Ask HN: Will Quantum Computing Break Bitcoin?
3 points by diveloper 5 years ago | 2 comments- physicsAI 5 years agoSomething important to keep in mind is the fact that to execute Shor's prime factorization algorithm (which can break encryption protocols, like the RSA) you need millions of physical quantum bits.
Even the most optimistic quantum engineers agree that building such enormous quantum devices is likely 30+ years away. So Bitcoin has plenty of time to adapt.
- aphextim 5 years agoTL:DR Bitcoin will most likely adapt.
>Bitcoin already has some built-in quantum resistance. If you only use Bitcoin addresses one time, which has always been the recommended practice, then your ECDSA public key is only ever revealed at the one time that you spend bitcoins sent to each address. A quantum computer would need to be able to break your key in the short time between when your transaction is first sent and when it gets into a block. It will likely be decades after a quantum computer first breaks a Bitcoin key before quantum computers become this fast.
>All of the commonly-used public-key algorithms are broken by QC. This includes RSA, DSA, DH, and all forms of elliptic-curve cryptography. Public-key crypto that is secure against QC does exist, however. Currently, Bitcoin experts tend to favor a cryptosystem based on Lamport signatures. Lamport signatures are very fast to compute, but they have two major downsides:
>The signature would be quite large, at least several kB (40-170 times larger than now). This would be very bad for Bitcoin's overall scalability, since bandwidth is one of the main limiting factors to Bitcoin's scaling. Advances in scalability such as Segregated Witness (the signature is part of the witness) and Lightning will be helpful. At the time that you create each keypair, you would need to set some finite maximum number of times that you can sign with this key. Signing more than this number of times would be insecure. Increasing the signing limit increases the size of each signature even more. Since you are only really supposed to use addresses once, this may not be a huge problem for Bitcoin. There is also some ongoing academic research on creating quantum-safe public-key algorithms with many of the same properties as today's public-key algorithms, but this is very experimental. It is not known whether it will end up being possible.
>A new public-key algorithm can be added to Bitcoin as a softfork. From the end-user perspective, this would appear as the creation of a new address type, and everyone would need to send their bitcoins to this new address type to achieve quantum security.