Bitcoin must upgrade or fall victim to quantum computing in 5 years

[Btcalysis]

This is just a random news I get but people are really talking about it.

I have just read about it not long ago but I have also read somewhere before that by 2030, it is possible that ECDSA becomes vulnerable to quantum computing. This is 2025 which means 2030 is just 5 years away from now.

What do you think about this disturbing news, I have been read more than 5 news about this and I saw another one today. What are bitcoin developers doing about it?

If you need the source that I get today's news from, I can post it which has the the title that I have as the title on this thread.

[Mia Chloe]

This is just a random news I get but people are really talking about it.
I have just read about it not long ago but I have also read somewhere before that by 2030, it is possible that ECDSA becomes vulnerable to quantum computing. This is 2025 which means 20230 is just 5 years away from now.

I've seen many discussions and news like this both outside and on the forum infact it got me thinking if this could actually be a scheme to cause FOMO and affect price because of scared investors.
Now on a very practical and realistic basis, Quantum computing is just at its beginning and isn't even fully applicable yet. What you see and hear is just theoretical speculations of what it could do in the future it it can eventually be fully harnessed just like we use regular micro computing.

Fine in could in the future but trust me bitcoin developers aren't asleep and since bitcoin is open source flaws in ECDSA that quantum computing would break will be fixed even before that happens.

[Cricktor]

How about you provide some sources of where you've such news (speaking to OP)?

I'm not a quantum computer specialist, but I've scientific background and am genuinely interested in progress on this topic. There's a lot of buzztalk and hype and it's the almost perfect click-bait. No judgement here, yet.

I've no crystal ball to predict the future but honestly I don't see quantum computers being able to attack ECDSA or RSA (securing a lot on the internet) in five years or even in ten years. My prediction: not going to happen that soon. Why? Lack of number of stable enough qubits with enough coherence life-time to do something really useful or break important crypto security stuff. If you add in necessary error correction the required numbers of qubits get even worse and we're far far away from those.

You might say, well, no problem, just add more qubits. We've managed to stack up millions or even billions of transistors for our CPUs and GPUs. Well, with qubits it's not that easy...

[mcdouglasx]

What you say about quantum computing reminds me of the press and its headlines like, if an asteroid is sighted near Earth, they publish it as "a possible global catastrophe" or if scientists see evidence of water on a planet, they transform it into "a new planet has been discovered where extraterrestrial life could exist".

The truth is that it's just a simple exaggeration intended to cause an impact.

Quantum computing , although in theory in the future ECDSA will be insecure against quantum attacks, that future is distant; quantum computing has barely been born, technologically speaking.

[Hatchy]

Those quantum computing headlines about Bitcoin are definitely becoming too rampant, but honestly, it's mostly just to create FUD. Quantum computers aren't anywhere near ready to break Bitcoin cryptography and probably won't be for decades. The crypto community is already working on post-quantum cryptography solutions for when the time comes. So such news shouldn't disturb you mate...

[Ivystar5]

One thing you forgot is hat as long as things are evolving to try to make break bitcoin, that's how much the crypto or bitcoin community is working hard to upscale it's security against any form of threats.

However, Quantum computing is growing for sure but has it grown to the stage of breaking the cryptography? no maybe in nearest future which has no guarantee, of course if you see thing from a good perspective you will figure out that it's just a form of FUD for bitcoin.

I can't remember the exact post but I know I saw something like a contest or competition where the participants are to use quantum computing to break the bitcoin system and will be rewarded some piece of bitcoin. when I read that, I knew it's just a crap trying to make guys thing it's very possible which it's not... just funny how they say destroy something and I will give you a part or a piece of that which you destroyed and of what value is it at that point.? this will definitely be the thoughts of guys trying to break the bitcoin system using quantum computing.

[Cookdata]

This is just a random news I get but people are really talking about it.

There is a difference between news and speculation, what you saw is speculation and nothing official about it. If it was news, it will be everywhere and I'm sure, everyone will be talking about it but speculations are people making guess and theory to share their opinions, quantum computing is real but they are not even open for public, only the likes of IBM and Microsoft are doing some development and testing for now and I guess it's not coming even in the next 10 years.

I have just read about it not long ago but I have also read somewhere before that by 2030, it is possible that ECDSA becomes vulnerable to quantum computing. This is 2025 which means 20230 is just 5 years away from now.

Do you know that many companies predicted that we are going to have flying cars by 2025? This is the year and we barely have electric cars that can run thousands of kilometers, I bet we haven't be able to position our self in other planets like Nasa think years ago, some of these things are prediction, it doesn't guarantee that it will happen by then, you might not be surprised that in the next 10 years, it's not coming out.

What do you think about this disturbing news, I have been read more than 5 news about this and I saw another one today. What are bitcoin developers doing about it?

If you need the source that I get today's news from, I can post it which has the the title that I have as the title on this thread.

You have the news? Post it, don't make people beg for it.

[ABCbits]

How about you provide some sources of where you've such news (speaking to OP)?

Using title of this thread, it seems OP talking about this news cointelegraph dot com/news/bitcoin-quantum-computing. The news itself actually someone's opinion and lacks technical details, so i would not recommend people to read it.

[satscraper]

I wonder if those spreading this kind of news have ever heard of the fundamental concept of Landauer's principle, which theoretically imposes the physical limit on any computational device ^{even quantum ones} when it comes to tasks like breaking Bitcoin. Moreover, on the quantum scale, energy dissipation may actually exceed the classical Landauer limit by a factor of up to 30 acording some research .This makes many proposed quantum computational schemes not just impractical, but likely infeasible in the near future. So personally, I tend to view all these sensationalist "quantum is breaking Bitcoin" stories as little more than clickbait.

[Synchronice]

This is just a random news I get but people are really talking about it.

I have just read about it not long ago but I have also read somewhere before that by 2030, it is possible that ECDSA becomes vulnerable to quantum computing. This is 2025 which means 20230 is just 5 years away from now.

What do you think about this disturbing news, I have been read more than 5 news about this and I saw another one today. What are bitcoin developers doing about it?

If you need the source that I get today's news from, I can post it which has the the title that I have as the title on this thread.

There is no way that quantum computing will become a threat for Bitcoin in 5 years, it will take more time and it will take us a very little time to make Bitcoin quantum-resistant. I think that it will be a threat in 10-15 years, everything depends on the pace things evolve. Do not make a mistake and think that BlackRock and other big corporations or governments are stupid enough to start investing in Bitcoin. They know threats and what's going on. Mark my words, we will be ready for Quantum Computing when the time comes but we also might read lots of bad news because big corporations want to buy Bitcoin from you at a low price to later sell them back to you at a high price. There will be lots of FOMO attempts with these headlines "Quantum Computers - A threat to Bitcoin".

[dkbit98]

I can't remember how many times I heard about quantum computer bogeyman but so far I haven't see anything that would make me concerned about this.
I am not saying developers should not work on improving Bitcoin and adding quantum resistance, but whole world doesn't have quantum resistance for anything, that includes banking and almost all internet websites.

[d5000]

What are bitcoin developers doing about it?

I agree with most others that we're much farther away but I've recently started a thread exactly about that topic (a possible BIP to integrate post-quantum cryptography) so I'm trying to answer that ...

As far as I have interpreted the discussion in the Bitcoin mailing list about that possible BIP, the problem is that there are currently several competing post-quantum cryptography schemes, and some of them like FALCON look relatively convenient to integrate now into Bitcoin already, but some devs suspect these schemes could become obsolete quite fast, and then another transition to another scheme would be necessary.

Other algorithms like SPHINCS+ are seen as possibly more future-proof, but they require enormous signatures, which would make Bitcoin transactions require 20 or more times more space than now.

Thus for now it is unlikely that any action would be taken by the Bitcoin devs in that direction, until it becomes clearer which post-quantum algorithm is really secure and future-proof enough.

The guy who proposed "BIP 360" suggested to integrate more than one possible algorithm, so people can choose freely. But there's this argument against that also was mentioned by @achow101 (a highly knowledgeable developer) in the other thread: if even one of these algorithms is broken, then a lot of damage could happen if many users had used that scheme and several wallets are "emptied". It's better if cryptographers choose a scheme when it is considered secure.

So basically, the problem for now is that post-quantum cryptography seems to be still too immature to already commit to one scheme in 2025. Perhaps in 2-3 years this could change. But in 2025 the best advice is simply to not re-use addresses.


To those with a bit more knowledge, I got just a shower thought: what if you commit, in addition to an ECDSA public key, to a long secret phrase in a P2(W)SH transaction, like in a HTLC? Would this approach also be vulnerable to quantum computing or improve the security? It could be an option for cold wallets if it works. But I probably am missing something because that would be a quite low hanging fruit ...

[Cricktor]

To those with a bit more knowledge, I got just a shower thought: what if you commit, in addition to an ECDSA public key, to a long secret phrase in a P2(W)SH transaction, like in a HTLC? Would this approach also be vulnerable to quantum computing or improve the security? It could be an option for cold wallets if it works. But I probably am missing something because that would be a quite low hanging fruit ...

Not an expert in such particular details. My first thoughts regarding this additional long secret are: you have to validate it to unlock and you can't place the long secret into the unlock condition, so it must be hashed. Now, is the hash function quantum-resistant? If not, you don't gain security, so it doesn't make sense to waste space for the "alternative" unlock condition.

Excessively large quantum-resistant signatures don't make sense and the solution can't realy be to blow up block space by a similar factor. I would expect that a choice would be made rather towards FALCON or similar sized things than towards SPINCS+ or other space-hogs.

How do you check quantum-resistant algorithms when we currently have pretty much very inferior quantum computers with puny numbers of qubits which additionally don't have impressive coherence life times? This is more a rhetorical question.

[Lucius]

I have just read about it not long ago but I have also read somewhere before that by 2030, it is possible that ECDSA becomes vulnerable to quantum computing. This is 2025 which means 20230 is just 5 years away from now.
~snip~

You're bad at math - in 20230, it won't matter what happens to BTC anyway, and I'm pretty sure that people will find a way to destroy themselves and everything around them by then (and much sooner).

[d5000]

Not an expert in such particular details. My first thoughts regarding this additional long secret are: you have to validate it to unlock and you can't place the long secret into the unlock condition, so it must be hashed. Now, is the hash function quantum-resistant? If not, you don't gain security, so it doesn't make sense to waste space for the "alternative" unlock condition.

As far as I know the hash functions like SHA256 which are supported by Bitcoin for hashlocks are not totally quantum resistant. But the attacker would need to use Grover's algorithm (like when they "quantum mine" Bitcoin) which only provides a quadratic speedup to the brute force attack. In other words, such a secret hash should always be safe as long as Bitcoin addresses are safe, as far as I understand.

Excessively large quantum-resistant signatures don't make sense and the solution can't realy be to blow up block space by a similar factor.

These signatures could get a larger witness discount, but of course they would impact on the bandwidth requirements of Bitcoin full nodes. It's possible though that at the moment quantum computers become a problem, the bandwidth cost for SPHINCS+ signatures could be smaller than a ECDSA signature was in the early 2010s due to technological progress.

[PrivacyG]

Correct me if I am wrong but if Bitcoin is broken through by quantum computing in 5 years then there are much, MUCH more important things to worry about.  Such as the internet itself becoming entirely vulnerable.  This means servers, websites, databases, every thing that is not airgapped but linked to the outside world in a way or another may become vulnerable and compromised.

This means all the industries in the world would be affected.  The food chain, the health care, simply every thing.  You would have no more privacy, all your documents and conversations may suddenly be all over the place.

It can not happen with zero precautionary measures.  That is, unless Kim Jong Un has the most powerful quantum computer that exceeds imagination and theories, ready to shut down and break down the entire internet.  Which I highly doubt.

By the time quantum computing arrives in the hands of normal people like us, the internet will be ready to be protected against it.  Including Bitcoin.

[d5000]

I found the flaw in the setup I mentioned here: the secret of course has to be revealed in the transaction at spending time, and that would mean that there's no additional protection against a short-exposure quantum attack, i.e. it could be attacked while it's in the mempool, and thus it would not bring additional safety vs. an address which is simply not re-used. I think this is also what @Cricktor meant.

I'm unaware if there's a way to reveal the knowledge about the secret with a different hash than the hash included in the hashlock transaction (some kind of zero-knowledge setup) instead of the original preimage, but that of course is currently not supported in Bitcoin Script and I don't know if it even works ...

Just to close this little OT.

[JohanM]

Only the old P2PK utxo are vulnerable because they expose the public key. So you only need to crack the ECDSA and calculate a private key from the public key.
Very quickly P2PK was followed up by P2PKH and P2SH so only hashes are exposed in utxo. This means that before you get to the public key you need to reverse a double SHA256 and ripemd160 hash.

I would worry about just about anything on the internet before I would worry about btc.

[Iron Fist]

I'm not sure if folks have talked about this already, but setting aside the well-known issues like Shor's algorithm on ECDSA encryption, how might quantum computers shaking things up change how Bitcoin mining works? Especially if something like Grover's search gets way faster.  Could Bitcoin be vulnerable then to 51% attacks and stuff if people have quantum rigs?

[philipma1957]

This is just a random news I get but people are really talking about it.

I have just read about it not long ago but I have also read somewhere before that by 2030, it is possible that ECDSA becomes vulnerable to quantum computing. This is 2025 which means 2030 is just 5 years away from now.

What do you think about this disturbing news, I have been read more than 5 news about this and I saw another one today. What are bitcoin developers doing about it?

If you need the source that I get today's news from, I can post it which has the the title that I have as the title on this thread.

if they can crack btc sha 256 they can crack most banks wide open.

also most credit cards 💳.

So the issue is not “real” in the way you state it.


does it mean back to cash carried in bags and placed in vaults with no online security?

we would have more to worry about than btc.