pull down to refresh

This article has been generating quite a bit of discussion recently (also posted here 721468). An interesting point in relation to Bitcoin is what happens when a quantum computer catches up to the SHA256 algorithm? On a long enough time frame we can count on it being inevitable.
I'm confident that with all the talented people working in the Bitcoin space we'll be able to raise the bar and keep the network secure for everyone able to upgrade their keys. However the real question to ask is what happens to all the lost coins? Especially Satoshis!
Do we let it be and let nature play out with the first quantum computer able to crack SHA256 capture all these coins through brute force? It would likely be a large tech company or country that ends up with 20-30% of all Bitcoin if this were to happen. A huge change in a short amount of time.
The other option is that we hard fork before this happens? Something along the lines of if the UTXO hasn't moved in 15-20 years it becomes unspendable. This is perhaps a crude solution and I'd be interested to hear other ideas. However it seems that a hard fork option would essentially be the only option.
The next hard fork MUST have a plan for this scenario. Hopefully it will be one that's been debated, is well thought out and tested.
A general purpose and stable high qubit quantum computer (which doesn't exist and no one is sure if will ever exist) can run an algorithm called shor's. Shor's is used to factor numbers. You can thus use shor's to derive a private key from a public key. Bitcoin exposes public keys in the scenarios of certain address reuse and when certain transactions are sitting in the mempool, as well as very old 2009 era pay to pubkey coinbases and new taproot transactions. What will happen if such a computer ever exists is slowly attempts to mine the most static of these coins, probably the old coinbases, will occur. Once this happens everyone will know there is a quantum actor and avoid address reuse or in the worst case just move to a new address format. It's also important to remember that a quantum attack takes considerable time, not dissimilar to mining, as it's the process for searching for a private key. Another Algorithm, called grovers, will enable a new kind of mining ASIC, similar to how generations of PoW devices have always functioned.
This is the anti-quantum-fud blurp we have set up in this Bitcoin discord server I'm in.
reply
Very old 2009 pay to pubkey coinbase would include Satoshis coins wouldn't it?
reply
98 sats \ 2 replies \ @jgbtc 13 Oct
Maybe Satoshi's coins are a bounty for quantum researchers and this was his plan all along. He wanted quantum computers for the many great benefits it will bring to humanity. Bitcoin could have been his way to incentivize/reward the achievement.
Possibly he knew he wasn't going to be around much longer and this was the best way he could think of to make quantum computers a reality after he was gone and therefore unable participate directly in research.
reply
0 sats \ 1 reply \ @OT OP 14 Oct
IDK... Leaving up to 3-4 million bitcoin to the first quantum computers seems like a bit too much for anyone to stomach.
reply
Perhaps he knew he had a terminal illness, like ALS for example. But yeah, this is a stretch. Just a fun theory.
reply
The article is talking about AES256, which is block cyper used in encryption schemes. Why are you bringing up SHA256, which is a hash function?
It seems like you have no idea what you are talking about. People without basic knowledge on a topic are not worthy of having opinion about said topic
reply
Of course I don't.
I said at some point the technology will become outdated and we'll need to do something about it.
reply
I'm sure craig wright & co. will make a "quantum safe sha" bitcoin and this guy will trade his bitcoin for it.
reply
Don't store your funds in taproot addresses and you will be fine. Use Pay-to-Pubkey-Hash, (P2PKH) or Segwit (P2W-PKH). The hash will protect you from zero-day quantum attacks.
reply
Taproot? Why is that? I thought we were meant to be moving towards a taproot future.
reply
64 sats \ 0 replies \ @jk_14 13 Oct
side note: ECDSA is in danger first, not SHA256...
reply
So for people that have bitcoin on the blockchain that dont actually move it, we would lose it?
reply
20 sats \ 3 replies \ @OT OP 13 Oct
When the time comes, you might have to upgrade your keys.
reply
Wont it come too late? Even with the fork, people will lose their savings of bitcoin. I dont see hackers just giving a warning.
reply
20 sats \ 1 reply \ @OT OP 13 Oct
For some it might. This article is talking about cracking military grade encryption. We still have time to come up with something before it happens, but maybe not as much time as we thought.
You could be right about not giving a warning. If someone moved 50 BTC from Satoshis address the market would likely tank but recover. The attacked might wait till they had a massive amount say 100k-1m BTC to show the network that SHA256 has been cracked.
reply
Right, could be scary. Can you imagine the first million or so just migrating to coinbase?
reply
Not necessarily. The best practice is not to reuse addresses. One reason is that by spending, the public key is revealed and can be attacked. Prior to spending, only the HASH160 of the public key, i.e., RIPEMD160(SHA256(pubKey)), is known, which is not vulnerable to direct quantum attack.
Ancient P2PK transactions did not have this protection and the public keys are known. Meaning they are the prime targets for exploitation, and in some sense the best way to demonstrate viable large-scale quantum computer capable of generating private key for a given public key.
reply