BEYOND THE HYPE OF SHOR’S ALGORITHM

[Eze BTC]

Digging on Shor’s Algorithm, I have come to a conclusion that it remains a major threat theoretically. In solving curve discrete logarithm issue which it is capable of, it allows deriving keys privately from public keys that are exposed in vulnerable addresses like older P2PKH, P2PK that are reused, or Taproot spends. This put a high amount of BTC at risk from a harvest now, decrypt later attacks. The amount is estimated to be 6+ million BTC. You can see how huge that is when converted to dollar using the current price. The point is, Shor’s algorithm is a threat.

[philipma1957]

How many documented addresses have been shown to be cracked?

I have yet to see any convincing evidence of addresses cracked but

maybe you have some good evidence.

[ABCbits]

Yeah, what you stated it's already known and acknowledged for long time.

This put a high amount of BTC at risk from a harvest now, decrypt later attacks.

As reminder, Bitcoin does not use encryption cryptography.

How many documented addresses have been shown to be cracked?

None. AFAIK you need quantum computer (with sufficient qubits and very low/zero error rate) to try get private key from public key

[satscraper]

Yeah, what you stated it's already known and acknowledged for long time.

This put a high amount of BTC at risk from a harvest now, decrypt later attacks.

As reminder, Bitcoin does not use encryption cryptography.

That’s correct. Bitcoin doesn’t scramble data the way encryption does but it does reveal public keys when UTXOs are spent. Attackers who are harvesting those public keys now might try to derive the relevant private keys later once they have the tools to do so. They keep hope that with powerful quantum computers running Shor’s algorithm they will eventually be able to achieve this.

[nc50lc]

it allows deriving keys privately from public keys that are exposed in vulnerable addresses like older P2PKH, P2PK that are reused

You misplaced the two script types, should be "older P2PK" unspent txn outputs which aren't addresses and "reused P2PKH" addresses.

And please provide the specifics to make it more interesting. (references, technical details, etc.)
Else, this is more of a "Bitcoin Discussion" topic rather than "Technical Discussion".

[ipsbruno3]

Hello, I work with this and we are studying Shor for Bitcoin breakages.

Although Shor seems fantastic, current quantum computers don't reach tens of qubits and are extremely susceptible to errors.

We did some tests on Azure Quantum and weren't even able to implement some algorithms because both SECPK256 and PBKDF require millions of qubits to perform all the necessary entanglements.

The main risk for Bitcoin in the next decade will continue to be Pollard Rho applied to known public keys and the leakage of half or more of its seed, which will allow brute-force attacks in a timely manner by highly specialized FPGAs/ASICs (I have work with Verilog in my portfolio).

I will post the study soon.

Regards

[BlackHatCoiner]

The main risk for Bitcoin in the next decade will continue to be Pollard Rho applied to known public keys and the leakage of half or more of its seed

How so? Most bitcoin are not sitting on weakly generated addresses / public keys. Most bitcoin "unlocked" this way are either because the wallet software had poor security on seed / private key generation (which is no longer the case, as most reputable software are secure), or deliberately generated with lower bits, to allow testers break those keys using Pollard Rho.

The quantum threat is at least a threat.