And where did I ever say that? Quantum computers could solve certain types of problems because algorithms are known for those certain types of problems.
Exactly. They can solve "certain types of problems" but they can't magically decrease the 128-bit security of a EC private key to 80 bit.
I didn't say they could do that. What I said is they can reduce the security of a hash function in half. From 160 bits down to 80 bits.
The point is to say cryptography is not going to be broken as easily as you think otherwise we wouldn't have built so much on top of it. Historically this has also been true. We can always foresee the technical developments including hardware capabilities that could lead to weakening a cryptography algorithm and we have always been replacing them with stronger ones for the past thousand+ years.
Well I don't know all what's gone on in the past 1000+ years with regards to that but I'd say the quantum computer threat is kind of a new paradigm.
The key will still provide 128-bits of security.
If all you know is my bitcoin address, say it is a 256-bit hash. Then to attack it you could do no better than brute force search to find a pre-image. So my security is 256 bits for that. Keep in mind too that there are about 2^256 bitcoin private keys.
And if that ever becomes the case, then bitcoin will move to quantum resistant signatures.
You make it sound so simple like flipping a switch and it's all taken care of. They don't even know what signature scheme they would use.
Relying on then insecure hash functions and keeping your public keys secret is not a tenable solution.
A 256-bit hash function such as Sha-256 is secure against quantum computer pre-image attacks. 128 bits secure. Which by your own admission is good enough security.
Keeping your public key secret means never spending your coins.
No it doesn't. It just means you only use your bitcoin address one time. After that you use another one you never used before. Because once you use it the first time, the public key becomes a permanent record on the blockchain. At that point, you don't want to have funds in it anymore. it's just part of an overall security protocol for best practice.
As I said above, if your security relies on your public key being secret, then your security is broken.
It's not that it relies on it but given the choice, I prefer not to let anyone know my public key or keys. I feel more secure that way. Luckily bitcoin allows that by simply not re-using the same address more than once. I might have other security protocols too which are designed to make me feel more secure against someone cracking my private key. Such as not storing my bitcoin on an android app, etc.
Long before this becomes an issue, bitcoin will fork to quantum resistant signatures.
I think there's logistical issues in doing something like that though. Are you just going to fork bitcoin? And the old legacy chain dies off? What happens to Satoshi's bitcoin?
If you think that 128 bits of security is insecure, then you should probably stop using bitcoin. Even if you believe that all your coins are protected by 256 bits of security, the many millions of bitcoin present in addresses with exposed public keys is enough to completely crash the price of bitcoin to zero if they were suddenly all stolen and everyone lost confidence in bitcoin's security.
I think 128 bits of security is on the fence. I'd like to see higher. But it is what it is. The only way to get higher security is to change curves or change how you use the curve secp256k1. if a bitcoin public key had 256 bits of security then I wouldn't have such an issue with my public key being known.
but as it is now, i think it wise to not use a bitcoin address more than once. if i'm going to use bitcoin.
Quantum computers cannot reduce anything. Quantum computers are just a scam hidden behind weird probabilistic equations, which are very conveniently excluding almost all real life noise. Quantum computers are so weak, that cannot factor a 6-bit number using the almighty Shor's algorithm - which "breaks ECDLP" - the number 35 turned out just too big for reliable factorization
Quantum Computers do not equal Shor's algorithm. I'm pretty sure if they really wanted to they could factor something bigger than 35 though. We're way past that.