Quantum resistance

[o_e_l_e_o]

Would this few decades away just be a decade away or just a couple of years away.

Sure, the timescale might accelerate, but it isnt going to accelerate to the point that suddenly currently used cryptographic algorithms are all broken overnight with no time to prepare. And if something like that ever did happen, bitcoin would be the least of our worries.

Is it possible? we could just fork and fork so we can avoid being broke by quantum computers? is that what you mean?

Absolutely. The network softforked to implement a new address type for segregated witness. There is no reason we couldn't softfork to implement a new address type which uses quantum resistant signatures. I think the most commonly suggested solution is using a hash based algorithm such as Lamport signatures.

[kryptqnick]

The company Dwave is now shipping $15M quantum computers with 5000Qbits of processing power. For comparison, the rest of the vendors are at ~50qbits. I know that $15M is quite a lot of money, but in 2 year that figure will be half. As you probably know, quantum calculations can be multiple times faster than any computer we have today. What are the plans for Bitcoin to continue to exist?

To me, it's a lot like the spaceships fantasies of the 70s. It seemed that surely people would be flying to nearby planets for vacations by the beginning of this century, and yet we did not move significantly forward since those times at all. So with computers becoming better very fast, it might seem that soon they'll be so much better, and they'll decrypt in a  matter of seconds what would now take centuries, but I feel like we're actually reaching the barrier and won't face that many improvements in this area in the near future. I think Bitcoin is more likely to "die" due to people not caring about it and not feeling encouraged to adopt it than due to quantum computers.

[coolcoinz]

People who are scared of quantum computers breaking Bitcoin encryption are not aware of a few things like the one that quantum computers don't "see" programs we currently use. They can make a lot of calculations but for them to break Bitcoin hash somebody would have to translate that hash for them and then be able to decypher the results that the quantum computer will provide. Now imagine doing that to a public transaction. By the time you'd do it there would be a hundred new transactions on top of it and and you'd still have nothing.

[o_e_l_e_o]

Now imagine doing that to a public transaction. By the time you'd do it there would be a hundred new transactions on top of it and and you'd still have nothing.

Sure, even once quantum computing can break elliptic curve multiplication, it will likely be years or even decades more before they can break it so quickly that they can calculate a private key and broadcast a double spend all before a transaction is confirmed.

That's not really what most people are worried about, though. Between early coins sents to pay to pubkey addresses, and coins currently sitting on reused addresses in which the public key is already known, there are approximately 5 million bitcoin. All of these coins are potential targets to be stolen by quantum computers. Even if none of those coins are yours, the knock on effect of almost a third the circulating supply being stolen is worth consideration.

[Hydrogen]

The company Dwave is now shipping $15M quantum computers with 5000Qbits of processing power. For comparison, the rest of the vendors are at ~50qbits. I know that $15M is quite a lot of money, but in 2 year that figure will be half. As you probably know, quantum calculations can be multiple times faster than any computer we have today.

The bottom line is, these "quantum computers" do not offer superior calculation capacity at reduced price. GPUs made by NVIDIA or AMD offer significantly better performance at lower cost.

Quantum computers are a vaporware theoretical technology that are nowhere near to existing in the real world. They're like AI, flying cars and neural interfaces for PCs.

You'll know real quantum computers exist the day NVIDIA and AMD GPUs become obsolete. Until then everything said about "quantum computers" is nothing but marketing hype.

[Sadlife]

It will continue to exist as we know Bitcoin has an algorithm that updates whenever the mining difficulty gets solve faster. So quantum computers, wouldn't be a threat for remaining supply. Also if ever, it actually gets mined faster then it wouldn't be a problem because it will make Butcoin more scarce than any asset making the price skyrocket. So either way its a win, win for everybody.

[bitmover]

The company Dwave is now shipping $15M quantum computers with 5000Qbits of processing power. For comparison, the rest of the vendors are at ~50qbits. I know that $15M is quite a lot of money, but in 2 year that figure will be half. As you probably know, quantum calculations can be multiple times faster than any computer we have today. What are the plans for Bitcoin to continue to exist?

as processing power develops, cryptographic will develop as well.

If the technology used in bitcoin (cryptography) becomes vulnerable to quantum computers, bitcoin will be the least of our problems. The whole computer cyber security will be vulnerable. No more banking, no more internet, basically everthing you have  a password will be vulnerable.

[Karartma1]

The company Dwave is now shipping $15M quantum computers with 5000Qbits of processing power. For comparison, the rest of the vendors are at ~50qbits. I know that $15M is quite a lot of money, but in 2 year that figure will be half. As you probably know, quantum calculations can be multiple times faster than any computer we have today. What are the plans for Bitcoin to continue to exist?

as processing power develops, cryptographic will develop as well.

If the technology used in bitcoin (cryptography) becomes vulnerable to quantum computers, bitcoin will be the least of our problems. The whole computer cyber security will be vulnerable. No more banking, no more internet, basically everthing you have  a password will be vulnerable.

See, quantum computers are based on the direction of atoms when you measure them. There are laws in physics that allow computers to measure atoms knows qubits at massive rates. You can easily calculate the position of many qubits at the same time.
This allows us to execute parallel computing at insanely fast speeds compared to traditional computers. It’s like moving at light speed. So if they are so fast at testing multiple possible results for a given encryption algorithm, shouldn't we be afraid of them breaking Blockchain's encryption? No, here's the first reason why: there aren't good quantum computers yet, and that kind of innovation will take us years to attain. Even a good quantum computer can only halve the difficulty of the SHA-256 algorithm used on the entire Bitcoin network, among many other Blockchains.
There is a good article which doesn't speak too tech if you wish to delve into it more https://www.fxstreet.com/cryptocurrencies/news/why-the-crypto-community-shouldnt-be-afraid-of-quantum-computers-202010011535

[o_e_l_e_o]

Even a good quantum computer can only halve the difficulty of the SHA-256 algorithm used on the entire Bitcoin network, among many other Blockchains.
There is a good article which doesn't speak too tech if you wish to delve into it more https://www.fxstreet.com/cryptocurrencies/news/why-the-crypto-community-shouldnt-be-afraid-of-quantum-computers-202010011535

That's not accurate, and that article is also incorrect.

A quantum computer running Grover's algorithm can solve a hash in sqrt(N) operations rather than N operations. Although that article correctly states that SHA-256 could be broken in 2¹²⁸ operations instead of 2²⁵⁶ operations, 2¹²⁸ is not half of 2²⁵⁶. Half of 2²⁵⁶ is 2²⁵⁵. 2¹²⁸ is the square root of 2²⁵⁶. Sqrt(N) is a much greater speed up than N/2, but 2¹²⁸ is still far too many operations to be feasible any time soon.

Still, if you read my post above, breaking hash functions is not the concern with quantum computers - breaking elliptic curve multiplication is. Quantum computers can speed this up exponentially, meaning all coins in P2PK address (including ~1 million coins thought to belong to Satoshi), and all coins on addresses which have previously been used, are vulnerable.

[witcher_sense]

It will continue to exist as we know Bitcoin has an algorithm that updates whenever the mining difficulty gets solve faster. So quantum computers, wouldn't be a threat for remaining supply. Also if ever, it actually gets mined faster then it wouldn't be a problem because it will make Butcoin more scarce than any asset making the price skyrocket. So either way its a win, win for everybody.

Existing quantum computers are not capable of competing with classical bitcoin mining equipment. The emergence of efficiently powerful quantum miners is very unlikely to happen in a foreseeable future. If they existed today, it would be possible for them to find a target value more easily using two different approaches. Some believe there is a possibility that a quantum algorithm to invert SHA-256 cryptographic hash function will be found in the future. With such algorithm miners doesn't have to search for possible solution anymore, they simply can find an actual input by inverting a hash function. Obviously, it is not desirable future since SHA-256 function is used in many other fields, not in mining alone. However, quantum algorithm poses a threat only if used silently, otherwise bitcoin developers will be ready for that. After all, there are many hash functions that are quantum resistant. The second approach quantum computer may use is trying different inputs using Grover's algorithm for search. This algorithm allows for a quadratic quantum speedup, it is considerable enough when search field is high. However, it requires a lot of quantum hash rate and quantum computers should be run in parallel like it is done today in classical computation.

[Karartma1]

Even a good quantum computer can only halve the difficulty of the SHA-256 algorithm used on the entire Bitcoin network, among many other Blockchains.
There is a good article which doesn't speak too tech if you wish to delve into it more https://www.fxstreet.com/cryptocurrencies/news/why-the-crypto-community-shouldnt-be-afraid-of-quantum-computers-202010011535

That's not accurate, and that article is also incorrect.

A quantum computer running Grover's algorithm can solve a hash in sqrt(N) operations rather than N operations. Although that article correctly states that SHA-256 could be broken in 2¹²⁸ operations instead of 2²⁵⁶ operations, 2¹²⁸ is not half of 2²⁵⁶. Half of 2²⁵⁶ is 2²⁵⁵. 2¹²⁸ is the square root of 2²⁵⁶. Sqrt(N) is a much greater speed up than N/2, but 2¹²⁸ is still far too many operations to be feasible any time soon.

Still, if you read my post above, breaking hash functions is not the concern with quantum computers - breaking elliptic curve multiplication is. Quantum computers can speed this up exponentially, meaning all coins in P2PK address (including ~1 million coins thought to belong to Satoshi), and all coins on addresses which have previously been used, are vulnerable.

Thanks for your explanation, after a second read and given your clarifications I can say that article is too simplistic. Going back to what matters here I think the issue regarding satoshi's coins is real: I believe it's easy to implement quantum countermeasure going forward but doing that to those coins is a completely different thing.
 

[o_e_l_e_o]

Going back to what matters here I think the issue regarding satoshi's coins is real: I believe it's easy to implement quantum countermeasure going forward but doing that to those coins is a completely different thing.

Exactly. There has been a lot of debate and discussion about what should be done about vulnerable coins, including those presumed to belong to Satoshi, and the suggested solutions vary greatly. Everything from "Leave them alone and if/when they are hacked, so be it" through to "Irreversibly lock them so no one can ever spend them again", and everything in between.

theymos made a controversial post about this on Reddit a few years ago which you can read here: https://www.reddit.com/r/Bitcoin/comments/4isxjr/petition_to_protect_satoshis_coins/d30we6f/. He was essentially saying that if the coins are going to be stolen anyway, it would be better to just lock them instead. Although I can see the merit behind such a proposal, it does not sit right with me at all that the community is choosing to lock/freeze coins which aren't theirs. achow101 has proposed a solution I find very interesting in the last few paragraphs here: https://bitcoin.stackexchange.com/questions/91049/why-does-hashing-public-keys-not-actually-provide-any-quantum-resistance/91050#91050. Essentially it says to lock coins which are vulnerable, but provide some quantum resistant mechanism for the real owner of the coins to recover them, perhaps via a zero knowledge proof of knowing the seed phrase which was used to derive the relevant private key. This wouldn't however work for earlier P2PK addresses which were not derived from a seed phrase.

[Karartma1]

Going back to what matters here I think the issue regarding satoshi's coins is real: I believe it's easy to implement quantum countermeasure going forward but doing that to those coins is a completely different thing.

Exactly. There has been a lot of debate and discussion about what should be done about vulnerable coins, including those presumed to belong to Satoshi, and the suggested solutions vary greatly. Everything from "Leave them alone and if/when they are hacked, so be it" through to "Irreversibly lock them so no one can ever spend them again", and everything in between.

theymos made a controversial post about this on Reddit a few years ago which you can read here: https://www.reddit.com/r/Bitcoin/comments/4isxjr/petition_to_protect_satoshis_coins/d30we6f/. He was essentially saying that if the coins are going to be stolen anyway, it would be better to just lock them instead. Although I can see the merit behind such a proposal, it does not sit right with me at all that the community is choosing to lock/freeze coins which aren't theirs. achow101 has proposed a solution I find very interesting in the last few paragraphs here: https://bitcoin.stackexchange.com/questions/91049/why-does-hashing-public-keys-not-actually-provide-any-quantum-resistance/91050#91050. Essentially it says to lock coins which are vulnerable, but provide some quantum resistant mechanism for the real owner of the coins to recover them, perhaps via a zero knowledge proof of knowing the seed phrase which was used to derive the relevant private key. This wouldn't however work for earlier P2PK addresses which were not derived from a seed phrase.

Yes, that's the thing! I completely agree with you: to lock someone else's coins is not something that should be done easily. I guess the solution suggested by achow finds me well.
Whatever it is, this is something that needs to be addressed.

[pawanjain]

The company Dwave is now shipping $15M quantum computers with 5000Qbits of processing power. For comparison, the rest of the vendors are at ~50qbits. I know that $15M is quite a lot of money, but in 2 year that figure will be half. As you probably know, quantum calculations can be multiple times faster than any computer we have today. What are the plans for Bitcoin to continue to exist?

A qauntum computer does not necessarily perform calculations for all the algorithms. I have read somewhere on the internet that it is not necessary that a quantum computer will be able to crack bitcoin's private key until it is able to break bitcoin's algorithm. We might have more time until this happens. Also, we do have the ability to create a quantum proof algorithm for bitcoin but that will take good amount of efforts, skills and time.
It has been a long debate whether all these possibilities can occur or not and to be honest only time can tell us whether the current bitcoin algorithm can penetrate quantum computers or not.

[Hydrogen]

I think some are missing the key points of quantum computer technology.

#1  Quantum computers promise exponentially greater processing power over today's most powerful supercomputers.

#2  Exponentially greater processing power implies problems related to breaking cryptography that take years to solve with today's technology, would theoretically take only days or weeks.

#3  Every claim to fame associated with quantum computer technology revolves around greater computational capacity at affordable cost. Through a significantly higher bit density of registers. A glance at whitepapers or news stories where quantum computer researchers claim to have made a computer with "100,000 qbit registers" (or whatever they call them) tells you what they're building doesn't resemble a true quantum computer in the least.

Machines the media labels "quantum computers" today offer no advantage in computation or clock speed. They cannot solve problems faster, more efficiently or utilizing less electricity in contrast to normal computers. They're marketing gimmicks with no real proof of concept that can be benchmarked to prove they offer any advantage.

People discuss quantum computers without seeming to recognize the technology for them does not currently exist.