What is the core dev team plan to fight Quantum computers?

[digaran]

Is there any plan at all? Is there any official announcement from the developers? Do they even know how to prevent an attack from a QC?

[Hispo]

I am not sure if there is a official plan towards the existence of quantum computing.
Last time I checked this argument, people seemed to agree (sort of) that a hard fork would be necessary to fully harden Bitcoin against those threats.

As long term investor I am also worried about the defense of the protocol, the technology is advancing very fast, however, I have been told around here not to worry about it, since the developers won't let the project to be killed by qubits.

[digaran]

I am not sure if there is a official plan towards the existence of quantum computing.
Last time I checked this argument, people seemed to agree (sort of) that a hard fork would be necessary to fully harden Bitcoin against those threats.

As long term investor I am also worried about the defense of the protocol, the technology is advancing very fast, however, I have been told around here not to worry about it, since the developers won't let the project to be killed by qubits.

So you have been told developers won't let it die? Questions arise, who supports QC development and who supports an open source decentralized application?
Who has more money and power?
Have you seen any scientifically provable quantum resistant algorithms that could be used with bitcoin?

I'm sure governments already have their own quantum solutions, but does a multi-billion dollar open source market have it's own or we need to believe whatever is written on an internet forum?

[Upgrade00]

Quantum computing is one of the most discussed topics of the forum for the past 10 or so years. Use the search options snv you will discover multiple topics which answer your question and you can bump any of the old ones if you have new questions.

Check here - https://bitcointalk.org/index.php?topic=5381812.0
And here on stackexchange - https://bitcoin.stackexchange.com/questions/6062/what-effects-would-a-scalable-quantum-computer-have-on-bitcoin/7134#7134

[hatshepsut93]

Why should Bitcoin devs waste their time on a threat that is powerless today, will be powerless in the near future and unclear when or even if it will ever be serious enough to put private keys at risk. And this threat is not unique to Bitcoin, your credit card and Internet connection also could be hacked by a quantum computer, yet cryptography researches are not rushing to shift towards quantum-resistant cryptography, because they know there's still a lot of time left.

[mindrust]

That’s how I remember it too… the devs aren’t afraid of quantum computing at all because the whole banking system will be at risk if quantum computers are capable of cracking SHA256. They probably think that there are only 2 possibilities.

1- Quantum computing is fugazi.
2- If it is real, somebody else will come up with a fix and we will apply that to bitcoin

[pooya87]

I haven't seen any serious or "official" discussions on alternative cryptography algorithms to replace what Bitcoin uses in case some day in the far away future the quantum computing threat became real but the "unofficial" statements sometimes point to algorithms such as Lamport signatures or Merkle signatures. And of course the general work that is being done in the world (ie. unrelated to bitcoin) for the post-quantum-computer era for cryptography.
But the problem with these algorithms is that they produce larger signatures that would increase transaction size and obviously eat up block space much quicker so it is going to be challenging to find a good replacement. Another problem off the top of my head is for example keys in Lamport signatures can not be reused, which is something a lot of bitcoin users do.

The good news is that we are still years (probably decades) away from needing a real replacement.

[Welsh]

To answer your question which I think pooya87 pretty much cleared up. There's been no official discussion to my knowledge of Quantum Computers, and how Bitcoin plans to deal with them. There's been plenty of unofficial discussions like others have suggested, but that's not what you asked. Official discussions aren't likely to take place, until Quantum Computers start posing a threat. It'll be before they are a threat, but much closer than we are now.

We aren't that close despite what Sci Fi news sources claim. I imagine there will be a thread here on Bitcointalk when that does come around, likely in Development & Technical Discussion or depending on the severity Important Announcements.

[franky1]

seems the topic creator has not read the other quantum risk topics..

so here goes

P2PK is at risk. so its advised dont use P2PK(especially with large tempting amounts you dont want to lose)
also when spending funds on any format. it reveals the PK.. so dont re-use the addresses of any formats after spending them. generate a fresh address to receive change and future funds. and make the one you spend obsolete

satoshi (whether he realised/intended to do it or not) left a huge stash of coins over thousands of p2pk address. and a few of them (atleast one) is a used and re-used address..
.. setting up a good testing ground/challenge of "try and attack it if you can" as a security test. which so far for 14 year no one has stolen his stash

if a company with a multi billion dollar system was to waste days (yep still days) reverse-engineering Public-Key to private. then the reward would need to be worth it.

so 1 address of 50 coins.. maybe not even be good enough($1m in comparison to the machines cost. is small fry*)

however there is currently at time of writing this a more worthy address to target should a QC try:
1LQoWist8KkaUXSPKZHNvEyfrEkPHzSsCd   124,347 BTC (worth over $2bill) is a re-used address, ripe for the picking

and so if QC was to try. i would see them try it on this address, to be worth their time and effort and to really scare the community

however expect them to then be getting knocks at the door by the FBI

so all in all dont worry about your small amount coins. especially if you atleast practise "dont re-use addresses"

*but if a QC business was to do it.(they wouldnt) but if they did. they would quite quickly have the FBI knocking on their lab door seizing their hardware

[n0nce]

1- Quantum computing is fugazi.
2- If it is real, somebody else will come up with a fix and we will apply that to bitcoin

It is real and fixes exist. It's just that it's not yet necessary so there is no need to bother with.
In short: it is called post-quantum cryptography and various quantum-proof algorithms exist, which would replace the old public key crypto.

Interestingly, symmetric crypto is not really affected by quantum computers, so AES remains safe for instance.

[nutildah]

Do they even know how to prevent an attack from a QC?

Simple: Get ahold of the QC first, use it to find a parallel universe that has mastered time travel, build a time machine based on their blueprints, and then go back in time to stop QCs from ever being developed.

[pooya87]

P2PK is at risk.

The whole Bitcoin would be at risk not just certain outputs. You see if some day an algorithm is found and hardware improves so much to solve ECDLP at reasonable time it would just be a matter of [short] time before they can reverse any public key including the public keys revealed in the transactions waiting in the mempool for a couple of minutes to be confirmed.

From an economical standpoint if suddenly public keys are being reversed for certain outputs and the coins start moving there will be panic sell followed by market crash followed by hashrate dropping followed by insecure blockchain...

In my opinion what we will see in the future regarding ECDLP is going to be similar to SHA1. When it was considered weak, slowly everyone started moving away from SHA1 and it took years to switch to new replacement algorithms. The attack itself and the collision became feasible a couple of years after the switch.

[Edwardard]

I am starting to feel like a "Quantum resistant gems (aka new shitcoins)" will be the new narrative in the upcoming years. Although, we should get a fork for bitcoin to solve any issues.

Fortunately most Bitcoin wallet these days doesn't have ability to generate P2PK address.

Does this mean P2SH and bech32 are considered safer ? I only thought they were faster but security-wise all types depend on only one blockchain.

[davis196]

I'm not the biggest expert in the subject, but I think that the best plan for "fighting" Quantum technology would be "if you can't beat them, join them". Making the Bitcoin Core blockchain quantum resistant would mean that the BTC blockchain must adapt to the new world of quantum computers.
By the way, why is everybody asking about the impact of quantum computers over crypto and nobody is asking about quantum computers impacting the fiat financial system? There's an assumption that Bitcoin/crypto will be severely damaged by quantum computers, while the fiat banking system will be just fine. This seems ignorant to me.

I am starting to feel like a "Quantum resistant gems (aka new shitcoins)" will be the new narrative in the upcoming years. Although, we should get a fork for bitcoin to solve any issues.

"Quantum resistant shitcoins" will be gone into oblivion the moment everyone realizes that they aren't quantum resistant.

[crypticj]

Why should Bitcoin devs waste their time on a threat that is powerless today, will be powerless in the near future and unclear when or even if it will ever be serious enough to put private keys at risk. And this threat is not unique to Bitcoin, your credit card and Internet connection also could be hacked by a quantum computer, yet cryptography researches are not rushing to shift towards quantum-resistant cryptography, because they know there's still a lot of time left.

I'm not sure that it will be really powrless in the near future. A lot of money in the QC industry, sooner or later it will become more powerful. We should think about a long term treat for BTC. Hope to see more quantum resistance algos in the future

[Pmalek]

*but if a QC business was to do it.(they wouldnt) but if they did. they would quite quickly have the FBI knocking on their lab door seizing their hardware

I am not sure what is more dangerous: having such a lab operated by people with unknown intentions who have a quantum computer powerful enough to get a private key from its public key, or having that QC land into the hands of the FBI or a similar agency that will use it and improve it further for "national security", "the fight on terror" and similar orchestrated scams?

I am starting to feel like a "Quantum resistant gems (aka new shitcoins)" will be the new narrative in the upcoming years.

I am sure I have already seen such claims already and there are already shitcoins promising to be impenetrable by (nonexistent) quantum computers.   

[ABCbits]

Fortunately most Bitcoin wallet these days doesn't have ability to generate P2PK address.

Does this mean P2SH and bech32 are considered safer ? I only thought they were faster but security-wise all types depend on only one blockchain.

Other types of Bitcoin address are deemed safer since,
1. It's public key isn't revealed until you spend the coin.
2. QC takes some time to find private key from elevated public key.

And talking about security on P2SH, it gets more complex due to custom script (e.g. P2SH for 2-of-3 multisignature) and 80-bit security size.

[franky1]

P2PK is at risk.

The whole Bitcoin would be at risk not just certain outputs. You see if some day an algorithm is found and hardware improves so much to solve ECDLP at reasonable time it would just be a matter of [short] time before they can reverse any public key including the public keys revealed in the transactions waiting in the mempool for a couple of minutes to be confirmed.

i dont think you understand the math

lets use the announced (yeas ago) RSA 768 'crack'
(to easy display the magnitudes needed to get from a 2 year crack to under 4 minute crack(if all went well and budgets of labs were unrestricted)

RSA 786 takes one binary pc trillions of years natively without any special treatment
but factoring in some efficiency algo's and other things. they can get it down to under 600 years on 1 binary PC

 and creating an algo to use ~300 pc's(288pc of 64bit = 18432bits) brings that down to a couple years
then


its not simply going from 64bit to 65bit to 2x factor the efficiency(2 gates per bit)

its not simply going from 64bit to 128bit per PC to 256bit per PC to 512bit per PC to 1028 bit per PC
meaning its not 4 evolutions of binary cpu architecture to get down to a 45 day hack in a single PC

its buying/creating 300pc's of 64bit pc's(plural) for 2 year test
then 600 pc's of 64bit pc's (PLURAL) for 1 year test
where they only had the budget to buy ~300 PC's(~$100k) to prove the 2 year crack experiment. and not over $20billion to prove they can do it in 4 minutes
now do the same math of quantum to get from 8 hours to 2 minutes in a factor 4gate logic

and then do the math of how many QC's are needed
oh.. and once you do the math. realise that simply making multiple QC's of 2048qubit still has algo problems of syncing all QC together to get such efficiency factor

and then. final task. work out the total cost of all them QC's synced together

oh one last thing. if you still dont get it yet
most of the efficiency is not just native bit/qubit counting
its mulltiplying the amount of whole machines and also having the right algo's to make it all work.
and having other efficiency algos such as shor and schnorr to cut down on that time too

oh and a reminder. the new tx format uses schnorr already. so a QC cant schnorr a schnorr, thus it cant use schnorr to gain trick efficiency if a bitcoin format is already using it to stay ahead

thus p2tr is already an efficiency stage ahead of QC making it less easy for QC to break p2tr compared to p2pkh

so once you can compute all that.. sit back have a nice day

[Flexystar]

May be they don’t need to fight it because who would want to invest in QC just to break the keys? It could be reverse of this, it may happen we will need them to ease the bitcoin mining or speed up the transactions. However, it still seems but costly to invest in QC. It could change the course of bitcoin. It may happen that mining operations might go down world wide and only few of them who are capable of investing into QC will start controlling the bitcoin.

But my thoughts are looping on one thing: QC isn’t cheap to maintain. It’s just unreal to invest on it for any of the purpose mentioned above.

[DaveF]

I am starting to feel like a "Quantum resistant gems (aka new shitcoins)" will be the new narrative in the upcoming years.

I am sure I have already seen such claims already and there are already shitcoins promising to be impenetrable by (nonexistent) quantum computers.   

Makes you wonder how many of the countless times newbie accounts come and ask the same QC question they are really just trying to get their foot in the door so to speak to shill their QC resistant shitcoin.

Guess all we can do is just slap them down again and again as they pop up. Would be nice if the mods put a sticky that had some basic QC points and every new user that asked about them got nuked. But that's just me.

Humor, there has been a webcomic called questionablecontent.net that has been around for 20 years or so now and all the discussions about it talk about it as QC. Better entertainment then the same points that keep coming up here about quantum computing.....

-Dave