I believe you underestimate the problem. Mining, in general PoW, is based on what is assumed to be a One Way Function (a black box who's output gives zero indication of it's input. No proof exists that such a thing can be real, for repeated calls.
The only uncrackable encryption is a one-time pad. If I give you a string of random (how did I obtain these? let's assume it's poosible) bits secretly, then I can XOR a message shorter than that random string (the pad) and it would appear to those without the pad to be random. Uncrackable by definition (again, assuming TRUE randomness).
Any hash function used for PoW, iterative or no, that is shared, is not a one time pad. How do we make PoW such that we also include proof of truly randomly seeded work?
But I agree that, as with anything, we will adapt. Harvest now, decrypt later, means that every single message transferred online today thought securely, is knowable soon. Who you are, which coins you have spent where, everything. Nothing to be done about that.
But PoW mining in bitcoin requires the continuously adjusted nonce and extranonce to be hashed along with the previous block header. No block can ever be the same because of the current and previous header data included (timestamp, merkle root, previous block hash, etc). My point about the iterative hash function relating to quantum algos not being suited to this work, is that preimage (in SHA hash functions) and cryptography don't matter, as the nonce of any current block is simply an empty field that a super fast machine can only trial and error to create. Or maybe I completely misunderstood what you argued, and you went over my head. Would really appreciate if you did explain it then. Sats inbound.
reply
No, I was wrong, specifically about the SHA-256 vulnerability. Thank you for giving me a chance to go on a bitcoin/cryptography rabbit hole journey!
I would still warn about being too confident in network security. I'm currently focusing my studies on this and it really is absurd how insecure everything is. How much does it matter that the bitcoin miner node is safe, if it is easy to gain access to, or easy to intercept its message of a successful block?
HTTP compression endangers the whole world, and not even using quantum computers:
All versions of TLS and SSL are at risk from BREACH regardless of the encryption algorithm or cipher used.[123] Unlike previous instances of CRIME, which can be successfully defended against by turning off TLS compression or SPDY header compression, BREACH exploits HTTP compression which cannot realistically be turned off, as virtually all web servers rely upon it to improve data transmission speeds for users. (source)
And once quantum computers become operational, (hell, even today, snowden tells us that the NSA has backdoored TLS/HTTPS), what happens when every malicious actor knows the IP address of every mining node? I can tell you one thing that might happen, they might decide to park their car outside the miners house and use electromagnetic detectors (etc) to gain knowledge about the ciphers you communicate by.
If you have make a wireless SSH connection to your server and type a password instead of using public keys, did you know that a sniffer can see every time you pressed a key? Not which key it was, but this info still narrows it down the password brute force absurdly..
That''s the trouble. It's not enough to secure one part, every layer of network protocol as well as everyone (who can dox you)s behavior, and ideally that should be done now. Yesterday even. Every asymmetric public key system, such as digital certifications from LetsEncrypt or one of the other 4 companies (in the world) who provide them, the rely on too few bits even now (this I also learned from Snowden). The NSA can see you.
Going back to bitcoin, its encryption is quantum vulnerable today like TLS before 1.3 (apparenty bitcoin uses elliptic curves somewhere and not just hashing? does anyone care to explain to me?).
And for most networks (and all obscured repeated behavior) can by enough observations eventually give you the compelte unobscured behavior from the moment you begain observing (unless you use forward secrecy, but the point still stands, because again, there are so many layers that need to be unbreakable!). Simply due to Bayes theorem. The first time I programmed one of these (a hidden markov model) was in my final algorithms class, I was blown away that it was even physically possible.
God i love programming. @ekzyis you're a white hat, you know more than me about this. Feel free to weigh in :) (or anyone else).
reply
Thx for the explanation Morley!
reply