Any Quantum Secure Address in the Horizon?

[RocketSingh]

Certain Crypto Currencies are claiming to have them already. When Bitcoin?

[mcdouglasx]

Certain Crypto Currencies are claiming to have them already. When Bitcoin?

In fact, there are clear proposals for this, namely P2MR or pay-to-merk root addresses from BIP-360.

These addresses (bc1z) are expected to be Bitcoin's first step as a measure to protect against quantum computing.

This new type of address eliminates the disclosure of public-key spending, forcing all transactions to be carried out through a script. This is based on hash functions, which are much more resistant to quantum attacks, and never exposes the public key directly on the blockchain, although at the moment there is no imminent threat related to quantum computing.

[ABCbits]

Certain Crypto Currencies are claiming to have them already. When Bitcoin?

In fact, there are clear proposals for this, namely P2MR or pay-to-merk root addresses from BIP-360.

These addresses (bc1z) are expected to be Bitcoin's first step as a measure to protect against quantum computing.

This new type of address eliminates the disclosure of public-key spending, forcing all transactions to be carried out through a script. This is based on hash functions, which are much more resistant to quantum attacks, and never exposes the public key directly on the blockchain, although at the moment there is no imminent threat related to quantum computing.

And it's important to note BIP 360 itself isn't enough.

P2MR does not, by itself, protect against short exposure quantum attacks, but these attacks can be mitigated by future activation of post-quantum signatures.

Combined with P2MR, post-quantum signature schemes can provide comprehensive quantum resistance to P2MR outputs, including protection from short exposure attacks.

Who knows how long before developer choose suitable QC-resistant cryptography, partly because such cryptography are relative new and not really "battle tested".

[Cricktor]

Curious to know why specifically you ask, OP?

To my knowledge it's not so, that capable enough quantum computers to come any close to be a threat to encryption or Bitcoin are any near some far far away horizon (if at all). So, why do you beat the bush about it?

I don't say, bitcoiners or devs shouldn't care and/or ignore quantum computers or what they might be capable of one day. I'm definitely no quantum computer expert or working in that field. I've scientific background and am working in IT for quite some years now. I think I can partly understand some of the stuff that is published, besides the media hype, about QC stuff.

QC is an interesting topic and research field, but in my opinion it's an inflated hype bubble where a lot of money is poured in and everybody wants a share of it. I'm still waiting to see any QC solve real problems faster and not some carefully constructed shit to prove "QC supremacy".  

[ABCbits]

I'm still waiting to see any QC solve real problems faster and not some carefully constructed shit to prove "QC supremacy".  

How about government agency that actually run with principle "Harvest now, decrypt later"?

[Satofan44]

I'm still waiting to see any QC solve real problems faster and not some carefully constructed shit to prove "QC supremacy".  

How about government agency that actually run with principle "Harvest now, decrypt later"?

In the context of Bitcoin this would be a misunderstanding and misapplication of this principle. I know that you are responding in general, but some readers have actually brought this up in other threads as applicable for Bitcoin too so I want to expand to avoid idiots repeating wrong information in other threads.

This principle does not apply for networks like Bitcoin where the data is always publicly available, so you do not need to harvest it now to decrypt it later -- actually doing this would be a mistake because a lot of the data would have changed by the time you start decrypting so you could waste a lot of computing resources decrypting empty addresses. The correct approach in this context and Bitcoin is only: decrypt the current data when you are able to decrypt it.

The "harvest now, decrypt" later approach is applied in the context of data that is in transit or data that is not publicly available today, so we would be talking about things like communications. Some of those will contain value that will be important for a long time to come. Therefore, some more basic examples of what they would capture would be VPN traffic, TLS sessions, secure email and so forth. In the case of Bitcoin you are not decrypting hidden information, you are recovering signing keys from publicly available information -- which is why "harvesting now" is pointless.

Certain Crypto Currencies are claiming to have them already. When Bitcoin?

Certain "crypto currencies" are completely centralized scam projects, and as such doing something incredibly stupid and risky with them is an option. Bitcoin does not have the luxury to be fast, and that is a benefit.

[BlackHatCoiner]

It's coming, but slowly. BIP-360 got merged into the BIP repo in February, so there's finally a quantum-resistant output type on paper. Thing is, it's still just a spec, only running on a testnet. Most of those altcoins waving the "quantum safe" flag are mostly centralized bullshit anyway. No quantum computer is remotely close to 256-bit ECDSA (biggest public crack so far was like 15-bit key?).

And with how consensus changes go, don't expect it activated any time soon.

[ABCbits]

The "harvest now, decrypt" later approach is applied in the context of data that is in transit or data that is not publicly available today, so we would be talking about things like communications. Some of those will contain value that will be important for a long time to come. Therefore, some more basic examples of what they would capture would be VPN traffic, TLS sessions, secure email and so forth. In the case of Bitcoin you are not decrypting hidden information, you are recovering signing keys from publicly available information -- which is why "harvesting now" is pointless.

Yeah, this is exactly what i mean. Those communication usually use public key cryptography and it's public key could extracted either from TLS certificate or parse and extract from the traffic itself.

Certain Crypto Currencies are claiming to have them already. When Bitcoin?

Certain "crypto currencies" are completely centralized scam projects, and as such doing something incredibly stupid and risky with them is an option. Bitcoin does not have the luxury to be fast, and that is a benefit.

Even if it's not obvious scam or highly centralized, it could be red flag if the team behind it emphasize QC-resistant cryptography as main way to attract investor.