Can someone explain how quantum computing affects the network. If at all, it does.
241 sats \ 7 replies \ @mallardshead 23 Oct 2023
This question never dies. Quantum computing will never be a threat to mining as that's an iterative hash function that quantum is poorly suited for. As for ECDSA, signatures, wallets, AES, etc, then yes, but this isn't something exclusive to bitcoin, it means everything from email and hospital databases, to military satellites and autonomous vehicles are at risk. Thankfully, work on post-quantum or quantum-resistant cryptography is decades into development. We don't have a post-quantum AES-type standard yet, but there are several candidates starting to throw their hat in. It's a lot like when Serpent, Twofish, MARS, Rijndael, etcetera, were competing for the AES standard.
Bitcoin devs don't need to "solve" this problem, rather they'll need to find ways to
implement the solution.
Otherwise it's going to take Nobel Prize worthy work in chemistry (esp material science), physics, and math to run powerful quantum algos like Schor's etcetera with stability and an acceptable error correction range, and it still isn't clear if we can even entangle enough quibits on planet earth. It's going to be a long time. A long time to figure things out, funding and global cooperation will only increase. Incentives pretty much aligned everywhere you look.
reply
235 sats \ 3 replies \ @Michelson_Morley 24 Oct 2023
I believe you underestimate the problem.
Mining, in general PoW, is based on what is assumed to be a One Way Function (a black box who's output gives zero indication of it's input. No proof exists that such a thing can be real, for repeated calls.
The only uncrackable encryption is a one-time pad. If I give you a string of random (how did I obtain these? let's assume it's poosible) bits secretly, then I can XOR a message shorter than that random string (the pad) and it would appear to those without the pad to be random. Uncrackable by definition (again, assuming TRUE randomness).
Any hash function used for PoW, iterative or no, that is shared, is not a one time pad. How do we make PoW such that we also include proof of truly randomly seeded work?
But I agree that, as with anything, we will adapt.
Harvest now, decrypt later, means that every single message transferred online today thought securely, is knowable soon. Who you are, which coins you have spent where, everything. Nothing to be done about that.
reply
610 sats \ 2 replies \ @mallardshead 24 Oct 2023
But PoW mining in bitcoin requires the continuously adjusted nonce and extranonce to be hashed along with the previous block header. No block can ever be the same because of the current and previous header data included (timestamp, merkle root, previous block hash, etc). My point about the iterative hash function relating to quantum algos not being suited to this work, is that preimage (in SHA hash functions) and cryptography don't matter, as the nonce of any current block is simply an empty field that a super fast machine can only trial and error to create. Or maybe I completely misunderstood what you argued, and you went over my head. Would really appreciate if you did explain it then. Sats inbound.
reply
1020 sats \ 1 reply \ @Michelson_Morley 25 Oct 2023
No, I was wrong, specifically about the SHA-256 vulnerability. Thank you for giving me a chance to go on a bitcoin/cryptography rabbit hole journey!
I would still warn about being too confident in network security. I'm currently focusing my studies on this and it really is absurd how insecure everything is. How much does it matter that the bitcoin miner node is safe, if it is easy to gain access to, or easy to intercept its message of a successful block?
HTTP compression endangers the whole world, and not even using quantum computers:
And once quantum computers become operational, (hell, even today, snowden tells us that the NSA has backdoored TLS/HTTPS), what happens when every malicious actor knows the IP address of every mining node? I can tell you one thing that might happen, they might decide to park their car outside the miners house and use electromagnetic detectors (etc) to gain knowledge about the ciphers you communicate by.
If you have make a wireless SSH connection to your server and type a password instead of using public keys, did you know that a sniffer can see every time you pressed a key? Not which key it was, but this info still narrows it down the password brute force absurdly..
That''s the trouble. It's not enough to secure one part, every layer of network protocol as well as everyone (who can dox you)s behavior, and ideally that should be done now. Yesterday even. Every asymmetric public key system, such as digital certifications from LetsEncrypt or one of the other 4 companies (in the world) who provide them, the rely on too few bits even now (this I also learned from Snowden). The NSA can see you.
Going back to bitcoin, its encryption is quantum vulnerable today like TLS before 1.3 (apparenty bitcoin uses elliptic curves somewhere and not just hashing? does anyone care to explain to me?).
And for most networks (and all obscured repeated behavior) can by enough observations eventually give you the compelte unobscured behavior from the moment you begain observing (unless you use forward secrecy, but the point still stands, because again, there are so many layers that need to be unbreakable!). Simply due to Bayes theorem. The first time I programmed one of these (a hidden markov model) was in my final algorithms class, I was blown away that it was even physically possible.
God i love programming. @ekzyis you're a white hat, you know more than me about this. Feel free to weigh in :) (or anyone else).
reply
113 sats \ 0 replies \ @mallardshead 27 Oct 2023
Thx for the explanation Morley!
reply
510 sats \ 2 replies \ @CruncherDefi 24 Oct 2023
No one claims that. It really annoys me when people bring up the 'mining discussion' when topic is quantum computers. It's a noise that takes attention away from the real issue.
Quantum Computers in the context of bitcoin security is about the public-private-key algo that secure UTXOs and is used in wallets.
I recommend this video on the topic. It covers all relevant threads and is factually correct:
reply
10 sats \ 1 reply \ @mallardshead 24 Oct 2023
I and the YouTube host in your embedded video mentioned mining from the start because it's been a recurring misnomer when the quantum subject is brought up—people assuming quantum algos are the attack vector on tx finality, while bestowing protocol-changing mining benefits. No, it's the the wallets and sig schemes that are attack vectors like you said. And like she said towards the end after echoing a bunch of the things I said—with quantum powers come many world-changing benefits. I'll add one of those is sure to be QKD, which can dramatically increase the security of everything we do digitally today as a postmaster for quantum-resistant encryption. So much fear and negativity around tech today, wether it's Ai, quantum, or autonomous cars. All bound to become boringly dependable technologies tomorrow.
reply
0 sats \ 0 replies \ @mallardshead 24 Oct 2023
Great video by the way. Have sum sats.
reply
160 sats \ 0 replies \ @DarthCoin 23 Oct 2023
reply
110 sats \ 0 replies \ @oomahq 24 Oct 2023
Bitcoin uses ECDSA for its digital signatures, which is a public-key cryptography algorithm.
Most of these kind of algorithms (including ECDSA and Taproot's Schnoor) rest on the assumption that deriving a public key from a private key (i.e. a secret number) is trivial but deriving a private key from a public key is impossible/impractical. Quantum computers makes this practical, therefore someone with a beefy enough quantum computer would be able to get the key of whatever onchain UTXO he fancies, with a caveat:
And that is that most UTXOs don't show the public key that unlocks their bitcoin. They show it's hash, and the hash is quantum resistant. The public key is only revealed when you spend the UTXO. Therefore your legacy and native segwit UTXOs would be theoretically quantum safe as long as you don't reuse addresses.
Counter silver lining: Taproot UTXOs reveal the recipient's public key directly, not it's hash. Most of the onchain byte savings comes from that tradeoff.
reply
31 sats \ 16 replies \ @Zepasta 23 Oct 2023
deleted by author
reply
30 sats \ 15 replies \ @jk_14 23 Oct 2023
wrong assumption...
reply
30 sats \ 6 replies \ @Zepasta 23 Oct 2023
deleted by author
reply
10 sats \ 5 replies \ @jk_14 23 Oct 2023
lol, developers of which coin ?
reply
10 sats \ 4 replies \ @Zepasta 23 Oct 2023
to be honest the source looks like something written by ChatGPT lol i guess we should wait for someone who has more knowledge on the matter to answer
reply
1146 sats \ 3 replies \ @jk_14 23 Oct 2023
Someone who has more knowledge on the matter has just answered you.
But you missed it...
reply
0 sats \ 2 replies \ @Zepasta 23 Oct 2023
reply
10 sats \ 1 reply \ @jk_14 23 Oct 2023
me
view replies
123 sats \ 6 replies \ @stackeraw 23 Oct 2023
https://bitcointalk.org/index.php?topic=5375854
reply
30 sats \ 5 replies \ @Zepasta 23 Oct 2023
deleted by author
reply
123 sats \ 2 replies \ @lightwalker OP 23 Oct 2023
Well, I deserve to know. And here at SN is where I get the real knowledge.
The fact is that "anything else can attack Bitcoin, but no system can defeat Bitcoin".
reply
10 sats \ 1 reply \ @stackeraw 24 Oct 2023
From what i could read and analize is that in short term is not a treat but long term it could be. but when the treath real by then there are advances in quantum encryption. Even more a have not heard of an working Quantum computer. yet All is in experimenting fase. If not so plse teach me. Pretting confident in Opensource ecosystem and bitcoin devs experts
reply
10 sats \ 0 replies \ @Michelson_Morley 24 Oct 2023
There are working (but very unstable) quantum computers. For instance, Googles Sycamore processor: (article) (wiki).
Indeed the true threat is Harvest now, decrypt later, threatening far more than bitcoin.
reply
10 sats \ 1 reply \ @stackeraw 24 Oct 2023
I accept my error that i didnt read the hole artickle and gave it out as an something to look at. As maxi you can trust anybody, like you did and saw my error.
reply
110 sats \ 0 replies \ @Michelson_Morley 24 Oct 2023
Don't apologize for providing information that a fanatic tells you also includes sentences which are heretical. If I give a mathematical proof and include the sentence "Mohammed was a little bitch", does that mean I should apologize for providing the proof? Ignore such ignorance. It was a good link.
reply
10 sats \ 0 replies \ @stackeraw 23 Oct 2023
I saw online a POW protocol with photons
reply
30 sats \ 0 replies \ @rijndael 23 Oct 2023
IF there was a big enough (and stable enough) quantum computer, you could give it a public key and it will find the private key.
reply
30 sats \ 0 replies \ @scottathan 23 Oct 2023
https://bitcoinmagazine.com/technical/quantum-computing-and-bitcoin-security
Really good explanation of the threats.
TLDR: Some of the coins are vulnerable, the most significant of which would be Satoshi's stack. But if quantum computers ever got powerful enough, we would pretty much be fine.
reply
10 sats \ 4 replies \ @chovyfubar 23 Oct 2023
crack encryption
reply
160 sats \ 3 replies \ @tomlaies 23 Oct 2023
encryption is not really relevant for Bitcoin. Hash functions and signatures are
reply
10 sats \ 2 replies \ @ek 24 Oct 2023
In fact, there is no encryption at all in bitcoin
Digital signatures, digital signatures everywhere
reply
10 sats \ 1 reply \ @tomlaies 25 Oct 2023
I'm not really sure but there might be encryption in the gossip network protocol layer.
There also definitely is encryption in lightning routing or nodes connecting to the network via tor.
reply
0 sats \ 0 replies \ @ek 25 Oct 2023
BIP-324 is about that but afaik, the bitcoin network does not use encryption anywhere at the moment. But of course, I might be wrong. Please correct me in that case.
Yes, lightning uses encryption since it uses onion routing
reply
40 sats \ 2 replies \ @GxqoRR 24 Oct 2023 freebie
Quantum computers can potentially break asymmetric encryption, but only weaken the hashing functions such as SHA-256 slightly.
In terms of mining, I think the mining difficulty will likely be adjusted accordingly to keep the 10 minutes block time, as quantum computers develop.
Since quantum computers can only weaken SHA-256, but not significantly to break it, the integrity of the Blockchain can still be preserved, as one can still verify that blocks are not altered through the hash.
I think the real problem will be the individual addresses that are encrypted through asymmetric encryption, which will be broken. One possible solution could be to use a new quantum resistant encryption to secure bitcoin accounts (addresses) before powerful quantum computers come to be, and ask people to transfer funds from old accounts to the new ones. Possibly the existing blockchain (before this migration) can also be secured by being hard coded into the source code (if it's necessary).
All the bitcoins that are not migrated due to various reasons (such as owner not alive, not aware of the issue, etc. including Satoshi's early mined bitcoins) can either be considered not spendable, or can maybe only be released through verification of some info that only the owner knows and got hashed into the UTXO data (as I've heard).
reply
100 sats \ 1 reply \ @ek 24 Oct 2023
There is no encryption, addresses are locking scripts which lock bitcoins with spending conditions.
For example, if you use a P2PKH address (Pay to Public Key Hash), you need to provide the public key which, when hashed, results in the same hash to spend the bitcoins. (You also need to provide a signature.)
No encryption involved.
See here more details
reply
21 sats \ 0 replies \ @GxqoRR 25 Oct 2023
Sorry I meant the asymmetric cryptography scheme used to derive private and public keys, where the private key is used for signing, and public key used for generating addresses to receive bitcoins. I didn't mean the blockchain was encrypted. The scheme might be at risk without mitigation, if quantum computers become powerful enough.
reply
0 sats \ 0 replies \ @nym 20 Apr
Quantum entanglement allows qubits (quantum bits) to be entangled, meaning the state of one qubit can instantaneously affect the state of another, regardless of the distance between them. A fully realized quantum network could significantly improve the precision of scientific instruments used to study phenomena such as gravitational waves from black holes, microscopy, and electromagnetic imaging.
reply