Bitcoin Forum
February 27, 2020, 03:04:11 AM *
News: Latest Bitcoin Core release: 0.19.0.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 [5] 6 »  All
  Print  
Author Topic: I don't believe Quantum Computing will ever threaten Bitcoin  (Read 2477 times)
Voland.V
Member
**
Offline Offline

Activity: 84
Merit: 67


View Profile WWW
December 04, 2019, 07:15:16 PM
Merited by Welsh (2), vapourminer (1)
 #81

Quote
I don't believe Quantum Computing will ever threaten Bitcoin

We think that the developers had made huge gains in that area and that they - large enough for any calculation - already exist. But the digital world is not prepared for quantum computing so they are introducing it step by step - like Google's sycamore - to have a smooth change to post quantum computing.
------------------------------------------
Quantum computers are not as far from life as you think. Look at Amazon's new services. Offer for commercial use. And why is everyone obsessed with these qubit calculators?

Cryptography on elliptic curves has compromised itself for a long time, they just don’t write about it.
The discovery was made not by full-time employees of GCHQ (a division of the special services of England), but by mathematicians of the CESG division, which is responsible for national ciphers and the protection of government communications systems in the UK. And the close interaction between the GCHQ and the NSA of the USA takes place primarily along the lines of joint intelligence activities. In other words, since the NSA also has its own IAD (Information Assurance Directorate) department, specializing in the development of cryptographic algorithms and information protection, the discovery of British colleagues was a complete surprise for the mathematicians of this unit. And for the first time they learned about it from their fellow spies who closely interact with the British ...
Blockchain is hanging by a thread. The blockchain is saved by the non-compromised hashing function and its massive use.
The most secret and powerful special service in the world (USA) back in 2015 FORBIDDEN to use ECC on which the ECDSA in Bitcoin is based. This organization just does nothing.
1582772651
Hero Member
*
Offline Offline

Posts: 1582772651

View Profile Personal Message (Offline)

Ignore
1582772651
Reply with quote  #2

1582772651
Report to moderator
1582772651
Hero Member
*
Offline Offline

Posts: 1582772651

View Profile Personal Message (Offline)

Ignore
1582772651
Reply with quote  #2

1582772651
Report to moderator
1582772651
Hero Member
*
Offline Offline

Posts: 1582772651

View Profile Personal Message (Offline)

Ignore
1582772651
Reply with quote  #2

1582772651
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1582772651
Hero Member
*
Offline Offline

Posts: 1582772651

View Profile Personal Message (Offline)

Ignore
1582772651
Reply with quote  #2

1582772651
Report to moderator
1582772651
Hero Member
*
Offline Offline

Posts: 1582772651

View Profile Personal Message (Offline)

Ignore
1582772651
Reply with quote  #2

1582772651
Report to moderator
1582772651
Hero Member
*
Offline Offline

Posts: 1582772651

View Profile Personal Message (Offline)

Ignore
1582772651
Reply with quote  #2

1582772651
Report to moderator
Cnut237
Sr. Member
****
Offline Offline

Activity: 938
Merit: 434


First 100% Liquid Stablecoin Backed by Gold


View Profile
December 05, 2019, 01:56:44 PM
 #82

QKD
-snip-

This method is not for the average user with a device connected to a wifi point. This is for special organizations.
It's for the average user. If the average user is connecting to wifi, to the internet, then they can connect to an unhackable quantum internet, too. There is a lot of work going on in this area, using the fundamental properties of quantum mechanics to create an inherently unhackable network. It's not just the Chinese, take Europe's Quantum Internet Alliance as another example - a summary of their work is here... and there's a more mainstream-friendly article here.



Voland.V
Member
**
Offline Offline

Activity: 84
Merit: 67


View Profile WWW
December 06, 2019, 07:23:05 AM
Merited by Welsh (4), Halab (2), o_e_l_e_o (2), ETFbitcoin (1), Danydee (1), Heisenberg_Hunter (1)
 #83

QKD
-snip-

This method is not for the average user with a device connected to a wifi point. This is for special organizations.
It's for the average user. If the average user is connecting to wifi, to the internet, then they can connect to an unhackable quantum internet, too. There is a lot of work going on in this area, using the fundamental properties of quantum mechanics to create an inherently unhackable network. It's not just the Chinese, take Europe's Quantum Internet Alliance as another example - a summary of their work is here... and there's a more mainstream-friendly article here.

----------------------
Yes everything is correct.
Quantum Internet, more correctly called photon.
This is a network section having either physical optical fiber, or photons can be transmitted via "air", within sight. It is this version of the quantum-photon Internet "over the air" that has been successfully tested in the United States, it seems back in 1987. Then they transmitted 300 meters a signal from the roof of one building to the roof of another. Then they experienced photon amplifiers, and it seems to be successful.
This is an old, well-known, tested technology, based on fundamental knowledge of physics at the level of secondary general education.

Yes, no one will attack you in the photon communication channel, there is no sense. Your wifi, your device will attack, everything is as usual. Just like it is doing now.
In addition, the photon Internet, in the case of a Wifi access point, does not save you from phishing (81% of all attacks), nor from a person in the middle, or from the danger of quantum computing of your key information.

There is no way to do without a new post-quantum cryptography.
Therefore, I think that this method is not for us, ordinary users, moreover, it will not give anything if you have a wifi next. But for special organizations - what you need.

The tasks that this Internet performs in the foreseeable future are limited to the task of transmitting the secret key for symmetric systems, without using asymmetric ones.
Such an Internet, or rather a section of the Internet, since we have to use either Wi-Fi, or the 3,4,5G Internet, does not solve the problem of a system of trust in your public key. With all the ensuing consequences.
What's bad about this is that the user is even more careless.
Yes, we also forgot the attacks on the server side of the network.
In addition, we, everyday users of cryptography are always using in our interests, not negotiating us everything that they know.
So, there are interesting facts about the dangers of cryptography on elliptic curves. And on this cryptography our blockchain is based (more precisely, its digital signature). If there is interest in what we are not being negotiated with, you can read my post dated December 04: https://bitcointalk.org/index.php?topic=5204368.40

You need to be careful about all offers, especially in the field of digital security. Our safety is only in our hands.
Voland.V
Member
**
Offline Offline

Activity: 84
Merit: 67


View Profile WWW
December 06, 2019, 07:30:46 AM
 #84

At the link above, in a post dated December 04, the question is described:

"This material reasonably answers important 2 questions:

1. Is cryptography on elliptic curves so safe as we think?

2. Are quantum computations really dangerous for
modern public key cryptosystems?"

https://bitcointalk.org/index.php?topic=5204368.40
Cnut237
Sr. Member
****
Offline Offline

Activity: 938
Merit: 434


First 100% Liquid Stablecoin Backed by Gold


View Profile
December 06, 2019, 09:54:49 AM
 #85

There is no way to do without a new post-quantum cryptography.

Some approaches to post-quantum cryptography do show huge promise, I'll agree with that, as we've covered on previous pages.

I was trying to make the distinction between post-quantum cryptography which uses classical approaches, and quantum cryptography, which exploits the inherent 'unhackability' of quantum mechanics. Significant progress is being made in QC as well as in PQC.

The difference is between PQC being theoretically unhackable because of complex and esoteric maths, and QC being fundamentally unhackable because of the underlying laws of physics. Both approaches have merit, but the discussion is always around PQC. I thought it was time that QC had a voice, too.

TechPriest
Sr. Member
****
Offline Offline

Activity: 386
Merit: 276


Finis coronat opus


View Profile
December 06, 2019, 11:07:29 AM
Last edit: December 15, 2019, 11:30:46 AM by TechPriest
 #86

Why not find out a technology that can prevent us from the attacks of QC? If QC and other things were imagined and have become truth now, there must be something that can abolish their twitches and burst the bubble before it becomes too big to stop you from breathing.
Approaching it where the problem is QC (theory only) it should be answered by the same powerful thing, QC. It’s like fighting fire with fire, but everything is digital.
We are not there yet where it’s applicable already.

I would not so optimistic about QC. The main problem of their realization, is the problem of symmetry. FT transformations (its composition of Fredkin gate and Toffoli gate) will destroy quantum entanglement in bosons. "raw" fermions can't be used for QC too because, if we have more than 3 qubits, than their result vector will be 0, so we can't calculate anything with it.

As i read last time, scientists want to use "fermionic lattices" . But it will be really hard to impelement it in real technology, because it much harder to control such "lattice". In "lattice" you need to control n states in n qubits, but in "raw" QC without such lattices it would be enough to control just 2 states in n qubits.

And for "ECDSA hack" we need thousands of qubits (and now have just a 50 qubits, after 40 year of QC research start).

my understanding is that ECDSA will eventually be vulnerable to quantum computers. SHA-256 not so much.

You're right. But let us be more specific:
Every public key cryptography is vunerable to quantum computing due to Shor's algorithm (for integer factorization and discrete logarithm). SHA 256 is not vunerable in meaning that there is not any quantum algorithm which breaks it fast. But it's vunerable in meaning that quantum computers may be incomparably powerful (in million times) compared to today's computer.

Also, it's interesting that we don't have any quantum computer for now (and i doubt that we will have one, with all it's "magical" capabilities) but we already have post quantum RSA


In science we trust!
Voland.V
Member
**
Offline Offline

Activity: 84
Merit: 67


View Profile WWW
December 06, 2019, 03:29:02 PM
Merited by Welsh (4), Cnut237 (2), o_e_l_e_o (2), vapourminer (1), Danydee (1)
 #87

You are mistaken if you think that ESDSA can be wrecked only by exhaustive search (brute force attack). This is a common misconception, which is supported by the majority.
And if I allow myself to object.

In the sense that there are other dangers in this area of ​​cryptography.
The danger of cryptography on elliptic curves lies in the elliptic curves themselves. They have collisions. That is why, back in 2015, the NSA (USA) opposed this type of cryptography, despite the fact that it had previously campaigned only for this cryptography. And after 2015, she again returned to the old SAR system. And this despite the very long key length relative to the ECC keys.
Let's do it in order.

1. Collisions of elliptic curves themselves.
The National Institute of Standards and Technology (USA) NIST is involved in the development of standards and specifications. The problem is that some classes of elliptic curves are weak. Specialists have a question, where do the random generating values ​​for the elliptic curves of standardized NIST come from? Answer: unfortunately, we do not know. These values ​​have no justification.

For this reason, the following question arises: is it possible that NIST detected a “significantly larger” class of weak elliptic curves than is commonly believed, tried various possible variants of generating values ​​and found vulnerabilities and is silent? After all, such finds can be used for "their own purposes", these are holes in the security system.

I do not have an answer to this question either, but this is a logical and important question. We know that NIST has at least successfully standardized a vulnerable random number generator (a generator that, oddly enough, is based on the same elliptic curves).

Perhaps he successfully standardized many other weak elliptic curves?
How to check it?
No way.

For example, there are standard NIST curves based on numbers, verifiable random, of understandable origin:
- random numbers for MD5 (hashing algorithm) are obtained from the sine of integers;
- random numbers for Blowfish (a symmetric block encryption algorithm with a variable key length) are obtained from the first numbers of Pi;
- random numbers for RC5 (a block cipher with a variable number of rounds, a variable length of a key and a block) are obtained from the "Euler number" and the golden ratio numbers.
It is important to understand that “verifiable random” and “protected” are not synonyms, but here we at least understand their origin.

2. The situation around this system is very ambiguous.
I do not want to repeat a very large text with verifiable facts. But if you are not afraid, then you can read how it was and check the information.
I described this in my post on December 04, there are 2 posts from one number, read the second, topic:
--------------------
This material reasonably answers important 2 questions:
1. Is cryptography on elliptic curves so safe as we think?
2. Are quantum computations really dangerous for
modern public key cryptosystems?
..............................
Link: https://bitcointalk.org/index.php?topic=5204368.40

3. What gives us the expected quantum Internet?
It would be correct to call it photonic. Photons can be transmitted not only via fiber optic cable, but also "over the air." Which was tested successfully in the last century.
But, this technology is applicable only to special organizations, in the option "only photon interent". We, in everyday life, will have to use sections of wifi or 3-5G to the fiber optic section. And this means all the problems - come back, phishing, attacks on devices, a person in the middle, etc.

Moreover, quantum Internet is needed only for the safe transfer of a symmetric key, in the absence of a post-quantum cryptosystem with a pair of keys. Symmetric cryptography is able to create a closed communication channel, safe, easier, more practical, cheaper than the proposed technology of quantum Internet.

For this reason, post-quantum cryptography cannot be dispensed with, especially in the post-quantum world.
Cnut237
Sr. Member
****
Offline Offline

Activity: 938
Merit: 434


First 100% Liquid Stablecoin Backed by Gold


View Profile
December 13, 2019, 10:18:12 AM
Merited by Welsh (14), o_e_l_e_o (2), vapourminer (1)
 #88

3. What gives us the expected quantum Internet?
It would be correct to call it photonic. Photons can be transmitted not only via fiber optic cable, but also "over the air." Which was tested successfully in the last century.
But, this technology is applicable only to special organizations, in the option "only photon interent". We, in everyday life, will have to use sections of wifi or 3-5G to the fiber optic section. And this means all the problems - come back, phishing, attacks on devices, a person in the middle, etc.

It depends what we are sending over traditional hackable channels. Thinking in classical terms, you send the entire communication through that route, and so you introduce vulnerabilites. But using a quantum approach, it doesn't have to be that way. Quantum entanglement offers a solution - if the entangled photons are sent one to each party, sender and recipient, then the sender can make their photon interact with the data they want to transmit. This measurement alters the entangled photon at the other end as well - transmission of information via this method is Einstein's famous 'spooky action at a distance', a.k.a. quantum teleportation. The thing that is then sent through the classical channel is only the result of the measurment, the interaction between the sender's entangled photon and the information they wish to transmit. Anyone who hacks this message gains nothing, as it is meaningless by itself.

However once the legitimate recipient receives this information, they can then decode the message, because they have the other photon. It is fundamentally unhackable because only sender and recipient have the entangled photons, and because the laws of quantum mechanics mean that any act of measurement, which includes any attempt at hacking or eavesdropping at either the sender's or the recipients' end, alters the state of the entangled photon at the other end, too.

It's this sort of approach that makes me think that quantum cryptography (as opposed to post-quantum cryptography) has a lot of merit. Lattices and elliptic curves and so forth are not fundamentally unhackable due to laws of nature, whereas processes exploiting the laws of quantum mechanics are - or at least can be.

There will of course be huge technical challenges in implementing a quantum-cryptography approach... but work is underway, not just by the Chinese but also at QuTech in the Netherlands (where they are trying out quantum teleportation, as in the link I gave previously).

Here's a diagram giving a brief summary of how quantum entanglement can lead to an unhackable solution (again from my previous link). The pictures are perhaps more eloquent than my chaotic rambling:


Voland.V
Member
**
Offline Offline

Activity: 84
Merit: 67


View Profile WWW
December 13, 2019, 02:01:46 PM
 #89

3. What gives us the expected quantum Internet?
It would be correct to call it photonic. Photons can be transmitted not only via fiber optic cable, but also "over the air." Which was tested successfully in the last century.
But, this technology is applicable only to special organizations, in the option "only photon interent". We, in everyday life, will have to use sections of wifi or 3-5G to the fiber optic section. And this means all the problems - come back, phishing, attacks on devices, a person in the middle, etc.

It depends what we are sending over traditional hackable channels. Thinking in classical terms, you send the entire communication through that route, and so you introduce vulnerabilites. But using a quantum approach, it doesn't have to be that way. Quantum entanglement offers a solution - if the entangled photons are sent one to each party, sender and recipient, then the sender can make their photon interact with the data they want to transmit. This measurement alters the entangled photon at the other end as well - transmission of information via this method is Einstein's famous 'spooky action at a distance', a.k.a. quantum teleportation. The thing that is then sent through the classical channel is only the result of the measurment, the interaction between the sender's entangled photon and the information they wish to transmit. Anyone who hacks this message gains nothing, as it is meaningless by itself.

However once the legitimate recipient receives this information, they can then decode the message, because they have the other photon. It is fundamentally unhackable because only sender and recipient have the entangled photons, and because the laws of quantum mechanics mean that any act of measurement, which includes any attempt at hacking or eavesdropping at either the sender's or the recipients' end, alters the state of the entangled photon at the other end, too.

It's this sort of approach that makes me think that quantum cryptography (as opposed to post-quantum cryptography) has a lot of merit. Lattices and elliptic curves and so forth are not fundamentally unhackable due to laws of nature, whereas processes exploiting the laws of quantum mechanics are - or at least can be.

There will of course be huge technical challenges in implementing a quantum-cryptography approach... but work is underway, not just by the Chinese but also at QuTech in the Netherlands (where they are trying out quantum teleportation, as in the link I gave previously).

Here's a diagram giving a brief summary of how quantum entanglement can lead to an unhackable solution (again from my previous link). The pictures are perhaps more eloquent than my chaotic rambling:


---------------------------------
You probably know more than me.

Explain how you can have a photon associated with the transmitted, if you are not connected directly to the photon transmission channel?

If you, more precisely your device, are the locator in the same “photon” system with the transmitting device, then physics will work.

And if you hold in your hand a smartphone that is connected to the Internet via 3,4,5-G, then how will you have a coupled photon?

In addition, it is such an expensive pleasure that quantum cryptography (photon transmission), as far as I know, is needed only in order to exchange the same private keys in this way to use a symmetric encryption system. For the reason that the symmetric AES-256 is not opened by any quantum computer, because in the symmetric key any variant of a key of two to the power of 256 is possible.

And in asymmetric - far from it. For example, in RCA, a key length of 15,300 bits is equal in strength to a 256-bit key in AES.

I do not discuss elliptic cryptography - it is probably hacked for a long time and completely not by exhaustive search, but by cryptanalysis and the presence of vulnerabilities in the elliptic curves themselves.
In serious organizations, it is prohibited for use.

If in a symmetric AES system you increase the key by 2 times (256-512), then the load on the computer will increase by about 2 times.

If you increase the key by 2 times in RCA, then the load will increase by 8 times with a key length of 1024 bits - 2048 bits.

Therefore, in quantum cryptography - it makes no sense. There is a post-quantum AES system, and all she needs is to exchange keys without using dangerous asymmetric cryptography.

Therefore, if you have a smartphone with Wi-Fi, then no quantum Internet will help you, only post-quantum cryptography.
Cnut237
Sr. Member
****
Offline Offline

Activity: 938
Merit: 434


First 100% Liquid Stablecoin Backed by Gold


View Profile
December 16, 2019, 08:46:29 AM
Last edit: December 16, 2019, 06:36:29 PM by Cnut237
Merited by Welsh (2), o_e_l_e_o (2), vapourminer (1)
 #90

You probably know more than me.
I know a little about quantum mechanics, and next to nothing about cryptography.

Explain how you can have a photon associated with the transmitted, if you are not connected directly to the photon transmission channel?
And if you hold in your hand a smartphone that is connected to the Internet via 3,4,5-G, then how will you have a coupled photon?
Micius has demonstrated QKD wirelessly via satellite. There have been demonstrations using traditional fibre-optic lines, but the entangled state is more vulnerable to collapse using this approach, so satellite may be the better option.

A pair of entangled photons is generated using an interferometer, and one photon is sent to each party in the communication. If in the Micius example you can communicate with the satellite, then you can receive the photon.

They aim to have a global quantum network in place by 2030. I have no opinion on whether or not 2030 is realistic.

If in a symmetric AES system you increase the key by 2 times (256-512), then the load on the computer will increase by about 2 times.
If you increase the key by 2 times in RCA, then the load will increase by 8 times with a key length of 1024 bits - 2048 bits.

Therefore, in quantum cryptography - it makes no sense.
Quantum cryptography doesn't rely so much on key complexity, it relies more on quantum entanglement, and the fact that a measurement of one photon disturbs the other photon. Hacking is not possible based on the laws of quantum mechanics as we understand them.

I'm not suggesting that quantum cryptography is the only or best approach, just that work is progressing here and it's not necessarily only post-quantum cryptography that should be discussed. There have been objections to QKD itself, but again work is progressing towards better solutions - Kak's 3 stage protocol for example (basically a quantum version of double-lock):


https://www.researchgate.net/profile/Partha_Basuchowdhuri/publication/1960902/figure/fig2/AS:279938969161741@1443754059593/Kaks-three-stage-protocol.png

Thekool1s
Legendary
*
Offline Offline

Activity: 1372
Merit: 1167


LuckyB.it is Back!


View Profile WWW
December 18, 2019, 04:55:48 PM
 #91

I have really learnt so much from this thread. I feel like the discussion now needs to heads towards Mining. How Quantum Computers could affect mining and Decentralized aspect of the CryptoCurrencies. One of the thing which is mainly agreed in this thread is a move will be made towards "Quantum resistant Algo", which will prevent Quantum computers to break private keys but what about mining? Given that Quantum computers will be only a few in numbers, Basically these few "companies" would become the centralized figurehead for "Cryptocurrencies". Since there won't be a mining competition how will "cryptocurrencies" survive? Since currently, One of the reasons why people use Cryptos is their Decentralized aspect.

I will give FB's Libra's example. E.g FB gets their hand on one of few early "Quantum computers" they could basically make Libra stand out because it will be the only coin with the most "hashing" power / most secure, but they could easily decide which coin lives and which dies. Basically, if mark then wanted to mine BTCs, even after implementing the "Quantum Resistant" algos, Mark could just mine every block since he will have the most "hashing" power. I'm not familiar with How "Anti Asic" algos for mining work, but could in theory "Anti Quantum" algos could be made for Mining which could prevent this Centralization?

                         ▄▄▄▄▄▄
             ▄▄█████▄▄███████████▄▄
     ▄▄    ▄████▀▀█████▀▀▀  ▄███████▄
  ▄█████  ████    ███▀     ███▀▀▀████▌
 ▐██▀    ████    ▐██▀  ▄  ▐███    ███▌
 ▐██▄   █████  ▄▄███  ███ ███▌   ▄███
  ▀█████████████████▄███ ▐█████████▀
    ▀▀▀▀████▀▀  ▀▀████▀  ██████████
       ▐███▌            ▐███    ▀███▄
       ████             ███▌     ████
    ▄▄█████       ▄██▄ ▐███     ▄███▀
 ▄███████████▄▄▄█████▀ █████▄▄▄████▀
█████▀▀▀▀██████████▀ ▐███████████▀
▀▀          ▀▀▀▀▀     ▀▀▀▀  ▀▀▀













██████████████████
████████████████████████
████████████████████████████
███████████████████████▀▀    ███
████████████████████▀▀   ▄▄██  ███
██████████████████▀▀   ▄▄██████  █████
██
████████████▀▀   ▄▄██████████  █████
███
████████▀▀   ▄▄██████████████  ██████
██
█████▀▀   ▄▄██████████████████  ██████
██
██▀   ▄▄██████████████████████  ██████
██
██
▄▄██████████████████████████  ██████
██
██
████████████████████████████  ██████
███
██
███████████████████████████  ██████
██
███
█████████████████████████  █████
████
██
█████████████████████████  █████
███
██
████████████████████████████
███
████
██████████████████████████
████
█████
███████████████████
██████
██████████████████
██████████████████












● Great Prizes
● Trophies
● The Original Plinko
● Great Community
● Chat Lotto
● Low House Edge
QuickReview
Newbie
*
Offline Offline

Activity: 6
Merit: 0


View Profile
December 18, 2019, 05:50:10 PM
 #92

I have really learnt so much from this thread. I feel like the discussion now needs to heads towards Mining. How Quantum Computers could affect mining

The first quantum computers won't be able to mine Bitcoin because they will not have enough qubits to get the hash of the next block. For that task 2^128 basic quantum operations are needed. That is something for the "second generation quantum computers".
But to get the privatekey only 128^3 basic quantum operations are sufficient and will be within the range of "first generation quantum computers".
https://en.bitcoin.it/wiki/Quantum_computing_and_Bitcoin

edit

The only thing that quantum computers can do is to speed up the calculation of SHA256 hashes. Even if its faster than normal computers by a factor of thousands, the ASICs would still be way faster than quantum computers. The difficulty will rise and the network would continue as per normal.
 

i dont think qunatum computers can speed up hashing, but anyway this is not what is meant by 'cracking' sha256.

Concerning quantum computers and cryptography, there are two totally different aspects.

1) quantum computers, if ever they come into existence with a lot of qubits (which I personally doubt, but ok), can TOTALLY CRACK the current public key systems based on prime factorisation (RSA, Diffie-Hellmann) or based upon discrete logarithms in groups (elliptic curve crypto).  The algorithm to do so is known, it is Shor's algorithm.  By TOTALLY I mean totally: just ANY key can be cracked in a matter of milliseconds, on the condition that the quantum computer has more qubits than (a few times) the key length.  If such a quantum computer exists, there is simply no difficulty in cracking the key, it doesn't take "days" or anything because the difficulty goes LOGARITHMIC with Shor's algorithm.

2) however, for hash functions, and symmetric crypto like AES-256, it can be shown that a quantum computer can AT BEST use Grover's algorithm to crack it.  Grover's algorithm doesn't crack entirely a hash function, but essentially HALVES ITS BIT STRENGTH.  So a SHA-256 hash (with 256 bits) would not require 2^256 trials like on a classical computer, but "only" 2^128 trials on a quantum computer, which is STILL IMPOSSIBLE to do practically.  Most people think that quantum computers will, if ever they exist, run much slower than classical machines, so 2^128 trials on a quantum machine will be much harder to solve than 2^128 trials on a classical machine.

So while quantum computers can speed up hash function searching, they won't crack it entirely.  The interesting thing is that under certain conditions, it has been established that Grover's algorithm is the best possible one on a quantum machine, to attack a random hash function.

==> big hash functions are still secure against quantum attacks ; most current public key crypto is totally broken by quantum attacks.

This is why it is somewhat strange, in the bitcoin protocol, to have hashed the public key to 160 bits, and not have kept the 256 bits.  If the menace of a quantum attack were the reason for this, it would have been wiser to keep the 256 bit hash as an address instead of the 160 ripemd hash, because under grover's algorithm this would become only 80 bits secure, while the 256 bit hash would remain 128 bit secure under a quantum attack, which is the same level of *classical* security offered by the elliptic curve signature scheme - which wouldn't survive, by itself, a quantum attack.  This is one of the peculiar crypto design "features" of bitcoin...
gogxmagog
Legendary
*
Offline Offline

Activity: 1330
Merit: 1004


View Profile
December 19, 2019, 10:50:55 AM
 #93

(Frequently Asked Quantum Questions)

https://faqq.info  Cool Wink
Thekool1s
Legendary
*
Offline Offline

Activity: 1372
Merit: 1167


LuckyB.it is Back!


View Profile WWW
December 19, 2019, 01:05:20 PM
 #94

Quote
That is something for the "second generation quantum computers".

Even if you say these will be "The  Second generation of Quantum Computers" the fact remains that these will be only a few in numbers at first, It took decades for "Personal Computers" to roll out after the invention of first few generations. It will be same with the Quantum Computers I believe, Just like its mentioned in this thread currently a Below 0 degree temperature is required to run today's "Quantum Computers". So when these 2nd, 3rd or 4th whatever generation it may be, become a reality. Everybody won't have these in their basements... Only a select few will have the opportunity to work with them. What will happen to the "Decentralized" nature of the CryptoCurriences?

I mean if you look at companies like Bitmain, they use their Asics first and mine the S**t out of them, driving up the hash rate, Once they are done they sell their stuff to the public. All I am saying is will we be able to "save" the decentralized nature of Cryptocurrencies. Once these "Super Machines" become a reality?

                         ▄▄▄▄▄▄
             ▄▄█████▄▄███████████▄▄
     ▄▄    ▄████▀▀█████▀▀▀  ▄███████▄
  ▄█████  ████    ███▀     ███▀▀▀████▌
 ▐██▀    ████    ▐██▀  ▄  ▐███    ███▌
 ▐██▄   █████  ▄▄███  ███ ███▌   ▄███
  ▀█████████████████▄███ ▐█████████▀
    ▀▀▀▀████▀▀  ▀▀████▀  ██████████
       ▐███▌            ▐███    ▀███▄
       ████             ███▌     ████
    ▄▄█████       ▄██▄ ▐███     ▄███▀
 ▄███████████▄▄▄█████▀ █████▄▄▄████▀
█████▀▀▀▀██████████▀ ▐███████████▀
▀▀          ▀▀▀▀▀     ▀▀▀▀  ▀▀▀













██████████████████
████████████████████████
████████████████████████████
███████████████████████▀▀    ███
████████████████████▀▀   ▄▄██  ███
██████████████████▀▀   ▄▄██████  █████
██
████████████▀▀   ▄▄██████████  █████
███
████████▀▀   ▄▄██████████████  ██████
██
█████▀▀   ▄▄██████████████████  ██████
██
██▀   ▄▄██████████████████████  ██████
██
██
▄▄██████████████████████████  ██████
██
██
████████████████████████████  ██████
███
██
███████████████████████████  ██████
██
███
█████████████████████████  █████
████
██
█████████████████████████  █████
███
██
████████████████████████████
███
████
██████████████████████████
████
█████
███████████████████
██████
██████████████████
██████████████████












● Great Prizes
● Trophies
● The Original Plinko
● Great Community
● Chat Lotto
● Low House Edge
QuickReview
Newbie
*
Offline Offline

Activity: 6
Merit: 0


View Profile
December 19, 2019, 03:52:41 PM
 #95

I mean if you look at companies like Bitmain, they use their Asics first and mine the S**t out of them, driving up the hash rate, Once they are done they sell their stuff to the public.
Guess, what some private quantum computer developers will make before maybe selling it.
I do not know why people think that Bitcoin security will stop as is and too worried about quantum computers.  It maybe a threat but I am sure, Bitcoin developers will find way to level Bitcoin's security up before that happen.
That's not an issue. Bitcoin developers have already post quantum solutions.
But there are lots of 'shalecoins', https://bitcointalk.org/index.php?topic=5134441.0 coins with no owner. With quantum computers, these coins will become active and change the Bitcoin ecosystem.

Satoshi had already thought of the quantum computers, and the possible decoding of the privatekeys if it became available, ..
His coins would be quantum secured, if he sent them to P2PKH addresses. But he did not and isn't doing.

All I am saying is will we be able to "save" the decentralized nature of Cryptocurrencies. Once these "Super Machines" become a reality?
Yes, we will still have decentralized cryptos. It depends on us which coins will exist pre- and post-quantum. What we need is a quantum resistant signature system on the Bitcoin network now, even if we don't have to use it but it should be possible if we wanted to.

And for the "second generation quantum computers" people are already developing post SHA-hash signature systems. So we would then change to post SHA-hash signature systems before "second generation quantum computers" exist.
Voland.V
Member
**
Offline Offline

Activity: 84
Merit: 67


View Profile WWW
December 21, 2019, 04:12:03 PM
Merited by vapourminer (1)
 #96

You probably know more than me.
I know a little about quantum mechanics, and next to nothing about cryptography.

Explain how you can have a photon associated with the transmitted, if you are not connected directly to the photon transmission channel?
And if you hold in your hand a smartphone that is connected to the Internet via 3,4,5-G, then how will you have a coupled photon?
Micius has demonstrated QKD wirelessly via satellite. There have been demonstrations using traditional fibre-optic lines, but the entangled state is more vulnerable to collapse using this approach, so satellite may be the better option.

A pair of entangled photons is generated using an interferometer, and one photon is sent to each party in the communication. If in the Micius example you can communicate with the satellite, then you can receive the photon.

They aim to have a global quantum network in place by 2030. I have no opinion on whether or not 2030 is realistic.

If in a symmetric AES system you increase the key by 2 times (256-512), then the load on the computer will increase by about 2 times.
If you increase the key by 2 times in RCA, then the load will increase by 8 times with a key length of 1024 bits - 2048 bits.

Therefore, in quantum cryptography - it makes no sense.
Quantum cryptography doesn't rely so much on key complexity, it relies more on quantum entanglement, and the fact that a measurement of one photon disturbs the other photon. Hacking is not possible based on the laws of quantum mechanics as we understand them.

I'm not suggesting that quantum cryptography is the only or best approach, just that work is progressing here and it's not necessarily only post-quantum cryptography that should be discussed. There have been objections to QKD itself, but again work is progressing towards better solutions - Kak's 3 stage protocol for example (basically a quantum version of double-lock):


https://www.researchgate.net/profile/Partha_Basuchowdhuri/publication/1960902/figure/fig2/AS:279938969161741@1443754059593/Kaks-three-stage-protocol.png
------------------
Quantum cryptography and quantum internet are photonic systems.
There are no quants there, there are quantum states of photons, such as the spin of a photon.

This is a game of words - "quantum Internet" or "quantum cryptography" - which greatly confuses its understanding by amateurs.

Let's see the essence, photonic systems are a lowering of hands before the call that quantum computers of modern public key cryptography have put.

It's like you used to have an elegant key to your house door, and now you've knocked down your door with a giant stone, counting on the thief not moving it.

That's a step back. Mankind loves these steps because they are man-made, because they create new value in the mass of new equipment, because the Internet can be made both safe and expensive.

Of course, it's the way of the monkey.
This is the path that mankind will leave behind like an old lamp TV when there is a new safe cryptography.

I support the idea that the mind always conquers power.
See if you want to make God laugh, tell him your plans...

In other words, they're systems that transmit light waves:

1) or via fiber optic cable (second half of the 20th century, soon this technology will turn 100 years old), without the possibility of wi-fi points at the end of this path;
2) or transmitting light photons by laser within line of sight.

The example you're looking at: "Micius has demonstrated QKD wirelessly via satellite" is very unhelpful for us ordinary users, but very much liked by rich and government organizations - there's plenty to write off "our" money. The monkey's way, but the rich monkey's way.

In this case, there is a problem, the receiver and the transmitter must be constantly on the same line! And that with a moving satellite!
They must be oriented strictly parallel to each other, which is very difficult to do when the source (satellite) moves at high speed on a circular trajectory.

Such an accurate mutual orientation of the quantum receiver and transmitter is similar to getting a coin from an airplane flying at an altitude of 100 thousand meters - exactly in the slot of the piggy bank, which, moreover, rotates.

It wasn't my idea," says Wang Jianyu, QUESS Project Manager.

 These and other achievements, not only are very expensive, they are absolutely unacceptable for us who own devices connected to wi-fi.

This is not the side of progress that the future holds.

Especially since all these experiments have been carried out successfully a long time ago, many of them, not later than 1987. 
But in those distant times, people still knew how to think, and this technology was postponed, it was waiting for a more appropriate time, our time.

That's your idea:
"So in quantum cryptography, it doesn't make sense.
Quantum cryptography doesn't rely so much on the complexity of the key, it relies more on the quantum complexity and the fact that measuring one photon interferes with another photon. "
- Cryptography is necessary because stealing information from this channel is not prohibited, it is just a fact that participants will know about it. In other words, this quantum (photon) cryptography does not protect the information, but on the contrary highlights it so that it can be seen with the naked eye, literally. Photons we see...

Your idea:
"There were objections to QKD itself, but again the work is moving towards better solutions, like the three-step Kaka protocol (mainly the quantum version of the double lock):"
- is a logical use of photon states, again with all the resulting disadvantages for us ordinary users to use photons, fiber, direct line of sight and so on, but not wi-fi or 3,4,5,6G is not the way for us.

Our way is keyless cryptography and password-free authentication, my topic is here:
https://bitcointalk.org/index.php?topic=5204368.0.
Voland.V
Member
**
Offline Offline

Activity: 84
Merit: 67


View Profile WWW
December 24, 2019, 09:30:09 PM
 #97

Not only quantum computing is dangerous.

The development of illegal attack techniques on networks and the large finances of cybercrime are much more dangerous.

Although the most famous specialists put quantum computing first.

I don't agree with them.
Saidasun
Member
**
Offline Offline

Activity: 68
Merit: 145


View Profile
December 27, 2019, 08:46:18 PM
 #98

Not only quantum computing is dangerous.

The development of illegal attack techniques on networks and the large finances of cybercrime are much more dangerous.

Although the most famous specialists put quantum computing first.

I don't agree with them.
I agree there are other bigger threats to Bitcoin than quantum computing but what are you hinting to when you say "illegal attacks"?
Voland.V
Member
**
Offline Offline

Activity: 84
Merit: 67


View Profile WWW
December 27, 2019, 10:11:21 PM
 #99

Not only quantum computing is dangerous.

The development of illegal attack techniques on networks and the large finances of cybercrime are much more dangerous.

Although the most famous specialists put quantum computing first.

I don't agree with them.
I agree there are other bigger threats to Bitcoin than quantum computing but what are you hinting to when you say "illegal attacks"?
----------------------------------------------
It's the complexity of machine translation, all attacks are illegal, that's right.

Including attacks on cryptography using quantum computing (using a quantum computer).

And by "more dangerous" attacks, I mean exploiting for criminal purposes the weaknesses of cryptography itself on elliptic curves.

I don't understand it, why one part of people consider it reliable, and officials of special organizations categorically prohibit its use.

I do not understand why there is one cryptography for all of us, it is like household cryptography, and why there is another cryptography for special organizations and government agencies.

I don't understand why for so many years, long before the quantum computer was going to be built, so many serious people and organizations around the world are looking for a replacement for existing encryption methods.

After all, from an attack with quantum computing, it is enough to simply increase the length of the key.

After all the key in AES 256 bits long is not afraid of quantum computers (it is left as a working mechanism on post quantum period) because the method of encryption itself is very successful.

And cryptography on elliptical curves with any key length is not suitable.
And that's with the fact that the key length of even 512,000 bits or more - post quantum cryptography suits everyone!!!

So there's something wrong with ECC?
Cnut237
Sr. Member
****
Offline Offline

Activity: 938
Merit: 434


First 100% Liquid Stablecoin Backed by Gold


View Profile
December 28, 2019, 07:34:17 AM
Merited by LoyceV (5), Welsh (4), vapourminer (3), ETFbitcoin (2)
 #100

from an attack with quantum computing, it is enough to simply increase the length of the key.
No, it's not. QC processing power increases exponentially with each new qubit. This is why scaling up a QC can produce such phenomenal power.
Where a classical computer with 'n' bits can represent 'n' states, a quantum computer can represent (2n) states.
So as we increase complexity, the number of states that can be represented are as follows:
Classical: 1,2,3,4,5,6,7,8 etc
Quantum: 1,2,4,8,16,32,64,128 etc.


So there's something wrong with ECC?
Yes, there is. A QC can use Shor's algorithm to break ECC.

There is a lot of good work being done in post-quantum cryptography, as we've covered previously:

  • Modify the PoW system such that QCs don’t have any advantage over classical computers. Defending PoW is not as important as defending signatures (as above), because PoW is less vulnerable. However various approaches that can protect PoW against QCs are under development, such as Cuckoo Cycle, Momentum and Equihash.
  • Modify the signature system to prevent easy derivation of private keys. Again, various approaches are under development, which use some pretty esoteric maths. There are hash-based approaches such as XMSS and SPHINCS, but more promising (as far as I can tell) are the lattice-based approaches such as Dilithium, which I think is already used by Komodo.

... and I do think that many of these approaches look promising. My main concern is that post-quantum-cryptography solutions are based merely on being very difficult to hack, whereas quantum-cryptography is in theory fundamentally unhackable due to the immutable physical laws of quantum mechanics.

Pages: « 1 2 3 4 [5] 6 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!