I don't believe Quantum Computing will ever threaten Bitcoin

[Voland.V]

Who can explain how spin bound photons are controlled in quantum cryptography?
2 bonded photons.
One photon is transmitted through an optical communication channel and received at the second end of the communication channel.
That's understandable.
And how is the associated photon controlled and held?
Or is it not needed?
How can this moment of technology be explained in a simple and clear way?   

I'll have a go. I assume you're talking about Quantum Key Distribution, - please correct me if not!

The process is that an interferometer generates the entangled photon pair, then the photons are sent one to each party. So 'Alice' receives one photon and 'Bob' receives the other. As for the mechanism of transfer, it can be optical cable or (as in China's QUESS) a satellite signal (as attenuation through vacuum and thin atmosphere is negligible) - anything really so long as the mechanism can keep signal loss to a minimum - or quantum repeaters can be used to maintain the signal.

The result then is that Alice and Bob each have the secure information received from the photon. Once the photon has been received, its data has been received too, and there is then no need to actually hold the photon itself. The point is that due to the fact that each photon is part of an entangled pair, they each contain the same information, which can then be used as a shared key.

That's the process, anyway. For information about security, probably first have a look at the BB84 protocol, and then go on from there to later developments such as Kak's 3 Stage Protocol (quantum double-lock)... but I think we covered security a few months ago in this thread.

---------------------------
Thank you very much.
You answered exactly the question that I asked. You explained the principle clearly, that's the main thing. Protocol is secondary, there can be a lot of them, and the principle of linked photons is always the basis of quantum key distribution.
I must have been inattentive earlier.
I have one more question.
You write:
"The process is that an interferometer generates the entangled photon pair, then the photons are sent one to each party."
This interferometer, the place from which the entangled photons are sent to Alice and Bob, has no information about these photons?
Is it impossible to leak information about the backs of the photons, and therefore the keys, in this place?

[1713507754]

1713507754

[1713507754]

1713507754

[1713507754]

1713507754

[1713507754]

1713507754

[1713507754]

1713507754

[Cnut237]

Thank you very much.
You answered exactly the question that I asked. You explained the principle clearly, that's the main thing.

Thanks, glad I was of some help Please bear in mind I'm not an expert, though - it's just my understanding here.

I have one more question.
You write:
"The process is that an interferometer generates the entangled photon pair, then the photons are sent one to each party."
This interferometer, the place from which the entangled photons are sent to Alice and Bob, has no information about these photons?
Is it impossible to leak information about the backs of the photons, and therefore the keys, in this place?

No, it's not impossible to break the security at source. QKD as with many things has vulnerabilities where the theory meets actual real-world implementation. This article goes into some depth on the subject, and may be of interest.

So how is QKD any use at all? Well, the strength is not that the key can't be intercepted during the transmission process, it's that the entangled nature of the photons means that the recipients are able to determine whether or not the key has been intercepted. QKD isn't a perfect solution, it's just a mechanism that employs properties of quantum mechanical systems to improve upon existing classical processes.

Quantum cryptography does continue to advance, and it may one day provide ultimate 100% guaranteed security, due to its basis on and exploitation of immutable physical laws. But for the immediate future, we also need post-quantum cryptographic algorithms to for example protect bitcoin.

[Voland.V]

Thank you very much.
You answered exactly the question that I asked. You explained the principle clearly, that's the main thing.

Thanks, glad I was of some help Please bear in mind I'm not an expert, though - it's just my understanding here.

I have one more question.
You write:
"The process is that an interferometer generates the entangled photon pair, then the photons are sent one to each party."
This interferometer, the place from which the entangled photons are sent to Alice and Bob, has no information about these photons?
Is it impossible to leak information about the backs of the photons, and therefore the keys, in this place?

Quantum cryptography does continue to advance, and it may one day provide ultimate 100% guaranteed security, due to its basis on and exploitation of immutable physical laws. But for the immediate future, we also need post-quantum cryptographic algorithms to for example protect bitcoin.

--------------------------------
Besides the above mentioned about post quantum cryptography, I would like to say that quantum cryptography does not solve 2 problems in any way:
- it doesn't protect mobile Internet users and wireless Internet access points;
- it doesn't solve the problem of key theft, that's the way crooks go, nobody breaks cryptography, everybody steals4.
- does not solve the problem of password and biometric authentication methods, because stealing any digital identifier - breaks the security, so do fraudsters;
- it doesn't solve the most important issue, the phishing issue. This solution is more important to society than all the others put together.

Quantum key distribution solves only one unimportant issue: key negotiation. It solves the problem of personal meeting. Although there are so many open channels today that if I need to agree on a shared encryption key, it is safer (because it is invisible) to agree on a "grandmother's mail" in a paper envelope than looking for fiber optic lines and quantum key negotiation technologies.
 
And in general, the world forgets about good old wit, because of the fact that a man was stuffed with technology.

And what's the result?
12 billion accounts on one domain alone in the darknet - free access and for a little money.

So what's the point of quantum cryptography - technology from the distant past, from 1980, I don't understand.

[Cnut237]

what's the point of quantum cryptography - technology from the distant past, from 1980, I don't understand.

Hi again

I suppose I'm saying that quantum cryptography is not limited to QKD, it's much bigger and more fundamental than that.

QKD is an approach to key distribution that uses quantum properties, and so is a part of quantum cryptography. It was certainly an early part, yes 1980s with the BB84 protocol. QKD has been the main implementation of quantum cryptography for a long time. And QKD does indeed have limitations, as discussed above. It's an improvement on the equivalent classical process, that's all.

But my point really is that the laws of quantum mechanics provide us with a theoretical framework through which, by exploiting properties such as entanglement, quantum teleportation and the no-cloning theorem, some sort of unhackable communication process may be possible.

QKD is an early implementation. I'm not saying it's the perfect end-state, it's not. I'm saying that quantum mechanics gives us a valuable toolset, and we would be remiss to focus entirely on post-quantum cryptography - which is, fundamentally, classical. PQC is no doubt hugely important and will certainly provide the initial defences against a future quantum attack. But the best long-term defence against quantum attack is not necessarily classical. There can be quantum defences, too. If we dismiss any possible quantum defence and limit ourselves purely to the classical, then we are missing something important.

QKD is a first implementation of quantum cryptography. There have been developments since then. I've mentioned Kak's 3-stage protocol before, a sort of quantum double-lock. This is quantum cryptography, and is a big improvement on QKD. There will be further developments and further improvements. Quantum mechanics offers us a world of possibilities. I'm just saying we need to follow this path in addition to the path of PQC.

[Adriane14]

The Q technology is still in the infant stage just as the blockchain but if we mesh breed them together maybe we can find the answer to this question. I will call this the Quantum egg cracker for now. The chance to crack bitcoin's hash algorithm is high, the probability of Quantum technology is lurking around the corner of its Q dimensional properties.
Let's say 5 years from now.

[Voland.V]

what's the point of quantum cryptography - technology from the distant past, from 1980, I don't understand.

Hi again

I suppose I'm saying that quantum cryptography is not limited to QKD, it's much bigger and more fundamental than that.

QKD is an approach to key distribution that uses quantum properties, and so is a part of quantum cryptography. It was certainly an early part, yes 1980s with the BB84 protocol. QKD has been the main implementation of quantum cryptography for a long time. And QKD does indeed have limitations, as discussed above. It's an improvement on the equivalent classical process, that's all.

But my point really is that the laws of quantum mechanics provide us with a theoretical framework through which, by exploiting properties such as entanglement, quantum teleportation and the no-cloning theorem, some sort of unhackable communication process may be possible.

QKD is an early implementation. I'm not saying it's the perfect end-state, it's not. I'm saying that quantum mechanics gives us a valuable toolset, and we would be remiss to focus entirely on post-quantum cryptography - which is, fundamentally, classical. PQC is no doubt hugely important and will certainly provide the initial defences against a future quantum attack. But the best long-term defence against quantum attack is not necessarily classical. There can be quantum defences, too. If we dismiss any possible quantum defence and limit ourselves purely to the classical, then we are missing something important.

QKD is a first implementation of quantum cryptography. There have been developments since then. I've mentioned Kak's 3-stage protocol before, a sort of quantum double-lock. This is quantum cryptography, and is a big improvement on QKD. There will be further developments and further improvements. Quantum mechanics offers us a world of possibilities. I'm just saying we need to follow this path in addition to the path of PQC.

----------------------------
Yes, dear interlocutor, there are no objections, I am ready to defend every word you have written.

Post quantum cryptography is really classical, because it is built on complex mathematics and large numbers. But that's not all - it has a key.

Modern crooks don't even break pre quantum cryptography, and they never will, they're not smart enough.
They do it in a simple and elegant way - steal keys. And successful, too.
Real cryptography isn't classic cryptography - it's keyless cryptography. There's a theory about this model of encryption that I can send out.

And that's why it is needed, that's briefly, what happens with key (and passwords, it's the same) methods:

- Recently, unknown persons attacked UN units, "as a result, components of key infrastructure in Geneva and Vienna were compromised ..." - quotes Dujaric Reuters (stealing keys);

- The CIA, together with the German Federal Intelligence Service (Bundesnachrichtendienst, BND), has been reading secret messages from officials in more than 120 countries for the past fifty years (!) through Crypto AG, a company that produces special encryption equipment (via encryption keys);

- security researchers from ESET discovered the dangerous vulnerability Kr00k (CVE-2019-15126) in widely used Wi-Fi chips from Broadcom and Cypress and affects more than a billion devices worldwide (smartphones, tablets, laptops, routers and IoT devices) that use the WPA2-Personal or WPA2-Enterprise protocol with the AES-CCMP encryption algorithm. Now Amazon (Echo, Kindle), Apple (iPhone, iPad, MacBook), Google (Nexus), Samsung (Galaxy), Raspberry (Pi 3), Xiaomi (RedMi) and access points from Asus and Huawei are under attack. The Kr00k vulnerability is related to Key Reinstallation Attack (KRACK), which allows attackers to crack Wi-Fi passwords protected by the WPA2 protocol (keys again);

- huge problems with device shells that contain embedded vulnerabilities such as embedded passwords and embedded SSH/SSL keys. The appearance of one such device in your home, including an IOT device, connecting it to your home wi-fi, allows you to attack all your other devices connected to the same access point (keys, passwords);

- experts found a database with unencrypted e-mail addresses and passwords of more than 1 billion users on the Web, put up for sale by a cybercriminal under the pseudonym DoubleFlag (passwords);

- of the 175 million RSA certificates analyzed, over 435,000 are vulnerable to attack. At the international conference IEEE TPS (Trust, Privacy and Security) in Los Angeles, California, a group of researchers from Keyfactor presented these results (vulnerability of key infrastructures in general).

So what will quantum cryptography solve if it is key?
It's nothing.
It's also expensive.
And not for everyone, only those who sit on fiber optic cable.
And also for those who can't visit any website on this device, otherwise they'll get a spy program and steal the keys.

Nothing but a commercial result to the creators, this method does not give. These keys will be stolen the moment they are used for encryption.
And then you will be listened to and read everything that you encrypt, and you will know nothing. End of game.

And in keyless technology, there's nothing to steal, no keys.

[Voland.V]

The Q technology is still in the infant stage just as the blockchain but if we mesh breed them together maybe we can find the answer to this question. I will call this the Quantum egg cracker for now. The chance to crack bitcoin's hash algorithm is high, the probability of Quantum technology is lurking around the corner of its Q dimensional properties.
Let's say 5 years from now.

--------------------------------------
Hacking technology using quantum computers and transmission technology using linked photons are different things.
The name is one thing, and everything is different.

[Cnut237]

Modern crooks don't even break pre quantum cryptography, and they never will, they're not smart enough.
They do it in a simple and elegant way - steal keys. And successful, too.
Real cryptography isn't classic cryptography - it's keyless cryptography. There's a theory about this model of encryption that I can send out.

So what will quantum cryptography solve if it is key?

Are we just talking about the distinction between symmetric and asymmetric cryptography?

I don't know about the 'keyless cryptography' you mention, but I suspect it needs a shared something, a key by another name? I think we have mentioned OTPs before. The weakness with OTPs is that initial sharing of the key. QKD used in conjunction with OTP gives a strong solution to that problem. With QKD you can tell when there has been an interception/hacking attempt; it's a great way to share a key. Yes there remain certain vulnerabilities in implementation, it's not perfect, just an improvement on the analogous classical method.

Asymmetric cryptography by contrast is great for things like bitcoin and cryptocurrencies. The problem comes with quantum computers running the Shor algorithm, which obliterates public key cryptography. Where a classical computer takes an unimaginably huge 2¹²⁸ operations to derive the bitcoin private key, a QC running Shor takes a mere 128³.

[Voland.V]

Modern crooks don't even break pre quantum cryptography, and they never will, they're not smart enough.
They do it in a simple and elegant way - steal keys. And successful, too.
Real cryptography isn't classic cryptography - it's keyless cryptography. There's a theory about this model of encryption that I can send out.

So what will quantum cryptography solve if it is key?

Are we just talking about the distinction between symmetric and asymmetric cryptography?

I don't know about the 'keyless cryptography' you mention, but I suspect it needs a shared something, a key by another name? I think we have mentioned OTPs before. The weakness with OTPs is that initial sharing of the key. QKD used in conjunction with OTP gives a strong solution to that problem. With QKD you can tell when there has been an interception/hacking attempt; it's a great way to share a key. Yes there remain certain vulnerabilities in implementation, it's not perfect, just an improvement on the analogous classical method.

Asymmetric cryptography by contrast is great for things like bitcoin and cryptocurrencies. The problem comes with quantum computers running the Shor algorithm, which obliterates public key cryptography. Where a classical computer takes an unimaginably huge 2¹²⁸ operations to derive the bitcoin private key, a QC running Shor takes a mere 128³.

----------------------------------
Keyless cryptography doesn't exist anywhere but
1) on this blog:
https://bitcointalk.org/index.php?topic=5204368.40 (from which the administrator deleted about 100 posts of the author);
2) in the theory that is written, can be sent on demand, which justifies the fundamental possibility of such a model;
3) and in one project, which most likely will not be filled with money, because investors do not want to understand the subject at the level that is necessary: https://toxic.chat/.

Each packet of data is encrypted with only its own, brand new encryption scheme, which looks similar to its own key, which has never been negotiated between the parties, never transmitted, stored or generated. So is it a key?
This technology creates its own cryptographically closed communication channel, which is created using ANY INFORMATION, which is sort of a "key" only for the first and second packets of the response data packet, and which is better called a channel identifier than a key. It creates a channel, and is never used again. Moreover, the first data packet sent by this kind of "key" and the second data packet received in response, created with this "key" - have completely different encryption schemes.

Moreover, the presence of this "key" in Eva's hands does not allow her to open the communication channel. To do this, she needs many other things that can be read in the theory of this technology.
 

But as I see it, the biggest bonus to this technology is not that you can't even find and steal your encryption key, but that it provides two-way continuous password-free authentication.
An example of how this works is described in the blog above from today.

Yes, and now phishing, in any form, is just a scary story from the past...

[Cnut237]

This technology creates its own cryptographically closed communication channel, which is created using ANY INFORMATION, which is sort of a "key" only for the first and second packets

It's still a shared secret though, right? It's still a key?

Keyless cryptography

Maybe I'm being stupid, but I don't see how this can exist.
Surely there are two ways that the data can be decrypted: either you need a shared secret, or else the communication itself contains the means of deciphering it.
So in the first instance, the secret is the key - whether we call it a key or not, that's what it is.
And in the second instance, there is zero security because anyone can derive the data from a thing that is entirely self-contained.

[Voland.V]

This technology creates its own cryptographically closed communication channel, which is created using ANY INFORMATION, which is sort of a "key" only for the first and second packets

It's still a shared secret though, right? It's still a key?

Keyless cryptography

Maybe I'm being stupid, but I don't see how this can exist.
Surely there are two ways that the data can be decrypted: either you need a shared secret, or else the communication itself contains the means of deciphering it.
So in the first instance, the secret is the key - whether we call it a key or not, that's what it is.
And in the second instance, there is zero security because anyone can derive the data from a thing that is entirely self-contained.

-------------------------------------
It's the exact opposite.
If you have a key, you decrypt any information.

If your key is stolen - having a previously written cipher - they will decrypt the information again.

This function is the key.
What does a key do?
It changes the general encryption scheme to an individual one. That's it. That's it.

If you encrypt the word "hello" today and tomorrow with the same key, you always get an Absolutely SINGLE SHIFT.

It's the other way around. Even the first data pack will be different from the second data pack with the same information and the same "key" - like day and night.

So how can this common secret be called a key?

Think about it.

And as for all other packages, after the second one, for example, if the package has 256 bits, then how do you guess the rule code, it means no key? Even a quantum computer in 100 years can't guess. And if it can guess, then how without a key, without knowledge of the rule, will it understand what it has guessed? Because it's a rule on no other data packet - it won't check.
So where's the public access here? It's top secret.

And the most unusual question is how do you know that this data packet contains information at all?
And if there is, how many bits of 256 contain it?
Do you feel the failure of such hacking attempts?

[Cnut237]

There has been another recent advance in quantum computing, which may be an important step towards the development of large scale QCs.

The QCs developed thus far have to work at very low temperatures in order to keep the energy of the system low enough that the qubits remain stable. Very low temperatures, which means close to absolute zero. In practice this means below about 0.1K, or within a tenth of a degree of absolute zero.

A paper last year outlined how in theory this minimum working temperature could be raised to around 1.5 Kelvin. Still absurdly cold, but in relative terms this is a huge jump up from 0.1K. This is a quantum-dot-based system, and the mechanism by which they can work with the higher temperature is by isolating the quantum dots and then using magnetically-controlled electron quantum tunnelling to read the qubit state. (As an interesting aside, it is the phenomenon of quantum tunnelling that sets a barrier to the size reduction of traditional processors, which could end Moore's Law.)

Why does a change from 0.1k to 1.5K mean a big reduction in the difficulty of producing large scale QCs? Well, each time you make the machine bigger, and more powerful, each time you add more qubits, you are introducing extra energy, higher temperatures, which means even more cooling is required. There is a several orders-of-magnitude difference in the dollar cost between cooling to 1.5K and cooling to 0.1K. As one of the paper's authors stated: "This [1.5K] is still very cold, but is a temperature that can be achieved using just a few thousand dollars' worth of refrigeration, rather than the millions of dollars needed to cool chips to 0.1 Kelvin."

So this was the theory, an increase in workable temperature for QCs from 0.1K, up x15 to 1.5K. The big advancement is that this theory has now been experimentally verified, by the team at Delft that I've mentioned in previous posts.

[Voland.V]

There has been another recent advance in quantum computing, which may be an important step towards the development of large scale QCs.

The QCs developed thus far have to work at very low temperatures in order to keep the energy of the system low enough that the qubits remain stable. Very low temperatures, which means close to absolute zero. In practice this means below about 0.1K, or within a tenth of a degree of absolute zero.

A paper last year outlined how in theory this minimum working temperature could be raised to around 1.5 Kelvin. Still absurdly cold, but in relative terms this is a huge jump up from 0.1K. This is a quantum-dot-based system, and the mechanism by which they can work with the higher temperature is by isolating the quantum dots and then using magnetically-controlled electron quantum tunnelling to read the qubit state. (As an interesting aside, it is the phenomenon of quantum tunnelling that sets a barrier to the size reduction of traditional processors, which could end Moore's Law.)

Why does a change from 0.1k to 1.5K mean a big reduction in the difficulty of producing large scale QCs? Well, each time you make the machine bigger, and more powerful, each time you add more qubits, you are introducing extra energy, higher temperatures, which means even more cooling is required. There is a several orders-of-magnitude difference in the dollar cost between cooling to 1.5K and cooling to 0.1K. As one of the paper's authors stated: "This [1.5K] is still very cold, but is a temperature that can be achieved using just a few thousand dollars' worth of refrigeration, rather than the millions of dollars needed to cool chips to 0.1 Kelvin."

So this was the theory, an increase in workable temperature for QCs from 0.1K, up x15 to 1.5K. The big advancement is that this theory has now been experimentally verified, by the team at Delft that I've mentioned in previous posts.

---------------------------------------------------
In early March 2020, Honeywell International joined the race to create a quantum computer. The company is preparing to release the most powerful system in the world.

The manufacturer of industrial equipment for the aerospace sector says its quantum computer will double the performance of the most powerful quantum machine available today. Their new system will have 64 cubic meters, while the fastest quantum computer built by IBM will have 32 cubic meters.

It would seem a bit of progress, which is interesting.

But further interesting, Honeywell claims that they have created a new system with trapped ions that is easily scalable!!! According to engineers, the volume of production of machines will grow by 10 times annually, which by 2025 will provide an increase in productivity of 100,000 times.

And this is already very serious, skeptics of technical progress should reconsider their positions. Development in the field of computing, as history shows, always goes faster than the most daring forecasts. And this news is proof of that.

[Cnut237]

In early March 2020, Honeywell International joined the race to create a quantum computer. The company is preparing to release the most powerful system in the world.

The manufacturer of industrial equipment for the aerospace sector says its quantum computer will double the performance of the most powerful quantum machine available today. Their new system will have 64 cubic meters, while the fastest quantum computer built by IBM will have 32 cubic meters.

Whilst it's good that more companies are getting involved, I'm extremely skeptical of Honeywell's claim. Their assessment is based on the assumption that Quantum Volume is the defining metric for QC power, and that's very much open to question. Quantum Volume is the metric that IBM uses:

Quantum Volume (QV) is a hardware-agnostic metric that we defined to measure the performance of a real quantum computer. Each system we develop brings us along a path where complex problems will be more efficiently addressed by quantum computing; therefore, the need for system benchmarks is crucial, and simply counting qubits is not enough. As we have discussed in the past, Quantum Volume takes into account the number of qubits, connectivity, and gate and measurement errors. Material improvements to underlying physical hardware, such as increases in coherence times, reduction of device crosstalk, and software circuit compiler efficiency, can point to measurable progress in Quantum Volume, as long as all improvements happen at a similar pace.

The thing is... absolutely no-one else uses that metric. IBMs QC is currently the most powerful in the world, based on Quantum Volume, because it is the only one that uses Quantum Volume as a metric.
It looks like Honeywell are trying to put out a QC that is more powerful than IBM's, using Quantum Volume to determine that power... thereby becoming the "most powerful" QC in the world by improving on its only competitor on that metric.

It is great that another company is entering the space, and it will certainly be a big achievement if newcomers Honeywell can out-perform IBM... I just think that the "most powerful" claim is a little misleading.

[Voland.V]

In early March 2020, Honeywell International joined the race to create a quantum computer. The company is preparing to release the most powerful system in the world.

The manufacturer of industrial equipment for the aerospace sector says its quantum computer will double the performance of the most powerful quantum machine available today. Their new system will have 64 cubic meters, while the fastest quantum computer built by IBM will have 32 cubic meters.

Whilst it's good that more companies are getting involved, I'm extremely skeptical of Honeywell's claim. Their assessment is based on the assumption that Quantum Volume is the defining metric for QC power, and that's very much open to question. Quantum Volume is the metric that IBM uses:

Quantum Volume (QV) is a hardware-agnostic metric that we defined to measure the performance of a real quantum computer. Each system we develop brings us along a path where complex problems will be more efficiently addressed by quantum computing; therefore, the need for system benchmarks is crucial, and simply counting qubits is not enough. As we have discussed in the past, Quantum Volume takes into account the number of qubits, connectivity, and gate and measurement errors. Material improvements to underlying physical hardware, such as increases in coherence times, reduction of device crosstalk, and software circuit compiler efficiency, can point to measurable progress in Quantum Volume, as long as all improvements happen at a similar pace.

The thing is... absolutely no-one else uses that metric. IBMs QC is currently the most powerful in the world, based on Quantum Volume, because it is the only one that uses Quantum Volume as a metric.
It looks like Honeywell are trying to put out a QC that is more powerful than IBM's, using Quantum Volume to determine that power... thereby becoming the "most powerful" QC in the world by improving on its only competitor on that metric.

It is great that another company is entering the space, and it will certainly be a big achievement if newcomers Honeywell can out-perform IBM... I just think that the "most powerful" claim is a little misleading.

---------------------
Yeah, what the Chinese company's really doing is probably not coming out. The fact that they have gathered a large number of specialists in this field from all over the world (practically) (I don't know what level) is a fact. It's a fact that China, in the last 10 years, has been particularly astounding with its technological achievements even for the biggest skeptics. Also, everyone who observes can see that China has very big and ambitious plans for the future, and our future is the digital world. Consequently, we can assume that they have taken the creation of their quantum technologies very seriously, especially since the quantum Internet has long been a practical thing, not a theory. Even earlier, in the open sources, a lot was said about how well developed the use of spy technologies - this very Chinese company.
All of this is more than convincing evidence that the Chinese will not lag behind the world and in the development of a quantum computer.
And what cities this same company is building for European specialists, who are invited to work, a dream...   

[amnakhan2020]

You can change the algorithms of all the active wallets, but some wallets have lost keys or the people who had those keys died and they can't change the signing algorithm which means those wallets will be captured by quantum computers. So we will know what quantum computers exist when satoshi's coins move... That's one of the reasons why they will move. Eventually they will move and they will move because eventually someone will be able to break the keys. But for the rest of the eco system we can migrate quite easily to another algorithm. It's not really as big of a threat that people think it is."

[AverageGlabella]

You can change the algorithms of all the active wallets, but some wallets have lost keys or the people who had those keys died and they can't change the signing algorithm which means those wallets will be captured by quantum computers. So we will know what quantum computers exist when satoshi's coins move... That's one of the reasons why they will move. Eventually they will move and they will move because eventually someone will be able to break the keys. But for the rest of the eco system we can migrate quite easily to another algorithm. It's not really as big of a threat that people think it is."

That's assuming Satoshi is not actively keeping up to date with quantum computer development or assuming that he has lost his keys. Satoshi may still have access to his wallet and is keeping them there for a reason. There could be multiple reasons why Satoshi is doing it but that would go off topic from the discussion.

Your concern is legitimate for other people though. Quantum computers have the capability once they have reached a certain qbit milestone to be able to attack addresses that may have been lost by other people. This could be attacked on a very wide scale. Some people could see this as a ongoing problem and could effect the longevity of Bitcoin as a currency. But as it has been discussed here the affordability of a quantum computer capable of doing this will not be open to the public for a very long time. I know there has been advances in keeping quantum computers cool but this does come at a cost that I think a lot of people are ignoring. The cooling system is not the expensive part its the amount of space that you would require to make it effectively cool and run at the required qbits for a extended amount of time that would be the issue.

Quantum computers are a long way off but the technology behind them is improving at an exponential rate. At the moment I have not seen any system which would protect against stealing of coins that have been lost. There are multiple technologies in the theory process right now that could be implemented into Bitcoin and reduce the effects of quantum computing on the industry but I think old addresses that have not been converted will always be vulnerable to quantum attacks unless someone comes up with a sleek new concept within the next couple of years.

[Cnut237]

I know there has been advances in keeping quantum computers cool but this does come at a cost that I think a lot of people are ignoring. The cooling system is not the expensive part its the amount of space that you would require to make it effectively cool and run at the required qbits for a extended amount of time that would be the issue.

This is very true. When advances in quantum computing are reported, the focus is often solely on the number of qubits involved. Whilst a degree of simplification is understandable when reporting what is certainly a complex and technical subject, this can mislead people into thinking it's the only important metric. Information loss through decoherence is a huge issue and the major barrier to production of large-scale QCs, and maintaining that near-absolute-zero temperature is a key requirement in minimising that decoherence.

However, whilst this is important and, as you say, expensive, the problem is perhaps not insurmountable. These are after all engineering challenges rather than absolute, universal constraints. My post above links to recent experimental verification of a process whereby the minimal viable temperature is increased by a factor of 15, resulting in an orders-of-magnitude cost reduction for cooling. But it is not necessarily all about cooling or the space required. Development is continuing at pace across the field, with advances being made all the time. Techniques are being refined, and new approaches adopted. Noise is being reduced and coherence is improving. Indeed, just last week Trinity College Dublin released a paper detailing a new technique in qubit-creation that may make the process both more powerful and much more controllable. Traditionally the quantum-dot-based approach to qubit emission involves affixing a metal point near to the dot... but the new approach involves controlled optical excitation of the point, which can then be scanned over the surface. Not only is this simpler than the current method, the new optical approach also generates greater quantities of single photon outputs and can force entanglement of dot pairs. The whole process is becoming more controllable all the time, and with increased control comes less noise, and so greater coherence.

---

Edited for clarity; seems my sentence construction also suffers from coherence issues.

[Voland.V]

Quantum technology is a science. For now. Temporarily, but time is known to always go fast.
I think people can make quantum computing available to everyone, they can make a personal quantum computer. I suspect that inside this miracle of technology there will not be a system of cooling the substance to zero, but technologies to conquer magnetic fields for the same purposes, which, as the scientific press writes, are developing.
I do not see a solution to safety problems for the user, even if these technologies are available, even if they are absent.
I'll explain why.
What will break a quantum computer is cryptography.
What kind of cryptography would a quantum computer attack? Asymmetric, from the last century. All modern post quantum asymmetric and even the old symmetric AES level, let alone the Two Fish, will never be attacked by it.
Why do I say that so boldly?
Because today's old AES-256 is perfectly capable of handling the quantum threat, the foreseeable future. To extend the key length to 512 bits is worth nothing. It's not gonna put much strain on the processor when it comes to encryption. But for quantum computers, increasing the key length from 256 bits to 512 bits is absolutely impossible to improve this technique in a reasonable period of time.
From the scientific point of view - the world of numbers is infinite and to use this resource, you can increase the field of numbers for encryption instantly. But to improve the technique that will catch up with the "infinity of number fields" is a difficult and time-consuming task.
In fact, even modern cryptography is never broken, keys, passwords and information are always stolen. The same will happen after a quantum computer is available to everyone. Nothing will change. We will also be attacked by ourselves only by compromising sensitive data.
Why do you need a quantum computer to attack a bitcoin - I don't understand at all. Even the old asymmetric cryptography on elliptical curves, with a 4-fold increase in the length of the key - will remain a dream to crack the known algorithms on quantum computers.
Everybody looks the wrong way when they think about security issues.
There are billions of accounts on the darknet that are sold for nothing. We are all hacked a long time ago, and so we will in the future if we keep the old key encryption technologies and password (and biometric) authentication methods.   

[Cnut237]

I suspect that inside this miracle of technology there will not be a system of cooling the substance to zero, but technologies to conquer magnetic fields for the same purposes, which, as the scientific press writes, are developing.

I sort of agree with this. The reason we need QCs to be cooled almost to absolute zero is to reduce decoherence. Cooling is a (partial) solution to a problem. There may be other solutions where cooling is not required (or where a smaller amount of cooling is sufficient).

Everybody looks the wrong way when they think about security issues.
There are billions of accounts on the darknet that are sold for nothing. We are all hacked a long time ago, and so we will in the future if we keep the old key encryption technologies and password (and biometric) authentication methods.   

I sort of agree here, too. A system is only as strong as its weakest link. That weakest link often turns out to be human errors or laziness. However we can't really argue that a) people will make errors or be negligent, therefore b) there is no point to implementing secure cryptographic systems.

Why do you need a quantum computer to attack a bitcoin - I don't understand at all. Even the old asymmetric cryptography on elliptical curves, with a 4-fold increase in the length of the key - will remain a dream to crack the known algorithms on quantum computers.

Because the power of a QC scales exponentially due to superposition and entanglement. Superposition meaning that a qubit can be - to simplify somewhat - both 0 and 1 at the same time. Entanglement meaning that multiple qubits can be combined into a single state. So the number of classical outcomes that can be assessed scales 2^n. The nature of QCs means that they are strong on integer factorisation and the discrete logarithm problem (both normal and ECC). Shor's algorithm can dismantle current asymmetric cryptography.
There are as you know various quantum-resistant approaches to asymmetric cryptography that offer potential defences against a QC, however these do also bring new challenges such as increased key size.

Going beyond bitcoin and cryptocurrencies, one common assumption is that there is no danger until a sufficiently powerful QC appears. This is not the case. Quantum-safe security needs to be implemented as soon as reasonably possible. I am quite sure that people are storing today's encrypted traffic for the future, so that it can be decoded once a QC is available. Anything communicated by public-key today can be deciphered tomorrow.