Longterm physical crypto collectors DOOMED because of Quantum-Computing?

[Kryptowerk]

Recently I watched a video by Sabine Hossenfelder, where she showed a graph of the current speed of development on Quantum computing and a projection until when this techonology is estimated to probably crack current wide-spread encryption technology.
(I did a quick search but did not find that particular video, you can check a new one on the topic here, though: https://www.youtube.com/watch?v=CBLVtCYHVO8)
The projected date was between 2030 and 2040. The exact dates do not matter much imho, the important fact is, that current state-of-the-art-cryptography WILL become obsolete within the next 10 to 25 years.


I don't want to go into detail, why this will probably not widely impact our current system(s) relying on these encryption-techs too much. Short version: All bigger companies, governments and institutions are aware that these techs need to be updated within rougly the next decade and current development already has quantum-proof solutions. These will (hopefully / most likely) be implemented in all critical infrastructure (banking, communications, accounting, any password-based stuff, severs, crypto, etcetc.) and ideally most end-users won't even notice much of a transition.

HOWEVER: All funded crypto collectibles rely on this old, NON-QUANTUM-PROOF encryption (sha256 and whatnot to hash publickeys and addresses from the underlying private key), and therefore are doomed to securely hold funds longterm, as long as the public keys were exposed at any point in time. The main reason: A physical collectible cannot be upgraded to quantum-proof as it would be possible with any software.

Yeah, it may still seem like a long shot, and there is a chance it will take (much) longer than currently be projected - but I don't think just hoping is the right approach as physical crypto collectors.

tldr: Sooner or later we will have to peel all our funded collectibles to avoid getting quatum-swept by some powerful organasation or government.


I didn't do a deep-dive into the topic (yet), these are just random thoughts I'd like to discuss here, happy to hear any insights and ideas on the topic from anyone that has something to say about it.

[1714715118]

1714715118

[1714715118]

1714715118

[1714715118]

1714715118

[1714715118]

1714715118

[1714715118]

1714715118

[1714715118]

1714715118

[MoparMiningLLC]

pretty sure sha-256 is quantum-safe.

to add to this. Bitcoin uses elliptical curve cryptography - quantum computing uses superposition to test multiple inputs at the same time. Quantum computing uses  Shor's algorithm or Grover's algorithm - both possibly capable of finding the private key associated to a public key and do it a lot faster than classical computers, however, it is still nearly impossible.

Classical computing needs 2256 (this is a 78 digit value) basic operations.

Shor's could do it with 1283 (this is a 7 digit value) basic operations.

Grover's would take only 2128 (this is a 39 digit value) basic operations.

while this sounds ominous - it is still very improbable and nearly impossible to do with the considerable lack of development being done in the quantum computing field.


adding reference: https://codeburst.io/quantum-threat-to-blockchains-shors-and-grover-s-algorithms-9b01941bed01

[JanEmil]

We can also be yogged. If all go as planned we are so rich in 25 years it will not matter. And many probably dead anyway.

[krogothmanhattan]

  If this is the case...then then all public keys on blockchain will be compromised...not just paper wallets.

 

[OgNasty]

I’ve looked into this topic a bit and discussed it with people who are more educated on the subject than myself. The overwhelming response seems to be that as long as you keep your software updated (that you use to claim the funds from the collectible) you should be OK for a long time and maybe even our lifetimes. The concern is that if you use old software not yet patched to address this concern, when you do submit a transaction to claim, it can be immediately quantum computed (or however you say that) to send a second transaction with a higher fee to claim the funds to a new address. The outright breaking of private keys is still a long ways off (according to the folks that have gone out of their way to argue this topic with me) and it seems that developers believe they’ll be able to address it with backwards compatible software updates. The cynic in me isn’t so sure, but I lack computer science degrees.

[BTCOVERFIATS]

Everyone on this forum right now will be long gone (unless life-extension technology gets implemented) well before private keys and the SHA-256 hashing algorithm can be broken.

So sit back, relax, and enjoy the ride 

[Kryptowerk]

pretty sure sha-256 is quantum-safe.

to add to this. Bitcoin uses elliptical curve cryptography - quantum computing uses superposition to test multiple inputs at the same time. Quantum computing uses  Shor's algorithm or Grover's algorithm - both possibly capable of finding the private key associated to a public key and do it a lot faster than classical computers, however, it is still nearly impossible.

[...]
adding reference: https://codeburst.io/quantum-threat-to-blockchains-shors-and-grover-s-algorithms-9b01941bed01

That's an interesting reference.

It does indeed say, that SHA256 with current algos is unlikely to be broken. However it also clearly states quatum computing could be a real thread at some point.
"Using the most common encryption standard, it takes a classical computer 2128, that is to say 340,282,366,920,938,463,463,374,607,431,768,211,456 basic operations, to find the private key associated with a public key. On a quantum computer, it would take 1283(ie only 2,097,152) basic operations to find the private key associated with a public key.

This is why conceptually the development of true quantum computing could pose a threat to today’s blockchain encryption. Of course, this threat is yet to materialize. Today, due to the lack of development in quantum computing, Shor’s Algorithm cannot be used in any serious way."

while this sounds ominous - it is still very improbable and nearly impossible to do with the considerable lack of development being done in the quantum computing field.

That's where I tend to disagree based on the info I currently have: There is clear trend of development in the quatum computing sector towards more and more working qbits every year, reaching the omnious 1M, as I stated in OP approx 2030 - 2040.
Ofc it's true that quatum computing is hyped up in many ways, mostly for monetary incentives (funds from investors etc), but it misses the point of what effects it will have on cryptography at a certain point of development.
History has shown: SHA-1 and previous algos were deemed extremely safe and uncrackable for quite a while and still have turned out unusable / flawed at some point. Who's to say SHA256 will not face a similar fate?

I found the video I wanted to reference in the first place:
https://www.youtube.com/watch?v=-UrdExQW0cs
I highly suggest anyone interested in the topic to take a look.

[montreal1]

well that's a worrying thought, even more worrying would be all the old dormant addresses that would be swept

satoshi - If SHA-256 became completely broken, I think we could come to some agreement about what the honest block chain was before the trouble started, lock that in and continue from there with a new hash function

[MoparMiningLLC]

that is like saying you need Einstein to solve a math problem but have an infant instead.

what is needed is leaps and bounds beyond what is currently available.

[Kryptowerk]

We can also be yogged. If all go as planned we are so rich in 25 years it will not matter. And many probably dead anyway.

While I agree that there is a good chance some other unexpected shit (like yogging) may happen long before the to be expected (like broken cryptography or hashing algos) does, I think it misses the point:
- I personally know a number of collectors that buy and store coins especially for their kids or grandkids, so if these were to be compromised it's definitely a big concern.
- Current life expectancy has been steadily on the rise. If we add 4 years to the date of the article, we still have 75% of Bitcoiners below age of 50, so unless facing any of the high-risk factors, most of them they should be alive for another 40+ years. And a lot can happen in that timespan.

From: https://bitcoinist.com/google-analytics-bitcoin-demographics/

 If this is the case...then then all public keys on blockchain will be compromised...not just paper wallets.

Sure, but that's not really relevant/what I was talking about. Software can be updated, way in avance of any cryptography or algos getting cracked, coins can't.

I’ve looked into this topic a bit and discussed it with people who are more educated on the subject than myself. The overwhelming response seems to be that as long as you keep your software updated (that you use to claim the funds from the collectible) you should be OK for a long time and maybe even our lifetimes. The concern is that if you use old software not yet patched to address this concern, when you do submit a transaction to claim, it can be immediately quantum computed (or however you say that) to send a second transaction with a higher fee to claim the funds to a new address. The outright breaking of private keys is still a long ways off (according to the folks that have gone out of their way to argue this topic with me) and it seems that developers believe they’ll be able to address it with backwards compatible software updates. The cynic in me isn’t so sure, but I lack computer science degrees.

Yes, but you are missing my point, it's not about the software. Ofc relevant software can and will (for the most part) be updated in time, if/when necessary.
I was talking about our precious collectibles. Try running a patch on a 2011 25 BTC casascius coin.

Everyone on this forum right now will be long gone (unless life-extension technology gets implemented) well before private keys and the SHA-256 hashing algorithm can be broken.
So sit back, relax, and enjoy the ride  

With all that's known now you may be right regarding sha256 (then again, see my point comparing similar claims for sha-1 etc. before they were compromised).

well that's a worrying thought, even more worrying would be all the old dormant addresses that would be swept

satoshi - If SHA-256 became completely broken, I think we could come to some agreement about what the honest block chain was before the trouble started, lock that in and continue from there with a new hash function

Indeed, however this could also be solved with a hardfork where dormant addresses will not be carried over to the new chain. It's something that was discussed in length regarding Bitcoin itself.

Again, my main concern are collectibles here. No way to update anything and funded items may become compromised with no chance to save their original state unless you are willing to lose the funds (and one could debate if that still counts as original state if the keys etc are still untouched below the holo but swept by a huge corp). Ofc its far out in the future but could/would eventually happen.

that is like saying you need Einstein to solve a math problem but have an infant instead.

what is needed is leaps and bounds beyond what is currently available.

If you know the infant has Einstens capabilities it would make sense to think about what could result from his efforts at some point in time instead of just bury your hand in the sand. Imho.

[MoparMiningLLC]

I was not saying the baby had his ability - saying you need him but have a baby instead.

Will it get there? Sure - when? Who knows.

Can Bitcoin be moved to a stronger encryption? Don't know but if it could, that might be a resolution right?

[OgNasty]

I’ve looked into this topic a bit and discussed it with people who are more educated on the subject than myself. The overwhelming response seems to be that as long as you keep your software updated (that you use to claim the funds from the collectible) you should be OK for a long time and maybe even our lifetimes. The concern is that if you use old software not yet patched to address this concern, when you do submit a transaction to claim, it can be immediately quantum computed (or however you say that) to send a second transaction with a higher fee to claim the funds to a new address. The outright breaking of private keys is still a long ways off (according to the folks that have gone out of their way to argue this topic with me) and it seems that developers believe they’ll be able to address it with backwards compatible software updates. The cynic in me isn’t so sure, but I lack computer science degrees.

Yes, but you are missing my point, it's not about the software. Ofc relevant software can and will (for the most part) be updated in time, if/when necessary.
I was talking about our precious collectibles. Try running a patch on a 2011 25 BTC casascius coin.

You aren’t understanding my point. The more immediate threat isn’t quantum computing breaking private keys, the threat is decoding transactions broadcast and altering them to be able to send funds to a different address at a higher fee before the original transaction is confirmed. This will be the first thing that needs to be patched, still isn’t close to happening, and can be combatted with software upgrades. So I guess my response to you would be, try claiming the BTC off a 25 BTC Casascius coin without using software.

[Kryptowerk]

I was not saying the baby had his ability - saying you need him but have a baby instead.

Will it get there? Sure - when? Who knows.

Can Bitcoin be moved to a stronger encryption? Don't know but if it could, that might be a resolution right?

Yes, and I am quite certain at some point in time it will (be updated).
But that's not what I am on about.

The collectibles we hold right now (based on current encryption standards) will not be able to be updated. And as far as technologic invention goes, there are some suprises coming up every once in a while, so I wouldn't be too sure it's gonna take 20, 30, 40, 50 years until this discussion will be more than relevant.
But it is indeed reassuring that as of yet there is nothing on the direct horizon to make sha256 obsolete, so thanks for providing that info!

I’ve looked into this topic a bit and discussed it with people who are more educated on the subject than myself. The overwhelming response seems to be that as long as you keep your software updated (that you use to claim the funds from the collectible) you should be OK for a long time and maybe even our lifetimes. The concern is that if you use old software not yet patched to address this concern, when you do submit a transaction to claim, it can be immediately quantum computed (or however you say that) to send a second transaction with a higher fee to claim the funds to a new address. The outright breaking of private keys is still a long ways off (according to the folks that have gone out of their way to argue this topic with me) and it seems that developers believe they’ll be able to address it with backwards compatible software updates. The cynic in me isn’t so sure, but I lack computer science degrees.

Yes, but you are missing my point, it's not about the software. Ofc relevant software can and will (for the most part) be updated in time, if/when necessary.
I was talking about our precious collectibles. Try running a patch on a 2011 25 BTC casascius coin.

You aren’t understanding my point. The more immediate threat isn’t quantum computing breaking private keys, the threat is decoding transactions broadcast and altering them to be able to send funds to a different address at a higher fee before the original transaction is confirmed. This will be the first thing that needs to be patched, still isn’t close to happening, and can be combatted with software upgrades. So I guess my response to you would be, try claiming the BTC off a 25 BTC Casascius coin without using software.

I think I did indeed miss your point previously, lol. Sorry, that's truely some interesting insight!
So, does that mean these transactions are encoded differently, not sha256 hashed?

[owlcatz]

I think I did indeed miss your point previously, lol. Sorry, that's truely some interesting insight!
So, does that mean these transactions are encoded differently, not sha256 hashed?

No, they are Sha-256 hashed & encrypted with senders private key, then ultimately verified by the miner picking up the tx in a block iirc.

I agree with OG, software updates should keep things safe regarding the network, but ofc, shit happens...

Fun discussion either way.

[krogothmanhattan]

  I came across these article and your thread came in mind with regards to the DOOMED scenario of our public and private key attachments cracked using quantum or AI.

  According to the headline we are a very long way off before any such thing can happen as follows...

   You can cross 'Quantum computers to smash crypto' off your list of existential fears for 30 years

      https://www.theregister.com/2023/04/26/quantum_breaking_encryption_rsa/


      Chinese researchers' claimed quantum encryption crack looks unlikely

      https://www.theregister.com/2023/01/07/chinese_researchers_claimed_quantum_encryption/


    So I would say we are good for awhile with our beloved physical cryptos 
    

[owlcatz]

 I came across these article and your thread came in mind with regards to the DOOMED scenario of our public and private key attachments cracked using quantum or AI.

  According to the headline we are a very long way off before any such thing can happen as follows...

   You can cross 'Quantum computers to smash crypto' off your list of existential fears for 30 years

      https://www.theregister.com/2023/04/26/quantum_breaking_encryption_rsa/


      Chinese researchers' claimed quantum encryption crack looks unlikely

      https://www.theregister.com/2023/01/07/chinese_researchers_claimed_quantum_encryption/


    So I would say we are good for awhile with our beloved physical cryptos 
    

Ha, too funny! .. Reminds me of this from way back in the day from https://xkcd.com/538/

[krogothmanhattan]

 I came across these article and your thread came in mind with regards to the DOOMED scenario of our public and private key attachments cracked using quantum or AI.

  According to the headline we are a very long way off before any such thing can happen as follows...

   You can cross 'Quantum computers to smash crypto' off your list of existential fears for 30 years

      https://www.theregister.com/2023/04/26/quantum_breaking_encryption_rsa/


      Chinese researchers' claimed quantum encryption crack looks unlikely

      https://www.theregister.com/2023/01/07/chinese_researchers_claimed_quantum_encryption/


    So I would say we are good for awhile with our beloved physical cryptos 
    

Ha, too funny! .. Reminds me of this from way back in the day from https://xkcd.com/538/

   Indeed it is and thanks for sharing it Owlz...its also educational.

   No matter how strong the encryption, torture or a beating will do things that no computer can do as of yet...reveal the passphrase or password.

   An ounce of prevention is better than a pound of cure for sure....so not sharing your crypto hodlings is best as being a target will only end

   up with someone with that $5 wrench and a person tied up.

[jvanname]

I used to consider SHA-256 and AES to be safe from quantum computation, but I am not as sure anymore. Let me explain. I have recently been researching the cryptographic security of block ciphers for novel cryptocurrency mining algorithms, and I have developed a dimensionality reduction notion of quantum channels. These quantum channels can represent all sorts of things including block ciphers. We pretty much can try to reduce the dimension of a block cipher with a 128 bit message size to an n qubit quantum channel where 1<=n<=128. By reducing the dimension of the block cipher, one can spot weaknesses with the block cipher. Of course, since I do not have access to any quantum computers and since I have not fully completed the research on this, you should take what I have to say with a grain of salt. This just means that it may be feasible for one to use quantum computation to analyze or attack block ciphers like AES or cryptographic hash functions like SHA-256.

P.S.

This is your reminder that you should not give into the hype about quantum computation and related things like AI while remaining oblivious to reversible computation. Reversible computation is the future of computation. In the future, all computers will be reversible. Reversible computation will be good for general purpose computing while quantum computation will be good for specific problems.

-Joseph Van Name Ph.D.
Creator of Circcash

[Kryptowerk]

I used to consider SHA-256 and AES to be safe from quantum computation, but I am not as sure anymore. Let me explain. I have recently been researching the cryptographic security of block ciphers for novel cryptocurrency mining algorithms, and I have developed a dimensionality reduction notion of quantum channels. These quantum channels can represent all sorts of things including block ciphers. We pretty much can try to reduce the dimension of a block cipher with a 128 bit message size to an n qubit quantum channel where 1<=n<=128. By reducing the dimension of the block cipher, one can spot weaknesses with the block cipher. Of course, since I do not have access to any quantum computers and since I have not fully completed the research on this, you should take what I have to say with a grain of salt. This just means that it may be feasible for one to use quantum computation to analyze or attack block ciphers like AES or cryptographic hash functions like SHA-256.

P.S.

This is your reminder that you should not give into the hype about quantum computation and related things like AI while remaining oblivious to reversible computation. Reversible computation is the future of computation. In the future, all computers will be reversible. Reversible computation will be good for general purpose computing while quantum computation will be good for specific problems.

-Joseph Van Name Ph.D.
Creator of Circcash

Interesting read, even though I just barely understood 50% of what you were saying. Do you have any references on that. What's a dimensionality reduction?
Did you just come up with a completely new attack-vector? That's pretty unlikey right, it must have been addressed by some of the thousands of cryptographic experts already somewhere?

[jvanname]

Kryptowerk (OP)-

For more information about linear dimensionality reductions in general, you may want to read up on matrix decompositions such as the spectral decomposition of normal operators, the polar decomposition, and the singular value decomposition. These decompositions also apply to infinite dimensional spaces, but it is sufficient to just look at these decompositions for finite dimensional spaces. From the singular value decomposition, one can get the nearest low rank matrix approximation to a higher rank matrix. Given a collection of vectors v_1,...,v_r in real Euclidean space, using principal component analysis, one can find an affine subspace of your vector space that closest approximates the vectors v_1,...,v_r.

There are also non-linear dimensionality reduction algorithms like UMAP and t-SNE, but I am more concerned with linear dimensionality reductions; the linear dimensionality reductions that I have mentioned have an important mathematical theory behind them.

What I have done is however a dimensionality reduction for a collection of real, complex, or quaternionic matrices A_1,...,A_r. Basically, what I have done is constructed a (not necessarily orthogonal and not necessarily unique, and sometimes things go wrong) projection P so that PA_1P,...,PA_rP best approximates A_1,...,A_r in the sense that in the real case it maximizes \rho(A_1\otimes PA_1P+...+A_r\otimes PA_rP)/\rho(PA_1P\otimes PA_1P+...+PA_rP\otimes PA_rP)^(1/2) where \rho denotes the spectral radius, and \otimes refers to the tensor product. We maximize this quantity using gradient ascent. If we take the standard irreducible representation of the symmetry group, and then we use this standard irreducible representation to represent the round permutations of a block cipher as matrices, then we can perform a dimensionality reduction of these matrices, we can measure how well the reduced matrices correspond to the original matrices, and we can extract a specific real number or at least a distribution of real numbers (such a distribution has low entropy) that tells us the level of cryptographic security of a block cipher.

Now, after performing a change of basis and scaling by a constant factor, from each collection of matrices A_1,...,A_r, we can obtain a quantum channel. By a quantum channel, I mean a completely positive and trace preserving superoperator that maps the matrix X to the matrix A_1XA_1^*+...+A_rXA_r^*. We can therefore use a quantum computer perform our dimensionality reduction for this quantum channel.

I have so far posted much of the information about this dimensionality reduction and similar algorithms at circcashcore.org/blog, and I will continue to post more information about this in the future.

I have not seen anyone else use spectral radii to investigate the cryptographic security of block ciphers this way. Other cryptographers have launched other attacks. And I designed my approach to give a specific number for the cryptographic security of block ciphers. There are some differences between measuring the cryptographic security of a block cipher and testing its cryptographic security by attacking it. I came up with the idea of using spectral radii for evaluating the security of block ciphers because it works well for Circcash's mining algorithm, and I need to further investigate the cryptographic security of Circcash's mining algorithm.

Description of quantum algorithm

We shall let U,V,W denote complex Euclidean spaces. We can represent a collection of matrices as an isometry $A:V\rightarrow V\otimes W$. If dim(U)<dim(V), then we can try to represent the isometry $A$ as an isometry $X:U\rightarrow W\otimes U$ by maximizing the quantity $\rho((1_V\otimes X^*)(A\otimes 1_U))$ and this can be done on a quantum computer. Of course, we will need to use physical quantum computers to test how well this process actually works. Even before quantum computation, I will need to do a lot more testing on this.

-Joseph Van Name Ph.D.

Creator of Circcash (the only cryptocurrency with a mining algorithm that is actually designed to advance science by solving a problem that is actually important while establishing decentralized consensus, but I realize that the cryptocurrency community is not interested in science at all. I am fucking tired of all the fucking hatred and evilness from all sides.)