Bitcoin Forum
October 25, 2020, 01:26:30 AM *
News: Latest Bitcoin Core release: 0.20.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2] 3 4 »  All
  Print  
Author Topic: Game theory involving Quantum Resistance protocol  (Read 702 times)
aliashraf
Hero Member
*****
Offline Offline

Activity: 1148
Merit: 898

Always remember the cause!


View Profile WWW
October 09, 2019, 07:08:15 PM
 #21

Most of them, wallets with exposed public keys, will migrate to the new scheme before the catastrophe and after the QC resistant fork. At the End of the day, we are left with a (tiny, IMHO) fraction of bitcoin wallets being abandoned by their owners for some reason, which I suppose less than 10% of them would have exposed keys and P2PKH addresses. My estimation is based on their current 25% ratio and the fact that such wallets are used to be more active compared to untouched wallets that are more suspicious to be abandoned.

Those numbers are completely invented. If my time in this space has taught me anything, it's that most people are overwhelmingly careless about their security and don't keep up with Bitcoin development.
No! 25% is not invented:

https://medium.com/@sashagnip/how-many-bitcoins-are-vulnerable-to-a-hypothetical-quantum-attack-3e59e4172e8
Quote
As of 2018 June 4, 19% addresses (4,204,148 of 22,275,753) that hold 25% bitcoins (4,319,806 of 17,072,361) reveal their public keys
This analysis is done using two almost simple scripts and one should run the scripts for the current date but I'm sure the numbers are getting better through time not worse.

The second number (10%) is a reasonable estimation because it is very likely that abandoned wallets are ways rarer compared to active wallets as long as we are talking about money.

This problem is compounded by the fact that quantum resistant signatures Like Lamport are extremely heavy, so we have incentive to delay a fork as long as possible:
Quote
The size of Lamport public key and signature together is 231 times (106 bytes vs 24KB) more than the ECDSA public key and signature.

I'm not sure what alternatives there are.

QC resistance cryptography is new just like QC itself and it is already ahead of the enemy by any measures, I think long before QC is ready to attack we will be ready to fork.

             ▄██▄
   ▄██▄      ▀█▀▀     ▄██▄
   ▀██▀▄  ▄▄█████▄▄  ▐███▀
       ███████████████
      ████████▀▄▄▄▀████
 ▄▄  ▐███▀▄▀██▄▀▀▀▄█████  ▄▄
████▀█████▄███▀▀█████ ██▀████
 ▀▀  ▐███▄███ ██ ████ █▌  ▀▀
      ▀████▄██▄▄███▀▄█▀
    ▄▄ █▀██████▀▄▄▄█▀█ ▄▄
   ████▀   ▀▀▀█▀▀▀   ▐████
    ▀▀       ▄██▄      ▀▀
             ▀██▀
⟩ ⟩ ⟩             ▄▄▄
  ▄▄▄▄▄▄▄▄▄▄█   █▄
 █           ▀▀▀  █
 ▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀
▄▀▀ ▄▄▄▄▄▄▄▄▄▄▄▄ ▀▀▄
█ ▄▀ ▄▄▄▄▄▄▄    ▀█ █
█ █ █       █    █ ▄
█ █ ▄▀▀▀▀▀▀▄▄    █ █
█ █ ▀▄▄▄▄▀▀▄▄▀▀▄ █ █
█ █ █   █  ██  █ █ █
█ █ ▄▀▀▀▀▄▄▀▀▄▄▀ █ █
█ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ █
 ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
⟩ ⟩ ⟩       ▄████▄  ▄████▄
      ████████████████
      ████████████████
       ██████████████
        ▀██████████▀
██        ▀██████▀        ██
██▌   ▄            ▄   ▐██
███  ███▄          ▄███  ███
▀███▄ ▀███▄      ▄███▀ ▄███▀
  ▀████████      ████████▀
     ▀████▀      ▀████▀
     ▄   ▄▄      ▄▄   ▄
     ▀█████      █████▀
1603589190
Hero Member
*
Offline Offline

Posts: 1603589190

View Profile Personal Message (Offline)

Ignore
1603589190
Reply with quote  #2

1603589190
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1603589190
Hero Member
*
Offline Offline

Posts: 1603589190

View Profile Personal Message (Offline)

Ignore
1603589190
Reply with quote  #2

1603589190
Report to moderator
1603589190
Hero Member
*
Offline Offline

Posts: 1603589190

View Profile Personal Message (Offline)

Ignore
1603589190
Reply with quote  #2

1603589190
Report to moderator
1603589190
Hero Member
*
Offline Offline

Posts: 1603589190

View Profile Personal Message (Offline)

Ignore
1603589190
Reply with quote  #2

1603589190
Report to moderator
AverageGlabella
Hero Member
*****
Offline Offline

Activity: 493
Merit: 657



View Profile
October 09, 2019, 07:15:12 PM
Merited by Welsh (4), joniboini (2)
 #22

  • Second deadline(m>n blocks after the fork):
    • p2pkh wallets should migrate, otherwise, after m blocks, anybody who has access to public keys corresponding to such a UtXO has a right to nulify it with a fixed satoshi/Byte fee rate by means of generating and relaying a transaction.

What you are proposing is the most popular option I would say at this moment and I think its the only logistical one that I have heard of but I don't understand why you are pushing for it to be done so soon. The second deadline does not need to be months after and could instead be a couple of years to allow those that are less security conscious. The elitist attitude of "that is their problem for not listening" is invalid if we wish for mass adoption of Bitcoin. The decisions made for Bitcoin should appeal to the majority of members and not blame it on them if they are not up to date as we are. Quantum computers capable of threatening Bitcoins algorithm will be around the year 2025 at the earliest. This means we have several years to implement the first stage and then several years to allow for people to change on the second deadline. Moving this along to quickly is not an effective way of making a big change like this.

QC resistance cryptography is new just like QC itself and it is already ahead of the enemy by any measures, I think long before QC is ready to attack we will be ready to fork.
If this is true like we are both predicting then the second stage can be rolled out over a couple of years and not a few months.
aliashraf
Hero Member
*****
Offline Offline

Activity: 1148
Merit: 898

Always remember the cause!


View Profile WWW
October 09, 2019, 07:32:25 PM
 #23

  • Second deadline(m>n blocks after the fork):
    • p2pkh wallets should migrate, otherwise, after m blocks, anybody who has access to public keys corresponding to such a UtXO has a right to nulify it with a fixed satoshi/Byte fee rate by means of generating and relaying a transaction.


... I don't understand why you are pushing for it to be done so soon. The second deadline does not need to be months after and could instead be a couple of years to allow those that are less security conscious.

QC resistance cryptography is new just like QC itself and it is already ahead of the enemy by any measures, I think long before QC is ready to attack we will be ready to fork.
If this is true like we are both predicting then the second stage can be rolled out over a couple of years and not a few months.
I'm not pushing. Just trying to show that we are ahead of QC threat and there is a lot of possibilities to keep the risks involved very low in the next couple of decades  Wink

             ▄██▄
   ▄██▄      ▀█▀▀     ▄██▄
   ▀██▀▄  ▄▄█████▄▄  ▐███▀
       ███████████████
      ████████▀▄▄▄▀████
 ▄▄  ▐███▀▄▀██▄▀▀▀▄█████  ▄▄
████▀█████▄███▀▀█████ ██▀████
 ▀▀  ▐███▄███ ██ ████ █▌  ▀▀
      ▀████▄██▄▄███▀▄█▀
    ▄▄ █▀██████▀▄▄▄█▀█ ▄▄
   ████▀   ▀▀▀█▀▀▀   ▐████
    ▀▀       ▄██▄      ▀▀
             ▀██▀
⟩ ⟩ ⟩             ▄▄▄
  ▄▄▄▄▄▄▄▄▄▄█   █▄
 █           ▀▀▀  █
 ▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀
▄▀▀ ▄▄▄▄▄▄▄▄▄▄▄▄ ▀▀▄
█ ▄▀ ▄▄▄▄▄▄▄    ▀█ █
█ █ █       █    █ ▄
█ █ ▄▀▀▀▀▀▀▄▄    █ █
█ █ ▀▄▄▄▄▀▀▄▄▀▀▄ █ █
█ █ █   █  ██  █ █ █
█ █ ▄▀▀▀▀▄▄▀▀▄▄▀ █ █
█ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ █
 ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
⟩ ⟩ ⟩       ▄████▄  ▄████▄
      ████████████████
      ████████████████
       ██████████████
        ▀██████████▀
██        ▀██████▀        ██
██▌   ▄            ▄   ▐██
███  ███▄          ▄███  ███
▀███▄ ▀███▄      ▄███▀ ▄███▀
  ▀████████      ████████▀
     ▀████▀      ▀████▀
     ▄   ▄▄      ▄▄   ▄
     ▀█████      █████▀
ETFbitcoin
Legendary
*
Offline Offline

Activity: 1666
Merit: 2550

Use SegWit and enjoy lower fees.


View Profile WWW
October 09, 2019, 07:40:13 PM
 #24

I totally agree with your concerns about how bad the QC issue is treated by the community, it is not the only issue that is open in bitcoin to be fair.
But for now, let's forget about governance problems for the time being and be optimistic about some sort of consensus being reached to handle QC problem, the question would be whether we could do anything serious about it?

My answer is definitively YES:
1- Implement a QC resistant digital signature algorithm in bitcoin with a soft fork.

--snip--

I strongly agree with this part, implement Quantum resistant cryptography without deciding what to do with vulnerable UTXO is the only way to see Quantum resistant cryptography implemented quickly.

The consensus problem is inevitable, but there'll be more time for migration and there'll be less people who become victim of laziness of not upgrading or didn't listen.

3- Let people with abandoned p2pkh UTXOs with an uncompromised public key that are still active after the second deadline to mine their transactions privately by leasing/installing hash power or by buying private service from known responsible miners/pools.

I don't understand you suggest this part. There aren't many pools/solo miners and you'd create big dependency towards them (pools and solo miners).

aliashraf
Hero Member
*****
Offline Offline

Activity: 1148
Merit: 898

Always remember the cause!


View Profile WWW
October 09, 2019, 08:43:58 PM
Last edit: October 09, 2019, 08:54:29 PM by aliashraf
 #25

...
3- Let people with abandoned p2pkh UTXOs with an uncompromised public key that are still active after the second deadline to mine their transactions privately by leasing/installing hash power or by buying private service from known responsible miners/pools.

I don't understand you suggest this part. There aren't many pools/solo miners and you'd create big dependency towards them (pools and solo miners).
I'm not proposing anything, just reminding a possibility.

A few decades later, probably, when QC is no longer sci-fi and bitcoin has successfully implemented QC resistance and most wallets have migrated to the new scheme, there will be a hopefully small fraction of p2pkh UTXOs still untouched. In such a situation, commercially cheap QCs lurking around in shadows, if an owner of such a wallet tries to access his funds by publishing a transaction, the funds are being put in risk in the unconfirmed minutes of the transaction lifecycle. Hence they are practically lost already.

What I'm suggesting is that in such a marginal situation, the poor owner of the wallet who secretly has access to both public and private keys matching the wallet's unused RIPEMD-160 address, still has this option, privately mining her txn, either directly or by buying third party services. Sure it is not ideal but it works and is much more preferred than risking public disclosure of his unconfirmed txn and putting not only his funds but also the ecosystem in danger. Bitcoin will suffer from any kind of robbery as well as lost funds; we all know.

             ▄██▄
   ▄██▄      ▀█▀▀     ▄██▄
   ▀██▀▄  ▄▄█████▄▄  ▐███▀
       ███████████████
      ████████▀▄▄▄▀████
 ▄▄  ▐███▀▄▀██▄▀▀▀▄█████  ▄▄
████▀█████▄███▀▀█████ ██▀████
 ▀▀  ▐███▄███ ██ ████ █▌  ▀▀
      ▀████▄██▄▄███▀▄█▀
    ▄▄ █▀██████▀▄▄▄█▀█ ▄▄
   ████▀   ▀▀▀█▀▀▀   ▐████
    ▀▀       ▄██▄      ▀▀
             ▀██▀
⟩ ⟩ ⟩             ▄▄▄
  ▄▄▄▄▄▄▄▄▄▄█   █▄
 █           ▀▀▀  █
 ▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀
▄▀▀ ▄▄▄▄▄▄▄▄▄▄▄▄ ▀▀▄
█ ▄▀ ▄▄▄▄▄▄▄    ▀█ █
█ █ █       █    █ ▄
█ █ ▄▀▀▀▀▀▀▄▄    █ █
█ █ ▀▄▄▄▄▀▀▄▄▀▀▄ █ █
█ █ █   █  ██  █ █ █
█ █ ▄▀▀▀▀▄▄▀▀▄▄▀ █ █
█ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ █
 ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
⟩ ⟩ ⟩       ▄████▄  ▄████▄
      ████████████████
      ████████████████
       ██████████████
        ▀██████████▀
██        ▀██████▀        ██
██▌   ▄            ▄   ▐██
███  ███▄          ▄███  ███
▀███▄ ▀███▄      ▄███▀ ▄███▀
  ▀████████      ████████▀
     ▀████▀      ▀████▀
     ▄   ▄▄      ▄▄   ▄
     ▀█████      █████▀
franky1
Legendary
*
Offline Offline

Activity: 2926
Merit: 1780



View Profile
October 10, 2019, 07:34:45 PM
 #26

destroying coins?? (facepalm)

not only does that break the rules of the whole 21m coin 'there will be 21m coins in the future .. oh wait we meant 15mill, now 14m'

not only does that break the 'trust math' theology. because now devs decide they want to go against the rules, so people cant trust that they will always have coins if they just locked their only copy of a private key in a time capsule. they have to trust and hope devs dont go barbaric on code rules

not only does destroying coins destroy many aspects of bitcoin.but the social drama impact of such an act would effect the markets more so than just letting a theif sell coins

think about it once brute forced coins are sold or moved out of insecure keys. drama is over.
its far better to let someone waste their life brute forcing a private key for 50btc and sell them, then repeat 20,000 times until 'satoshi stash' is no longer on insecure addresses... than it is to let devs manipulate the rules to declare more than 1m coined defunct and destroyed in on go. whats next if p2pk keys need destroying, do devs wait a month and declare war on p2pkh p2sh. then when they find an issue with segwit declare a war on p2wpkh. would it ever end

people would prefer to know if they leave their coins its their fault for not loking after them, if they care and there is a output format that is genuinely more secure they can move them. if they dont then they are at risk of someone else spending them.. but never ever should devs ever consider destroying coins..

in business terms. imagine thre is a company in the middle of a merger/liquidation buyout/hostile takeover. is it more beneficial to just let it happen as you know its only a 15minute news item that passes as fast as a price dip would.. or would you call in the military and nuke the facility and shout 'ha ha ha no one gets it' and then go on a mission where nuking businesses is standard practice

the price drama of a user selling 50btc a day is small if they brute forcd a satoshi stash address each day. and it would take 20,000 of thos days to do it to 1m coins.
just think about how little effect on the price 50btc is in comparison to average daily volume.
just think about how little drama it would realistically create compared to breaking some of bitcoins fundemental rules.

more people would be more concerned that devs are coming to dstroy their coins next compared to the worry of someone spending 50btc of satoshi stash a day

I DO NOT TRADE OR ACT AS ESCROW ON THIS FORUM EVER.
Please do your own research & respect what is written here as both opinion & information gleaned from experience. many people replying with insults but no on-topic content substance, automatically are 'facepalmed' and yawned at
ETFbitcoin
Legendary
*
Offline Offline

Activity: 1666
Merit: 2550

Use SegWit and enjoy lower fees.


View Profile WWW
October 10, 2019, 07:47:12 PM
 #27

more people would be more concerned that devs are coming to dstroy their coins next compared to the worry of someone spending 50btc of satoshi stash a day

If Quantum Computer only makes 50 BTC at risks, i'm sure almost no one would agree with the idea of invalidating all P2PK UTXO and other UTXO which public key is known.

Just confirming, do you prefer someone with QC stole Bitcoin from vulnerable UTXO rather than makes no one can spend their Bitcoin from vulnerable UTXO?
Or perhaps do you have another idea, such as distribute it as mining rewards or distribute it to all Bitcoin address where it's public key isn't known or uses address format based on quantum resistant cryptography?

figmentofmyass
Legendary
*
Offline Offline

Activity: 1554
Merit: 1387



View Profile
October 10, 2019, 10:17:12 PM
 #28

destroying coins?? (facepalm)

not only does that break the rules of the whole 21m coin 'there will be 21m coins in the future .. oh wait we meant 15mill, now 14m'

it doesn't. the rule is there can't be more than 21 million coins.

due to the nature of private keys, there was always an implicit assumption that lost coins deplete the supply. i've been operating under that assumption since i arrived 7 years ago. in fact, satoshi explicitly said as much in 2010.

you're telling me that entire monetary philosophy just goes in the trash bin now? lost coins aren't a donation to holders, but rather those with quantum computers?

think about it once brute forced coins are sold or moved out of insecure keys. drama is over.

if QC can break ECDSA, then ECDSA secured outputs should not exist, period. "people should be free to have their coins stolen!!!11!!1!" is not a compelling answer. it's completely against the interest of all bitcoin holders.

mda
Member
**
Offline Offline

Activity: 144
Merit: 12


View Profile
October 11, 2019, 07:37:39 AM
 #29

A possible trade-off would be to limit transaction amounts from unhashed public keys to few million USD per day.
squatter
Legendary
*
Offline Offline

Activity: 1610
Merit: 1159


STOP SNITCHIN'


View Profile
October 11, 2019, 08:04:58 AM
 #30

A possible trade-off would be to limit transaction amounts from unhashed public keys to few million USD per day.

That sounds like a real kludge. The idea probably wouldn't gain traction. Theoretically it's also not just unhashed public keys that are vulnerable, but all public keys as they currently exist.

The solution seems rather binary to me. We either lock/destroy vulnerable outputs or we let them wreak havoc on the market. Whether the first option is ethical seems like an issue of time -- how long is long enough?

We have some duty of care not to deprive people of their money, but does that entail going down with the ship?

AverageGlabella
Hero Member
*****
Offline Offline

Activity: 493
Merit: 657



View Profile
October 15, 2019, 04:07:34 PM
 #31

destroying coins?? (facepalm)

not only does that break the rules of the whole 21m coin 'there will be 21m coins in the future .. oh wait we meant 15mill, now 14m'

That is not breaking the rules of Bitcoin or how I would prefer to look at it Bitcoins philosophy. Bitcoin was proposed to have a limited amount of Bitcoin to prevent inflation and other issues in the long term however that only includes disallowing new coins from being generated after 21 million and at no point was it proposed that destroying coins would not be allowed. Of course it is allowed and in theory the more Bitcoin that are lost the more valuable and limited it will be. Bitcoin does not have many hard set rules in terms of what you are suppose to do with your money. If you want to destroy coins you can the only limit is you can't generate anymore after 21 million coins has been reached.

A possible trade-off would be to limit transaction amounts from unhashed public keys to few million USD per day.
If you want to severely limit Bitcoin's potential then you could do this but I would and many others would advise putting any sort of limitations on the Bitcoin technology. Limiting it shows that there is a centralised force trying to control Bitcoin despite it being for a good cause. If you want to transact more than a couple million dollars in Bitcoin in an hour then you should be allowed to do that. Freedom is the best approach here.
mda
Member
**
Offline Offline

Activity: 144
Merit: 12


View Profile
October 15, 2019, 07:30:08 PM
 #32

A possible trade-off would be to limit transaction amounts from unhashed public keys to few million USD per day.
If you want to severely limit Bitcoin's potential then you could do this but I would and many others would advise putting any sort of limitations on the Bitcoin technology. Limiting it shows that there is a centralised force trying to control Bitcoin despite it being for a good cause. If you want to transact more than a couple million dollars in Bitcoin in an hour then you should be allowed to do that. Freedom is the best approach here.
This trade-off is a middle ground between two options. Let quantum computing flood the market in a short period of time (freedom approach) or destroy these coins because it's an easy way to preserve and even increase a bit our wealth.
Laskoo
Full Member
***
Offline Offline

Activity: 364
Merit: 144


View Profile
October 22, 2019, 12:30:32 PM
Merited by vapourminer (1)
 #33

I personally don't bother too much just because if someone Google, 3 letter agency or even aliens will come up with a quantum computer satoshi's funds will be the last thing that we'll need to worry about.
Just think about all the "password protected" (encrypted) things that are out there, like: financial system servers , electricity servers, medical care servers, airplanes servers, nuclear missile codes. These are things much more valuable and important than 1M bitcoins.

qubitasic
Newbie
*
Offline Offline

Activity: 48
Merit: 0


View Profile
October 22, 2019, 01:36:10 PM
 #34

I personally don't bother too much just because if someone Google, 3 letter agency or even aliens will come up with a quantum computer satoshi's funds will be the last thing that we'll need to worry about.
Just think about all the "password protected" (encrypted) things that are out there, like: financial system servers , electricity servers, medical care servers, airplanes servers, nuclear missile codes. These are things much more valuable and important than 1M bitcoins.



They would build a quantum computer intentionally for Bitcoins case to frack the 'Shalecoins'. ('Shalecoins', coins with no owner ' https://bitcointalk.org/index.php?topic=5134441.0)
Banks can freeze accounts, rewind, correct it.
But Bitcoin can't.
squatter
Legendary
*
Offline Offline

Activity: 1610
Merit: 1159


STOP SNITCHIN'


View Profile
October 22, 2019, 05:57:55 PM
Merited by vapourminer (1), Carlton Banks (1)
 #35

I personally don't bother too much just because if someone Google, 3 letter agency or even aliens will come up with a quantum computer satoshi's funds will be the last thing that we'll need to worry about.
Just think about all the "password protected" (encrypted) things that are out there, like: financial system servers , electricity servers, medical care servers, airplanes servers, nuclear missile codes. These are things much more valuable and important than 1M bitcoins.

How about in a decade or two, when Bitcoin's market capitalization might be in the trillions, or tens of trillions? Valuable enough?

We're also talking about much more than 1 million bitcoins. It's 5 million+ that have exposed public keys and theoretically the entire supply if QC is capable of breaking transactions in flight.

Centralized infrastructure also requires far less coordination to secure. In a zero-day situation, governments and banks could react far more effectively than the decentralized Bitcoin network ever could. If QC broke ECDSA in the wild today, I don't think Bitcoin would ever recover.

Carlton Banks
Legendary
*
Offline Offline

Activity: 2884
Merit: 2349



View Profile
October 22, 2019, 06:33:05 PM
 #36

How about in a decade or two, when Bitcoin's market capitalization might be in the trillions, or tens of trillions? Valuable enough?

sure, but...


We're also talking about much more than 1 million bitcoins. It's 5 million+ that have exposed public keys and theoretically the entire supply if QC is capable of breaking transactions in flight.

...the greater percentage of the total BTC supply someone can steal using any exploit:

  • The more BTC's market value will crash, meaning the attack's purpose changes from profit to an arson-like motive
  • The more likely that a majority of previous holders reject BTC in favor of a resistant new coin, even if a fix for the exploit is discovered

The last point (ironically) resembles what's actually happening with central bank money today; people rejecting it for alternative assets because knowledgeable abusers of the system are being allowed to over-aggressively suck all the value (as well as any remaining credibility Grin ) out of it, while the economists and policy advisers desperately try to appear to be correcting the situation Cheesy


Centralized infrastructure also requires far less coordination to secure. In a zero-day situation, governments and banks could react far more effectively than the decentralized Bitcoin network ever could. If QC broke ECDSA in the wild today, I don't think Bitcoin would ever recover.

this is very true, and so credit to the developers who have the sense to move slowly and carefully with changes/additions (even competitors to Bitcoin have behaved very responsibly, e.g. the reporting for the inflation bug, or the handling of the recent channel spoofing bug in Lightning). But we're in a virtuous circle here; very talented software developers and computer scientists were attracted to Bitcoin when it was still experimental, and now many of those same people are as motivated to contribute to furthering it's viability as they are invested. Brilliant. Smiley

Vires in numeris
squatter
Legendary
*
Offline Offline

Activity: 1610
Merit: 1159


STOP SNITCHIN'


View Profile
October 22, 2019, 08:00:54 PM
 #37

...the greater percentage of the total BTC supply someone can steal using any exploit:

  • The more BTC's market value will crash, meaning the attack's purpose changes from profit to an arson-like motive
  • The more likely that a majority of previous holders reject BTC in favor of a resistant new coin, even if a fix for the exploit is discovered

Fair point. If one had access to this technology, the rational approach would be to slowly siphon off bitcoins in a way that would be extremely difficult to detect, maintaining the market value. 

I'm mainly thinking about the arson scenario. If adversaries were able to destroy faith in Bitcoin this way, I'm not sure how much confidence would be left in any cryptocurrencies.

Laskoo
Full Member
***
Offline Offline

Activity: 364
Merit: 144


View Profile
October 23, 2019, 03:37:10 AM
 #38

I personally don't bother too much just because if someone Google, 3 letter agency or even aliens will come up with a quantum computer satoshi's funds will be the last thing that we'll need to worry about.
Just think about all the "password protected" (encrypted) things that are out there, like: financial system servers , electricity servers, medical care servers, airplanes servers, nuclear missile codes. These are things much more valuable and important than 1M bitcoins.

How about in a decade or two, when Bitcoin's market capitalization might be in the trillions, or tens of trillions? Valuable enough?

We're also talking about much more than 1 million bitcoins. It's 5 million+ that have exposed public keys and theoretically the entire supply if QC is capable of breaking transactions in flight.

Centralized infrastructure also requires far less coordination to secure. In a zero-day situation, governments and banks could react far more effectively than the decentralized Bitcoin network ever could. If QC broke ECDSA in the wild today, I don't think Bitcoin would ever recover.

I like your enthusiasm, and I hope Bitcoin will hit tens of trillions in value.

"Valuable enough?"
- No. Not more valuable than a human life, at least for me.

As for the Quantum Computers, if this will happen of course Bitcoin will be worthless like everything out there using encryption, but I'm sure Bitcoin developers will launch a new Quantum Resistant Bitcoin maybe called qBitCoin.

Don't be afraid, we will adapt like we always do, as humans.
ETFbitcoin
Legendary
*
Offline Offline

Activity: 1666
Merit: 2550

Use SegWit and enjoy lower fees.


View Profile WWW
October 23, 2019, 07:28:21 AM
 #39

They would build a quantum computer intentionally for Bitcoins case to frack the 'Shalecoins'. ('Shalecoins', coins with no owner ' https://bitcointalk.org/index.php?topic=5134441.0)
Banks can freeze accounts, rewind, correct it.
But Bitcoin can't.

Only applies for Bitcoin address where it's public key is known

I'm mainly thinking about the arson scenario. If adversaries were able to destroy faith in Bitcoin this way, I'm not sure how much confidence would be left in any cryptocurrencies.

Few cryptocurrency claims to use quantum-resistant cryptography, so few of those could use the momentum to be cryptocurrency with highest market cap or replace BTC.

Carlton Banks
Legendary
*
Offline Offline

Activity: 2884
Merit: 2349



View Profile
October 23, 2019, 10:35:41 AM
 #40

They would build a quantum computer intentionally for Bitcoins case to frack the 'Shalecoins'. ('Shalecoins', coins with no owner ' https://bitcointalk.org/index.php?topic=5134441.0)

Only applies for Bitcoin address where it's public key is known

something has occurred to me since this all started

is it not the case that Taproot/tapscripts output would expose it's public key in it's pubkey script on the chain before it is spent? I'm gonna have to check that out today, I'm not certain

If so, I don't think this is some kind of oversight on the part of Taproot's design; as was pointed out upthread, if a QC-based attacker scans the mempool for inflight transactions, the hashed public key offers them zero protection during the time between broadcasting a tx and it getting confirmed. That amount of time could easily be long enough to use the QC to resolve the private key from the (briefly exposed) public key.

This post is subject to change if I'm wrong! Re-reading the Taproot/Tapscript BIPs right now...

https://github.com/sipa/bips/blob/bip-schnorr/bip-taproot.mediawiki

https://github.com/sipa/bips/blob/bip-schnorr/bip-tapscript.mediawiki

Vires in numeris
Pages: « 1 [2] 3 4 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!