Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Encryption The Almighty Buck Bitcoin

Will Cryptocurrency Face a Quantum Computing Problem? (cnet.com) 68

Posted by EditorDavid from the encryption-anxiety dept.
"If current progress continues, quantum computers will be able to crack public key cryptography," writes CNET, "potentially creating a serious threat to the crypto world, where some currencies are valued at hundreds of billions of dollars." If encryption is broken, attackers can impersonate the legitimate owners of cryptocurrency, NFTs or other such digital assets. "Once quantum computing becomes powerful enough, then essentially all the security guarantees will go out of the window," Dawn Song, a computer security entrepreneur and professor at the University of California, Berkeley, told the Collective[i] Forecast forum in October. "When public key cryptography is broken, users could be losing their funds and the whole system will break...."

"We expect that within a few years, sufficiently powerful computers will be available" for cracking blockchains open, said Nir Minerbi, CEO of quantum software maker Classiq Technologies.

The good news for cryptocurrency fans is the quantum computing problem can be fixed by adopting the same post-quantum cryptography technology that the computing industry already has begun developing. The U.S. government's National Institute of Standards and Technology, trying to get ahead of the problem, is several years into a careful process to find quantum-proof cryptography algorithms with involvement from researchers around the globe. Indeed, several cryptocurrency and blockchain efforts are actively working on quantum resistant software...

A problem with the post-quantum cryptography algorithms under consideration so far, though, is that they generally need longer numeric encryption keys and longer processing times, says Peter Chapman, CEO of quantum computer maker IonQ. That could substantially increase the amount of computing horsepower needed to house blockchains...

The real quantum test for cryptocurrencies will be governance structures, not technologies, says Hunter Jensen, chief technology officer of Permission.io, a company using cryptocurrency for a targeted advertising system... "It will be the truly decentralized currencies which will get hit if their communities are too slow and disorganized to act," said Andersen Cheng, chief executive at Post Quantum, a London based company that sells post-quantum encryption technology.
This discussion has been archived. No new comments can be posted.

Will Cryptocurrency Face a Quantum Computing Problem? More

Will Cryptocurrency Face a Quantum Computing Problem?

Comments Filter:

  • Vitalik Buterin is on the case (Score:5, Informative)

    by presidenteloco ( 659168 ) on Sunday November 14, 2021 @06:48PM (#61988259)
    "We have an upgrade path and we know what the upgrade path is." - Vitalik, 2019.

    Referring to replacing quantum-cryptanalysis-vulnerable cryptographic algorithms with quantum-cryptanalysis-resistant ones.

    Whether there's a a catastrophe or not for crypto-currency / blockchain economy depends on whether the defenses are built before the quantum computing attacks on crypto become established.

    It's of course worth mentioning that quantum cracking of standard cryptography will break much more than crypto-currency/DEFI etc. It will literally break the bank, and all e-commerce etc, too. And your online government services. And your few remaining wisps of privacy while using online accounts of all types.
    So all that stuff needs to be substantially upgraded. Not just blockchain/cryptocurrency.

    • I will risk the prediction that quantum computers will forever require such sophistication that only internet advertising companies and the five richest kings of Europe will be able to afford them. So almost all of the current uses of cryptography will generally be OK--while the large, slow, and valuable prey of cryptocurrencies and political dissident's encrypted diaries will be vulnerable.

      It almost doesn't matter whether there is an easy way to monetize a quantum exploit, the possibility of an irreversib

    • Buterin is full of shit as usual. Eth is supposed to have moved to proof-of-stake years ago, but it's still 18 months away, just like it was 18 months ago.

    • Re: (Score:2)

      by fermion ( 181285 )
      Generally speaking all current security is based on the idea that it would take so long to crack the encryption it is not feasible or desirable to anyone who could. Obviously for certain high value target this is not the case and we have seen defenses fall. But if we just keep up with increasing computing power, making things twice as hard every year, or insuring current defenses are difficult enough, then we are secure.

      Quantum computing, though, to coin a term, is going to be a quantum leap in com-using

    • Isn't this the same guy who promised that Ethereum would be moving from Proof Of Work to Proof Of Stake back in 2018? We're still waiting on that one.

  • will they be able to use it to buy pizza?

  • No (Score:3)

    by sjames ( 1099 ) on Sunday November 14, 2021 @07:30PM (#61988379) Homepage Journal

    So far, utilizing 7 qbits, a quantum computer has managed to factor the number 21. 35 was attempted but failed on IBM's Q. Counting set-up time, a middle school kid is faster. We can expect to see some improvement in that over time, but it will be a very long time until it can handle the sizes needed for actually used crypto.

    • Isn’t China at 62 qbits already? That should still be a ways off from being a threat, but next 10-20 years seems reasonable.

      • An issue here is the unknown of it all.

        A specific quantum algorithm with some implicit encoding scheme for values, factored 21 with 7 qbits.

        That doesnt rule out a 7 qbit system factoring much larger numbers (even greater than 128!) using a different algorithm or a different encoding scheme..

        Its too new. We just dont know the limits here to any great extent. Better algorithms. Clever value encoding. Increasingly ideal conditions.

        Public key crypto based on primes only continues to be a good choice so

      • Isn’t China at 62 qbits already? That should still be a ways off from being a threat, but next 10-20 years seems reasonable.

        And we'll power it with our self-sustaining fusion reactors, and the average person on the street will use their hacked crypto to buy a flying car?

      • Re: (Score:3)

        by sjames ( 1099 )

        Keep in mind that with linear scaling of qbits, difficulty scales exponentially. Shor has expressed doubt that Shor's algorithm will scale.

        There's still time to transition the crypto as required. There are already algorithms thought to be particularly difficult for quantum computers to handle.

        Even doubling the bit count of current crypto could punt the problem a couple more decades.

    • It depends on what sort of limit they are hitting. If difficulty or size of the quantum computer only scales linearly with bits, then there is a path to factoring large primes. If the difficulty increases faster than that, it my not be practical.

      Even linear could be tough - for example if the phase accuracy required is even linear in bits, getting to 1000 bits could be very difficult.

      • Re: (Score:2)

        by sjames ( 1099 )

        The limit is fundamental. The qbits have to remain in a coherant entangled state. Any outside influence will collapse them.

    • It's not terribly difficult. The quantum algorithms that can attack encryption are pretty specific, and also pretty fragile. friday night funkin [friday-nightfunkin.com]

  • Asked Vitalik Butarin about this (Score:3)

    by quax ( 19371 ) on Sunday November 14, 2021 @08:15PM (#61988463)

    Couple years ago at a hackathon I had an opportunity to ask Vitalik this question.

    His answer was a bit hand wavy, he essentially maintained that it wouldn't be too difficult to swap out the current crypto underpinnings for a quantum safe one (e.g. lattice based).

    I am not familiar with the Ethereum code base, but given how long it took them to roll out SegWit, I am not sure that I necessarily believe that it'll be as simple as Vitalik made it out to be.

  • Total nonsense, similar to fusion there is currently no road to scalability in the QC world. Without a demonstration of error correction all news about more qubits are just hot air
  • A quantum computer could find the private key used in bitcoin in theory but only after you have used the public key once because before that all the attacker has is the hash of the public key. So all wallets that haven't been used yet are safe. Almost all crypto currencies only rely on signing. We have quantum resistant hash based signing that could be used today. They are huge size wise but could be used. Further things like super singular isogenies are quantum resistant and could be used as drop in r

    • A quantum computer could find the private key used in bitcoin in theory but only after you have used the public key once because before that all the attacker has is the hash of the public key.

      Given that the valid public keys are rare (product of two primes which are approximately sqrt(public key)) you seem to have just added a single small hashing step.

      Did you think they will be targeting your bitcoin wallet? Its every wallet all at once. Look heres two big primes that when multiplied hash to that guys wallet. Heres another, when used as a factor for those previous two primes, might nab 2 more wallets, observe how as the number of primes that are on the list of primes of about the right size

      • Factoring and discrete log (to go from public key to private) are QBP -- they're fast on a quantum computer.

        Finding interesting inversions of hash functions is not. "find a valid public key of length N with this hash" is susceptible to Grover search but that's still 2^(N/2) -- it's just the generic "you need to double the length of your keys" speedup that quantum computers provide.

      • ...

        Look heres two big primes that when multiplied hash to that guys wallet. Heres another, when used as a factor for those previous two primes, might nab 2 more wallets, observe how as the number of primes that are on the list of primes of about the right size grows, the number of potential finds grows exponentially. I dont now how costly the hashing step is but that becomes the limiting factor, guaranteed.

        Guaranteed? Really?

        I don't think you appreciate how many primes are up there in that region of the number line. Roughly speaking, a number chosen 'at random' in the vicinity of 2^k, where k is a sizeable exponent, has roughly a one in k chance of turning out prime, when tested. To be specific, there are roughly 2^(1024-11) primes of 1024 bits in length. There is no way to store that many numbers on Earth since they outnumber the atoms on the Earth by many many many orders of magnitude. There is just no place to put them.

        Odds are that the same prime won't turn up again in another private key, unless the random number generator used to produce the keys is defective.

      • Crypto currencies use elliptic curve cryptography not RSA, so there aren't a pair of primes. But suppse they did and suppose there are a trillion * trillion public keys and if you guess a big prime and assuming you could check all these public keys to see if they hash to the product of your big prime and some other big prime (that you don't know), which you can't in order O(1) time. You still wouldn't crack a single key. The keys are 2^2048 at the smallest. That's two 2^1024 primes. Each one has 300+ d

  • I'm amused that anybody thinks crypto currencies will still be relevant by the time their cryptography can be cracked.

    Bitcoin has already completely failed as a currency and then was re-branded as "digital gold" which operates very similar to a ponzi scheme. Crypto is in effect no longer actually "de-centralized" since the majority of trading happens at centralized, shady, unregulated exchanges, involving non-accountable stablecoins that are printed out of thin air with the fever every crypto enthusiast no

    • Re: (Score:2)

      by Kaenneth ( 82978 )

      How has Bitcoin failed? I recently sent $6000 for a fee of 26 cents. Worked perfectly.

      • LOL you a fee to transfer $6000? That's truly sad. 2 months ago I sent 360000EUR for a fee of nothing.

        And it transferred instantly, not in 10-30min like it would have with bitcoin.
        And it didn't need to generate the equivalent CO2 emissions of powering an average American home for 21 days like it would have over bitcoin.

        But I'm glad it at least "worked" for you. Baby steps I guess.

        • Re: (Score:2)

          by Kaenneth ( 82978 )

          LOL, using a Euro bank that pays NEGATIVE interest on savings?

          might have been no 'transfer fee' but they did profit from you.

          And why would Miners mine at such a huge loss? If BTC actually used that much power, the miners would lose money, and therefore wouldn't mine.

          Your excuses are fiction, they don't make sense.

    • Re:The elephant in the room (Score:5, Insightful)

      by allcoolnameswheretak ( 1102727 ) on Monday November 15, 2021 @05:46AM (#61989371)

      Bitcoin has already completely failed as a currency and then was re-branded as "digital gold" which operates very similar to a ponzi scheme

      The people who repeat the tired old "it's a ponzi" argument don't understand how a ponzi scheme works. Google it. A ponzi doesn't have trade of a tangible asset, it's just a pyramid scheme of fake promises. The cost of entering a ponzi scheme doesn't go up - instead everyone is promised the same gains because the scammer wants everyone to join in. Also, everything going on is made opaque and secret, obviously, because it's a scam.

      Bitcoin (and crypto in general) on the other hand are openly traded items. Those who were in early, still own it, and some of those who make a lot of money, regularly trade it. There is real value of decentralization, self-custody and independence. It is transparent about everything, the price, who owns it and all transactions. This openness is in the nature of the public, decentralized blockchain.
      The price goes up as demand rises, and that made early adopters very rich. This is no different than what happened with stocks of successful companies like Apple, Amazon or Tesla.

      So many people calling crypto a ponzi just because they are bitter for not being one of the people who got in early, and therefore want it all to fail.

      • Excellent analysis. Bitcoin isn't a ponzi scheme because everyone knows there is no revenue generating activity.

        It is, however, a massive bubble. It checks four of the five boxes. [wikipedia.org]
        1. There is a real underlying technological breakthrough in blockchain technology, which allows decentralized transfers of capital.
        2. Initial investment was strong, attracting attention
        3. More money flowed in exuberantly. Unfortunately, everyone is ignoring the elephant in the room. People aren't using it as currency. Th

    • Bitcoin has already completely failed as a currency

      Currency? Bitcoin isn't a currency. It's a speculative pyramid scheme that is working remarkably well.

  • I wonder how many more decades we will be hearing that for.

    • Re: (Score:1)

      by Anonymous Coward

      Probably less than you might imagine. QC is more or less at the same stage as digital electronics was when the first discrete transistors were created. Except this time around, there are a lot more people trying to use those fledgling components than were back in day. Unlike last time, we're all "sold" on the idea of computers, so there's some real motivation to get it working.

      The other thing is that the proof of concept has been done already. We know it can do a series of useful things - but we do indeed l

  • It is a fallacy to say the touted "post-quantum cryptography" is proof against quantum computers breaking the ciphers. The algorithms are only "thought to be secure", hard proof of that doesn't exist for any of them. Some mathematician may own the ass of anyone relying on them.

    • Re: (Score:2)

      by suutar ( 1860506 )

      So... the same security as any other crypto algorithm - "secure against everything we know about".

  • "That could substantially increase the amount of computing horsepower needed to house blockchains"

    Not so. Because remember, the only thing a miner protects you against in a proof of work scheme, is other miners. No one has to spend more computation to defend, because spending computation to attack (I.e. compete) has become just as more expensive.

  • If some company created a computer (quantum or anything else) that allows creating a bitcoin for $10, they have two possibilities:

    1. Create say $10 million worth of bitcoin every day and sell them. Enough to make serious money, but not enough to crash bitcoin. That would be about 4bn income a year.

    2. Create and sell a billion worth of bitcoin slowly, and then create tons of them and kill the market. Making everyone's bitcoin lose their value. So create 17,000 bitcoins and sell them for a billion, then

  • "Ravna sat beside him, the least talkative of the four. She joined in the laughter and sometimes the discussion: There was the time Blueshell had a humor fit at Pham's faith in public key encryption, and Ravna knew some stories of her own to illustrate the Rider's opinion."

    -- A Fire Upon the Deep, Vernor Vinge, 1992.

  • Maybe later. Maybe never.

    Even if QCs ever work, they will never scale in Qbits and in computation length. Shor's algorithm needs 3x the Qbits of the RSA length and they need to stay coherent for a lengthy computation.

    • They arent using Shor's algorithm for quantum factoring. They are using Adiabatic Quantum Computation.

      Shor's algorithm is guaranteed to find the factors (even though reading them after might be error prone), AQC on the other hand finds them with some desired probability (and reading them after might be error prone)

      This is the problem with any conclusions people make about what is and isnt possible. Refined quantum computation will only loosely look like anything we are doing today. We really have no ide

      • Re: (Score:2)

        by gweihir ( 88907 )

        Ok, my bad. Then we should probably look at 100'000 years instead.
        Side note: You _still_ need to get the number to factor in. And you still need to represent the factors. So doing it below two times the bit-lenght entangled qbits is probably fundamentally impossible. Oh, and the example used is not general.

        Seriously, stop believing Quantum Computing is magic. It is not.

  • I would be more worried that Quatum computers will easily crack all stored PGP messages.

Slashdot Top Deals

2.4 statute miles of surgical tubing at Yale U. = 1 I.V.League

Close