Quantum resistance

[whotheff]

The company Dwave is now shipping $15M quantum computers with 5000Qbits of processing power. For comparison, the rest of the vendors are at ~50qbits. I know that $15M is quite a lot of money, but in 2 year that figure will be half. As you probably know, quantum calculations can be multiple times faster than any computer we have today. What are the plans for Bitcoin to continue to exist?

[1714783376]

1714783376

[1714783376]

1714783376

[1714783376]

1714783376

[Jating]

Nothing I guess, bitcoin will readjust if dev's know that it is already vulnerable so this so called quantum attacks. And as far as I know ECDSA or secp256k1 is quantum resistance as long as our public is not known. So as a bitcoin user, to protect us from this so called quantum attacks, we shouldn't re-used our bitcoin address. As for brute forcing our private key, those quantum machine will still need more computing power. And if so SHA256 will be broken, then we should go to SHA512 and so on.

[o_e_l_e_o]

This 5000 qubit machine is not a universal quantum computer in the same sense of the ones being developed by other vendors. It is a quantum annealer, which can only be used to perform a few very specific calculations. It is irrelevant to bitcoin. True universal quantum computers which may be able to break elliptic curve multiplication are still a few decades away.

Even so, when we reach the stage that elliptic curve multiplication becomes vulnerable, then there are two things which can happen. One, and very simply, users can stop reusing addresses. The private key is only vulnerable once the public key is known, and the public key is only revealed when a transaction is made. If you haven't made a transaction out of an address yet, then your funds remain safe. Secondly, we can fork to create a new address type which would be quantum resistant, just like we forked to create SegWit addresses.

[fiulpro]

If Quantum mechanics are being used then for sure it can be integrated in the machinery of the bitcoins itself , an attack from the quantum computer can only be stopped by quantum mechanics itself. I do believe since both cryptocurrencies and quantum mechanics are being hyped for a reason! Many people will be willing to integrate them both.
At the same time as we know :
Not everyone will be able to own it
Government websites are far too weak to handle such attack and therefore I do believe they would closely monitor the people with the power of quantum computers !!

[Lorence.xD]

Nothing I guess, bitcoin will readjust if dev's know that it is already vulnerable so this so called quantum attacks. And as far as I know ECDSA or secp256k1 is quantum resistance as long as our public is not known. So as a bitcoin user, to protect us from this so called quantum attacks, we shouldn't re-used our bitcoin address. As for brute forcing our private key, those quantum machine will still need more computing power. And if so SHA256 will be broken, then we should go to SHA512 and so on.

What do you mean needs more computing power? 1 qubit is equal to 2 bits, that is already fast. The current supercomputer will fall out of commission once quamtum computer become available. Although it is still on its cabinet computer phase this will be a breakthrough for computing power. And why think of quantum attacks of all the things? When there is a breakthrough, commercialized quantum computers will not be available for some years. Educational institutions like research, military, and aeronautics will be the first to use this just so you know. And as if low life hackers buy those quantum computers just to get into the network. That is the least thing that we should be wary of in regards to quantum computer.

[Charles-Tim]

Quantum computing is still in it early stage, there is no such computer that is advanced in a way to break the ECDSA algorithm of bitcoin as of now. Quantum comouting is only a threat to the future of bitcoin, because in decades to come, there will be advanced and more sophisticated quantum computers that will be able to penetrate bitcoin ECDSA algorithm. But, it is only a panic for people that do not know much about bitcoin, it is nothing to bitcoin developers because quantum resistant soft fork will be created.

Secondly, we can fork to create a new address type which would be quantum resistant, just like we forked to create SegWit addresses.

It takes bitcoin developers little stress to have a soft fork to create a new address that will be 100% resistant to quantum computer, imo, it will be the best alternative.

[20kevin20]

Quantum computers currently do not pose any risk to Bitcoin because it would make no sense to use all those resources just to harm a cryptocurrency. In the end, we'd just fork off and all the resources they've spent would have been lost in vain.

Bitcoin will advance alonside technology. Once more powerful computers are released, the hashrate will increase as well. As soon as quantum computing becomes the norm, the hashrate will probably be high enough not to pose any risk anymore from the 51% attack perspective. Private keys may be at a high risk though, but that is something devs can fix.

I don't think anyone is stupid enough to purchase hardware worth so many millions of dollars to attempt a BTC attack when they know escaping the attack is as easy as creating a slightly improved fork.

[dothebeats]

These machines aren't made to be as flexible as you think it can be. They are not general purpose, and are only intended for very specific calculations and that's it. This cannot be reconfigured into something that can break SHA-256, or try to play with the algorithms and cryptography embedded within bitcoin. We're years or even decades away from a working quantum computer that can try and take the bitcoin cracking challenge, though those operating it may find the effort futile since a fork can just occur and there goes your millions down the drain.

[witcher_sense]

In bitcoin, there are many other difficult problems that are still waiting for a solution. Bitcoin developers should not focus on a potential threat from non-existant sufficiently powerful quantum computers. It is better to focus on code improvements such as Schnorr signatures and Taproot, which really may help bitcoin to survive. Even if developers decided that Bitcoin should be quantum resistant, started to implement quantum resistant addresses, for instance, that would not change anything, anyway. They cannot force people, ordinary bitcoin users, to behave differently, they cannot change people's habits, they cannot forbid them to reuse addresses. People first need to learn how to use bitcoin properly in order to develop their own methods of how to protect yourself from those attack vectors and problems which can't be solved on a protocol level.

[o_e_l_e_o]

1 qubit is equal to 2 bits, that is already fast.

The only way one qubit can encode 2 bits of information is if two parties share an entangled qubit prior to transmitting data to each other. For most cases of quantum computing at the moment, 1 qubit is equal to 1 bit.

This cannot be reconfigured into something that can break SHA-256, or try to play with the algorithms and cryptography embedded within bitcoin.

Breaking SHA256 is not the concern when it comes to quantum computing. At best, a quantum computer running Grover's algorithm could reduce the operations needed to break SHA256 from 2²⁵⁶ to 2¹²⁸, which is still far too large for any computer, and certainly far too large for the small quantum computers we are talking about. Breaking elliptic curve multiplication is the concern, as a quantum computer running Shor's algorithm could reduce the operations required from 2¹²⁸ to somewhere in the region of 128³, which is achievable.

[Lorence.xD]

1 qubit is equal to 2 bits, that is already fast.

The only way one qubit can encode 2 bits of information is if two parties share an entangled qubit prior to transmitting data to each other. For most cases of quantum computing at the moment, 1 qubit is equal to 1 bit.

Qubits are using superposition meaning that 1 qubit is equal to 0 and 1 at the same time, much like Schrödinger's cat, qubits are technically two bits. Why would it be equal to 1 bit and be faster than the modern computers?  And yeah, entanglement is reason why qubits can hold up to two bits of data.

[o_e_l_e_o]

Qubits are using superposition meaning that 1 qubit is equal to 0 and 1 at the same time, much like Shrödinger's cat, qubits are technically two bits.

Having a superposition of 0 and 1 does not make is equal to 2 bits. When the qubit is measured, it must be either 0 or 1, which is the same as the bit. If anything, n qubits can be thought of as the same as 2ⁿ bits. If you have n bits, then you can represent any one of n² possible combinations. If I have n qubits, I can represent all n² combinations simultaneously.

Why would it be equal to 1 bit and be faster than the modern computers?

The speed increase is not because 1 qubit can store more data than simply 0 and 1. The speed increase is because it can simultaneously store both 0 and 1. As I said above, this allows a 16 qubit computer (for example) to simultaneously store 65,536 possible states.

[Lorence.xD]

Having a superposition of 0 and 1 does not make is equal to 2 bits. When the qubit is measured, it must be either 0 or 1, which is the same as the bit. If anything, n qubits can be thought of as the same as 2ⁿ bits. If you have n bits, then you can represent any one of n² possible combinations. If I have n qubits, I can represent all n² combinations simultaneously.

I said on my counter argument that it is technically 2 bits. Sorry if I do not know much about it. I am just fascinated by quantum mechanics so most things that I know is surface level. You didn't consider it in your post.

Here is the link to the one article I have read: https://superposition.com/2017/10/05/seven-things-need-know-about-qubits/

The speed increase is not because 1 qubit can store more data than simply 0 and 1. The speed increase is because it can simultaneously store both 0 and 1. As I said above, this allows a 16 qubit computer (for example) to simultaneously store 65,536 possible states.

That is what I was trying to say in the first place.

What do you mean needs more computing power? 1 qubit is equal to 2 bits, that is already fast. The current supercomputer will fall out of commission once quantum computer become available.

[whotheff]

Qubits are using superposition meaning that 1 qubit is equal to 0 and 1 at the same time, much like Shrödinger's cat, qubits are technically two bits.

Having a superposition of 0 and 1 does not make is equal to 2 bits. When the qubit is measured, it must be either 0 or 1, which is the same as the bit. If anything, n qubits can be thought of as the same as 2ⁿ bits. If you have n bits, then you can represent any one of n² possible combinations. If I have n qubits, I can represent all n² combinations simultaneously.

Why would it be equal to 1 bit and be faster than the modern computers?

The speed increase is not because 1 qubit can store more data than simply 0 and 1. The speed increase is because it can simultaneously store both 0 and 1. As I said above, this allows a 16 qubit computer (for example) to simultaneously store 65,536 possible states.

Can we then say that Quantum computing can reach 65,536 times faster speed than a regular one?

[hatshepsut93]

If Quantum mechanics are being used then for sure it can be integrated in the machinery of the bitcoins itself , an attack from the quantum computer can only be stopped by quantum mechanics itself.

Wrong, quantum-resistant cryptography has been known for decades, and it doesn't require quantum computers to work. Quantum computers aren't just more powerful classic computers, they are good for certain things, and worse at doing everything else. They aren't going to change everything, they'll just improve some fields.

[Karartma1]

There was this very informative thread on the Quantum resistance topic which I found super interesting since QC is something I am deeply fascinated about.
https://bitcointalk.org/index.php?topic=5191219.0

Especially this is important

"We will know when quantum computers exist when Satoshi’s coins move." https://marketrebellion.com/why-quantum-computing-is-not-a-threat-to-bitcoin/

This is just inaccurate fud. We have no reason to believe that Satoshi is still active in the community its been years since he has been involved and Bitcoin has developed without him for a long time. Yes he is someone to be respected but for all we know Satoshi could well be dead or imprisoned. We will know when to make the changes that are needed for quantum computing by monitoring the development of quantum computers and not because someone decides to move their coins.

Given that Satoshi's coins are in Pay to public key outputs, the pubkeys are publicly available already. So if we assume Satoshi is dead or otherwise gone, his coins moving would actually be an indication that Quantum computers exist because the only way for them to move (assuming he is no longer around) is for someone to have been able to compute the private keys to those exposed public keys, presumably via quantum computer. In general, it would mean that the ECDLP is has been broken in some way (regardless of QCs) and should no longer be relied upon (i.e. we should move off of ECDSA and Schnorr).

[o_e_l_e_o]

Can we then say that Quantum computing can reach 65,536 times faster speed than a regular one?

Not exactly.

If we consider 3 bits, there are 8 possible combinations. 3 qubits could represent all 8 simultaneously, so would theoretically be 8 times faster.
With 4 bits, there are 16 possible combinations. 4 qubits could represent all 16 simultaneously, so would theoretically be 16 times faster.
With 5, it is 32 times.
With 6, 64 times.
And so on.

The more qubits you add, the exponential the speed increase.

Now, it's obviously not quite as simple as this. There are a huge number of other factors to consider such as getting qubits to work together, decoherence, error correction, wave collapse, etc., but the general principle is that for some specific operations (such as reversing elliptic curve multiplication) quantum computers will reduce the operations required exponentially rather than just linearly.

[claire_lovely]

There are quantum resistant encryption cryptography systems that would probably be adopted. Quantum computers are still very basic but these functions are becoming well-tested now:
https://en.wikipedia.org/wiki/Post-quantum_cryptography

[Hispo]

Excuse my ignorace, but implying we got through a soft-fork.
Does not it mean that "lost" coins might be moved again in the case of this quatum attack?

If so, it would represent an incrase of supply of BTC and in consequence its price might decrease when/if happens .

 

[Twentyonepaylots]

True universal quantum computers which may be able to break elliptic curve multiplication are still a few decades away.

I'm just wondering if this would be sped up, as we see the technological advances now it seems like we are quickly changing from smartphones chipset to microprocessors, even the Moore's law isn't applicable these days due to rapid doubling of computer components. Would this few decades away just be a decade away or just a couple of years away.

If you haven't made a transaction out of an address yet, then your funds remain safe. Secondly, we can fork to create a new address type which would be quantum resistant, just like we forked to create SegWit addresses.

Is it possible? we could just fork and fork so we can avoid being broke by quantum computers? is that what you mean?