...
PS. В следующий раз идите на троллинг вместе с криптографом ;-)
...
Крипотграфы... (я все это читал давно, не нужно упрекать так, просто лень возиться с поиском ссылок на каждый пук)PS. В следующий раз идите на троллинг вместе с криптографом ;-)
...
This should be in all stickys and faq's! Seems like every week lately we have a thread on this same old topic. I know the search engine is very bad on this forum, but i think most of the noisemakers are just too lazy to even use it.
I think at least this video from the summit should be compulsory to watch before being able to post on this forum.
I think at least this video from the summit should be compulsory to watch before being able to post on this forum.
...except that the speaker got the question about quantum computing wrong. I was in the audience, but I was too much of a pussy to stand up and correct him in front of everyone. Apparently, I should have done so (since he has now been cited by someone), but I'm shy like that -- especially because I was in the back and no one had any idea who I was. Oh well.
The speaker says that ECDSA is not susceptible to QCs -- that's just wrong. ECDSA is most definitely broken by QC's, as well as just most asymmetric crypto algorithms on which internet security relies. But Bitcoin is better prepared to deal with QCs than most other crypto systems: (1) if you never reuse addresses, then no one knows your public keys and thus there's nothing for a QC to solve. By the time someone gets your public keys, you've already spent the funds, (2) the crypto algorithms in Bitcoin can be changed to quantum-resistant ones. Given that we'll probably have two decades advance notice before QCs with enough qubits exist to even threaten Bitcoin, we'll have plenty of time to make the switch.
однако..
.....
I don't think you understand his point. Yes QC could (in theory) be used to determine the private key FROM the public key. However with Bitcoin the address isn't the public key it is a structured hash of the public key. The public key isn't known until the first time Bitcoins are spent from a given address.
I don't think you understand his point. Yes QC could (in theory) be used to determine the private key FROM the public key. However with Bitcoin the address isn't the public key it is a structured hash of the public key. The public key isn't known until the first time Bitcoins are spent from a given address.
Так что не все так очевидно, D&T отвечает уклончиво..
По крайней мере, хорошая новость в том что ECDSA устойчив к QC а он используется в создании "адреса Биткоин" (что затрудняет атаку на адрес с целью завладения монет). А вот майнинг...
ECDSA как раз не устойчив - он про это и пишет "The speaker says that ECDSA is not susceptible to QCs -- that's just wrong. ECDSA is most definitely broken by QC's, as well as just most asymmetric crypto algorithms on which internet security relies."
D&T пишет что покуда публичный эдрес это хеш-сумма от публичного ключа - то QC это не проблема для него, потому что публичный ключ не известен до тех пор пока не выполен исходящий платеж.
Отсюда и требование - не реюзать кошельки для максимальной безопасности. Юзать БОЛЬШЕ кошельков, чтобы их нельзя было распарсить легко из блокчейна.
Квантовые компы - давно уже есть - вот второе поколение квантовых компов уже продают (512-кубитные) http://www.dwavesys.com/en/dw_homepage.html
На лом биткоиновых ключей надо ~10k кубитов. Вот и думайте - есть они в природе или их нет :-)))) Особый превед тем кто принимал законы о ЭЦП и документах защищаемых этой хренью, и тем кто верит что это - хорошо ;-)
PS. Прошу не срать кирпичами ;-) У молодых читателей хакер.ру таких девайсов еще нет :-)