pull down to refresh

Why Hashing Public Keys Doesn’t Provide Quantum Resistance

Thanks to Murch and Josie for their insights here Tweet link.
Hashing public keys offers a level of security, but it's not enough to protect against quantum attacks. In this article, we’ll explore why this vulnerability exists in Bitcoin's P2PKH (Pay-to-Public-Key-Hash) transactions.

2. How P2PKH Transactions Work

In a typical P2PKH transaction, the public key is hidden until the transaction is spent. This setup only reveals the public key when funds are being moved

3. Vulnerability in the Mempool

Once the public key is revealed, there’s a window of time where a quantum attack becomes possible. After the transaction enters the mempool, an attacker with a quantum computer can target the public key to derive the private key before the transaction is confirmed.

4. Exploiting the Window of Time

During this window, an attacker can compute the private key and create a conflicting transaction spending the same coins. By offering a higher fee, they incentivize miners to include their transaction over the original one.

5. Transaction Hijacking and Selfish Mining

This technique is known as transaction hijacking. Quantum computers could also exploit Bitcoin through selfish mining, using Grover’s algorithm to gain an advantage in hash rate
Sure, maybe. But there's still some fundamental assumptions built into this.
First of all, quantum computers are not magic. They can theoretically do things faster than classical computers but they're still bound by physical time constraints.
Using Grover's Algorithm for searching unsorted databases has quadratic speedup compared to classical computers. When applied to breaking SHA-256, Grover's algorithm would theoretically take around 2^128 / 4 ≈ 2^127 steps on a quantum computer.
The exact time it takes for a single step depends on the specific implementation and hardware of the quantum computer. For today's early-stage machines, each operation might take microseconds to milliseconds.
With those speeds, breaking SHA-256 would still take a very long time:
  • At 1 microsecond per operation: ~300 years
  • At 1 millisecond (0.001 second) per operation: ~90,000 years
These are rough estimates and don't account for the significant overhead of error correction, control systems, and other aspects needed to make a large-scale quantum computer work reliably.
So yes, while quantum computers can do it significantly faster than classical computers we're still talking about huge numbers.
reply
Yaa but I think breaking hash functions (SHA-256) is fundamentally different from breaking ECC or RSA.
I still have a question that I don't have an answer to: if ECC and RSA could be broken with the advent of quantum computers, what makes hash functions remain secure?
reply
deleted by author
reply
20 sats \ 1 reply \ @anon 14 Nov
This is wrong. A soft-fork could allow hash-protected coins to be spent in a commit-reveal scheme where the signature was is committed to in secret, then the signature and pubkey revealed later to actually spend the coins.
reply
But this doesn't change the fact that P2PKH isn’t secure against quantum threats as it is today
reply
Just awesome Thanks for sharing!
reply