This question never dies. Quantum computing will never be a threat to mining as that's an iterative hash function that quantum is poorly suited for. As for ECDSA, signatures, wallets, AES, etc, then yes, but this isn't something exclusive to bitcoin, it means everything from email and hospital databases, to military satellites and autonomous vehicles are at risk. Thankfully, work on post-quantum or quantum-resistant cryptography is decades into development. We don't have a post-quantum AES-type standard yet, but there are several candidates starting to throw their hat in. It's a lot like when Serpent, Twofish, MARS, Rijndael, etcetera, were competing for the AES standard.
Bitcoin devs don't need to "solve" this problem, rather they'll need to find ways to implement the solution.
Otherwise it's going to take Nobel Prize worthy work in chemistry (esp material science), physics, and math to run powerful quantum algos like Schor's etcetera with stability and an acceptable error correction range, and it still isn't clear if we can even entangle enough quibits on planet earth. It's going to be a long time. A long time to figure things out, funding and global cooperation will only increase. Incentives pretty much aligned everywhere you look.
I believe you underestimate the problem. Mining, in general PoW, is based on what is assumed to be a One Way Function (a black box who's output gives zero indication of it's input. No proof exists that such a thing can be real, for repeated calls.
The only uncrackable encryption is a one-time pad. If I give you a string of random (how did I obtain these? let's assume it's poosible) bits secretly, then I can XOR a message shorter than that random string (the pad) and it would appear to those without the pad to be random. Uncrackable by definition (again, assuming TRUE randomness).
Any hash function used for PoW, iterative or no, that is shared, is not a one time pad. How do we make PoW such that we also include proof of truly randomly seeded work?
But I agree that, as with anything, we will adapt. Harvest now, decrypt later, means that every single message transferred online today thought securely, is knowable soon. Who you are, which coins you have spent where, everything. Nothing to be done about that.
reply
But PoW mining in bitcoin requires the continuously adjusted nonce and extranonce to be hashed along with the previous block header. No block can ever be the same because of the current and previous header data included (timestamp, merkle root, previous block hash, etc). My point about the iterative hash function relating to quantum algos not being suited to this work, is that preimage (in SHA hash functions) and cryptography don't matter, as the nonce of any current block is simply an empty field that a super fast machine can only trial and error to create. Or maybe I completely misunderstood what you argued, and you went over my head. Would really appreciate if you did explain it then. Sats inbound.
reply
No, I was wrong, specifically about the SHA-256 vulnerability. Thank you for giving me a chance to go on a bitcoin/cryptography rabbit hole journey!
I would still warn about being too confident in network security. I'm currently focusing my studies on this and it really is absurd how insecure everything is. How much does it matter that the bitcoin miner node is safe, if it is easy to gain access to, or easy to intercept its message of a successful block?
HTTP compression endangers the whole world, and not even using quantum computers:
All versions of TLS and SSL are at risk from BREACH regardless of the encryption algorithm or cipher used.[123] Unlike previous instances of CRIME, which can be successfully defended against by turning off TLS compression or SPDY header compression, BREACH exploits HTTP compression which cannot realistically be turned off, as virtually all web servers rely upon it to improve data transmission speeds for users. (source)
And once quantum computers become operational, (hell, even today, snowden tells us that the NSA has backdoored TLS/HTTPS), what happens when every malicious actor knows the IP address of every mining node? I can tell you one thing that might happen, they might decide to park their car outside the miners house and use electromagnetic detectors (etc) to gain knowledge about the ciphers you communicate by.
If you have make a wireless SSH connection to your server and type a password instead of using public keys, did you know that a sniffer can see every time you pressed a key? Not which key it was, but this info still narrows it down the password brute force absurdly..
That''s the trouble. It's not enough to secure one part, every layer of network protocol as well as everyone (who can dox you)s behavior, and ideally that should be done now. Yesterday even. Every asymmetric public key system, such as digital certifications from LetsEncrypt or one of the other 4 companies (in the world) who provide them, the rely on too few bits even now (this I also learned from Snowden). The NSA can see you.
Going back to bitcoin, its encryption is quantum vulnerable today like TLS before 1.3 (apparenty bitcoin uses elliptic curves somewhere and not just hashing? does anyone care to explain to me?).
And for most networks (and all obscured repeated behavior) can by enough observations eventually give you the compelte unobscured behavior from the moment you begain observing (unless you use forward secrecy, but the point still stands, because again, there are so many layers that need to be unbreakable!). Simply due to Bayes theorem. The first time I programmed one of these (a hidden markov model) was in my final algorithms class, I was blown away that it was even physically possible.
God i love programming. @ekzyis you're a white hat, you know more than me about this. Feel free to weigh in :) (or anyone else).
reply
Thx for the explanation Morley!
reply
Quantum computing will never be a threat to mining as that's an iterative hash function that quantum is poorly suited for.
No one claims that. It really annoys me when people bring up the 'mining discussion' when topic is quantum computers. It's a noise that takes attention away from the real issue.
Quantum Computers in the context of bitcoin security is about the public-private-key algo that secure UTXOs and is used in wallets.
I recommend this video on the topic. It covers all relevant threads and is factually correct: https://www.youtube.com/watch?v=IaoTtkuY7jM
reply
I and the YouTube host in your embedded video mentioned mining from the start because it's been a recurring misnomer when the quantum subject is brought up—people assuming quantum algos are the attack vector on tx finality, while bestowing protocol-changing mining benefits. No, it's the the wallets and sig schemes that are attack vectors like you said. And like she said towards the end after echoing a bunch of the things I said—with quantum powers come many world-changing benefits. I'll add one of those is sure to be QKD, which can dramatically increase the security of everything we do digitally today as a postmaster for quantum-resistant encryption. So much fear and negativity around tech today, wether it's Ai, quantum, or autonomous cars. All bound to become boringly dependable technologies tomorrow.
reply
Great video by the way. Have sum sats.
reply