Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Development & Technical Discussion
Re: Quantum computers and Bitcoin
by
DeathAndTaxes
on 07/01/2013, 12:37:42 UTC
Quote from: Carlton Banks on January 07, 2013, 10:53:35 AM
Quote from: MoonShadow on January 07, 2013, 02:15:58 AM
Quote from: Carlton Banks on January 07, 2013, 01:18:51 AM
Quote from: halftimepad on January 06, 2013, 10:10:05 PM
Quote from: Carlton Banks on January 06, 2013, 01:43:47 PM
Forgive me if I'm wrong, but in a world where quantum computing becomes actually prevalent, as opposed to just plainly possible in a laboratory setting, there is nothing to stop Bitcoin from leveraging QC for it's encryption. This would kind of ruins the argument of ever more sophisticated QC cracking current cryptography; the new cryptographic possibilities that QC could achieve will eventually be available to the Bitcoin dev team, as well as the general public.

I'm not so sure about that. In Bitcoin you need a public key cryptosystem. In elliptic curve cryptography, the trick is that the direct problem (computing the public key or the signature) is easy if you know the private key. However, if you have the public key there is no known efficient method to deduce the private key (with a classical computer).

If everyone had quantum computers, both problems would become easy. You cannot simply scale the numbers as you would with hashing. You need asymmetry.

There are a few alternatives under study:
http://en.wikipedia.org/wiki/Post-quantum_cryptography

The important point is that, as opposed to symmetric systems, where you can just scale everything, you need some asymmetric problem. With quantum computers there are less available problems like that.



Yes, I see what you mean. I read up on the maths behind cryptographic key pairs quite some time ago, and the (infinitely parallel?) nature of QC would blow that paradigm away. I guess that's what I'm driving at then: there must be some way of using quantum computers to create openly exchanged secrets that are inpenetrable to QC cracking methods. If not, then I guess all bets are truly off with just about every form of encryption that exists, even if there was some new discovery in cryptographic maths.

Well, even that isn't entirely true with how Bitcoin uses public key encryption.  Simply publishing a single bitcoin address doesn't actually publish the private key, it publishes a structured hash of the public key.  The actual public key isn't published until the first time funds are spent from that address.  If SHA-256 is subject to being brute forced into collisions by a quantum computer, a different hashing algo may not be, and that could be used instead.  If you use a new address for each transaction, which is how bitcoin does it by default and really is a best practice, it would be very difficult for a quantum breaker to steal your coins.

I apologize if I wasn't being clear with my post, I am aware that private keys cannot be computed from public keys (and the, er, *ahem* obvious security hole that would represent, lol). I imagine it would be possible to use the high level of parallel processing that a QC could be scaled up to to simply brute force private keys directly using the blockchain database. This would presumably take a QC with a high qubit count, but it's clearly the most common sense approach to hacking Bitcoin with quantum computing. It'd have to have a half decent rate of key discovery though, as the chances of finding a private key with alot of money in it's addresses could be pretty slim (this is an impression, I don't know any hard stats offhand, but I suspect the vast majority of keys have <10 BTC contained)

I don't think you understand his point.  Yes QC could (in theory) be used to determine the private key FROM the public key.  However with Bitcoin the address isn't the public key it is a structured hash of the public key.   The public key isn't known until the first time Bitcoins are spent from a given address.