pull down to refresh
25 sats \ 4 replies \ @Brunswick 22 Jul 2022 \ on: What Quantum Computers Mean for Bitcoin's Future bitcoin
I see QC as a threat to ECDSA and obviously RSA, but not to the sha256 merkle chain
Care to elaborate please? You mean stealing funds without the public key and private key pair, just with the public address?
reply
Well first off, the "wallet address" is the same as the public key. So the public key is literally publically available on the blockchain alongside its signed transactions thus also its balance. ECDSA is not NP hard and there is a mathematical proof that shows it can be cracked (the private key found) by QC. To answer your question, yes all wallets can be cracked by QC, therefore funds stolen.
Am I concerned about this? No, not at all. There are already new public key cryptographic algorithms that can be "dropped in" to bitcoin and everyone's wallet balances can be moved to the hardened encryption long before QC becomes an actual present danger.
reply
My understanding was that a btc address was derived from a public key that is not necessarily shared until you sign a transaction once some utxo are "spent" from said address and therefore reusing addresses is bad because these are the ones that can be "bruteforced".
Even though it's a public key you are not so easily sharing compromising info if you don't reuse addresses to receive and spend many times utxos.
I'm extremely happy to be corrected and learn because my knowledge is limited and not factual.
reply
The reason your identity becomes exposed by spending from a wallet is because the IP address (internet, not wallet address) where you transmit the UXTO to the mempool from is logged by third parties. They say you shouldn't reuse a wallet address, but they mean for receiving funds. You shouldn't give out the same wallet address to multiple people, because then any of those other people that send a sum to that address will know who you are, and they can see addresses you've received from, spent to, and your balance.
You cannot brute force a private key if you have a public key. This is the entire theory behind public key cryptography, that given a sufficiently large keyspace (bits of encryption) you can give out your public key to anyone in the universe, and they can never ever figure out your private key even if they converted every atom in the known universe to a transistor and dedicated this amount of computing power for trillions of years to finding your private key. This was true for several decades until some smartass mathematician figured out that QC actually has a 'backdoor' into finding your private key, don't ask me how because its all quantum magic. No wonder Nobel didn't like mathematicians.
The public key to your wallet actually MUST be shared and stored publicly on the blockchain because when each full bitcoin node scours (verifies) the blockchain, it also checks the balance of each particular wallet address. It does this by using the public key for that transaction to check the signature block. When a signature block is created by the owner of the wallet, they use their private key to sign the transaction which contains the amount of bitcoin to transfer and to which wallet address.
If the public key for every wallet address weren't immediately available to each and every bitcoin node, there would be no way to verify that a transaction was authorized by the wallet owner. The shorthand that was chosen by Satoshi was to use the actual ECDSA public key encoded in BASE58 as the wallet address itself.
Base 58 is a standard agreed-upon way to encode a binary number as a string of characters and numbers where some characters like O and I aren't allowed because it can be confused with 0 and 1. If a bitcoin address used all uppercase, lowercase, and digits it would be Base62 (26+26+10 = 62) or base64
The reason ECDSA (Elliptical Curve Digital Signature Algorithm) was chosen over RSA is EC has a much smaller public and private key size and you can use a much shorter string of characters (BASE58) to convey the public key for the ledger entry.
I hope I didn't lose you in all of this.
reply