Bitcoin Forum
November 07, 2024, 04:08:37 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 [5]  All
  Print  
Author Topic: Can Quantum Computer's destroy Blockchain and Bitcoins[SHA-256 specifically]  (Read 1780 times)
d5000
Legendary
*
Offline Offline

Activity: 4088
Merit: 7516


Decentralization Maximalist


View Profile
August 19, 2022, 06:12:42 PM
 #81

Just wanted to add a thought I had some days ago (have thought about it and I see no drawback until now).

Like garlonicon wrote in this post, most of we'd need to make Bitcoin "quantum-resistant" is to extend Bitcoin Script with mechanisms to handle other public key cryptosystems than ECDSA.

While there's surely a long way to go to get this implemented in the Bitcoin protocol, one could imagine an extension protocol for tokens based on the OP_RETURN mechanism, like OmniLayer, supporting interesting quantum-resistant cryptosystem candidates first, which would be possible much faster (they could simply copy/paste parts of the algo of this shitcoin which was promoted in this thread by a certain FUDster Wink ). You could then not only create Tether-like centralized tokens which are quantum resistant, but also in theory an 1:1 pegged Bitcoin stablecoin - the easiest way would be using a proof-of-burn scheme, where each bitcoin burnt would entitle its owner to create one unit of the quantum-resistant Bitcoin stablecoin (we could call it QBitcoin).

If the threat becomes real at some point and Bitcoin extends its Script language to support a quantum-secure algorithm, then it should be possible to "merge" the QBitcoin with the "old" upgraded Bitcoin. This would be a way to ensure QBitcoin's peg with Bitcoin holds, although maybe not absolutely necessary.

I write this mostly because if someone is really worried about quantum computers then this could be possibly a straightforward path for Bitcoin to achieve quantum resistance step by step, without having to wait for a complete, thoroughly-tested implementation - and no shitcoin is really needed. Grin

By the way, I wonder if Simplicity, if it gets included into Bitcoin, could provide the necessary functions for "quantum resistant addresses"? In the whitepaper it's mentioned that it's "expressive enough to represent any finitary function", so wouldn't "quantum computer resistant cryptography" be a possible use case?

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
casinotester0001
Member
**
Offline Offline

Activity: 196
Merit: 67


View Profile
August 19, 2022, 07:41:52 PM
 #82

.. most of we'd need to make Bitcoin "quantum-resistant" is to extend Bitcoin Script with mechanisms to ...
What will we make with early mined coins that haven't been moved since ~2010, eg. Satoshi's coins?
d5000
Legendary
*
Offline Offline

Activity: 4088
Merit: 7516


Decentralization Maximalist


View Profile
August 19, 2022, 08:00:22 PM
 #83

.. most of we'd need to make Bitcoin "quantum-resistant" is to extend Bitcoin Script with mechanisms to ...
What will we make with early mined coins that haven't been moved since ~2010, eg. Satoshi's coins?
If they're "lost", i.e. nobody has access to them anymore, there would be no way to protect them with the exception of harsh methods like the blocking of these addresses/utxos (something similar Ethereum did when TheDAO was exploited).

I personally would be against this - I'd rather be ok if they're "stolen" and dumped, even if this meant a sudden price crash. Distribution afterwards would probably be better, and I expect only short term price turbulences. Take into account that if these coins were mined by a single entity (most likely Satoshi) then there is always the danger that they're suddenly moved and be sold, either because Satoshi himself is selling them, or because his computer was hacked (he should have had some knowledge how to secure his data, but nothing is impossible). This danger would then be gone forever, so I expect a quick price recovery. (Anyway, quantum computers would have to solve each address separately, and at first they would be rather slow with that task. So the dumping process could be pretty long - at least if the "dumpers" wanted to maximize profit - and maybe thus the amounts would be too low to generate much panic)

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
casinotester0001
Member
**
Offline Offline

Activity: 196
Merit: 67


View Profile
August 19, 2022, 08:16:18 PM
Merited by BitcoinADAB (1)
 #84

...
exactly.

I think that Satoshi thought about it and made the same decission like you described it here. Let them move  Smiley
o_e_l_e_o
In memoriam
Legendary
*
Offline Offline

Activity: 2268
Merit: 18746


View Profile
August 20, 2022, 11:50:42 AM
Merited by d5000 (1)
 #85

If they're "lost", i.e. nobody has access to them anymore, there would be no way to protect them with the exception of harsh methods like the blocking of these addresses/utxos (something similar Ethereum did when TheDAO was exploited).
That's not entirely true. It would be possible to lock some coins in a way in which the original owner could move them but a quantum attacker reversing the ECDLP could not steal them. This would be done by requiring some proof, ideally a zero knowledge proof, of possession of the seed phrase or master private key which was used to derive the relevant private key. The true owner who had derived the private key in an HD wallet would be able to provide this proof, while a quantum attacker who had obtained the private key from the public key would not.

The downside to this approach is two-fold, though. Firstly, it only protects reused HD addresses, and does nothing for the 1.73 million BTC in P2PK addresses. Secondly, there is no way of knowing which addresses were generated in an HD manner and which were not, which would mean some coins being locked forever and being irrecoverable by anyone, the true owner included.
Babu590
Newbie
*
Offline Offline

Activity: 108
Merit: 0


View Profile
August 21, 2022, 02:11:50 AM
 #86

Are there any puzzle or Crypto vendors for your Bitcoin Crypto Grafix.
You believe you won't take any keys and you'll catch them at another party?
So think we are far behind and your attacks will be successful, think about it .
d5000
Legendary
*
Offline Offline

Activity: 4088
Merit: 7516


Decentralization Maximalist


View Profile
August 21, 2022, 10:53:55 PM
 #87

That's not entirely true. It would be possible to lock some coins in a way in which the original owner could move them but a quantum attacker reversing the ECDLP could not steal them. This would be done by requiring some proof, ideally a zero knowledge proof, of possession of the seed phrase or master private key which was used to derive the relevant private key. The true owner who had derived the private key in an HD wallet would be able to provide this proof, while a quantum attacker who had obtained the private key from the public key would not.
Interesting. I wonder how would this be done technically, is this mechanism described anywhere? My doubt is about how "the blockchain" (i.e. the Bitcoin client in combination with the blockchain data) can know about HD seed phrases / master public keys. All what is stored on the blockchain (from my knowledge) are signatures, public key hashes and (in the case of P2PK) public keys, can you derive information about the HD "master key" from one of these elements?

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
BlackHatCoiner
Legendary
*
Offline Offline

Activity: 1694
Merit: 8324


Bitcoin is a royal fork


View Profile WWW
August 21, 2022, 11:34:43 PM
 #88

[...]
Thirdly, there's no HD standard. Most wallet software have adopted BIP39, Electrum & Armory have their own (AFAIK), etc. But the protocol recognizes no deterministic keys; that's something the Bitcoin community - and specifically some developers - have invented unofficially and nonconsensually. Therefore, such change is beneficial subjectively, because you can't include all wallet software's HD rules nor there is a "neutral" list of those software.

And even if there was such list, you're burdening full node's cost, because it now has to verify computationally expensive functions such as PBKDF2 and HMAC-SHA256, that can be deliberately abused to establish an attack successfully. For example, I can provide a zero-knowledge proof of my HD wallet in which I used millions of PBKDF2 rounds to generate.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
theogonies
Newbie
*
Offline Offline

Activity: 6
Merit: 0


View Profile
February 19, 2024, 11:39:02 PM
 #89

Have been researching QC's and bitcoin for months. It is not clear from many sources of the World Wide Web whether or not QC is a threat to the sha256 of Bitcoin.
1.Can we if possible mine more than the specified value of BTC in less than a minute with the help of a powerfully-eligible Quantum Computer?

Agree that QC's can destroy Elliptic Curve Digital Signature Algorithm and steal our private keys. So considering all of the above threats,

2.Is it possible to fork Bitcoin and solve the following problems?

3.How to secure the SHA256 encryption and make it immutable to QC attacks?

I am pretty sure, Satoshi Nakamoto must have thought about the possible problems there has to be a solution, but exactly where?

Researching for months but didn't somehow come across this?

SHA-256 is very strong.  It's not like the incremental step from MD5 to SHA1.  It can last several decades unless there's some massive breakthrough attack.

If SHA-256 became completely broken, I think we could come to some agreement about what the honest block chain was before the trouble started, lock that in and continue from there with a new hash function.

If the hash breakdown came gradually, we could transition to a new hash in an orderly way.  The software would be programmed to start using a new hash after a certain block number.  Everyone would have to upgrade by that time.  The software could save the new hash of all the old blocks to make sure a different block with the same old hash can't be used.

...
larry_vw_1955
Sr. Member
****
Offline Offline

Activity: 1190
Merit: 469


View Profile
May 17, 2024, 11:59:58 PM
 #90

'World's purest silicon' could lead to 1st million-qubit quantum computing chips
https://www.msn.com/en-us/news/technology/worlds-purest-silicon-could-lead-to-1st-million-qubit-quantum-computing-chips/ar-BB1lXFFn?ocid=BingNewsSearch

"Now that we can produce extremely pure silicon-28, our next step will be to demonstrate that we can sustain quantum coherence for many qubits simultaneously," project co-supervisor David Jamieson, professor of physics at the University of Melbourne, said in the statement. "A reliable quantum computer with just 30 qubits would exceed the power of today's supercomputers for some applications."
 
1 million cubits would definitely be problematic for bitcoin.

Cricktor
Legendary
*
Offline Offline

Activity: 938
Merit: 1448


Crypto Swap Exchange


View Profile
May 19, 2024, 08:59:58 PM
Merited by vapourminer (1), d5000 (1)
 #91

...

Have you actually read and understood this yellow-press QC "science" article?

No details how easy and at what cost they claim to be able to produce more or less pure Silicon28. They still haven't demonstrated such Qubits to have actually a longer and more stable coherence time. What a bummer...

Solid state systems have typically coherence times measured in microseconds to milliseconds at best (ion trap qubits usually seconds to minutes if cooled close to absolute zero Kelvin). Source

Man, this article is full of conjunctives, to an extend that I'd consider it a click-bait at best. So little proven, you can't even call this "science".

My understanding of QCs is surely limited and from my personal understanding, I don't see a lot of danger for decent hashing algorithms like SHA-256 or SHA-512 to be broken considerably faster by far future QC with enough(!!) stable qubits of high coherence times and awesome gate fidelity.

I don't deny progress in this field, but current QCs are vastly overrated and very far from breaking anything important. Sorry to be the QC party pooper...

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
larry_vw_1955
Sr. Member
****
Offline Offline

Activity: 1190
Merit: 469


View Profile
May 19, 2024, 11:56:19 PM
 #92

...

Have you actually read and understood this yellow-press QC "science" article?

No details how easy and at what cost they claim to be able to produce more or less pure Silicon28. They still haven't demonstrated such Qubits to have actually a longer and more stable coherence time. What a bummer...

Solid state systems have typically coherence times measured in microseconds to milliseconds at best (ion trap qubits usually seconds to minutes if cooled close to absolute zero Kelvin). Source

Man, this article is full of conjunctives, to an extend that I'd consider it a click-bait at best. So little proven, you can't even call this "science".
ok now that you have all of that out of the way, lets talk about what they actually said.

"Now that we can produce extremely pure silicon-28, our next step will be to demonstrate that we can sustain quantum coherence for many qubits simultaneously," project co-supervisor David Jamieson, professor of physics at the University of Melbourne, said in the statement.

producing the silicon-28 is not an issue apparently otherwise he wouldn't have said that.


Quote
I don't deny progress in this field, but current QCs are vastly overrated and very far from breaking anything important.
i guess that depends on what you consider to be "important". but i don't agree that they are "vastly overrated". maybe it's time to wake up and take a look at what is going on around you:

https://www.msn.com/en-us/news/technology/rpi-unveils-high-tech-ibm-quantum-system-one/ar-BB1l9Jqz

if universities are buying them and installing them then that kind of legitimizes them.
Cricktor
Legendary
*
Offline Offline

Activity: 938
Merit: 1448


Crypto Swap Exchange


View Profile
May 20, 2024, 11:31:21 AM
Last edit: May 20, 2024, 08:01:10 PM by Cricktor
 #93

"Now that we can produce extremely pure silicon-28, our next step will be to demonstrate that we can sustain quantum coherence for many qubits simultaneously," project co-supervisor David Jamieson, professor of physics at the University of Melbourne, said in the statement.

producing the silicon-28 is not an issue apparently otherwise he wouldn't have said that.

In the academic realm, exaggeration isn't an uncommon phenomenon. We're somewhat digressing from the topic here, but I find the part interesting that separation aka purification of Si28 from Si29 and Si30 isn't an issue according to above cited stance. Isotope separation can only be done by differences in physical properties of elements or their chemical compounds, not by any chemical properties (isotopes of chemical elements don't have any different chemistry).

Anyway, they seem to have figured this out as there's apparently enough interest to have purified Si28.


i guess that depends on what you consider to be "important". but i don't agree that they are "vastly overrated". maybe it's time to wake up and take a look at what is going on around you:

https://www.msn.com/en-us/news/technology/rpi-unveils-high-tech-ibm-quantum-system-one/ar-BB1l9Jqz

if universities are buying them and installing them then that kind of legitimizes them.

I refer with "vastly overrated" to solving bigger (and thus more real) problems with "quantum advantage". I haven't seen much at all there. The demos of so-called quantum superiority weren't much impressive so far (very much a problem of so far puny numbers of stable enough qubits and the need for sophisticated error correction due to too quick decoherence issues). And I don't give much to what's theoretically possible, only practical application counts.

C'mon, universities have to jump onto the hottest tech. How could you otherwise educate and produce experts in such fields that are desperately needed outside.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
larry_vw_1955
Sr. Member
****
Offline Offline

Activity: 1190
Merit: 469


View Profile
May 21, 2024, 01:48:02 AM
 #94

I refer with "vastly overrated" to solving bigger (and thus more real) problems with "quantum advantage". I haven't seen much at all there. The demos of so-called quantum superiority weren't much impressive so far (very much a problem of so far puny numbers of stable enough qubits and the need for sophisticated error correction due to too quick decoherence issues). And I don't give much to what's theoretically possible, only practical application counts.

C'mon, universities have to jump onto the hottest tech. How could you otherwise educate and produce experts in such fields that are desperately needed outside.


https://www.msn.com/en-ae/news/featured/aramco-signs-agreement-with-pasqal-to-deploy-first-quantum-computer-in-the-kingdom-of-saudi-arabia/ar-BB1mItwE

Aramco, one of the world's leading integrated energy and chemicals companies, has signed an agreement with Pasqal, a global leader in neutral atom quantum computing, to install the first quantum computer in the Kingdom of Saudi Arabia.

one day you're going to wake up and find out that someone is solving problems that you didn't think they would. and it might be in the next few years. it won't suprise me though. do you think people spending millions of dollars on these type of systems are dumb? obviously not.

does that mean they are going to break sha256? not necessarily. there would have to be an algorithmic advancement for that to happen. but all the other things could still come true : solving problems faster than conventional supercomputers, etc.




WatChe
Hero Member
*****
Offline Offline

Activity: 1064
Merit: 566


View Profile WWW
May 26, 2024, 01:35:38 PM
 #95

My understanding of QCs is surely limited and from my personal understanding, I don't see a lot of danger for decent hashing algorithms like SHA-256 or SHA-512 to be broken considerably faster by far future QC with enough(!!) stable qubits of high coherence times and awesome gate fidelity.

I don't deny progress in this field, but current QCs are vastly overrated and very far from breaking anything important. Sorry to be the QC party pooper...

Advancements in technologies are rarely welcomed in the start. See what people used to comment about personal computers or Bitcoin in there early days of launch.
The US government has already passed a bill in Dec 2022[1] that encourages federal government agencies to adopt technology that will protect against quantum computing attacks [2]. This is why I think it's not a buzz word but a reality. 

[1] Public Law No: 117-260 (12/21/2022) Quantum Computing Cybersecurity Preparedness Act

[2] https://www.forbes.com/sites/forbestechcouncil/2023/01/25/what-the-quantum-computing-cybersecurity-preparedness-act-means-for-national-security/?sh=64fcd901368a
Cricktor
Legendary
*
Offline Offline

Activity: 938
Merit: 1448


Crypto Swap Exchange


View Profile
May 26, 2024, 06:07:41 PM
 #96

I'm not surprised that the possibility of QCs with some necessary breakthroughs is a potential danger to established computer security. The security of RSA depends upon the extremely computationally hard factorisation of very very large numbers. In such a factorisation challenge QCs could show off their quantum advantage, alas current QC technology isn't ready for it. Current QCs can factor maybe two-digit numbers which isn't very impressive at all as normal computers can factor such two-digit numbers in microseconds (maybe nanoseconds, anyway fast enough).

Breakthroughs can sometimes come very unexpected and faster than anticipated, so it's normal to prepare for such scenarios. If current RSA could be broken quickly, we'll have a lot of problems in computer science and applications.

I just don't see such necessary breakthroughs coming any soon, that's all.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
BlackHatCoiner
Legendary
*
Offline Offline

Activity: 1694
Merit: 8324


Bitcoin is a royal fork


View Profile WWW
May 26, 2024, 07:02:17 PM
 #97

does that mean they are going to break sha256? not necessarily.
It'd be sufficient if a solution to the ECDLP was found, which means to find k given points P, Q so that Q = k*P.

I'm not an expert in this field by any means, but it does not sound like there is anything to break in SHA256, other than the obvious collision concern and proving the P versus NP problem. But, please, someone more involved, correct me.

solving problems faster than conventional supercomputers, etc
Or rather, finding less complex solutions.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
larry_vw_1955
Sr. Member
****
Offline Offline

Activity: 1190
Merit: 469


View Profile
May 26, 2024, 11:32:45 PM
 #98


It'd be sufficient if a solution to the ECDLP was found, which means to find k given points P, Q so that Q = k*P.

they already have a quantum algorithm for that: extended shor's algorithm.
Pages: « 1 2 3 4 [5]  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!