Bitcoin will be vulnerable to Quantum Computers in about 2 years

[cafter]

@cafter With respect, it is incorrect that it will take "5 - 10 years" to develop a 4000+ qubit machine. IBM will have one in 2025 (two years from now), making P2PK public addreses (which are not hashed) vulnerable as I said above. So not all of bitcoin will be vulnerable, true, but plenty of it will be, especially because since Taproot, the real unhashed public keys are left exposed after making a transaction so it is correct that the stop gap solution if one is using bitcoin is not to reuse public address, but this does not address the economic / market issue of loss of confidence that would occur if even one P2PK address were compromised. So this is why it is negligence of the highest order for the BTC devs to be continually dismissing this real problem as "FUD" when it would be an easy matter (a soft fork) to replace ECC with something like a hash-based algorithm which is more secure. Just absolute irresponsibility on the part of the bitcoin leadership.

Source that IBM will have 4,158 qubit machine in 2025 (and they have since 2017 always hit their quantum computing roadmaps, so it needs to be taken with the upmost gravity): https://spectrum.ieee.org/ibm-condor

https://ibb.co/pyJLmX0

Ok, so ibm

IBM’S CONDOR, THE world’s first universal quantum computer with more than 1,000 qubits, is set to debut in 2023.
The year is also expected to see IBM launch Heron, the first of a new flock of modular quantum processors that the company says
"may" help it produce quantum computers with more than 4,000 qubits by 2025.

sorry , i not included it i researched about other companies like google , intel etc.
But there is "may" also , so let's see what happen's

[sbrys]

I'm far from technical but from what I read somewhere in the (near) future quantum computers will be a thing and their capabilities will keep on increasing. So per definition it will become a threat sooner or later to crypto.

I also read Bitcoin protocol will be updated to protect it from these attacks. How would that conceptually be possible ? The only solution imo would be to make the private key more complex ? Would be impossible no ?

Again not technical and only using my basic knowledge so don't attack me

[Hydrogen]

IBM wll have a QC of 4,000+ qubits by 2025 (in two years). It takes only 1556  qubits to break the ECDSA encryption

Our current era CPUs are only 64 bits. Why no upgrade to 128 bit CPUs?

This upgrade would be trivial and easy to implement, as it would entail merely increasing the byte length of registers. So why have 128 bit CPUs not yet emerged?

Likewise with ASICs. If it is possible to increase cryptographic function on chips, simply by extending the bit length of registers. Why have we not seen ASICs with registers that can hold a bazillion bits?

Think of engines in cars. If exotic luxury cars are known for their V-12 engines. Why not produce V-24, V-36 and V-48 engines if the goal is to produce greater horsepower and torque?

Can it be said that, at a certain point, simply adding bit length to chips and cylinders to engines produces diminishing returns.

[beerlover]

Our current era CPUs are only 64 bits. Why no upgrade to 128 bit CPUs?

This upgrade would be trivial and easy to implement, as it would entail merely increasing the byte length of registers. So why have 128 bit CPUs not yet emerged?

Likewise with ASICs. If it is possible to increase cryptographic function on chips, simply by extending the bit length of registers. Why have we not seen ASICs with registers that can hold a bazillion bits?

Think of engines in cars. If exotic luxury cars are known for their V-12 engines. Why not produce V-24, V-36 and V-48 engines if the goal is to produce greater horsepower and torque?

Can it be said that, at a certain point, simply adding bit length to chips and cylinders to engines produces diminishing returns.

There are two reasons for it in peoples minds. One of them is exactly what you said, the returns are not greater there and in order to be greater they are working on it as much as possible and we do get better tech here and there when someone figures how one thing works out.

However, another side says that "they are building them, but not sell them just yet so the previous ones are sold" so basically it's possible but they want to first sell the previous generation stuff and then promote the newer one. I am not saying either is the case, I wouldn't know, I am not really the person to listen to in this case, but I can say that these are the two reasons I have heard.

[Newlifebtc]

Do you have any other suggestions other than selling and exiting the market? people with access to Quantum Computers have more concerning issues than just hacking Bitcoin addresses, with the probability of breaking the encryption of strong algorithm, other important things are at stake, like military related encrypted data.

I don't think that hacking bitcoin address or wallet is very easy before someone might have done that I believe that the person have practice city in different ways and is not majority people that we can involve insult out of hacking bitcoin address because if that is possible many people would have lost their bitcoin wallet so from my understanding I don't think that is very easy for someone to hack a bitcoin wallet

[Leviathan.007]

Bitcoin and quantum computers, that's pretty much an old topic, and have already discussed them many times. Many people are very stressed about quantum computers because they think if the time comes up that would be really easy to crack a bitcoin wallet by using a quantum computer, while the thing is even if a quantum computer tries to crack it still the cost of a quantum computer won't be reasonable and in the other hand I'm sure even after investing these quantum computers these devices won't be available for everyone to start attacking other people, so there is still nothing to worry about.

[franky1]

IBM wll have a QC of 4,000+ qubits by 2025 (in two years). It takes only 1556  qubits to break the ECDSA encryption

Our current era CPUs are only 64 bits. Why no upgrade to 128 bit CPUs?

This upgrade would be trivial and easy to implement, as it would entail merely increasing the byte length of registers. So why have 128 bit CPUs not yet emerged?

Likewise with ASICs. If it is possible to increase cryptographic function on chips, simply by extending the bit length of registers. Why have we not seen ASICs with registers that can hold a bazillion bits?

Think of engines in cars. If exotic luxury cars are known for their V-12 engines. Why not produce V-24, V-36 and V-48 engines if the goal is to produce greater horsepower and torque?

Can it be said that, at a certain point, simply adding bit length to chips and cylinders to engines produces diminishing returns.

cars:.. there is a certain point where adding more torque doesnt make the car go any faster, but instead rips the axel from the frame. you stop gaining more acceleration and instead end up just getting mis-fires and stalls and engine cracks.


CPU's work in binary. there is only a certain scale needed to perform certain tasks in proceeding steps of needed bits before its not really needed to use more bits per operation

what then becomes the efficiency is multl-tasking side by side.. rather than one after the other/tandum
this is where asics work better using multiple chips rather then one super chip

because asics work in just binary and hex. there is only a certain amount of processing of particular bytes needed
if you look underneath the code at the binary movements. the sha process is in allotments of 32bit form

check out https://sha256algorithm.com/
notice each W allotment is broke up into 32bit lengths

there is no need for 128bit if the "messages" are broken up into 32bit lengths of a 512bit message

however having multiple attempts(chips) performing their own attempts side by side, this then multiplies the efficiency

here is the thing
when it comes to cryptographic puzzles
breaking up a 512bit message  from 32bit.. to instead say 128bit. is foolishly like changing from a 16 piece jigsaw puzzle into being a 4piece jigsaw puzzle. thus it has the opposite effect.
512bit message handling 4 pieces of 128bit becomes EASIER to reverse engineer compared to
512bit message handling 16 pieces of 32bit

[GreatArkansas]

If you take a look here, this is a comparison between the top 500 supercomputers versus the Bitcoin network over the time since Bitcoin was created at the year 2009.

For me, we must not be worried at all about super computers because, for me, it is impossible to happen that the Bitcoin network will be compromised, market cap speaks here, those billion of u.s. dollars that are already in the Bitcoin market cap will not be there if Bitcoin network is vulnerable.

[franky1]

sha is safe.
dont worry about PoW algo and asics.

the risk is in the ecdsa of keys. and learning that bitcoin does have mechanisms to protect from quantum. but people need to learn how to use them

dont put funds onto a address that has exposed its public key
this means not using p2pk (yep satoshi stash is are risk of moving)

accept finds on p2pkh or newer formats. but when you spend it. dispose of that wallet/address.

dont re-use an address to receive funds after spending funds from said address
use different destinations for "change"/remaining funds, that are not the same key as the one you spent from before


if you are worried about when sending out a unconfirm broadcast to the network and before confirm a quantum sees your relayed broadcast, reverse engineers the key and he RBF's your tx to replace it with their own tx with a different destination.. dont worry.
though quantum could reverse public-private its not a 0.1sec task. its a multi hour task..
the real risk is those hoarding funds on used addresses or addresses with public key exposed. where by just sitting on funds for hours/days gives them time.

[Flexystar]

In the world where ChatGPT is taking over the computing I highly doubt that Quantum computing should be your first choice. Also there is no way quantum computing will be able to solve the bitcoin related algo because we don’t need that kind of hashing. Neither it will be worth it to brute force with quantum computing power. It is going just very well the way it is right now. The seeds generated are literally garbage they mean nothing so there is no point of using such high powered cpu to worn on it.

[Franctoshi]

Are you trying to create FUD or whatever?
 To program a Quantum computer it cost up to $500,000 or more,  so what would the hacker gain spending such amount of money just to hack Bitcoin?, Meanwhile such amount of money could be used to even make more money, putting it into investment or even use it to Buy Bitcoin.

 In the other hands, the Quantum computer that you're talking about is created by someone and not spirit, same hand tech guys will find way to get Bitcoin more encrypted if that be a threat.

However, I don't think that Quantum computer will be a threat to Bitcoin's security rather it will Augment it and even make Bitcoin's security even more stronger Imo.

[franky1]

Are you trying to create FUD or whatever?
 To program a Quantum computer it cost up to $500,000 or more,

forget hacking "bitcoin"

instead think.. bruting #4 on bitcoin richlist
Balance: 124,347 BTC 2,635,389,906 USD
https://bitinfocharts.com/bitcoin/address/1LQoWist8KkaUXSPKZHNvEyfrEkPHzSsCd

that said the topic is FUDing timescales and misunderstanding the differences between EC and RSA

[digaran]

Are you trying to create FUD or whatever?
 To program a Quantum computer it cost up to $500,000 or more,

forget hacking "bitcoin"

instead think.. bruting #4 on bitcoin richlist
Balance: 124,347 BTC 2,635,389,906 USD
https://bitinfocharts.com/bitcoin/address/1LQoWist8KkaUXSPKZHNvEyfrEkPHzSsCd

that said the topic is FUDing timescales and misunderstanding the differences between EC and RSA

Give me a mathematician, a cryptography engineer and a quantum computer, I will brute force that address in a few weeks. Problem with finite numbers of private keys is that you just need enough computational power to crack a cerain key, there is also no need for knowing a public key etc, it's just pure science.

[franky1]

Are you trying to create FUD or whatever?
 To program a Quantum computer it cost up to $500,000 or more,

forget hacking "bitcoin"

instead think.. bruting #4 on bitcoin richlist
Balance: 124,347 BTC 2,635,389,906 USD
https://bitinfocharts.com/bitcoin/address/1LQoWist8KkaUXSPKZHNvEyfrEkPHzSsCd

that said the topic is FUDing timescales and misunderstanding the differences between EC and RSA

Give me a mathematician, a cryptography engineer and a quantum computer, I will brute force that address in a few weeks. Problem with finite numbers of private keys is that you just need enough computational power to crack a cerain key, there is also no need for knowing a public key etc, it's just pure science.

that address is already a re-used address, so its ripe for the pickings(PK exposed). more so than satoshi's block 9 re-used address, more so than average joe only hoarding sub 1btc per address

[camito]

There may be a temporary bitcoin recovery, but it is doomed long run b/c it is not quantum secure. IBM wll have a QC of 4,000+ qubits by 2025 (in two years). It takes only 1556  qubits to break the ECDSA encryption used to correllate private to public keys. What this means is if you have an exposed (unhashed) public key - which if you ever used your wallet it leaves an unhashed copy of your public key out there on the network for anyone to have - a quantum computer of 1556 or more qubits can take that public key and reverse engineer out your private key. Game over. Bitcoin has no value other than as a way to Secure information - security is literally its only selling point - when that security breaks, as it will, it has no more usefulness and the value will crash to probably just a few dollars, propped up by die-hard dead-ender BTC maxis. If you want to get rich on bitcoin, short it by buying a short bitcoin etf (example is ticker BITI - not financial advice). Doing anything else will result in losing investment.

Google this / do your own research - this is not "FUD", this is just sober fact. Bitcoin public keys can fall with QC's of just 1556 qubits. (Source: https://security.stackexchange.com/questions/33069/why-is-ecc-more-vulnerable-than-rsa-in-a-post-quantum-world ). Misinformation you hear is that it takes many qubits to crack RSA hence bitcoin is safe - this only relates to the bitcoin mining algorithm not the ECDSA algorithm used to relate public/private keys which is more vulnerable. Again - in 2 years or so IBM will have QC strong enough to reverse engineer private key from unhashed public key. When this happens panic will spread and bitcoin will crash. This is as predictable as the housing bubble collapse of 2008 and just like then, there are people who will shout "FUD" at anyone showing the plain and simple facts. Don't be on the wrong side of this.

Owners of four million Bitcoin (BTC), or 25% of all BTC, are susceptible to a quantum computer assault because they reuse BTC addresses or use public keys that have not been hashed.

[Jawhead999]

If you think seed phrase can be easily broken by quantum computing or brute forcing, you need to know how long it will take just for hack 6 words, while right now a non custodial wallet at least have 12 words, while hardware wallet have 24 words. It's really impossible to crack it, at least for the next 10 years. But I'm sure many Bitcoin's contributors will keep update and create a proposal to increase the Bitcoin security when there's a new threat happen in the future.

I forgot 6 words from my seed, any brute force tool ?

[Welsh]

If you think seed phrase can be easily broken by quantum computing or brute forcing, you need to know how long it will take just for hack 6 words, while right now a non custodial wallet at least have 12 words, while hardware wallet have 24 words. It's really impossible to crack it, at least for the next 10 years. But I'm sure many Bitcoin's contributors will keep update and create a proposal to increase the Bitcoin security when there's a new threat happen in the future.

I forgot 6 words from my seed, any brute force tool ?

As pointed out by many users on this thread, and over the years they wouldn't be bruteforcing the seed. Bruteforcing is literally the least efficient way of breaking anything, and the seed isn't exactly the weak point. Whether or not you believe quantum computers will be a realistic threat to Bitcoin, you've got to acknowledge that we'll probably have to change in order to defend against the possibility. Now, that's absolutely years from now, and no where near the two years that HomerF_48 suggested.

Now, I'm not concerned since I know that the changes have a long time to be thought over, and the changes that are necessary will be made way before quantum computers become a realistic threat. Also, just because a quantum computer could be developed to attack the ECDSA, doesn't actually mean that's what it would be used for. It's not like your common criminal will have access to a quantum computer.

[jaberwock]

As pointed out by many users on this thread, and over the years they wouldn't be bruteforcing the seed. Bruteforcing is literally the least efficient way of breaking anything, and the seed isn't exactly the weak point. Whether or not you believe quantum computers will be a realistic threat to Bitcoin, you've got to acknowledge that we'll probably have to change in order to defend against the possibility. Now, that's absolutely years from now, and no where near the two years that HomerF_48 suggested.

Now, I'm not concerned since I know that the changes have a long time to be thought over, and the changes that are necessary will be made way before quantum computers become a realistic threat. Also, just because a quantum computer could be developed to attack the ECDSA, doesn't actually mean that's what it would be used for. It's not like your common criminal will have access to a quantum computer.

I think changes would be pretty easy as well. Just the fact that we turned from legacy into segwit is the proof that we could still change some things if it helps the bitcoin world, right now I spend just a dollar or less for any transaction, it used to be as high as 30-40 dollars to do that.

If we are so capable of changing something that will help, and 85%+ of the users suddenly all decide to move? That means many many years down the line (I agree it won't be 2 years) when quantum is a real threat to us, then we will make it even harder, and we will make it as long as it could get, and seeds will be safe, not like they will be attacked, but we can still defend nevertheless.

[digaran]

It's not like your common criminal will have access to a quantum computer.

Expert criminals/ terrorists such as US/ China governments, already have their prototypes. They are the main concern.

Most of the sig campaign participants seem to fear the developers, since they hold power around here, so they'd just go with the usual script saying all is fine and the "devs" know what they are doing etc. Yeah, like the dear security expert aka Luke knew what he was doing in regards to his own security!

[franky1]

alot of people think that "cracking" cryptography means its deemed a success when they can manage to crack a key in seconds
this is not the case

even cracking a millenia length normal attempt in just one year is treated as success
(many crpytography cracking competitions win the award if they can crack a millenia+ normal pc effort cryptography in a year or less)

where by to then bring that year length down to 6month, 3 month, 45 days 3 weeks 1.5 weeks 5 days, 2.5days, 30 hours 15 hours 7.5 hours and so on down to being just a few seconds.. actually requires multiplying the system of the year long success by many multiples

its not a case of if they can break it in a year with XXXXqubits they just need to add a couple more qubits.

its actually to have hundreds of QC computers of XXXX qubits each
which if it costs $1b for one QC then it costs hundreds of billions for hundreds of QC systems

yes bringing the efficiency down from millions of years down to 1 year is an achievement. but then that method is tapped out and becomes a multiplier game. equipment and of cost.

so if your fearing a QC will reverse engineer a public key in seconds when they announce they broke ECDSA to compute a key in a year.
calm yourselves