pull down to refresh

Bitcoin and the Quantum Problem – Part I: Discrete Logs are Hard - Nic Cartermurmurationstwo.substack.com/p/bitcoin-and-the-quantum-problem-part
394 sats \ 4 comments \ @Scoresby 11h crypto

Nic Carter: "Quantum computing is, in my opinion, the biggest risk to Bitcoin."

It looks like Carter is going to be making a series about quantum computing and cryptography. I like his writing and am looking forward to it.

More math than you'd think was helpful, actually turns out helpful

In this first piece, Carter goes hard on the math that secures Bitcoin, explaining it via equations and graphs, after a whole mess of which he blithely says
It should be easy to understand at this point why it might be hard to find k given an arbitrary multiple of G.
I don't have the math skills to feel like it was easy, but he does a good job, I think, in explaining it so that even I got a little closer to understanding elliptic curve cryptography. It's worth the read if you want to wrestle with Bitcoin's cryptography.

Here's a sample:

After all, all we’re doing is k * G = P where k is your private key, G is the known starting point, and P is the public key. Since G and P are known, why not simply divide P by G to get k, you might ask.
The answer is that elliptic curve “multiplication” isn’t actually multiplication at all. As we’ve demonstrated, it’s actually repeated addition. We have just found clever ways to speed up the addition so we can skip a lot of steps.
Inverting this process – finding k given P and G – is the discrete logarithm problem itself. Bitcoin’s cryptographic security is based on that problem being hard.
More generally, the reason it’s hard to reverse point addition in the elliptic curve is because of its structure, and this is why elliptic curves were specifically chosen for this. The equation mixes a cubic and a quadratic variable, which makes it nonlinear and hard to invert algebraically. Moving over from real numbers to finite fields means you can no longer use calculus to get a sense of direction, distance, or slope. There’s no “which way is closer” or “how fast am I approaching the target” – every step is a blind jump in a featureless, discontinuous space.
Because you are wrapping around the modulus with almost every operation, there’s no “progress” visible on the graph. Where you are at any given point gives you no information about how many “spins” you have undertaken. Unwinding it is like turning a cake back into its ingredients or a smoothie back into fruit. The elliptic curve multiplication process is a gigantic, one-way, deterministic number scrambler.
Bitcoin’s entire cryptographic premise is “there exists a one-way function that’s easy to compute in one direction, and infeasible to invert.” We’ve never had to worry about this before, because it’s such an ironclad assumption in cryptography.
Until now.
write
preview
related posts
365 sats \ 3 replies \ @Scoresby OP 9h
source
reply
173 sats \ 1 reply \ @BlokchainB 9h
Hahaha quantum is in the Overton window due to Wall Street and the investment that is going into it by big tech. Quantum has a long way to go
reply
104 sats \ 0 replies \ @kepford 7h
I know. It's entertaining to watch who freaks out about it. Saying it has a long way to go is being generous from what I have seen. We don't even know if it will really be possible or useful yet. Seems to mostly be theory at this point.
reply
102 sats \ 0 replies \ @kepford 7h
Yeah, I managed to piss off some people at work in our quantum slack channel asking questions and linking to some critical /skeptical cryptographers.
It reminds me of Cold Fusion or the perpetual motion machines. I have seen zero evidence of it doing anything beyond essentially rigged tests.
reply