Bitcoin Q&A: Is quantum computing a threat?

[AUDIENCE] My question is about security. I’ve listened
to one of your talks about quantum computing. You said that we can assume the NSA
has quantum computing currently. My question is, how can [we safeguard]
Bitcoin against quantum computing? Once [a threshold] is reached,
they will be able to break into wallets. [ANDREAS] That is a very good question. Quantum computing isn’t an on / off
thing… That is a double-pun, actually. [Laughter] It is not that you either have quantum
computing or you don’t have quantum computing. The [real] question is, how many qubits of
quantum computing [power] do you have? The number of qubits you would need to break
[the current cryptographic algorithms in Bitcoin]… and most blockchains], is greater than the wildest
speculation of what intelligence agencies might have. That doesn’t mean it doesn’t exist, but I am not
worried about the NSA having quantum computing. A very basic concept in security: if you have a very powerful weapon, you do not
use it until you have a very good reason to use it. One [illustrative example] is what happened in [the city
of] Coventry when the British had broken Enigma. The most important secret was the
fact that [Polish forces] had broken Enigma; otherwise, [the Germans] would change
[the encipherment key settings]. To keep that secret, they had to do parallel construction.
If they found out [someplace would be] bombed, they would capture a German soldier who
knew about it and then say he told them, so that they would have a different [source of
knowledge than the deciphered messages]. When they didn’t have a different [source], they let the
Germans bomb Coventry. Thousands of people died. To protect the secret [of Enigma being broken]. If the NSA has a quantum computer,
they really don’t want people to know. The quantum computer could also break the encryption
keys on all the nukes and nuclear submarines, communication keys in the military intelligence
networks and all of the commercial networks. I don’t think they will use it to break Bitcoin, if you know
what I mean. [Laughter] That is small fish to them. The real problem becomes when you have broad
commercial availability of quantum computing, but not broad enough that all of us
can use it in [securing] our wallets. That interim period [will be] a bit awkward. During that interim period, Bitcoin needs
to [upgrade] its [cryptographic] algorithms. An interesting thing that [will] happen: while you can change the [cryptographic] algorithms
in active wallets, some wallets have lost keys… or the people who had those keys are dead. They can’t change the signing algorithm, which means
those wallets will be captured by quantum computers. We will know quantum computing [has reached
the threshold] when Satoshi’s coins move. [Laughter] [AUDIENCE] Thank you. [ANDREAS] That is one of the reasons they
[might] move. Eventually they will move… because someone will be able to break the keys. For the rest of [us in] the ecosystem, we can
migrate quite easily to another algorithm. It is not really as big of a threat as people think it is. The next question comes from JJ:
“Satoshi’s one million coins and quantum computing.” “If the protocol [must] be upgraded to resist quantum
[computing attacks], will such an upgrade likely… require manually moving funds
to a new type of address?” “Would this mean everyone — including Satoshi with
a million coins — would be forced to move their funds?” “If they can’t move [their funds], might
they be claimed by a quantum computer, along with all funds [controlled by] lost
keys, by essentially cracking those keys?” “Does quantum computing mean that, at some
point [in time], all lost coins could be reclaimed… because they can’t be moved to an upgraded address?” Yes, that is the case. First of all, we don’t
know that Satoshi [owns] a million coins. It is difficult to attribute exactly how many
[coins] were mined directly by Satoshi. So that is an estimate, but let’s say it is one million. There is a lot more bitcoin which has been lost over the
years. I have lost keys [for] small amounts of bitcoin. I am sure many others have [lost keys] too.
So what [will] happen with those? Quantum computers [with sufficient qubits] would mean
the elliptic curve digital signature algoritm is vulnerable. There are two categories of [cryptographic]
algorithms used within Bitcoin: a hashing algorithm (SHA-256) and
a digital signature algorithm (ECDSA). Quantum computing [attacks] will most likely
affect the digital signature algorithm first. Whether you can use a quantum algorithm to
short-cut SHA-256… I’m not sure about that. I don’t know how easy it is. [Hashing] algorithms are in
a different class and might require a different approach. Let’s say that ECDSA is affected. That means, if you lost
your keys but had previously [spent from] that address, then [the] public key will be visible on the blockchain. When you spend from an address, you [expose]
the public key and a digital signature. [As far as we know], Satoshi never
spent any of the initial mined coins. [However, the coinbase transactions used pay-to-public-
key (P2PK) instead of pay-to-public-key-hash (P2PKH), [where the] address is the result of a
double hash [of the ECDSA public key]. If a quantum computer can [reverse an] ECDSA [public
key] but not SHA-256, coins [acquired via P2PKH]… are safe, [but Satoshi’s P2PK coins are not safe, as
this means the public keys are already exposed]. The only other coins affected are the ones [in]
addresses that have been reused several times. That is one of the reasons why it is a best practice to only use an address once; the first time a signature… appears on the blockchain [and the public key]
is [exposed], those funds should have moved. [The address is] empty and never gets used again,
that key never gets used again. Even if the public key can be cracked in the future,
it results in a private key that doesn’t control funds, because you only used it once. That means people who don’t follow the best practice
may have their keys affected by quantum computing… long before people who do use that practice. [Though again], Satoshi’s one million coins never moved,
[but are exposed due to pay-to-public-key (P2PK)]. Quantum computing doesn’t necessarily mean
that all coins are vulnerable immediately. It’s only the case for those where [the
public key] is visible on the blockchain. If SHA-256 is vulnerable but ECDSA isn’t, then
you can reverse the address to a public key perhaps. That would [be] a very big vulnerability, not simply
finding a collision but reversing the hash algorithm, which is a whole different class of problem. In that case, you [must still reverse] the
[resulting] public key [to get] the private key. You [must] break both SHA-256 and ECDSA to [take]
funds from an address which has never been reused… [as long as it doesn’t use pay-to-public-key (P2PK)]. It is not as simple [as you might expect], but if quantum
computing becomes a problem, we will need to… move funds to new type of address [with keys]
from a quantum-secure digital signature algorithm. [This will not be a] problem for
the foreseeable future, of course.

29 thoughts on “Bitcoin Q&A: Is quantum computing a threat?

  1. The fuck, I didn't know that Aantanop is Andreas M. Antonopoulos, I have been referring to your book from quite a while now.

  2. Most (all?) of Satoshi's coins are in P2PK addresses, not P2PKH, so his coins are immediately vulnerable to a quantum computer which can reverse ECDSA.

  3. 2:45–3:31 "You can change the algorithms of all the active wallets, but some wallets have lost keys or the people who had those keys died and they can't change the signing algorithm which means those wallets will be captured by quantum computers. So we will know what quantum computers exist when satoshi's coins move… That's one of the reasons why they will move. Eventually they will move and they will move because eventually someone will be able to break the keys. But for the rest of the eco system we can migrate quite easily to another algorithm. It's not really as big of a threat that people think it is."

  4. The thing about Quantum computing is that only Gigantic institutions like IBM and people with the need to make extremely complex calculcations will be the first to use them. The US Government has a Blazzay attitude towards Cryptocurrency- They Don't like what it enables but so far they've got a mostly hands off approach and I think given the reality of how people in the US tend to vote it's unlikely we'll see a government in the US that is extraordinarily hostile to Bitcoin. Given that it's unlikely that the US Government will invest in a Quantum computer with the purpose of Breaking Bitcoin's Cryptography… That leaves only the kinds of the institutions that can afford a mainframe left to worry about. The Banks, IBM, Disney, etc. I find it highly unlikely that any of these institutions would use A Quantum computer to destroy Bitcoin. It's only when we get down to the level of Individual and personal Quantum Computers that I'd start to worry but we're NOWHERE near the day when You'll be able to buy a Quantum computer with the ease of buying a Laptop.

  5. In the near future, quantum computers will be able to crack all binary based cryptology algorithims easly beacuse of its design. Nature and universe is working based on quantum mechanics, and nature is very complex situation which is existing computers will never be simulate it one on one. Quantum copmuters will be able to simulate the nature and the universe closely. I mean that all cryptology systems have to be change based on quantum mechanics. I dont know how the quantum cryptology look like for now but we will see it.

  6. Hey Andreas, Would there be a dapplication towards Bitcoin's network on distributed scaling toward the quantum realm?? An example, nonce iteration parsed in to seven separate realms each with divergent scaling methods

  7. “I’m not worried about the NSA having quantum computers”. Dude they use their spying powers to trade nudes and spy on their wives and girlfriends. smfh

  8. So let's say they don't hack the Bitcoin.. but the q computer has a great amount of processing power… So let's say I have a quantum computer.. and I mine Bitcoin… What do you believe will happen to the price of Bitcoin???

  9. Quantum computing would not only affect Bitcoin/Crytpo, it will ALSO destroy the current Banking/Credit/Financial system a lot easier.

    Nobodies money will be safe in the current financial/banking/credit system with quantum computing, at least with Bitcoin there are different layers of security that we can switch to to protect our money.

  10. Does this also apply for ethereum? so if you spend some eth would there be a digital signature left on the blockchain that could eventually be cracked ?

  11. Quantum processing is here. D-Wave has a commercially available version for under $3 million that has 2048 q-bits that can break blockchain.

  12. Imagine.. We are already close to an AI that could do thousands of years work in a week or two. At the moment we see gov researched non weapons to the public released years later.. Things are gonna get weird when we hit a certain point

Leave a Reply

Your email address will not be published. Required fields are marked *