Bitcoin Security vs Quantum Computing

[Keiser Soze]

I read an article recently again claiming that within a few years, quantum computers will be easily able to crack BTC encryption: https://decrypt.co/28560/quantum-computers-could-crack-bitcoins-encryption-by-2022

Any thoughts on the above?

[1715683596]

1715683596

[1715683596]

1715683596

[bob123]

Ye.. i didn't read it and didn't even click on the link.
But i don't need to do that to tell you that this is absolute garbage.

Bitcoin "encryption" (i guess you meant signatures) won't be crackable the next few years..
Even if (and that already is a big if) there will be well working quantum computers available in a few years... there are no algorithms available.

You need the hardware AND the efficient algorithms.
And once its coming close to be possible, a hardfork is going to solve everything.
The traditional banking sector and the government will be at a higher risk with their slow IT departments than bitcoin.

[mda]

You don't need to worry if you don't expose public keys (address reuse). Even if the network shuts down for a while your coins will be safe and developers eventually will figure a solution.

[ranochigo]

Quantum computing is nowhere near the levels that is needed to break ECDSA.

It's true that Shor's algorithm makes ECDSA vulnerable to attacks by quantum computers which reduces the time needed significantly. However, if you look at it, the amount of qubit that is required to break ECDSA is estimated to be ~1500. The best quantum computer right now has 53 qubit.

If you don't reuse addresses, the effects are negated since it still takes time for the quantum computer to crack your keys. I don't see a real threat right now but the community would probably act on it when the need arises.

[pooya87]

You don't need to worry if you don't expose public keys (address reuse). Even if the network shuts down for a while your coins will be safe and developers eventually will figure a solution.

true, but the thing about bitcoin is that if there were any kind of vulnerability in its very basic cryptography (which there isn't by the way) then it would have no value so in the end it wouldn't matter much if your public key is revealed or not.

[Keiser Soze]

In brief, the article states:
- A 4,000 qubit quantum computer could, theoretically, crack Bitcoin's encryption in a matter of seconds.
- The current generation of quantum computers max out at 54 qubits.
- A quantum computer capable of cracking Bitcoin's encryption could be just two years away.

I suppose BTC has a few years still to program it's way out of this risk, however I fail to understand how programming can mitigate this risk.

[crwth]

There are a lot of theories corresponding to the capacity of quantum computing to be able to crack Bitcoin encryption. Some say years, some say decades, but what's important is that now, they are saying that it's possible.

We will see in the coming years if Quantum Computing would be able to it, but for now, let's just support the Bitcoin Network.

Maybe Quantum Resistant Ledger (QRL) [1] as the go-to cryptography of the public key. It would be more comfortable knowing that you could be safe. This is if you always think of the "attack" by Quantum Computers. 

[joniboini]

I fail to understand how programming can mitigate this risk.

By changing the encryption to quantum-proof cryptography. There are several sources to learn about how we can face this, just take a little bit time to read (eg: https://en.bitcoin.it/wiki/Quantum_computing_and_Bitcoin).

[Keiser Soze]

I fail to understand how programming can mitigate this risk.

By changing the encryption to quantum-proof cryptography. There are several sources to learn about how we can face this, just take a little bit time to read (eg: https://en.bitcoin.it/wiki/Quantum_computing_and_Bitcoin).

Thanks, I will read and try to understand this better!

[PrimeNumber7]

You don't need to worry if you don't expose public keys (address reuse).

When you spend your coin, you are exposing your public key. On average, there will be 5 minutes between when you broadcast your transaction and when the next block is found, so an attacker with a sufficiently strong quantum computer will have 5 minutes to calculate your private key, and double-spend your tx after you broadcast your transaction.

There are threads about this elsewhere in this sub, and I have posted about why QC is unlikely to be a threat to bitcoin. In short, the value someone can get from using QC to calculate bitcoin private keys is less than the value of keeping the existence of this technology secret.

[devindeysel]

Well, if quantum computing can break into my wallet, you got a whole lot more to worry about than Bitcoin.
All Your Banking cards debit cards , online payment companies such as Paypal and anothor , as well tons of other things online are less secure than your basic non-custodial wallet.

Nuclear lock codes anyone? 

[Keiser Soze]

Nuclear lock codes anyone? 

Fair enough! 

[HeRetiK]

- A quantum computer capable of cracking Bitcoin's encryption could be just two years away.

Probably closer to 20 years than to 2 years. At least if we're talking about the kind of computation power that would enable double-spend attacks as described by PrimeNumber7. Question being how long it will take for QC to break ECDSA within minutes instead of days once it becomes practically possible at all. We're likely to hear a lot more news about leaps in QC long before that though so we should get a bit of a heads up.

Nuclear lock codes anyone? 

About that...

https://www.huffpost.com/entry/nuclear-missile-code-00000000-cold-war_n_4386784

[PrimeNumber7]

- A quantum computer capable of cracking Bitcoin's encryption could be just two years away.

Probably closer to 20 years than to 2 years. At least if we're talking about the kind of computation power that would enable double-spend attacks as described by PrimeNumber7. Question being how long it will take for QC to break ECDSA within minutes instead of days once it becomes practically possible at all. We're likely to hear a lot more news about leaps in QC long before that though so we should get a bit of a heads up.

I believe, most likely we don’t know the true current state of QC technology and won’t know when QC can break ECDSA. QC being used to double spend bitcoin transactions would make it obvious that the technology exists.

If someone were to intercept encrypted communications today, they can keep the encrypted message until they can decrypt it in the future after advances in code breaking (via QC or otherwise) are realized. There is also an advantage to being able to secretly know what your enemies are doing in real time. If it becomes publicly known that encryption standards have been broken, governments will know to use different/more advanced encryption technology to communicate.

I might hypothesize that some major governments have bitcoin stored in addresses whose public keys have been exposed to serve as a canary in the coal mine so they would know not to use EDSCA anymore. Similarly, a government with technology to calculate the private key based on the public key to prevent the canary from being set off.   

[HeRetiK]

I believe, most likely we don’t know the true current state of QC technology and won’t know when QC can break ECDSA. QC being used to double spend bitcoin transactions would make it obvious that the technology exists.

[...]

I might hypothesize that some major governments have bitcoin stored in addresses whose public keys have been exposed to serve as a canary in the coal mine so they would know not to use EDSCA anymore. Similarly, a government with technology to calculate the private key based on the public key to prevent the canary from being set off.   

I guess the biggest canary in the coalmine are actually the earliest Coinbase transactions that were still P2PK. At least I find it hard to believe that anyone with the technology to crack ECDSA and the intention to double-spend bitcoins will be able to resist giving the early dormant block rewards a whirl as soon as they are able to. Emphasis being "the intention to double-spend bitcoins" because for all we know there might be larger goals at stake other than mere wealth accumulation, assuming such technical progress would indeed be successfully kept secret.

[PrimeNumber7]

I believe, most likely we don’t know the true current state of QC technology and won’t know when QC can break ECDSA. QC being used to double spend bitcoin transactions would make it obvious that the technology exists.

[...]

I might hypothesize that some major governments have bitcoin stored in addresses whose public keys have been exposed to serve as a canary in the coal mine so they would know not to use EDSCA anymore. Similarly, a government with technology to calculate the private key based on the public key to prevent the canary from being set off.  

I guess the biggest canary in the coalmine are actually the earliest Coinbase transactions that were still P2PK. At least I find it hard to believe that anyone with the technology to crack ECDSA and the intention to double-spend bitcoins will be able to resist giving the early dormant block rewards a whirl as soon as they are able to. Emphasis being "the intention to double-spend bitcoins" because for all we know there might be larger goals at stake other than mere wealth accumulation, assuming such technical progress would indeed be successfully kept secret.

Not necessary because satoshi might have those private keys (or someone who has access to his computers) and it would be difficult to rule out that the person spending those inputs being the one who generated the private keys.

[Wind_FURY]

How long is the world away until the "Quantum Computing will crack ALL non-QC encryption algorithms!" setting? It can't permanently be FUD, can it?

Asking for a friend.

[pooya87]

How long is the world away until the "Quantum Computing will crack ALL non-QC encryption algorithms!" setting? It can't permanently be FUD, can it?

Asking for a friend.

i don't think it is possible to predict. there could be some breakthroughs in both the algorithms used and the hardware to speed up the process and shorten the estimated time or the technology growth could start plateauing and take even longer.
so far the estimations i have seen are in the matter of 20 to 30 years.

[Keiser Soze]

so far the estimations i have seen are in the matter of 20 to 30 years.

so that article that says 2-3 years is wrong ?

also, if and when QC becomes more easily available, wouldn't bitcoin devs consider 'upgrading' the encryption to QC proof, or is that already completely set in stone for BTC ?

[tianxie]

I read an article recently again claiming that within a few years, quantum computers will be easily able to crack BTC encryption: https://decrypt.co/28560/quantum-computers-could-crack-bitcoins-encryption-by-2022

Any thoughts on the above?

there is nothing called bitcoin encryption, but sha-256 or aes encryption, used by bitcoin core wallets to encrypt your keys.

The are several claims to have quantum supremacy, like googles claim last year, but it is more likely a flaw in system upgrades to lightnining might be more vulnerable than quantum computers. look at the defi hacks earlier this year.