So, from everything I've gathered, in terms of knowledge on all technologies in the world (nobody has comprehensive depth on any one of these btw),
Consider that on layer 1, the core of bitcoin, a double hashed SHA256 is double military grade algorithm selection, for storage of a private key on the blockchain (a private key being the binary version of your 12 word seed phrase (you know, it's like a single username/password combo on Bitcoin).)
For one, quantum proof bitcoin exists (I've never confirmed but heard from multiple sources). Any wallet that has not sent any money has not published a key to crack. (and that could be the only thing I say) (There are enough wallet addresses available to create a new wallet for every transaction through a wallet.)
For two, we live in FUD World. This should be my first point.. Do your own critical thinking. Remember, it hurts to be a leader. (You have nobody to point at for your weird behavior.) Research in FUD world requires Occam's razor assumptions. It's flawed, but as good as you'll ever get to truth..
For three, basically everyone is experiencing deep sadness and pain right now, so they aren't thinking very clearly at all (in terms of seeking teachers and direction). I'm probably definitely not thinking very clearly right now..
For four, and this is definitely the whole point: Quantum is the epitome of a FUD World narrative. And if you wanted to prove me wrong, you cannot. The number of different types of types of qbits and qbit behavior is unfathomable. I could ask your questions for a lifetime.
For five, don't drink and drive guys. That would take a chunk of your stack (for our circular economy).
In celebration of these epiphanies, I'll be dumping a whole 10,000k into promoting this post via engagement.. (this is going to be like the epic 2 pizzas in maybe 13 years).
Hey there, quantum cryptography researcher here. I've written extensively on the subject: #735909 #1288781 #1453183 #1419471
Nobody can answer the question "When will quantum computers be powerful enough to threaten classical cryptography?". You're right to be skeptical of anyone who claims the threat is imminent without proof. But i would like to dispell a few inaccurate notions in your post and its comments.
First, facts only:
Now some corrections:
We do not need to change Bitcoin's block-mining hash algorithm any time soon. Grover's Algorithm gives at best a mild speedup over classical computers. IF in the distant future quantum computers start threatening classical mining, they will be a centralizing force (due to the nature of QCs, see https://stephanlivera.com/episode/670/), and we should soft fork in a change of hash algorithm (no hard fork needed).
There are quantum-resistant sidechains pegged to bitcoin, but their bridges are still vulnerable to sufficiently advanced quantum computers. At best they are a stopgap. There are suggestions which use newly proposed opcodes like OP_CAT to implement PQ-safe address formats. There are BIPs currently being drafted which may someday introduce explicit PQ-safe cryptography opcodes.
But AFAIK there is no consensus mechanism on bitcoin (mainnet) in existence today which fully secures coins against big quantum computers (QCs). At best you can avoid being the low-hanging fruit by using hashed addresses and spreading your coins out among many smaller UTXOs.
Correct, but that's not why people are worried.
In total about a third of all bitcoins which will ever exist are currently locked to pubkeys which are exposed on-chain. Even if your coins stay secure in a hashed address, a QC could steal a large portion of the Bitcoin supply because many coins are pubkey-exposed, and are (conjecturally) held by dead hands who can make no moves to rescue them. So this inheritance falls to the first organization to aim a sufficiently big QC at it.
The FUD comes from the idea of supply flooding: That if a QC attacker wanted to, they could flood the market selling stolen dormant bitcoins and crash the value of bitcoin, at least in the short term.
Whether this would actually happen is unknown - We can't know what the motivation of a QC attacker would be (see this article for an examination of that question), or what legal precedent such an attacker would use to justify mass theft, or whether exchanges would permit such high volume from a single customer who is clearly malicious. I think most of the FUD comes from fear of the many unknown outcomes of that scenario.
The good news is that scalable and quantum-safe signature schemes exist, which can replace the current quantum-vulnerable scheme used today, and they're only going to get better. So most people have no reason to worry. Just hodl tight in hashed addresses and move to PQ-safe addresses once they become available.
Excellent response. Refreshing.
To be honest that is a bad analogy. The pin code has three attempts, cracking the private key doesn't have retry limits.
Also if there's a credible quantum threat, banks can upgrade their centralized systems in a day to be quantum-proof.
Whereas Bitcoiners need to find consensus among decentralized players.
You've clearly never worked at a bank
And there is also another problem. Even if a solution is implemented IMMEDIATELY, all the money must be mived from from the old to the new addresses, which will take time since the block space is limited. And I also don't really know how long the time between quantum becoming clear that it will be an issue and the time it becomes an actual issue, so that's another problem.
Are there quantium resistant algorithms that are feasible for bitcoin (small enough signature to fit in the blocks)?
Simple Analogy
Banks = You hire a security company to guard your gold
Bitcoin = You hold the gold yourself in a vault only you can open.
This analogy is completely useless for illustrating threat or threat resistance to quantum computers
You know why, it feels completely useless.
But arguing about it, it's another time wasted
Arguing about the analogy or about the quantium resistant algorithms?
If it indeed turns out to be an existential threat, a hard fork involving hashing algorithm change would be the most effective solution and you can safely bet that most plebs will be on board i.e. it won't be contentious in any way. This has been brought up on different occasions over the past five years at least and this is the proposed solution. Not sure miners would eagerly support it as current mining equipment would be made obsolete as a result, but it's better than having your earnings drop to zero
Why change the hash function?
It's not SHA256 that is the problem, but ECDSA.
signatures are more urgent but hash functions are not threat proof either.
All hash functions based on universal-hashing have been shown to be threatened by Bonnetain 2021. It's not impossible the same will happen with Merkle Damgard constructions like SHA will have simmilar algorithms.
But worry not, there are many post-quantum secure hash functions in academia being discussed. They will be ready soon - many many years before quantum computers will have bit lengths long enough
deleted by author
right, it's a risk because it's believed to be true that it is possible this will happen.
This belief is the main ingredient of the fud. Quantum resistant algorithms are well known to devs, so it would be a nothingburger as the protocol would make the adjustment rather quickly
we'll computer our way into the eternal realm...
I certainly agree with you on this.
I don't know if the quantum stuff is fud or not, but all the people out there who want us to panic about it are fudders.
There are no guarantees either way, and we must all must make our own minds up about what we want to do.
... smoke and fly
I just assume you mean literally. Reminder to everyone: Microsoft Flight Simulator is cheaper.
A stick should be way cheaper than that 🌿
Very salient, yet underappreciated point. If we just took the time to know ourselves better, and took the time to understand the emotional ebbs and flows that happen inside, tturbulence that gets amplified by socials, we might be so much farther along.
I don’t like getting pulled into endless debates with critics who recycle old fears just to discourage Bitcoin use. It’s always the same FUD, often dating back to 2009, repackaged like it’s new. Meanwhile Bitcoin keeps running, blocks keep coming, and adoption keeps growing. At some point, results speak louder than recycled doubt.
Since 2009...:
Same script, different year.
I can’t prove you wrong but can I have some pizza anyway
quantum-resistant forks on the jewish bitcoin fork will be hilarious to watch, as many get rugged, and not so much for the retarded users of that forky fork;
I'm new to Stacker News and just setting up my profile to help the community with Spanish reviews and proofreading. I'm excited to be part of this! Greetings from Spain! 🇪🇸"