Bitcoin Developer Pushes for Quantum Resistance

[pushups44]

One proposed solution, outlined in a recent Bitcoin Improvement Proposal submitted by Chilean technologist Agustin Cruz, calls for a mandatory migration to so-called Quantum-Resistant Address Migration Protocol addresses to ensure long-term protection against future attacks.

When you send Bitcoin, you use a digital signature that proves you own the coins. Right now, Bitcoin uses a cryptographic method (called ECDSA) that could eventually be broken by a powerful enough quantum computer.

The proposed protocol hides your public key until you spend the coins. That means a quantum attacker can’t attack your key until it’s briefly visible during a transaction—and by then, it’s too late: the coins have already moved.

https://decrypt.co/313676/bitcoin-developer-fight-quantum-computing-threat

[Ucy]

Better to split large amount of bitcoins into different parts that it becomes too un-economical to hack with quantum computer, than hiding a public key that's meant to be public. Or they could implement auto-send feature that constantly send large amount of Bitcoin to newly generated address

[ABCbits]

To other reader, you could read the proposal directly on https://github.com/chucrut/bips/blob/master/bip-xxxxx.md. I only skimmed it, but don't really like it since this proposal eventually makes spending Bitcoin from legacy address no longer allowed by protocol.

Or they could implement auto-send feature that constantly send large amount of Bitcoin to newly generated address

What do you mean by "they"? Wallet developer? Bitcoin developer? Either way, some people wouldn't appreciate or feel surprised either their wallet or Bitcoin protocol move their Bitcoin without their consent.

[apogio]

Let's clarify what the possible attacking vector is.

For a hacker, in order to hack a bitcoin wallet (key-pair of private & public key), they can follow two approaches:

Approach 1:
(a) create a pair of private key and its corresponding address, using secp256k1 for the key-pair and then an algorithm to calculate the address from the public key. This is trivial to do, I have a bash script here.
(b) scan the blockchain for this specific address and see if it has a balance. This requires some code to do it properly. An electrum server probably etc. You can use public APIs but they have limits.
(c) if the balance is sufficient for the attacker, get the private key and that's it, money gone.


Approach 2:
(a) find a juicy address from here: https://bitinfocharts.com/top-100-richest-bitcoin-addresses.html
(b) see if the address has ever sent any coins out. If it has, then its public key is logged in the blockchain.
(c) get the public key and try to reverse ECDSA with some algorithm that already exists.

Although the methods seem easy, the second one is significantly easier for the attacker because:
1) they don't need to mess with various tools.
2) they have a specific target and they don't try to find a needle in the hay.
3) they don't have to scan the blockchain repetitively.

[arabspaceship123]

We shouldn't be worried bitcoin's going to be taken in quantum hacks. Devs aren't worried because we're years away from quantum computers attacking bitcoin. When devs realise the time's close they'll update the blockchains to stay a step ahead of quantum tech.

The proposed protocol hides your public key until you spend the coins. That means a quantum attacker can’t attack your key until it’s briefly visible during a transaction—and by then, it’s too late: the coins have already moved.[/i]

[fikrett]

We shouldn't be worried bitcoin's going to be taken in quantum hacks. Devs aren't worried because we're years away from quantum computers attacking bitcoin. When devs realise the time's close they'll update the blockchains to stay a step ahead of quantum tech.

The proposed protocol hides your public key until you spend the coins. That means a quantum attacker can’t attack your key until it’s briefly visible during a transaction—and by then, it’s too late: the coins have already moved.[/i]

They (people with tech in question) wouldn't go for the BTC as the first target.

Because there are bigger targets to fry.

[nc50lc]

One proposed solution, outlined in a recent Bitcoin Improvement Proposal submitted by Chilean technologist Agustin Cruz, calls for a mandatory migration to so-called Quantum-Resistant Address Migration Protocol addresses to ensure long-term protection against future attacks.

Since you're talking about Quantum Resistance, BIP360 IMO has better chance of being accepted since it received less criticism from devs.
(however, it's not getting enough replies from them as well)
You can check its draft here: github.com/bitcoin/bips/blob/e6e72078084271cbba50d54c2d2a2b180daf8356/bip-0360.mediawiki

As for the proposal in the Article, (just like ABCbits's remarks) most arguments are about its proposed "Mitigation Deadline"
that intends to block legacy UTXO whether it's safe from QC (address not reused) or not.
Reading the linked 'Bitcoin Mailing List' thread is worth the time for those who are interested in the topic.

[arabspaceship123]

Why wouldn't the ppl with quantum tech make bitcoins their first target to exploit. They're hackers so they'll follow the roads which takes them to where there's money. I can't think of any bigger targets which quantum hackers want to steal more than bitcoin.

They (people with tech in question) wouldn't go for the BTC as the first target.

Because there are bigger targets to fry.

[NotFuzzyWarm]

Why wouldn't the ppl with quantum tech make bitcoins their first target to exploit. They're hackers so they'll follow the roads which takes them to where there's money. I can't think of any bigger targets which quantum hackers want to steal more than bitcoin.

For a start, targets such as the worlds banking systems and any other financial ones are far bigger targets.

[pushups44]

Why wouldn't the ppl with quantum tech make bitcoins their first target to exploit. They're hackers so they'll follow the roads which takes them to where there's money. I can't think of any bigger targets which quantum hackers want to steal more than bitcoin.

For a start, targets such as the worlds banking systems and any other financial ones are far bigger targets.

The legacy system would IMO be particularly vulnerable to hostile nation-states, but it has the power to retroactively freeze assets and have sanctions be imposed. Cryptocurrencies like Bitcoin would be a particularly juicy target for hackers due to their (relative) censorship-resistance.

[Cryptohygenic]

Better to split large amount of bitcoins into different parts that it becomes too un-economical to hack with quantum computer, than hiding a public key that's meant to be public.

But the threat is basically around the horizon of cryptography on processed bitcoin transactions. That is to say it is not about a threat targeted on high amount of transaction rather rather, the quantum in an entire possession may have the feature to grab users private keys that breaches the security of users self custodial.
So even if you split your funds, you are still vulnerable to be victim so, the best is for the agitation of pushing the quantum computation to an end to save the everyone. Note, it is not a future target to strike an amounted wallet only.

[headingnorth]

It is never too early to talk about ways to adapt bitcoin to potential future threats.

But you can make your own bitcoin quantum resistant right now by simply following existing best practices.
Don't re-use addresses, and don't use legacy addresses.

[Catenaccio]

But you can make your own bitcoin quantum resistant right now by simply following existing best practices.
Don't re-use addresses, and don't use legacy addresses.

Do you understand it wrong?

If quatum computers work well and efficiently to brute force Bitcoin private keys, it works to destroy all Bitcoin private keys a/quotend bitcoin stored in existing addresses. Reuse addresses or use change addresses in this scenario of powerful and successful quantum computers can not help.

Change addresses are recommended to use for better privacy and somewhat anonymity.
Guidelines for Bitcoin transactions.

snip

snip
Don't send your Bitcoin change to the same address you use for sending bitcoins.

snip

[headingnorth]

But you can make your own bitcoin quantum resistant right now by simply following existing best practices.
Don't re-use addresses, and don't use legacy addresses.

If quatum computers work well and efficiently to brute force Bitcoin private keys,
it works to destroy all Bitcoin private keys a/quotend bitcoin stored in existing addresses.

Do YOU understand it wrong?

You said IF quantum computers could work well to break bitcoin encryption, which is a big IF. So you are speculating without any basis in fact.
There is no proof that QC can or ever will break bitcoin encryption, especially not without seeing the public key.

Quantum computers could theoretically break BTC encryption by deriving the private key from public keys.
Your public key is exposed when you re-use addresses or spend bitcoin, therefore don't do those things.

[nc50lc]

Reuse addresses or use change addresses in this scenario of powerful and successful quantum computers can not help.

headingnorth is right, it isn't about bruteforce power but a QC efficient algorithm that can solve ECDLP within a reasonable time with enough qubits.
In that case, any address that's reused (thus its pubKey is known) will be vulnerable to such attack.
It's not right to call it "Bitcoin Encryption" though.

Additionally, as long as a Quantum Computer can't calculate it within the average block time,
recently broadcasted transactions (which exposes the pubKey) could still be safe since those will likely get confirmed before the input's private key is computed from the pubKey.
But not for too long when that time comes. (there's no ETA, by the way)

[headingnorth]

There is a way too much fearmongering about QC.

When or if companies like Microsoft and Google ever produce quantum computers powerful enough to break modern encryption
used by the government, military, bitcoin, etc. I think it is safe to assume they're not going to allow anyone off the street to have access to them.

Microsoft, Google, NVidia will likely be working with government and industry to make their systems quantum-resistant
long before the technology is commercially available on the open market.

Quantum computers will also likely be heavily regulated as to who can access or purchase them.
QC is potentially a serious threat to industry and national security, therefore is subject to government regulation.

I don't think it is in the interest of Microsoft or Google to allow any hacker off the street to purchase a quantum computer
as easily as buying an iPhone and using it to collapse the banking industry, access the nuclear codes, etc.

[KiaKia]

In a centralised world where power wants to belong to the leaders do you guys think that quantum computers will end up in the hand of a hacker or some random person? Who are responsible for today's high tech computers? Is it not AMD and Intel?

The only way this quantum computer can do the attacks is if a criminal built it from scratch and use it to attack Bitcoin, every big techs especially CPU and GPU wise always come from popular companies, with a single order of "don't build it" is enough to stop quantum computer.

Relax people, it is not scary like we are making it to be, terrorists attacks are more scary because no one knows that it is about to happen, but technology wise it is different, it's like when Elon musk was talking about AI robots and the risks to humanity that they possessed, they knew.

[ABCbits]

Why wouldn't the ppl with quantum tech make bitcoins their first target to exploit. They're hackers so they'll follow the roads which takes them to where there's money. I can't think of any bigger targets which quantum hackers want to steal more than bitcoin.

For a start, targets such as the worlds banking systems and any other financial ones are far bigger targets.

And if the QC being developed or funded by government, they probably more interested to crack encrypted data stolen from their enemy.

Reuse addresses or use change addresses in this scenario of powerful and successful quantum computers can not help.

You're assuming QC isn't fast enough to crack private key from address before the TX is confirmed though.

[headingnorth]

In a centralised world where power wants to belong to the leaders do you guys think that quantum computers will end up in the hand of a hacker or some random person? Who are responsible for today's high tech computers? Is it not AMD and Intel?

The only way this quantum computer can do the attacks is if a criminal built it from scratch and use it to attack Bitcoin, every big techs especially CPU and GPU wise always come from popular companies, with a single order of "don't build it" is enough to stop quantum computer.

Relax people, it is not scary like we are making it to be, terrorists attacks are more scary because no one knows that it is about to happen, but technology wise it is different, it's like when Elon musk was talking about AI robots and the risks to humanity that they possessed, they knew.

Certain things are restricted from the general public, such as dynamite, tanks, missiles, biological weapons, fully automatic machine guns, etc.
In the wrong hands quantum computers can also be used as a weapon of mass destruction so I'm pretty sure would be heavily restricted just like those things are.

[farou9]

An efficient quantum computer with at least 2300Qubits does not need the public key for any address it can crack the private key for any of the N addresses in the range 2^256 faster then a blink of an eye