amounts of money in quantum computing research for obvious reasons to get their hands on this new monster.

IBM is already offering free limited access to their systems, you can now create an account and try your quantum circuits and run them on their quantum computers plus they are offering step by step guides and tutorials.


Cnut237
Hero Member
*****
Offline Offline

Activity: 1092
Merit: 621



View Profile
March 13, 2020, 02:55:03 PM
Merited by Ryutaro (1)
 #118

I don't believe anymore that quantum computing exists. It looks more like a fancy showdown to scare people.


there already exist several working ones ( google sycamore, D-wave, IBM Q...) and they are continuously being improved. Companies like D-wave succeeded in using quantum computing to solves real-world problems such as minimizing error in a voice recognition system, controlling risk in a financial portfolio, or reducing energy loss in an electrical grid.

You are absolutely correct that QCs exist and that they are being improved all the time.

However, you mentioned D-Wave, so we do need to be mindful of the distinction between quantum annealers (such as D-Wave) and universal gate quantum computers (true quantum computers). Annealers are more like quantum simulators than actual quantum computers, and they will never be a threat to bitcoin because they can't run Shor's algorithm, which is what a QC would use to break elliptic curve cryptography.

The annealing approach exploits the phenomenon of quantum tunnelling - this is a low-energy shortcut, analagous to moving between adjacent valleys by cutting straight through the hill rather than going up one side and down the other. Annealing is more for problems where there are a huge number of possible solutions, and we're just looking for one that is sufficient out of that multitude of possibilities, a 'local minimum'. So annealers are good for problems that fit into the 'travelling salesman' category, or materials science where we just want to develop a material that has sufficient strength or malleability or heat-resistance.

Universal gate quantum computers on the other hand are the ones that can threaten bitcoin. News reports often focus on the number of qubits these machines have, as if this is the only important criterion. It's not. As (universal gate) QCs scale up, the main problem is decoherence - the difficulty of maintaining that entangled quantum state (and its information) by preventing variables from the outside environment leaking in (e.g., physical vibrations, EM radiation, temperature changes).

There is work underway on a variety of solutions to the decoherence problem, but it remains very much the primary obstacle - you can have a QC with a million qubits, but it would be useless without sufficient coherence.

"Let all men know how empty and worthless is the power of kings."
Voland.V
Member
**
Offline Offline

Activity: 196
Merit: 95


View Profile WWW
March 15, 2020, 09:35:12 AM
 #119

I don't believe anymore that quantum computing exists. It looks more like a fancy showdown to scare people.

------------------
It is possible not to believe, it is possible to close eyes and to bury all head deep in sand - it is a way of an ostrich.
On the contrary, you can open your eyes and explore the world around you. Then there is a chance, if you have enough intelligence, to come to the conclusion that quantum computing is a reality to accept.
That's why post quantum encryption methods and new Blockchain technology have already been developed.   
Cnut237
Hero Member
*****
Offline Offline

Activity: 1092
Merit: 621



View Profile
March 25, 2020, 08:52:27 AM
Merited by Welsh (6)
 #120

I don't believe anymore that quantum computing exists. It looks more like a fancy showdown to scare people.

It certainly exists, and work is progressing rapidly on a number of fronts. There has been a recent discovery that may pave the way for standard computer chips to perform quantum operations...

We have talked at length about what a qubit 'is' in an informational sense, but comparatively little about what it is in a physical sense. There are a huge variety of approaches, from miniature superconducting circuits (as in Google's 53-qubit machine last year) to optical lattices and Bose-Einstein condensates. But the holy grail is to be able to use magnetically-controllable nuclei embedded in silicon, a combination of magnetic resonance and quantum dot... a Kane quantum computer.

A Kane QC as theorised uses precisely-spaced phosphorous atoms beneath the surface. As well as being manipulable through magnetic control, there is a benefit of a huge decoherence time (at low temperatures), estimated at 1018 seconds - decoherence is one of the biggest problems in QC.



The theory is over 20 years old, and has not so far been properly implemented in practice because it is hugely difficult to control a single nucleus magnetically without the field affecting neighbouring nuclei too.

... which brings me to the new paper. They have used antimony rather than phosphorous - antimony crucially has a non-uniform charge distribution, and they have demonstrated that because of this it can be moved comparatively easily between spin states through the application of an oscillating electric field. This is kind of a big deal, as this possibility was first predicted more than 60 years ago, but has not been observed until now. Antimony is bigger than phosphorous, and has 8 spin states rather than the 2 of phosphorous, but this isn't a problem as it just means that each antimony nucleus is analagous to a 3-qubit system.

There is still a lot of work to be done, it's very early on, but if in the end a QC can be built in silicon, then this really is a huge advancement.

"Let all men know how empty and worthless is the power of kings."
Voland.V
Member
**
Offline Offline

Activity: 196
Merit: 95


View Profile WWW
March 25, 2020, 09:03:46 AM
 #121

Who can explain how spin bound photons are controlled in quantum cryptography?
2 bonded photons.
One photon is transmitted through an optical communication channel and received at the second end of the communication channel.
That's understandable.
And how is the associated photon controlled and held?
Or is it not needed?
How can this moment of technology be explained in a simple and clear way?   
Cnut237
Hero Member
*****
Offline Offline

Activity: 1092
Merit: 621



View Profile
March 25, 2020, 04:11:10 PM
Merited by bones261 (4), Welsh (3), ETFbitcoin (2)
 #122

Who can explain how spin bound photons are controlled in quantum cryptography?
2 bonded photons.
One photon is transmitted through an optical communication channel and received at the second end of the communication channel.
That's understandable.
And how is the associated photon controlled and held?
Or is it not needed?
How can this moment of technology be explained in a simple and clear way?   

I'll have a go. I assume you're talking about Quantum Key Distribution, - please correct me if not!

The process is that an interferometer generates the entangled photon pair, then the photons are sent one to each party. So 'Alice' receives one photon and 'Bob' receives the other. As for the mechanism of transfer, it can be optical cable or (as in China's QUESS) a satellite signal (as attenuation through vacuum and thin atmosphere is negligible) - anything really so long as the mechanism can keep signal loss to a minimum - or quantum repeaters can be used to maintain the signal.

The result then is that Alice and Bob each have the secure information received from the photon. Once the photon has been received, its data has been received too, and there is then no need to actually hold the photon itself. The point is that due to the fact that each photon is part of an entangled pair, they each contain the same information, which can then be used as a shared key.

That's the process, anyway. For information about security, probably first have a look at the BB84 protocol, and then go on from there to later developments such as Kak's 3 Stage Protocol (quantum double-lock)... but I think we covered security a few months ago in this thread.

"Let all men know how empty and worthless is the power of kings."
Voland.V
Member
**
Offline Offline

Activity: 196
Merit: 95


View Profile WWW
March 26, 2020, 10:31:25 AM
 #123

Who can explain how spin bound photons are controlled in quantum cryptography?
2 bonded photons.
One photon is transmitted through an optical communication channel and received at the second end of the communication channel.
That's understandable.
And how is the associated photon controlled and held?
Or is it not needed?
How can this moment of technology be explained in a simple and clear way?   

I'll have a go. I assume you're talking about Quantum Key Distribution, - please correct me if not!

The process is that an interferometer generates the entangled photon pair, then the photons are sent one to each party. So 'Alice' receives one photon and 'Bob' receives the other. As for the mechanism of transfer, it can be optical cable or (as in China's QUESS) a satellite signal (as attenuation through vacuum and thin atmosphere is negligible) - anything really so long as the mechanism can keep signal loss to a minimum - or quantum repeaters can be used to maintain the signal.

The result then is that Alice and Bob each have the secure information received from the photon. Once the photon has been received, its data has been received too, and there is then no need to actually hold the photon itself. The point is that due to the fact that each photon is part of an entangled pair, they each contain the same information, which can then be used as a shared key.

That's the process, anyway. For information about security, probably first have a look at the BB84 protocol, and then go on from there to later developments such as Kak's 3 Stage Protocol (quantum double-lock)... but I think we covered security a few months ago in this thread.
---------------------------
Thank you very much.
You answered exactly the question that I asked. You explained the principle clearly, that's the main thing. Protocol is secondary, there can be a lot of them, and the principle of linked photons is always the basis of quantum key distribution.
I must have been inattentive earlier.
I have one more question.
You write:
"The process is that an interferometer generates the entangled photon pair, then the photons are sent one to each party."
This interferometer, the place from which the entangled photons are sent to Alice and Bob, has no information about these photons?
Is it impossible to leak information about the backs of the photons, and therefore the keys, in this place?
Cnut237
Hero Member
*****
Offline Offline

Activity: 1092
Merit: 621



View Profile
March 26, 2020, 04:18:05 PM
Merited by Welsh (4)
 #124

Thank you very much.
You answered exactly the question that I asked. You explained the principle clearly, that's the main thing.
Thanks, glad I was of some help Smiley Please bear in mind I'm not an expert, though - it's just my understanding here.


I have one more question.
You write:
"The process is that an interferometer generates the entangled photon pair, then the photons are sent one to each party."
This interferometer, the place from which the entangled photons are sent to Alice and Bob, has no information about these photons?
Is it impossible to leak information about the backs of the photons, and therefore the keys, in this place?
No, it's not impossible to break the security at source. QKD as with many things has vulnerabilities where the theory meets actual real-world implementation. This article goes into some depth on the subject, and may be of interest.

So how is QKD any use at all? Well, the strength is not that the key can't be intercepted during the transmission process, it's that the entangled nature of the photons means that the recipients are able to determine whether or not the key has been intercepted. QKD isn't a perfect solution, it's just a mechanism that employs properties of quantum mechanical systems to improve upon existing classical processes.

Quantum cryptography does continue to advance, and it may one day provide ultimate 100% guaranteed security, due to its basis on and exploitation of immutable physical laws. But for the immediate future, we also need post-quantum cryptographic algorithms to for example protect bitcoin.

"Let all men know how empty and worthless is the power of kings."
Voland.V
Member
**
Offline Offline

Activity: 196
Merit: 95


View Profile WWW
April 13, 2020, 09:45:09 AM
 #125

Thank you very much.
You answered exactly the question that I asked. You explained the principle clearly, that's the main thing.
Thanks, glad I was of some help Smiley Please bear in mind I'm not an expert, though - it's just my understanding here.


I have one more question.
You write:
"The process is that an interferometer generates the entangled photon pair, then the photons are sent one to each party."
This interferometer, the place from which the entangled photons are sent to Alice and Bob, has no information about these photons?
Is it impossible to leak information about the backs of the photons, and therefore the keys, in this place?


Quantum cryptography does continue to advance, and it may one day provide ultimate 100% guaranteed security, due to its basis on and exploitation of immutable physical laws. But for the immediate future, we also need post-quantum cryptographic algorithms to for example protect bitcoin.
--------------------------------
Besides the above mentioned about post quantum cryptography, I would like to say that quantum cryptography does not solve 2 problems in any way:
- it doesn't protect mobile Internet users and wireless Internet access points;
- it doesn't solve the problem of key theft, that's the way crooks go, nobody breaks cryptography, everybody steals4.
- does not solve the problem of password and biometric authentication methods, because stealing any digital identifier - breaks the security, so do fraudsters;
- it doesn't solve the most important issue, the phishing issue. This solution is more important to society than all the others put together.

Quantum key distribution solves only one unimportant issue: key negotiation. It solves the problem of personal meeting. Although there are so many open channels today that if I need to agree on a shared encryption key, it is safer (because it is invisible) to agree on a "grandmother's mail" in a paper envelope than looking for fiber optic lines and quantum key negotiation technologies.
 
And in general, the world forgets about good old wit, because of the fact that a man was stuffed with technology.

And what's the result?
12 billion accounts on one domain alone in the darknet - free access and for a little money.

So what's the point of quantum cryptography - technology from the distant past, from 1980, I don't understand.
Cnut237
Hero Member
*****
Offline Offline

Activity: 1092
Merit: 621



View Profile
April 13, 2020, 06:04:58 PM
 #126

what's the point of quantum cryptography - technology from the distant past, from 1980, I don't understand.

Hi again Smiley

I suppose I'm saying that quantum cryptography is not limited to QKD, it's much bigger and more fundamental than that.

QKD is an approach to key distribution that uses quantum properties, and so is a part of quantum cryptography. It was certainly an early part, yes 1980s with the BB84 protocol. QKD has been the main implementation of quantum cryptography for a long time. And QKD does indeed have limitations, as discussed above. It's an improvement on the equivalent classical process, that's all.

But my point really is that the laws of quantum mechanics provide us with a theoretical framework through which, by exploiting properties such as entanglement, quantum teleportation and the no-cloning theorem, some sort of unhackable communication process may be possible.

QKD is an early implementation. I'm not saying it's the perfect end-state, it's not. I'm saying that quantum mechanics gives us a valuable toolset, and we would be remiss to focus entirely on post-quantum cryptography - which is, fundamentally, classical. PQC is no doubt hugely important and will certainly provide the initial defences against a future quantum attack. But the best long-term defence against quantum attack is not necessarily classical. There can be quantum defences, too. If we dismiss any possible quantum defence and limit ourselves purely to the classical, then we are missing something important.

QKD is a first implementation of quantum cryptography. There have been developments since then. I've mentioned Kak's 3-stage protocol before, a sort of quantum double-lock. This is quantum cryptography, and is a big improvement on QKD. There will be further developments and further improvements. Quantum mechanics offers us a world of possibilities. I'm just saying we need to follow this path in addition to the path of PQC.


"Let all men know how empty and worthless is the power of kings."
Adriane14
Member
**
Offline Offline

Activity: 308
Merit: 10

Revolution of Power


View Profile
April 14, 2020, 03:54:46 AM
 #127

The Q technology is still in the infant stage just as the blockchain but if we mesh breed them together maybe we can find the answer to this question. I will call this the Quantum egg cracker for now. The chance to crack bitcoin's hash algorithm is high, the probability of Quantum technology is lurking around the corner of its Q dimensional properties.
Let's say 5 years from now.

Satoshi Nakamoto's Shadow
Voland.V
Member
**
Offline Offline

Activity: 196
Merit: 95


View Profile WWW
April 14, 2020, 09:29:43 AM
 #128

what's the point of quantum cryptography - technology from the distant past, from 1980, I don't understand.

Hi again Smiley

I suppose I'm saying that quantum cryptography is not limited to QKD, it's much bigger and more fundamental than that.

QKD is an approach to key distribution that uses quantum properties, and so is a part of quantum cryptography. It was certainly an early part, yes 1980s with the BB84 protocol. QKD has been the main implementation of quantum cryptography for a long time. And QKD does indeed have limitations, as discussed above. It's an improvement on the equivalent classical process, that's all.

But my point really is that the laws of quantum mechanics provide us with a theoretical framework through which, by exploiting properties such as entanglement, quantum teleportation and the no-cloning theorem, some sort of unhackable communication process may be possible.

QKD is an early implementation. I'm not saying it's the perfect end-state, it's not. I'm saying that quantum mechanics gives us a valuable toolset, and we would be remiss to focus entirely on post-quantum cryptography - which is, fundamentally, classical. PQC is no doubt hugely important and will certainly provide the initial defences against a future quantum attack. But the best long-term defence against quantum attack is not necessarily classical. There can be quantum defences, too. If we dismiss any possible quantum defence and limit ourselves purely to the classical, then we are missing something important.

QKD is a first implementation of quantum cryptography. There have been developments since then. I've mentioned Kak's 3-stage protocol before, a sort of quantum double-lock. This is quantum cryptography, and is a big improvement on QKD. There will be further developments and further improvements. Quantum mechanics offers us a world of possibilities. I'm just saying we need to follow this path in addition to the path of PQC.


----------------------------
Yes, dear interlocutor, there are no objections, I am ready to defend every word you have written.

Post quantum cryptography is really classical, because it is built on complex mathematics and large numbers. But that's not all - it has a key.

Modern crooks don't even break pre quantum cryptography, and they never will, they're not smart enough.
They do it in a simple and elegant way - steal keys. And successful, too.
Real cryptography isn't classic cryptography - it's keyless cryptography. There's a theory about this model of encryption that I can send out.

And that's why it is needed, that's briefly, what happens with key (and passwords, it's the same) methods:

- Recently, unknown persons attacked UN units, "as a result, components of key infrastructure in Geneva and Vienna were compromised ..." - quotes Dujaric Reuters (stealing keys);

- The CIA, together with the German Federal Intelligence Service (Bundesnachrichtendienst, BND), has been reading secret messages from officials in more than 120 countries for the past fifty years (!) through Crypto AG, a company that produces special encryption equipment (via encryption keys);

- security researchers from ESET discovered the dangerous vulnerability Kr00k (CVE-2019-15126) in widely used Wi-Fi chips from Broadcom and Cypress and affects more than a billion devices worldwide (smartphones, tablets, laptops, routers and IoT devices) that use the WPA2-Personal or WPA2-Enterprise protocol with the AES-CCMP encryption algorithm. Now Amazon (Echo, Kindle), Apple (iPhone, iPad, MacBook), Google (Nexus), Samsung (Galaxy), Raspberry (Pi 3), Xiaomi (RedMi) and access points from Asus and Huawei are under attack. The Kr00k vulnerability is related to Key Reinstallation Attack (KRACK), which allows attackers to crack Wi-Fi passwords protected by the WPA2 protocol (keys again);

- huge problems with device shells that contain embedded vulnerabilities such as embedded passwords and embedded SSH/SSL keys. The appearance of one such device in your home, including an IOT device, connecting it to your home wi-fi, allows you to attack all your other devices connected to the same access point (keys, passwords);

- experts found a database with unencrypted e-mail addresses and passwords of more than 1 billion users on the Web, put up for sale by a cybercriminal under the pseudonym DoubleFlag (passwords);

- of the 175 million RSA certificates analyzed, over 435,000 are vulnerable to attack. At the international conference IEEE TPS (Trust, Privacy and Security) in Los Angeles, California, a group of researchers from Keyfactor presented these results (vulnerability of key infrastructures in general).

So what will quantum cryptography solve if it is key?
It's nothing.
It's also expensive.
And not for everyone, only those who sit on fiber optic cable.
And also for those who can't visit any website on this device, otherwise they'll get a spy program and steal the keys.

Nothing but a commercial result to the creators, this method does not give. These keys will be stolen the moment they are used for encryption.
And then you will be listened to and read everything that you encrypt, and you will know nothing. End of game.

And in keyless technology, there's nothing to steal, no keys.
Voland.V
Member
**
Offline Offline

Activity: 196
Merit: 95


View Profile WWW
April 14, 2020, 09:32:38 AM
 #129

The Q technology is still in the infant stage just as the blockchain but if we mesh breed them together maybe we can find the answer to this question. I will call this the Quantum egg cracker for now. The chance to crack bitcoin's hash algorithm is high, the probability of Quantum technology is lurking around the corner of its Q dimensional properties.
Let's say 5 years from now.
--------------------------------------
Hacking technology using quantum computers and transmission technology using linked photons are different things.
The name is one thing, and everything is different.
Cnut237
Hero Member
*****
Offline Offline

Activity: 1092
Merit: 621



View Profile
April 14, 2020, 08:17:45 PM
 #130

Modern crooks don't even break pre quantum cryptography, and they never will, they're not smart enough.
They do it in a simple and elegant way - steal keys. And successful, too.
Real cryptography isn't classic cryptography - it's keyless cryptography. There's a theory about this model of encryption that I can send out.

So what will quantum cryptography solve if it is key?

Are we just talking about the distinction between symmetric and asymmetric cryptography?

I don't know about the 'keyless cryptography' you mention, but I suspect it needs a shared something, a key by another name? I think we have mentioned OTPs before. The weakness with OTPs is that initial sharing of the key. QKD used in conjunction with OTP gives a strong solution to that problem. With QKD you can tell when there has been an interception/hacking attempt; it's a great way to share a key. Yes there remain certain vulnerabilities in implementation, it's not perfect, just an improvement on the analogous classical method.

Asymmetric cryptography by contrast is great for things like bitcoin and cryptocurrencies. The problem comes with quantum computers running the Shor algorithm, which obliterates public key cryptography. Where a classical computer takes an unimaginably huge 2128 operations to derive the bitcoin private key, a QC running Shor takes a mere 1283.

"Let all men know how empty and worthless is the power of kings."
Voland.V
Member
**
Offline Offline

Activity: 196
Merit: 95


View Profile WWW
April 15, 2020, 09:52:45 AM
 #131

Modern crooks don't even break pre quantum cryptography, and they never will, they're not smart enough.
They do it in a simple and elegant way - steal keys. And successful, too.
Real cryptography isn't classic cryptography - it's keyless cryptography. There's a theory about this model of encryption that I can send out.

So what will quantum cryptography solve if it is key?

Are we just talking about the distinction between symmetric and asymmetric cryptography?

I don't know about the 'keyless cryptography' you mention, but I suspect it needs a shared something, a key by another name? I think we have mentioned OTPs before. The weakness with OTPs is that initial sharing of the key. QKD used in conjunction with OTP gives a strong solution to that problem. With QKD you can tell when there has been an interception/hacking attempt; it's a great way to share a key. Yes there remain certain vulnerabilities in implementation, it's not perfect, just an improvement on the analogous classical method.

Asymmetric cryptography by contrast is great for things like bitcoin and cryptocurrencies. The problem comes with quantum computers running the Shor algorithm, which obliterates public key cryptography. Where a classical computer takes an unimaginably huge 2128 operations to derive the bitcoin private key, a QC running Shor takes a mere 1283.
----------------------------------
Keyless cryptography doesn't exist anywhere but
1) on this blog:
https://bitcointalk.org/index.php?topic=5204368.40 (from which the administrator deleted about 100 posts of the author);
2) in the theory that is written, can be sent on demand, which justifies the fundamental possibility of such a model;
3) and in one project, which most likely will not be filled with money, because investors do not want to understand the subject at the level that is necessary: https://toxic.chat/.

Each packet of data is encrypted with only its own, brand new encryption scheme, which looks similar to its own key, which has never been negotiated between the parties, never transmitted, stored or generated. So is it a key?
This technology creates its own cryptographically closed communication channel, which is created using ANY INFORMATION, which is sort of a "key" only for the first and second packets of the response data packet, and which is better called a channel identifier than a key. It creates a channel, and is never used again. Moreover, the first data packet sent by this kind of "key" and the second data packet received in response, created with this "key" - have completely different encryption schemes.

Moreover, the presence of this "key" in Eva's hands does not allow her to open the communication channel. To do this, she needs many other things that can be read in the theory of this technology.
 

But as I see it, the biggest bonus to this technology is not that you can't even find and steal your encryption key, but that it provides two-way continuous password-free authentication.
An example of how this works is described in the blog above from today.

Yes, and now phishing, in any form, is just a scary story from the past...
Cnut237
Hero Member
*****
Offline Offline

Activity: 1092
Merit: 621



View Profile
April 15, 2020, 02:46:29 PM
 #132

This technology creates its own cryptographically closed communication channel, which is created using ANY INFORMATION, which is sort of a "key" only for the first and second packets
It's still a shared secret though, right? It's still a key?

Keyless cryptography
Maybe I'm being stupid, but I don't see how this can exist.
Surely there are two ways that the data can be decrypted: either you need a shared secret, or else the communication itself contains the means of deciphering it.
So in the first instance, the secret is the key - whether we call it a key or not, that's what it is.
And in the second instance, there is zero security because anyone can derive the data from a thing that is entirely self-contained.

"Let all men know how empty and worthless is the power of kings."
Voland.V
Member
**
Offline Offline

Activity: 196
Merit: 95


View Profile WWW
April 15, 2020, 06:33:30 PM
 #133

This technology creates its own cryptographically closed communication channel, which is created using ANY INFORMATION, which is sort of a "key" only for the first and second packets
It's still a shared secret though, right? It's still a key?

Keyless cryptography
Maybe I'm being stupid, but I don't see how this can exist.
Surely there are two ways that the data can be decrypted: either you need a shared secret, or else the communication itself contains the means of deciphering it.
So in the first instance, the secret is the key - whether we call it a key or not, that's what it is.
And in the second instance, there is zero security because anyone can derive the data from a thing that is entirely self-contained.

-------------------------------------
It's the exact opposite.
If you have a key, you decrypt any information.

If your key is stolen - having a previously written cipher - they will decrypt the information again.

This function is the key.
What does a key do?
It changes the general encryption scheme to an individual one. That's it. That's it.

If you encrypt the word "hello" today and tomorrow with the same key, you always get an Absolutely SINGLE SHIFT.

It's the other way around. Even the first data pack will be different from the second data pack with the same information and the same "key" - like day and night.

So how can this common secret be called a key?

Think about it.

And as for all other packages, after the second one, for example, if the package has 256 bits, then how do you guess the rule code, it means no key? Even a quantum computer in 100 years can't guess. And if it can guess, then how without a key, without knowledge of the rule, will it understand what it has guessed? Because it's a rule on no other data packet - it won't check.
So where's the public access here? It's top secret.

And the most unusual question is how do you know that this data packet contains information at all?
And if there is, how many bits of 256 contain it?
Do you feel the failure of such hacking attempts?
Cnut237
Hero Member
*****
Offline Offline

Activity: 1092
Merit: 621



View Profile
April 20, 2020, 10:43:05 AM
Merited by Macadonian (2), vapourminer (1)
 #134

There has been another recent advance in quantum computing, which may be an important step towards the development of large scale QCs.

The QCs developed thus far have to work at very low temperatures in order to keep the energy of the system low enough that the qubits remain stable. Very low temperatures, which means close to absolute zero. In practice this means below about 0.1K, or within a tenth of a degree of absolute zero.

A paper last year outlined how in theory this minimum working temperature could be raised to around 1.5 Kelvin. Still absurdly cold, but in relative terms this is a huge jump up from 0.1K. This is a quantum-dot-based system, and the mechanism by which they can work with the higher temperature is by isolating the quantum dots and then using magnetically-controlled electron quantum tunnelling to read the qubit state. (As an interesting aside, it is the phenomenon of quantum tunnelling that sets a barrier to the size reduction of traditional processors, which could end Moore's Law.)

Why does a change from 0.1k to 1.5K mean a big reduction in the difficulty of producing large scale QCs? Well, each time you make the machine bigger, and more powerful, each time you add more qubits, you are introducing extra energy, higher temperatures, which means even more cooling is required. There is a several orders-of-magnitude difference in the dollar cost between cooling to 1.5K and cooling to 0.1K. As one of the paper's authors stated: "This [1.5K] is still very cold, but is a temperature that can be achieved using just a few thousand dollars' worth of refrigeration, rather than the millions of dollars needed to cool chips to 0.1 Kelvin."

So this was the theory, an increase in workable temperature for QCs from 0.1K, up x15 to 1.5K. The big advancement is that this theory has now been experimentally verified, by the team at Delft that I've mentioned in previous posts.

"Let all men know how empty and worthless is the power of kings."
Voland.V
Member
**
Offline Offline

Activity: 196
Merit: 95


View Profile WWW
June 07, 2020, 09:25:14 AM
 #135

There has been another recent advance in quantum computing, which may be an important step towards the development of large scale QCs.

The QCs developed thus far have to work at very low temperatures in order to keep the energy of the system low enough that the qubits remain stable. Very low temperatures, which means close to absolute zero. In practice this means below about 0.1K, or within a tenth of a degree of absolute zero.

A paper last year outlined how in theory this minimum working temperature could be raised to around 1.5 Kelvin. Still absurdly cold, but in relative terms this is a huge jump up from 0.1K. This is a quantum-dot-based system, and the mechanism by which they can work with the higher temperature is by isolating the quantum dots and then using magnetically-controlled electron quantum tunnelling to read the qubit state. (As an interesting aside, it is the phenomenon of quantum tunnelling that sets a barrier to the size reduction of traditional processors, which could end Moore's Law.)

Why does a change from 0.1k to 1.5K mean a big reduction in the difficulty of producing large scale QCs? Well, each time you make the machine bigger, and more powerful, each time you add more qubits, you are introducing extra energy, higher temperatures, which means even more cooling is required. There is a several orders-of-magnitude difference in the dollar cost between cooling to 1.5K and cooling to 0.1K. As one of the paper's authors stated: "This [1.5K] is still very cold, but is a temperature that can be achieved using just a few thousand dollars' worth of refrigeration, rather than the millions of dollars needed to cool chips to 0.1 Kelvin."

So this was the theory, an increase in workable temperature for QCs from 0.1K, up x15 to 1.5K. The big advancement is that this theory has now been experimentally verified, by the team at Delft that I've mentioned in previous posts.
---------------------------------------------------
In early March 2020, Honeywell International joined the race to create a quantum computer. The company is preparing to release the most powerful system in the world.

The manufacturer of industrial equipment for the aerospace sector says its quantum computer will double the performance of the most powerful quantum machine available today. Their new system will have 64 cubic meters, while the fastest quantum computer built by IBM will have 32 cubic meters.

It would seem a bit of progress, which is interesting.

But further interesting, Honeywell claims that they have created a new system with trapped ions that is easily scalable!!! According to engineers, the volume of production of machines will grow by 10 times annually, which by 2025 will provide an increase in productivity of 100,000 times.

And this is already very serious, skeptics of technical progress should reconsider their positions. Development in the field of computing, as history shows, always goes faster than the most daring forecasts. And this news is proof of that.
Cnut237
Hero Member
*****
Offline Offline

Activity: 1092
Merit: 621



View Profile
June 10, 2020, 07:59:36 AM
 #136

In early March 2020, Honeywell International joined the race to create a quantum computer. The company is preparing to release the most powerful system in the world.

The manufacturer of industrial equipment for the aerospace sector says its quantum computer will double the performance of the most powerful quantum machine available today. Their new system will have 64 cubic meters, while the fastest quantum computer built by IBM will have 32 cubic meters.

Whilst it's good that more companies are getting involved, I'm extremely skeptical of Honeywell's claim. Their assessment is based on the assumption that Quantum Volume is the defining metric for QC power, and that's very much open to question. Quantum Volume is the metric that IBM uses:

Quantum Volume (QV) is a hardware-agnostic metric that we defined to measure the performance of a real quantum computer. Each system we develop brings us along a path where complex problems will be more efficiently addressed by quantum computing; therefore, the need for system benchmarks is crucial, and simply counting qubits is not enough. As we have discussed in the past, Quantum Volume takes into account the number of qubits, connectivity, and gate and measurement errors. Material improvements to underlying physical hardware, such as increases in coherence times, reduction of device crosstalk, and software circuit compiler efficiency, can point to measurable progress in Quantum Volume, as long as all improvements happen at a similar pace.

The thing is... absolutely no-one else uses that metric. IBMs QC is currently the most powerful in the world, based on Quantum Volume, because it is the only one that uses Quantum Volume as a metric.
It looks like Honeywell are trying to put out a QC that is more powerful than IBM's, using Quantum Volume to determine that power... thereby becoming the "most powerful" QC in the world by improving on its only competitor on that metric.

It is great that another company is entering the space, and it will certainly be a big achievement if newcomers Honeywell can out-perform IBM... I just think that the "most powerful" claim is a little misleading.

"Let all men know how empty and worthless is the power of kings."
Voland.V
Member
**
Offline Offline

Activity: 196
Merit: 95


View Profile WWW
June 10, 2020, 06:37:01 PM
 #137

In early March 2020, Honeywell International joined the race to create a quantum computer. The company is preparing to release the most powerful system in the world.

The manufacturer of industrial equipment for the aerospace sector says its quantum computer will double the performance of the most powerful quantum machine available today. Their new system will have 64 cubic meters, while the fastest quantum computer built by IBM will have 32 cubic meters.

Whilst it's good that more companies are getting involved, I'm extremely skeptical of Honeywell's claim. Their assessment is based on the assumption that Quantum Volume is the defining metric for QC power, and that's very much open to question. Quantum Volume is the metric that IBM uses:

Quantum Volume (QV) is a hardware-agnostic metric that we defined to measure the performance of a real quantum computer. Each system we develop brings us along a path where complex problems will be more efficiently addressed by quantum computing; therefore, the need for system benchmarks is crucial, and simply counting qubits is not enough. As we have discussed in the past, Quantum Volume takes into account the number of qubits, connectivity, and gate and measurement errors. Material improvements to underlying physical hardware, such as increases in coherence times, reduction of device crosstalk, and software circuit compiler efficiency, can point to measurable progress in Quantum Volume, as long as all improvements happen at a similar pace.

The thing is... absolutely no-one else uses that metric. IBMs QC is currently the most powerful in the world, based on Quantum Volume, because it is the only one that uses Quantum Volume as a metric.
It looks like Honeywell are trying to put out a QC that is more powerful than IBM's, using Quantum Volume to determine that power... thereby becoming the "most powerful" QC in the world by improving on its only competitor on that metric.

It is great that another company is entering the space, and it will certainly be a big achievement if newcomers Honeywell can out-perform IBM... I just think that the "most powerful" claim is a little misleading.
---------------------
Yeah, what the Chinese company's really doing is probably not coming out. The fact that they have gathered a large number of specialists in this field from all over the world (practically) (I don't know what level) is a fact. It's a fact that China, in the last 10 years, has been particularly astounding with its technological achievements even for the biggest skeptics. Also, everyone who observes can see that China has very big and ambitious plans for the future, and our future is the digital world. Consequently, we can assume that they have taken the creation of their quantum technologies very seriously, especially since the quantum Internet has long been a practical thing, not a theory. Even earlier, in the open sources, a lot was said about how well developed the use of spy technologies - this very Chinese company.
All of this is more than convincing evidence that the Chinese will not lag behind the world and in the development of a quantum computer.
And what cities this same company is building for European specialists, who are invited to work, a dream...   
amnakhan2020
Newbie
*
Offline Offline

Activity: 22
Merit: 0


View Profile
June 28, 2020, 09:37:16 AM
 #138

You can change the algorithms of all the active wallets, but some wallets have lost keys or the people who had those keys died and they can't change the signing algorithm which means those wallets will be captured by quantum computers. So we will know what quantum computers exist when satoshi's coins move... That's one of the reasons why they will move. Eventually they will move and they will move because eventually someone will be able to break the keys. But for the rest of the eco system we can migrate quite easily to another algorithm. It's not really as big of a threat that people think it is."
AverageGlabella
Hero Member
*****
Offline Offline

Activity: 494
Merit: 651



View Profile
July 08, 2020, 07:44:37 AM
Merited by vapourminer (1)
 #139

You can change the algorithms of all the active walle