Quantum researchers at Google have put out a new whitepaper claiming a 20x reduction in the number of physical qubits required to break elliptic curve cryptography.
we have compiled two quantum circuits (a sequence of quantum gates) that implement Shor's algorithm for ECDLP-256: one that uses less than 1,200 logical qubits and 90 million Toffoli gates and one that uses less than 1,450 logical qubits and 70 million Toffoli gates. We estimate that these circuits can be executed on a superconducting qubit CRQC with fewer than 500,000 physical qubits in a few minutes, given standard assumptions about hardware capabilities that are consistent with some of Google’s flagship quantum processors. This is an approximately 20-fold reduction in the number of physical qubits required to solve ECDLP-256 and a continuation of a long history of gradual optimization in compiling quantum algorithms to fault-tolerant circuits.
A quick survey of the current state of quantum computing leads me to believe that current quantum computers have around 1200 physical qubits.
is this secret how it works? some kind of classical algorithm that uses a pq-algo subroutine to solve challenges with larger bit lengths than their pq-algo would solve alone?
They seem to have developed a new
Also, instead of providing the actual vulnerability, they are providing a zk proof of it:
They distinguish between slow-clock quantum computers and fast-clock quantum computers based on superconducting materials. Apparently this is where they think the speed up in private key cracking can be found.
They do claim that this might make it possible to crack a private key in the 10 minute window that would be relevant to mempool attacks (on-spend attacks), but it's important to note that one needs a 500,000 physical qubit quantum computer to do this, and what they have now is at most 1200.
They also describe a new type of attack (not just trying to crack a key from a previously exposed public key, nor trying to crack a key from a newly exposed public key in the mempool. But this attack is not relevant to Bitcoin:
The force will always raise a standard against the enemy, coming like a flood.
Did you watched the series "Paradise"?
In the last episode, after 2 seasons, they revealed something interesting: the whole series events are in fact around a quantum computer predicting the future
I wonder if they will continue the series with season 3.
Then, Cointelegraph goes and posts this:
source
This is not what the Google paper says at all. Cointelegraph really reaching for new lows here.
lmao they confused hashing with signatures
the time it takes to forge a signature or recover a sk has NOTHING to do how long it takes to find a block
Apples... oranges...
sell sell sell!
https://twiiit.com/Cointelegraph/status/2038823674048884753
we could get a predyx going of when a CRQC starts a significant attack on a public mempool.
Wouldn't it be more likely that such an attack hits old public key exposed coins first? If so, there will likely be a bit of warning before transactions in the mempool are getting sniped.
I suppose if I was part a group of rogue developers that had access to quantum computers capable of cracking ECDLP based signatures I would go after bitcoins that have supposedly been lost to time or otherwise considered unrecoverable and then use a post quantum-based script to be able to disguise the transaction. I dont know about warning, but time certainly.
That is of course assuming that quantum technology has the capabilities of hacking into someones bitcoins stash, or would these computers only have the capability to attack live transactions currently being broadcasted through the blockchain?
I don't think moving old coins could very well be hidden. But, I believe the reason people say that old coins are more likely targets is because a person with a quantum computer doesn't have to race to crack the key. If they target a transaction in mempools, they have to crack the key before the transaction gets mined.