What do you think about the threat of “quantum computing” for cryptography?

[QuantumResistant]

Hello, Bitcoinares and all the crypto society here!

"Quantum computing" is standing at our doors, what do you think about the threat of it for cryptography and your cryptos?

[Cnut237]

I recently summarised (in another thread) my thoughts on the threat and potential solutions. Please also see the Development & Technical Discussion area for a number of live QC threads.

The biggest vulnerability is address re-use, where a QC can use Shor’s algorithm to break public-key cryptography, including Bitcoin's ECDSA - but there is much more detail at the link I gave.

In addition to threats and solutions, there is the big question of how any solution is implemented. Forking Bitcoin to a quantum-resistant state will not be straightforward. At that time, all coins will have to be moved to new quantum-resistant addresses; any that aren't can be scooped up by a QC running Shor's algorithm. The choices as I see it are to either burn coins that haven't been moved, or else leave them to be stolen by a QC. This is a contentious subject, but one that I think needs to be addressed quickly, and well in advance of such a QC being developed. Some people contend that burning is itself theft, and violates the spirit of bitcoin. There is no easy answer here, and any move to QC resistant cryptography will no doubt be very bumpy indeed.

[imjeybi1208]

The promise of quantum computing has something to impress. But by being able to solve complex mathematical problems faster, quantum computers could jeopardize data security.

Understanding cancer or Alzheimer's disease better, unraveling the mysteries of the universe, anticipating the arrival of hurricanes, better managing automobile traffic… quantum computing could improve our daily lives. But it could also jeopardize all economic activities based on encryption.

A report on the progress and prospects of quantum computing, published by NASEM (National Academies of Sciences, Engineering, and Medicine), in the United States, sounds the alert. There is an urgent need to start research now to develop algorithms capable of thwarting cybercrime.

[Vod]

There is an urgent need to start research now to develop algorithms capable of thwarting cybercrime.

Not just that, but everything encrypted today can be considered cracked if it is not time sensitive.

IBM already has 53 qubit machines.  Once they hit 128, goodbye normal SSL.  :/

[chihien531568]

Quantum technology will affect the optimization of computational power, computing models, network latency, interoperability, artificial intelligence, real-time analysis. and predictive analytics, increased data and storage power, secure cloud computing, virtualization, and the explosion of 5G telecommunications infrastructure. For 5G.

[Cnut237]

everything encrypted today can be considered cracked if it is not time sensitive.

Yes, true for all asymmetric cryptography, which can be broken by a QC running Shor's algorithm. Symmetric cryptography on the other hand is far less vulnerable, AES256 for example is quantum-proof against the best attack (Grover).

To break bitcoin's ECDSA it would take 2¹²⁸ operations on a "normal" computer to derive a private key, whereas for a quantum computer running Shor that drops to a much more manageable 128³.
But for symmetric cryptography, the attack vector has to be different, and the exponent only drops by 1/2, so something that would take 2¹²⁸ operations on a normal computer still takes 2⁶⁴ on a QC. And if we do move up to AES256, that's still 2¹²⁸ on a QC... the same number of operations to break ECDSA classically right now.

IBM already has 53 qubit machines.  Once they hit 128, goodbye normal SSL.  :/

Whilst IBM have certainly made some impressive advancements, I am somewhat skeptical and believe that their achievements have been overstated. Media articles tend to be full of breathless hyperbole and are overly simplistic, as if 'number of qubits' is all there is to it, when clearly this is just a headline figure. I'll believe that IBM have achieved something truly special once they can prove that they have robust error correction. 53 qubits is not the same as 53 fault-tolerant qubits. Decoherence is a huge obstacle in quantum computing, and if IBM are leading people to believe that simply throwing more qubits at it will solve everything, then they are being at best very disingenuous.

[Subbir]

Quantum computing currently poses a threat to cryptography and hinders development Nowadays people are more involved with technology trying to secure computer data through the network. therein case quantum computing protects the computer's data and is one of the most important obstacles to improving our lives For this reason caution should be exercised within the use of quantum computing for the work of cryptography.