Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Bitcoin Discussion
Re: Do you think quantum computers would break Bitcoin's security?
by
shorena
on 17/04/2015, 12:44:58 UTC
Quote from: Amph on April 17, 2015, 12:26:35 PM
Quote from: shorena on April 17, 2015, 11:09:08 AM
Quote from: Amph on April 17, 2015, 06:41:48 AM
-snip-
well my intention was not say that it could break sha256, but all i want to said, is that it could break 128 key, that's it, there is nothing flawed about my logic

But you are using the "QC can break[1] 128 bit asym-crypto" argument to say that any 256 bit key can be broken by a QC, which is nonsense. Firstly it only applies to asymmetric crypto. Secondly bitcoin is more than just pubkey and private key, it also involves hashes which are - for all we currently know - immune to QC as there is no known algorithm to reverse the calculation and a QC is not faster at calculating hashes either.

[1] break as in brute force

well it's true that you can retrieve a 256 key form a 128, i posted a link telling that, but it's not that easy to do anyway

did you read this?

"With a quantum computer, you could easily deduce the private key corresponding to a public key. If you only have an address, which is a hashed public key, the private key is safe. Anyway, to spend a transaction, you need to send the public key. At that point you are vulnerable, but the attack is not straightforward."

unless he talking bullshit(i don't think so, because he made a tl;dr from many quotes, from users here on bitcointalk, and they seems to know what they are talking about)

read this

https://bitcointalk.org/index.php?topic=133425.0

"I don't think you understand his point.  Yes QC could (in theory) be used to determine the private key FROM the public key.  However with Bitcoin the address isn't the public key it is a structured hash of the public key.   The public key isn't known until the first time Bitcoins are spent from a given address.
"

if you reveal your public key there are chance that they can steal your coins

again

"Well, even that isn't entirely true with how Bitcoin uses public key encryption.  Simply publishing a single bitcoin address doesn't actually publish the private key, it publishes a structured hash of the public key.  The actual public key isn't published until the first time funds are spent from that address.  If SHA-256 is subject to being brute forced into collisions by a quantum computer, a different hashing algo may not be, and that could be used instead.  If you use a new address for each transaction, which is how bitcoin does it by default and really is a best practice, it would be very difficult for a quantum breaker to steal your coins.
"

not impossible

Yes, you would have a possible race condition and how well you are connection to the network would be very important. The attack you are talking about here assumes that Eve (attacker) gets the pubkey from Alice (user) before Bob (miner) confirms the transaction. Not only getting the public key, but also calculating the private key from it and creating a competing TX. Thus Eve would have to be in control of all peers Alice is connected to and all nodes Bob is connected to in order to make this a very likely success. If only a single node (of those connected to Alice) is not under Eves control the TX Alice creates will most likely reach Bob before Eve's.

This is a big problem, but it does not mean bitcoin is broken. It makes every single transaction risky until the problem is fixed though.

Depending on the costs to run a QC, this does not seems cost efficient even when possible. Once the first QC's are capable and start messing with TX I suspect[1] someone has a hardfork solution in some drawer.

[1] actually I have no idea how realistic this is, but considering that we have at least a decade Im positive.