Bitcoin Forum
November 06, 2024, 06:28:57 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 [3]  All
  Print  
Author Topic: The Quantum Threat to Bitcoin: Implications for Miners, Nodes, and Wallets  (Read 632 times)
BlackHatCoiner
Legendary
*
Offline Offline

Activity: 1694
Merit: 8324


Bitcoin is a royal fork


View Profile WWW
October 05, 2023, 12:50:52 PM
 #41

Quantum computers could potentially break the cryptographic primitives underpinning SHA-256
How could they do that?

To maintain the security of the network, Bitcoin would need to transition to a quantum-resistant PoW algorithm, such as one based on quantum-resistant cryptographic primitives like lattice-based cryptography or hash-based signatures.
Sounds like you're parroting information. The concern with quantum computers comes by solving the ECDLP in a polynomial time, which in theory can be done using Shor's algorithm and a functional quantum computer. The quantum resistant cryptographic primitives you mentioned do not apply to a broken SHA256, but to secp256k1.

This migration process could be initiated by wallet software providers or done manually by users
It could only be initiated by the users. The people who write the wallet software cannot just move other people's coins without a valid signature.



Now tell me. To which LLM did I respond?

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
tromp
Legendary
*
Offline Offline

Activity: 990
Merit: 1110


View Profile
October 05, 2023, 02:24:43 PM
Last edit: October 05, 2023, 02:53:33 PM by tromp
Merited by BlackHatCoiner (4)
 #42

Proof-of-Work is completely dependent on a secure hash algorithm.
It's not. The Hashcash [1] Proof-of-Work system is. There are other PoW not based on hashing [2].

Miners would be affected because the current Proof of Work (PoW) algorithm in Bitcoin relies heavily on SHA-256 for mining.
Quantum computers could potentially break the cryptographic primitives underpinning SHA-256, which would render the current mining hardware and strategies obsolete.
While you ponder about quantum attacks on SHA256, which are considered extremely unlikely, you overlook the fact that Bitcoin's PoW algorithm, namely Hashcash [1], is itself known to be vulnerable to quantum attack, independent of the choice of hash function in Hashcash (SHA256D in bitcoin).

Using Grover's algorithm [3] for quadratic speedup, a quantum computer can find a hash pre-image with 2*k leading 0s in (very) roughly the same amount of time that a classical computer needs to find one with only k leading 0s.

[1] https://en.wikipedia.org/wiki/Hashcash
[2] http://cryptorials.io/beyond-hashcash-proof-work-theres-mining-hashing/
[3] https://en.wikipedia.org/wiki/Grover%27s_algorithm
WatChe
Hero Member
*****
Offline Offline

Activity: 1064
Merit: 566


View Profile WWW
October 07, 2023, 05:09:32 PM
 #43

This is always the case. Why? Because all algorithms are based on unsolved math problems, for example "elliptic curve discrete logarithm problem" (ECDLP). As long as it is unsolved, we can use elliptic curves in the same way as today. But once someone will find a mathematical solution, you need to find another problem, and build a new system around that. Also, for that reason, humans should never know the answer for every problem, because then you can no longer build any new crypto-based system.

Quantum computing is not a new thing, quantum computing algorithms like Shor's algorithm [1] that solves discrete logarithm problems and integer factorization in a polynomial time are launched in 1994.
RSA is based in integer factorization while Diffie-Hellman Key Exchange is based on Discrete Log Problem. Quantum computing is targeting the unsolved problems (hard problems) on which these security protocols stand.
One we have quantum computers of 4000 Qubits, things will get tough for current security protocols.

[1]https://www.geeksforgeeks.org/shors-factorization-algorithm/
j2002ba2
Full Member
***
Offline Offline

Activity: 206
Merit: 447


View Profile
October 07, 2023, 07:43:04 PM
 #44

One we have quantum computers of 4000 Qubits, things will get tough for current security protocols.
You are off several order of magnitudes. If they somehow make quantum error correction work, then it's more like 15000*4000 = 60M qubits.

For 256-bit ECDLP the lowest logical qubit count is around 2330, giving 35M physical qubits.

There is a big problem - one also needs 126G Toffoli gates.

Additionally, the algorithm has to perform 116G time steps. If the time step is 1ps, then there might be even a correct result! With 1ns we are looking at 116 seconds runtime, enough for decoherence. AFAIK right now the time step is several hundred nanoseconds. This is several hours runtime. No result possible.

Wait a moment!
Error correcting Toffoli gates needs additionally at least 15 logical qubits. This is 225K qubits per Toffoli gate.
All together 28.35 * 1015 qubits.

Even if the above is off by orders of magnitude, for now, all quantum hope is lost.

WatChe
Hero Member
*****
Offline Offline

Activity: 1064
Merit: 566


View Profile WWW
October 08, 2023, 04:15:59 PM
 #45


Even if the above is off by orders of magnitude, for now, all quantum hope is lost.


Same thing was said about every new technology including Bitcoin.  

Quote
There is no reason for any individual to have a computer in his home
Ken Olsen, founder of Digital Equipment Corporation, 1977

First 2-qubit quantum computer was demonstrated in 1998 and last year IBM rolled out there 400 Qubit-Plus Quantum Processor and Next-Generation IBM Quantum System Two (IBM). The pace may be slow but quantum computing is a reality.

Moreover US president has already signed quantum Computing Cyber security Preparedness Act in final days of 2022.
bkelly13
Member
**
Offline Offline

Activity: 69
Merit: 34


View Profile
October 27, 2023, 10:35:51 PM
Merited by vjudeu (1)
 #46

...

-  First, they'll try to attack old P2PK transactions, as they provide the public key. Satoshi's coins are the prime example for that. We will thus see slowly Satoshi's money moving (be it because Satoshi himself moves them with P2[W]PKH/P2TR txes, or because the quantum hacker moves them). An attacker will need years for that step alone, so they'll be focusing on coins where it's unlikely that thay'll be moved.

How do "we" know which coins are Satoshi's? 
digaran
Copper Member
Hero Member
*****
Offline Offline

Activity: 1330
Merit: 899

🖤😏


View Profile
October 27, 2023, 10:52:00 PM
 #47

How do "we" know which coins are Satoshi's? 
"We" don't know exactly, but there are some speculations stating that he mined the first 20,000 blocks, untouched to this day.

🖤😏
vjudeu
Copper Member
Legendary
*
Offline Offline

Activity: 898
Merit: 2236



View Profile
October 28, 2023, 01:15:08 AM
 #48

Quote
How do "we" know which coins are Satoshi's?
We don't. If you explore coinbase transactions from the past, you can notice that there is a field called "extraNonce". Because it is not resetted, it is incremented, and by looking at such numbers, you can conclude that if one block has extraNonce equal to 1035, and some next block has extraNonce equal to 1039, then you can guess that both blocks were mined by the same miner.

http://satoshiblocks.info/

See? Those blue lines are used to collect all such cases. Also, you can see some green lines, that are similar, and also can show you, which coins can be owned by another single miner. However, all of that is not a proof, that Satoshi is the person behind it. The only strong implication is that if you can identify such line, then you can guess, that all blocks on a single line, were mined by a single miner.

However, this is similar to checking, which mining pool mined which block. This is just something you can get from exploring coinbase transactions. This is not a 100% proof, but rather a guess. Because, guess what: you can also run some solo miner, and put "Mined by AntPool" string inside. And then, if you release such solo-mined block, with your own address in the coinbase output, then people would see that and think "so, it was mined by AntPool, right?". Maybe. Or maybe not. We don't know, we can only guess.

Quote
he mined the first 20,000 blocks
Not exactly. People think he mined those blocks from those blue lines. But if you think he mined every single block, then you are wrong. There are many green dots, and it can show you, that many blocks were mined by other people. Also, because the slope of some green lines is different, people concluded that those miners had different hashrates. You can re-mine some old, CPU-mined blocks, to confirm, what was the exact algorithm for mining some old blocks.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
Pages: « 1 2 [3]  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!