Quantum computer systems shall be a risk to Bitcoin and ...

Is Crypto Currency truly at risk due to Quantum Computers, and what can you do about it?

Is Crypto Currency truly at risk due to Quantum Computers, and what can you do about it?

There is no denying that the Quantum revolution is coming. Security protocols for the internet, banking, telecommunications, etc... are all at risk, and your Bitcoins (and alt-cryptos) are next!
This article is not really about quantum computers[i], but, rather, how they will affect the future of cryptocurrency, and what steps a smart investor will take. Since this is a complicated subject, my intention is to provide just enough relevant information without being too “techy.”

The Quantum Evolution

In 1982, Nobel winning physicist, Richard Feynman, hypothesized how quantum computers[ii] would be used in modern life.
Just one year later, Apple released the “Apple Lisa”[iii] – a home computer with a 7.89MHz processor and a whopping 5MB hard drive, and, if you enjoy nostalgia, it used 5.25in floppy disks.
Today, we walk around with portable devices that are thousands of times more powerful, and, yet, our modern day computers still work in a simple manner, with simple math, and simple operators[iv]. They now just do it so fast and efficient that we forget what’s happening behind the scenes.
No doubt, the human race is accelerating at a remarkable speed, and we’ve become obsessed with quantifying everything - from the everyday details of life to the entire universe[v]. Not only do we know how to precisely measure elementary particles, we also know how to control their actions!
Yet, even with all this advancement, modern computers cannot “crack” cryptocurrencies without the use of a great deal more computing power, and since it’s more than the planet can currently supply, it could take millions, if not billions, of years.
However, what current computers can’t do, quantum computers can!
So, how can something that was conceptualized in the 1980’s, and, as of yet, has no practical application, compromise cryptocurrencies and take over Bitcoin?
To best answer this question, let’s begin by looking at a bitcoin address.

What exactly is a Bitcoin address?

Well, in layman terms, a Bitcoin address is used to send and receive Bitcoins, and looking a bit closer (excuse the pun), it has two parts:[vi]
A public key that is openly shared with the world to accept payments. A public key that is derived from the private key. The private key is made up of 256 bits of information in a (hopefully) random order. This 256 bit code is 64 characters long (in the range of 0-9/a-f) and further compressed into a 52 character code (using RIPEMD-160).
NOTE: Although many people talk about Bitcoin encryption, Bitcoin does not use Encryption. Instead, Bitcoin uses a hashing algorithm (for more info, please see endnote below[vii]).
Now, back to understanding the private key:
The Bitcoin address “1EHNa6Q4Jz2uvNExL497mE43ikXhwF6kZm” translates to a private key of “5HpHagT65TZzG1PH3CSu63k8DbpvD8s5ip4nEB3kEsreAnchuDf” which further translates to a 256 bit private key of “0000000000000000000000000000000000000000000000000000000000000001” (this should go without saying, but do not use this address/private key because it was compromised long ago.) Although there are a few more calculations that go behind the scenes, these are the most relevant details.
Now, to access a Bitcoin address, you first need the private key, and from this private key, the public key is derived. With current computers, it’s classically impractical to attempt to find a private key based on a public key. Simply put, you need the private key to know the public key.
However, it has already been theorized (and technically proven) that due to private key compression, multiple private keys can be used to access the same public key (aka address). This means that your Bitcoin address has multiple private keys associated with it, and, if someone accidentally discovers or “cracks” any one of those private keys, they have access to all the funds in that specific address.
There is even a pool of a few dedicated people hunting for these potential overlaps[viii], and they are, in fact, getting very efficient at it. The creator of the pool also has a website listing every possible Bitcoin private key/address in existence[ix], and, as of this writing, the pool averages 204 trillion keys per day!
But wait! Before you get scared and start panic selling, the probability of finding a Bitcoin address containing funds (or even being used) is highly unlikely – nevertheless, still possible!
However, the more Bitcoin users, the more likely a “collision” (finding overlapping private/public key pairs)! You see, the security of a Bitcoin address is simply based on large numbers! How large? Well, according to my math, 1.157920892373x1077 potential private keys exist (that number represents over 9,500 digits in length! For some perspective, this entire article contains just over 14,000 characters. Therefore, the total number of Bitcoin addresses is so great that the probability of finding an active address with funds is infinitesimal.

So, how do Quantum Computers present a threat?

At this point, you might be thinking, “How can a quantum computer defeat this overwhelming number of possibilities?” Well, to put it simple; Superposition and Entanglement[x].
Superposition allows a quantum bit (qbit) to be in multiple states at the same time. Entanglement allows an observer to know the measurement of a particle in any location in the universe. If you have ever heard Einstein’s quote, “Spooky Action at a Distance,” he was talking about Entanglement!
To give you an idea of how this works, imagine how efficient you would be if you could make your coffee, drive your car, and walk your dog all at the same time, while also knowing the temperature of your coffee before drinking, the current maintenance requirements for your car, and even what your dog is thinking! In a nutshell, quantum computers have the ability to process and analyze countless bits of information simultaneously – and so fast, and in such a different way, that no human mind can comprehend!
At this stage, it is estimated that the Bitcoin address hash algorithm will be defeated by quantum computers before 2028 (and quite possibly much sooner)! The NSA has even stated that the SHA256 hash algorithm (the same hash algorithm that Bitcoin uses) is no longer considered secure, and, as a result, the NSA has now moved to new hashing techniques, and that was in 2016! Prior to that, in 2014, the NSA also invested a large amount of money in a research program called “Penetrating Hard Targets project”[xi] which was used for further Quantum Computer study and how to break “strong encryption and hashing algorithms.” Does NSA know something they’re not saying or are they just preemptively preparing?
Nonetheless, before long, we will be in a post-quantum cryptography world where quantum computers can crack crypto addresses and take all the funds in any wallet.

What are Bitcoin core developers doing about this threat?

Well, as of now, absolutely nothing. Quantum computers are not considered a threat by Bitcoin developers nor by most of the crypto-community. I’m sure when the time comes, Bitcoin core developers will implement a new cryptographic algorithm that all future addresses/transactions will utilize. However, will this happen before post-quantum cryptography[xii]?
Moreover, even after new cryptographic implementation, what about all the old addresses? Well, if your address has been actively used on the network (sending funds), it will be in imminent danger of a quantum attack. Therefore, everyone who is holding funds in an old address will need to send their funds to a new address (using a quantum safe crypto-format). If you think network congestion is a problem now, just wait…
Additionally, there is the potential that the transition to a new hashing algorithm will require a hard fork (a soft fork may also suffice), and this could result in a serious problem because there should not be multiple copies of the same blockchain/ledger. If one fork gets attacked, the address on the other fork is also compromised. As a side-note, the blockchain Nebulas[xiii] will have the ability to modify the base blockchain software without any forks. This includes adding new and more secure hashing algorithms over time! Nebulas is due to be released in 2018.

Who would want to attack Bitcoin?

Bitcoin and cryptocurrency represent a threat to the controlling financial system of our modern economy. Entire countries have outright banned cryptocurrency[xiv] and even arrested people[xv], and while discrediting it, some countries are copying cryptocurrency to use (and control) in their economy[xvi]!
Furthermore, Visa[xvii], Mastercard[xviii], Discover[xix], and most banks act like they want nothing to do with cryptocurrency, all the while seeing the potential of blockchain technology and developing their own[xx]. Just like any disruptive technology, Bitcoin and cryptocurrencies have their fair share of enemies!
As of now, quantum computers are being developed by some of the largest companies in the world, as well as private government agencies.
No doubt, we will see a post-quantum cryptography world sooner than most realize. By that point, who knows how long “3 letter agencies” will have been using quantum technology - and what they’ll be capable of!

What can we do to protect ourselves today?

Of course, the best option is to start looking at how Bitcoin can implement new cryptographic features immediately, but it will take time, and we have seen how slow the process can be just for scaling[xxi].
The other thing we can do is use a Bitcoin address only once for outgoing transactions. When quantum computers attack Bitcoin (and other crypto currencies), their first target will be addresses that have outgoing transactions on the blockchain that contain funds.
This is due to the fact that when computers first attempt to crack a Bitcoin address, the starting point is when a transaction becomes public. In other words, when the transaction is first signed – a signed transaction is a digital signature derived from the private key, and it validates the transaction on the network. Compared to classical computers, quantum computers can exponentially extrapolate this information.
Initially, Bitcoin Core Software might provide some level of protection because it only uses an address once, and then sends the remaining balance (if any) to another address in your keypool. However, third party Bitcoin wallets can and do use an address multiple times for outgoing transactions. For instance, this could be a big problem for users that accept donations (if they don’t update their donation address every time they remove funds). The biggest downside to Bitcoin Core Software is the amount of hard-drive space required, as well as diligently retaining an up-to-date copy of the entire blockchain ledger.
Nonetheless, as quantum computers evolve, they will inevitably render SHA256 vulnerable, and although this will be one of the first hash algorithms cracked by quantum computers, it won’t be the last!

Are any cryptocurrencies planning for the post-quantum cryptography world?

Yes, indeed, there are! Here is a short list of ones you may want to know more about:

Full disclosure:

Although I am in no way associated with any project listed above, I do hold coins in all as well as Bitcoin, Litecoin and many others.
The thoughts above are based on my personal research, but I make no claims to being a quantum scientist or cryptographer. So, don’t take my word for anything. Instead, do your own research and draw your own conclusions. I’ve included many references below, but there are many more to explore.
In conclusion, the intention of this article is not to create fear or panic, nor any other negative effects. It is simply to educate. If you see an error in any of my statements, please, politely, let me know, and I will do my best to update the error.
Thanks for reading!

References

[i] https://www.youtube.com/watch?v=JhHMJCUmq28 – A great video explaining quantum computers.
[ii] https://www.doc.ic.ac.uk/~nd/surprise_97/journal/vol4/spb3/ - A brief history of quantum computing.
[iii] https://en.wikipedia.org/wiki/Apple_Lisa - More than you would ever want to know about the Apple Lisa.
[iv] https://www.youtube.com/watch?v=tpIctyqH29Q&list=PL8dPuuaLjXtNlUrzyH5r6jN9ulIgZBpdo - Want to learn more about computer science? Here is a great crash course for it!
[v] https://www.collinsdictionary.com/dictionary/english/quantify - What does quantify mean?
[vi] https://en.bitcoin.it/wiki/Private_key - More info about Bitcoin private keys.
[vii] https://www.securityinnovationeurope.com/blog/page/whats-the-difference-between-hashing-and-encrypting - A good example of the deference between Hash and Encryption
[viii] https://lbc.cryptoguru.org/stats - The Large Bitcoin Collider.
[ix] http://directory.io/ - A list of every possible Bitcoin private key. This website is a clever way of converting the 64 character uncompressed key to the private key 128 at a time. Since it is impossible to save all this data in a database and search, it is not considered a threat! It’s equated with looking for a single needle on the entire planet.
[x] https://uwaterloo.ca/institute-for-quantum-computing/quantum-computing-101#Superposition-and-entanglement – Brief overview of Superposition and Entanglement.
[xi] https://www.washingtonpost.com/world/national-security/nsa-seeks-to-build-quantum-computer-that-could-crack-most-types-of-encryption/2014/01/02/8fff297e-7195-11e3-8def-a33011492df2_story.html?utm_term=.e05a9dfb6333 – A review of the Penetrating Hard Targets project.
[xii] https://en.wikipedia.org/wiki/Post-quantum_cryptography - Explains post-quantum cryptography.
[xiii] https://www.nebulas.io/ - The nebulas project has some amazing technology planned in their roadmap. They are currently in testnet stage with initial launch expected taking place in a few weeks. If you don’t know about Nebulas, you should check them out. [xiv] https://en.wikipedia.org/wiki/Legality_of_bitcoin_by_country_or_territory - Country’s stance on crypto currencies.
[xv] https://www.cnbc.com/2017/08/30/venezuela-is-one-of-the-worlds-most-dangerous-places-to-mine-bitcoin.html - Don’t be a miner in Venezuela!
[xvi] http://www.newsweek.com/russia-bitcoin-avoid-us-sanctions-cryptocurrency-768742 - Russia’s plan for their own crypto currency.
[xvii] http://www.telegraph.co.uk/technology/2018/01/05/visa-locks-bitcoin-payment-cards-crackdown-card-issue - Recent attack from visa against crypto currency.
[xviii] https://www.ccn.com/non-government-digital-currency-junk-says-mastercard-ceo-rejecting-bitcoin/ - Mastercards position about Bitcoin.
[xix] http://www.livebitcoinnews.com/discover-joins-visa-mastercard-barring-bitcoin-support/ - Discovers position about Bitcoin.
[xx] http://fortune.com/2017/10/20/mastercard-blockchain-bitcoin/ - Mastercard is making their own blockchain.
[xxi] https://bitcoincore.org/en/2015/12/21/capacity-increase/ - News about Bitcoin capacity. Not a lot of news…
[xxii] https://learn.iota.org/faq/what-makes-iota-quantum-secure - IOTA and quantum encryption.
[xxiii] https://eprint.iacr.org/2011/191.pdf - The whitepaper of Winternitz One-Time Signature Scheme
[xxiv] https://cardanoroadmap.com/ - The Cardano project roadmap.
[xxv] https://eprint.iacr.org/2017/490 - More about the BLISS hash system.
[xxvi] https://www.ethereum.org/ - Home of the Ethereum project.
[xxvii] https://en.wikipedia.org/wiki/SHA-3#Security_against_quantum_attacks – SHA3 hash algorithm vs quantum computers.
[xxviii] https://en.wikipedia.org/wiki/Lamport_signature - Lamport signature information.
[xxix] https://theqrl.org/ - Home of the Quantum Resistant Ledger project.
submitted by satoshibytes to CryptoCurrency [link] [comments]

Part 5. I'm writing a series about blockchain tech and possible future security risks. This is the fifth part of the series talking about an advanced vulnerability of BTC.

The previous parts will give you usefull basic blockchain knowledge and insights on quantum resistance vs blockchain that are not explained in this part.
Part 1, what makes blockchain reliable?
Part 2, The mathematical concepts Hashing and Public key cryptography.
Part 3, Quantum resistant blockchain vs Quantum computing.
Part 4A, The advantages of quantum resistance from genesis block, A
Part 4B, The advantages of quantum resistance from genesis block, A

Why BTC is vulnerable for quantum attacks sooner than you would think.
Content:
The BTC misconception: “Original public keys are not visible until you make a transaction, so BTC is quantum resistant.”
Already exposed public keys.
Hijacking transactions.
Hijacks during blocktime
Hijacks pre-blocktime.
MITM attacks

- Why BTC is vulnerable for quantum attacks sooner than you would think. -

Blockchain transactions are secured by public-private key cryptography. The keypairs used today will be at risk when quantum computers reach a certain critical level: Quantum computers can at a certain point of development, derive private keys from public keys. See for more sourced info on this subject in part 3. So if a public key can be obtained by an attacker, he can then use a quantum computer to find the private key. And as he has both the public key and the private key, he can control and send the funds to an address he owns.
Just to make sure there will be no misconceptions: When public-private key cryptography such as ECDSA and RSA can be broken by a quantum computer, this will be an issue for all blockchains who don't use quantum resistant cryptography. The reason this article is about BTC is because I take this paper as a reference point: https://arxiv.org/pdf/1710.10377.pdf Here they calculate an estimate when BTC will be at risk while taking the BTC blocktime as the window of opportunity.
The BTC misconception: “Original public keys are not visible until you make a transaction, so BTC is quantum resistant.”
In pretty much every discussion I've read and had on the subject, I notice that people are under the impression that BTC is quantum resistant as long as you use your address only once. BTC uses a hashed version of the public key as a send-to address. So in theory, all funds are registered on the chain on hashed public keys instead of to the full, original public keys, which means that the original public key is (again in theory) not public. Even a quantum computer can't derive the original public key from a hashed public key, therefore there is no risk that a quantum computer can derive the private key from the public key. If you make a transaction, however, the public key of the address you sent your funds from will be registered in full form in the blockchain. So if you were to only send part of your funds, leaving the rest on the old address, your remaining funds would be on a published public key, and therefore vulnerable to quantum attacks. So the workaround would be to transfer the remaining funds, within the same transaction, to a new address. In that way, your funds would be once again registered on the blockchain on a hashed public key instead of a full, original public key.
If you feel lost already because you are not very familiar with the tech behind blockchain, I will try to explain the above in a more familiar way:
You control your funds through your public- private key pair. Your funds are registered on your public key. And you can create transactions, which you need to sign to be valid. You can only create a signature if you have your private key. See it as your e-mail address (public key) and your password (Private key). Many people got your email address, but only you have your password. So the analogy is, that if you got your address and your password, then you can access your mail and send emails (Transactions). If the right quantum computer would be available, people could use that to calculate your password (private key), if they have your email address (public key).
Now, because BTC doesn’t show your full public key anywhere until you make a transaction. That sounds pretty safe. It means that your public key is private until you make a transaction. The only thing related to your public key that is public is the hash of your public key. Here is a short explanation of what a hash is: a hash is an outcome of an equation. Usually one-way hash functions are used, where you can not derive the original input from the output; but every time you use the same hash function on the same original input (For example IFUHE8392ISHF), you will always get the same output (For example G). That way you can have your coins on public key "IFUHE8392ISHF", while on the chain, they are registered on "G".
So your funds are registered on the blockchain on the "Hash" of the public key. The Hash of the public key is also your "email address" in this case. So you give "G" as your address to send BTC to.
As said before: since it is, even for a quantum computer, impossible to derive a public key from the Hash of a public key, your coins are safe for quantum computers as long as the public key is only registered in hashed form. The obvious safe method would be, never to reuse an address, and always make sure that when you make a payment, you send your remaining funds to a fresh new address. (There are wallets that can do this for you.) In theory, this would make BTC quantum resistant, if used correctly. This, however, is not as simple as it seems. Even though the above is correct, there is a way to get to your funds.
Already exposed public keys.
But before we get to that, there is another point that is often overlooked: Not only is the security of your personal BTC is important, but also the security of funds of other users. If others got hacked, the news of the hack itself and the reaction of the market to that news, would influence the marketprice. Or, if a big account like the Satoshi account were to be hacked and dumped, the dump itself, combined with the news of the hack, could be even worse. An individual does not have the control of other people’s actions. So even though one might make sure his public key is only registered in hashed form, others might not do so, or might no know their public key is exposed. There are several reasons why a substantial amount of addresses actually have exposed full public keys:
In total, about 36% of all BTC are on addresses with exposed public keys Of which about 20% is on lost addresses. and here
Hijacking transactions.
But even if you consider the above an acceptable risk, just because you yourself will make sure you never reuse an address, then still, the fact that only the hashed public key is published until you make a transaction is a false sense of security. It only works, if you never make a transaction. Why? Public keys are revealed while making a transaction, so transactions can be hijacked while being made.
Here it is important to understand two things:
1.) How is a transaction sent?
The owner has the private key and the public key and uses that to log into the secured environment, the wallet. This can be online or offline. Once he is in his wallet, he states how much he wants to send and to what address.
When he sends the transaction, it will be broadcasted to the blockchain network. But before the actual transaction will be sent, it is formed into a package, created by the wallet. This happens out of sight of the sender.
That package ends up carrying roughly the following info: the public key to point to the address where the funds will be coming from, the amount that will be transferred, the address the funds will be transferred to (depending on the blockchain this could be the hashed public key, or the original public key of the address the funds will be transferred to). This package also carries the most important thing: a signature, created by the wallet, derived from the private- public key combination. This signature proves to the miners that you are the rightful owner and you can send funds from that public key.
Then this package is sent out of the secure wallet environment to multiple nodes. The nodes don’t need to trust the sender or establish the sender’s "identity”, because the sender proofs he is the rightful owner by adding the signature that corresponds with the public key. And because the transaction is signed and contains no confidential information, private keys, or credentials, it can be publicly broadcast using any underlying network transport that is convenient. As long as the transaction can reach a node that will propagate it into the network, it doesn’t matter how it is transported to the first node.
2.) How is a transaction confirmed/ fulfilled and registered on the blockchain?
After the transaction is sent to the network, it is ready to be processed. The nodes have a bundle of transactions to verify and register on the next block. This is done during a period called the block time. In the case of BTC that is 10 minutes.
If we process the information written above, we will see that there are two moments where you can actually see the public key, while the transaction is not fulfilled and registered on the blockchain yet.
1: during the time the transaction is sent from the sender to the nodes
2: during the time the nodes verify the transaction. (The blocktime)
Hijacks during blocktime
This paper describes how you could hijack a transaction and make a new transaction of your own, using someone else’s address and send his coins to an address you own during moment 2: the time the nodes verify the transaction:
https://arxiv.org/pdf/1710.10377.pdf
"(Unprocessed transactions) After a transaction has been broadcast to the network, but before it is placed on the blockchain it is at risk from a quantum attack. If the secret key can be derived from the broadcast public key before the transaction is placed on the blockchain, then an attacker could use this secret key to broadcast a new transaction from the same address to his own address. If the attacker then ensures that this new transaction is placed on the blockchain first, then he can effectively steal all the bitcoin behind the original address." (Page 8, point 3.)
So this means that BTC obviously is not a quantum secure blockchain. Because as soon as you will touch your funds and use them for payment, or send them to another address, you will have to make a transaction and you risk a quantum attack.
Hijacks pre-blocktime.
The story doesn't end here. The paper doesn't describe the posibility of a pre-blocktime hijack.
So back to the paper: as explained, while making a transaction your public key is exposed for at least the transaction time. This transaction time is 10 minutes where your transaction is being confirmed during the 10 minute block time. That is the period where your public key is visible and where, as described in the paper, a transaction can be hijacked, and by using quantum computers, a forged transaction can be made. So the critical point is determined to be the moment where quantum computers can derive private keys from public keys within 10 minutes. Based on that 10 minute period, they calculate (estimate) how long it will take before QC's start forming a threat to BTC. (“ By our most optimistic estimates, as early as 2027 a quantum computer could exist that can break the elliptic curve signature scheme in less than 10 minutes, the block time used in Bitcoin.“ This is also shown in figure 4 on page 10 and later more in depth calculated in appendix C, where the pessimistic estimate is around 2037.) But you could extend that 10 minutes through network based attacks like DDoS, BGP routing attacks, NSA Quantum Insert, Eclipse attacks, MITM attacks or anything like that. (And I don’t mean you extend the block time by using a network based attack, but you extend the time you have access to the public key before the transaction is confirmed.) Bitcoin would be earlier at risk than calculated in this paper.
Also other Blockchains with way shorter block times imagine themselves safe for a longer period than BTC, but with this extension of the timeframe within which you can derive the private key, they too will be vulnerable way sooner.
Not so long ago an eclipse attack demonstrated it could have done the trick. and here Causing the blockchain to work over max capacity, means the transactions will be waiting to be added to a block for a longer time. This time needs to be added on the blocktime, expanding the period one would have time to derive the private key from the public key.
That seems to be fixed now, but it shows there are always new attacks possible and when the incentive is right (Like a few billion $ kind of right) these could be specifically designed for certain blockchains.
MITM attacks
An MITM attack could find the public key in the first moment the public key is exposed. (During the time the transaction is sent from the sender to the nodes) So these transactions that are sent to the network, contain public keys that you could intercept. So that means that if you intercept transactions (and with that the private keys) and simultaneously delay their arrival to the blockchain network, you create extra time to derive the private key from the public key using a quantum computer. When you done that, you send a transaction of your own before the original transaction has arrived and is confirmed and send funds from that stolen address to an address of your choosing. The result would be that you have an extra 10, 20, 30 minutes (or however long you can delay the original transactions), to derive the public key. This can be done without ever needing to mess with a blockchain network, because the attack happens outside the network. Therefore, slower quantum computers form a threat. Meaning that earlier models of quantum computers can form a threat than they assume now.
When MITM attacks and hijacking transactions will form a threat to BTC, other blockchains will be vulnerable to the same attacks, especially MITM attacks. There are ways to prevent hijacking after arrival at the nodes. I will elaborate on that in the next article. At this point of time, the pub key would be useless to an attacker due to the fact there is no quantum computer available now. Once a quantum computer of the right size is available, it becomes a problem. For quantum resistant blockchains this is differetn. MITM attacks and hijacking is useless to quantum resistant blockchains like QRL and Mochimo because these projects use quantum resistant keys.
submitted by QRCollector to CryptoTechnology [link] [comments]

Quantum Computing Vs. Blockchain

Quantum Computing Vs. Blockchain


The cryptocurrency community has long been discussing one technical feature of the blockchain, which directly affects its future. We are talking about the threat to the blockchain from the so-called quantum computing. The fact is that if these threats are implemented, crypto assets will not be able to function technically and all problems with their regulation will disappear by themselves.
Indeed, what is the point of creating a serious regulatory system for an instrument that will soon become simply inoperable?
Most modern cryptocurrencies are built on a particular cryptographic algorithm that ensures its security. The level of protection is determined by the amount of work required by the key, the password that determines the final result of the cryptographic conversion. It is known that when solving cryptography problems, the classical computer performs total testing of possible keys, in turn, one after another. A quantum computer can instantly test a set of keys and establish a combination that has the maximum probability of being true and thereby compromise the cryptosystem.
The threat to bitcoin is that high-speed quantum computers, as a result, will be able to “create problems” to the encryption processes and digital signatures used in the technology of blockchain and virtual currencies. Ultra-fast calculations would in principle allow to forge smart contracts and steal “coins”.
Most cryptocurrencies use public-key encryption algorithms for communications and, in particular, digital signatures. Public key cryptography is based on one-way mathematical functions-operations that are simple in one direction and difficult in the other. If we use quantum computers rather than classical ones to solve the factorization problem, it is solved much faster. Quantum computer allows for a couple of minutes to determine the secret key on the public, and the knowledge of the secret key allows you to access the address of the bitcoin network. It turns out that the owner of the quantum computer will be able to break the encryption system with a public key and write off (steal) “coins” from the appropriate address. This feature of quantum computing is the main danger for bitcoin.
According to some estimates, the quantum computer will be able to determine the secret key on the open in 2027.
Some commentators believe that with the advent of full-fledged quantum computers, the era of cryptocurrencies and blockchain will come to its logical end — the cryptography systems on which cryptocurrencies are based will be compromised, and the cryptocurrencies themselves will become worthless. Allegedly, the first thing that the owner of a quantum computer will do is quickly mine the remaining bitcoins, ethers and other popular crypto-coins. Experts have estimated that bitcoin hacking will require a quantum computer with a capacity of 10 thousand qubits, and it is not so long to wait for it — perhaps ten years, or even less.
IBM 50Q System: An IBM cryostat wired for a 50 qubit system. Photo from the www.ibm.com
However, not everyone shares this opinion.
According to new forecasts, a commercially acceptable version of the quantum computer will not appear until 2040. Many cryptocurrency experts are sure that by this moment developers will be able to prepare and adapt the blockchain to new realities. They will be able to modify the cryptocurrency code and protect the technologies used in it from hacking.
Analysts, however, emphasize that although an attacker with a powerful quantum computer will be able to get the secret key from the public, it is impossible to get the public key from the bitcoin address of the recipient of the transaction. The public key is converted to a bitcoin address by several unidirectional hash functions that are resistant to quantum computation. However, in fact, the public key still gets into the network one day. This occurs when the transaction is signed by the sender of the “coin”. Otherwise, the network will not be able to confirm the transaction, because there is no other way to verify the authenticity of the sender’s signature.
The widespread fear of a direct threat to bitcoin by quantum computing is exaggerated and comes from ignorance. In fact, using crowdsourcing, blockchain technology solves many problems, including reducing threats to its security from quantum computers. That is why the network based on the blockchain for superior protection network and platform of centralized architecture. Dr. Brennan has analyzed the threat of blockchain technologies by modern systems of quantum computing. He investigated the potential of a quantum computer in terms of the possibility of its use “for manipulating the blockchain in the centralization of hashing power” and assessed the probability of disclosure of the key of the encryption system that underlies the mechanism of protecting users of the blockchain. The results of the study show that the existing developments in the field of quantum computing are very far from the “imaginary possibilities” of quantum technologies — the modern quantum infrastructure is characterized by speed, absolutely insufficient to solve extremely complex problems such as the search for an acceptable time encryption key.
At least on the horizon of the next 10 years, the speed of quantum computers will be insufficient compared to the capabilities of modern mining machines.

Bitcoin will not give way before quantum computing.

Can Quantum Computing Take Over Blockchain?

Practice crosses out any theoretical constructions that claim that quantum computing is able to “master” the blockchain. This is due to the limited capabilities of existing technical means and the ongoing development of the blockchain protection system. The technology that can compromise the work of the blockchain is becoming obsolete by the time of its appearance, it is constantly about ten years behind the development of blockchain technology.
The head of the laboratory of quantum computing John Martinis from Google also rejected the assumption that quantum computing could pose a direct threat to blockchain systems and cryptocurrencies in the near future. Martinis believes that the process of creating quantum computers will take at least a decade, and the practical implementation of effective quantum computing will require even more time. He believes that the creation of quantum devices “is really problematic and much more difficult than the creation of a classical computer”.
From another angle, one of the world’s leading experts in the field of bitcoin and blockchain Andreas Antonopoulos also looked at the problem under consideration. Andreas Antonopoulos official Twitter page.
He is convinced that the US NSA and other intelligence agencies will not use a quantum computer against bitcoin, even if they have such weapons.
Andreas Antonopoulos said:
“I’m not at all worried that the NSA might have a quantum computer, because the basic security law says: if you have a powerful secret weapon, you do not use it. You need a very significant excuse to use it”.
He cited as an example the decryption by the British cryptographer Alan Turing of the German military machine encryption Telegraph messages “Enigma” during the Second World War. The Germans used this machine, in particular, for secret communication in the Navy. The British government then decided to keep this success in the strictest confidence, and by any means to hide the source of information (it was removed from the communication channels). The British had even deliberately not to prevent the sinking of their ships by the Germans, because as soon as the enemy realizes the compromise of the codes used by him, he immediately takes measures to Refine its technology.
The question of the threat of quantum computing is not the existence of a quantum computer, but its power — the number of quantum bits (qubits). Special services at this stage of development can not have enough power to attack the Bitcoin blockchain. However, a really real problem will arise when quantum computers become commercially available, but not so much that everyone can use them in their bitcoin wallet. During this transition period, bitcoin will need to switch to new algorithms. It is not yet clear how this transition will take place.
Researchers estimate the exploitability of the ideas of quantum-secured blockchain, the essence of which is that the Central element in the protection technology of the blockchain to make the quantum technology of quantum communication. Quantum communications (or, more precisely, quantum key distribution) guarantee security based on the laws of physics, not on the complexity of solving mathematical problems, as in the case of public-key cryptography. As a result, the quantum blockchain (it can be defined as a set of methods of using quantum technologies for calculations; the work of the quantum blockchain is based on the use of quantum communications to authenticate the participants of operations) will be invulnerable to attacks using a quantum computer.
Brennen and Tucker agree that quantum computing, at least on paper, definitely poses a threat to the security of blockchain networks. Feed her fears caused by the injection of panic sensational articles in the media. Tucker believes that the talk that quantum computing poses an immediate threat to the blockchain is distracting from the really important topics for discussion. The quantum threat to bitcoin cannot be completely excluded, but the level of this threat is estimated as minimal, especially if we take into account the high reliability of the network of this cryptocurrency and powerful incentives to ensure the highest level of its security.
Perhaps, from all this, it is possible to draw two conclusions. First, bitcoin in the current modification is really vulnerable to quantum computing. Secondly, it is equally obvious that there are and there will be many opportunities in the future to improve it. On the one hand, it is, in particular, alternative systems of cryptographic protection of transactions, and including on the basis of public-key ciphers, on the other — quantum communication systems that guarantee the security of communication without the use of mathematics.
So quantum systems promise new means of protection of virtual currency blockchains. If we turn to ordinary money, it can be noted that as technological development is constantly evolving and their means of protection. Remember how to protect against counterfeiting of conventional paper money is constantly coming up with new and unusual technologies. From all this, it follows that from a technical point of view, crypto assets are for a long time, which makes their regulation useful.
Material developed by the Legal Department of EdJoWa Holding
submitted by IMBA-Exchange to u/IMBA-Exchange [link] [comments]

Is Google’s Claimed “Quantum Supremacy” A Threat To Bitcoin?

Is Google’s Claimed “Quantum Supremacy” A Threat To Bitcoin?

Google And NASA Developed A Quantum Computer Able To Solve Impossible Equations
Google is the undisputed leader in the search engine realm, and the information stored on their servers is so large that it is difficult to ignore Google`s technical powers. The recent news about Google solving an equation that was believed to take around 10,000 years in just little over 3 minutes, raised a red flag in the crypto community.
The quantum processor, dubbed Sycamore, consists of 54 quantum cores, called qubits. In 2018, Google and NASA agreed to work together to create the supercomputer. Sycamore solved a so-called “random sampling problem” – checking whether a set of numbers is randomly distributed. The calculations, however, are time-demanding, especially when the number string contains many numbers. Google estimated that in order to complete the task with the world’s fastest supercomputer – Summit, it would take over 10,000 years.
Quantum computing, however, isn’t a threat to the crypto world. In 2017 numerous experts dispelled the myth about the vulnerabilities of modern cryptography. Crypto expert Peter Todd stated his skepticism about the new invention, adding that “this primitive type of quantum computing is nowhere near hurting Bitcoin cryptography.”
Similarly, Andreas Antonopoulos dispelled the crypto community fears. “There would be no impact on cryptocurrencies, mining, and the blockchain world. The quantum computing technology is still in its early days, designed to perform over a certain class of problems”, Antonopoulos added.
The Bitcoin enthusiast Antonopoulos also noted that in order for the crypto world to be relatable and up-to-date with quantum computing development, further improvements in signature algorithms are needed. The U.S. National Security Agency (NSA) is also researching possibilities to make sensitive information “quantum-resistant.”
submitted by Crypto_Browser to u/Crypto_Browser [link] [comments]

I'm writing a series about blockchain tech and possible future security risks. This is the third part of the series introducing Quantum resistant blockchains.

Part 1 and part 2 will give you usefull basic blockchain knowledge that is not explained in this part.
Part 1 here
Part 2 here
Quantum resistant blockchains explained.
- How would quantum computers pose a threat to blockchain?
- Expectations in the field of quantum computer development.
- Quantum resistant blockchains
- Why is it easier to change cryptography for centralized systems such as banks and websites than for blockchain?
- Conclusion
The fact that whatever is registered on a blockchain can’t be tampered with is one of the great reasons for the success of blockchain. Looking ahead, awareness is growing in the blockchain ecosystem that quantum computers might cause the need for some changes in the cryptography that is used by blockchains to prevent hackers from forging transactions.
How would quantum computers pose a threat to blockchain?
First, let’s get a misconception out of the way. When talking about the risk quantum computers could pose for blockchain, some people think about the risk of quantum computers out-hashing classical computers. This, however, is not expected to pose a real threat when the time comes.
This paper explains why: https://arxiv.org/pdf/1710.10377.pdf "In this section, we investigate the advantage a quantum computer would have in performing the hashcash PoW used by Bitcoin. Our findings can be summarized as follows: Using Grover search, a quantum computer can perform the hashcash PoW by performing quadratically fewer hashes than is needed by a classical computer. However, the extreme speed of current specialized ASIC hardware for performing the hashcash PoW, coupled with much slower projected gate speeds for current quantum architectures, essentially negates this quadratic speedup, at the current difficulty level, giving quantum computers no advantage. Future improvements to quantum technology allowing gate speeds up to 100GHz could allow quantum computers to solve the PoW about 100 times faster than current technology.
However, such a development is unlikely in the next decade, at which point classical hardware may be much faster, and quantum technology might be so widespread that no single quantum enabled agent could dominate the PoW problem."
The real point of vulnerability is this: attacks on signatures wherein the private key is derived from the public key. That means that if someone has your public key, they can also calculate your private key, which is unthinkable using even today’s most powerful classical computers. So in the days of quantum computers, the public-private keypair will be the weak link. Quantum computers have the potential to perform specific kinds of calculations significantly faster than any normal computer. Besides that, quantum computers can run algorithms that take fewer steps to get to an outcome, taking advantage of quantum phenomena like quantum entanglement and quantum superposition. So quantum computers can run these certain algorithms that could be used to make calculations that can crack cryptography used today. https://en.wikipedia.org/wiki/Elliptic-curve_cryptography#Quantum_computing_attacks and https://eprint.iacr.org/2017/598.pdf
Most blockchains use Elliptic Curve Digital Signature Algorithm (ECDSA) cryptography. Using a quantum computer, Shor's algorithm can be used to break ECDSA. (See for reference: https://arxiv.org/abs/quant-ph/0301141 and pdf: https://arxiv.org/pdf/quant-ph/0301141.pdf ) Meaning: they can derive the private key from the public key. So if they got your public key (and a quantum computer), then they got your private key and they can create a transaction and empty your wallet.
RSA has the same vulnerability while RSA will need a stronger quantum computer to be broken than ECDSA.
At this point in time, it is already possible to run Shor’s algorithm on a quantum computer. However, the amount of qubits available right now makes its application limited. But it has been proven to work, we have exited the era of pure theory and entered the era of practical applications:
So far Shor's algorithm has the most potential, but new algorithms might appear which are more efficient. Algorithms are another area of development that makes progress and pushes quantum computer progress forward. A new algorithm called Variational Quantum Factoring is being developed and it looks quite promising. " The advantage of this new approach is that it is much less sensitive to error, does not require massive error correction, and consumes far fewer resources than would be needed with Shor’s algorithm. As such, it may be more amenable for use with the current NISQ (Noisy Intermediate Scale Quantum) computers that will be available in the near and medium term." https://quantumcomputingreport.com/news/zapata-develops-potential-alternative-to-shors-factoring-algorithm-for-nisq-quantum-computers/
It is however still in development, and only works for 18 binary bits at the time of this writing, but it shows new developments that could mean that, rather than a speedup in quantum computing development posing the most imminent threat to RSA and ECDSA, a speedup in the mathematical developments could be even more consequential. More info on VQF here: https://arxiv.org/abs/1808.08927
It all comes down to this: when your public key is visible, which is always necessary to make transactions, you are at some point in the future vulnerable for quantum attacks. (This also goes for BTC, which uses the hash of the public key as an address, but more on that in the following articles.) If you would have keypairs based on post quantum cryptography, you would not have to worry about that since in that case not even a quantum computer could derive your private key from your public key.
The conclusion is that future blockchains should be quantum resistant, using post-quantum cryptography. It’s very important to realize that post quantum cryptography is not just adding some extra characters to standard signature schemes. It’s the mathematical concept that makes it quantum resistant. to become quantm resistant, the algorithm needs to be changed. “The problem with currently popular algorithms is that their security relies on one of three hard mathematical problems: the integer factorization problem, the discrete logarithm problem or the elliptic-curve discrete logarithm problem. All of these problems can be easily solved on a sufficiently powerful quantum computer running Shor's algorithm. Even though current, publicly known, experimental quantum computers lack processing power to break any real cryptographic algorithm, many cryptographers are designing new algorithms to prepare for a time when quantum computing becomes a threat.” https://en.wikipedia.org/wiki/Post-quantum_cryptography
Expectations in the field of quantum computer development.
To give you an idea what the expectations of quantum computer development are in the field (Take note of the fact that the type and error rate of the qubits is not specified in the article. It is not said these will be enough to break ECDSA or RSA, neither is it said these will not be enough. What these articles do show, is that a huge speed up in development is expected.):
When will ECDSA be at risk? Estimates are only estimates, there are several to be found so it's hard to really tell.
The National Academy of Sciences (NAS) has made a very thourough report on the development of quantum computing. The report came out in the end of 2018. They brought together a group of scientists of over 70 people from different interconnecting fields in quantum computing who, as a group, have come up with a close to 200 pages report on the development, funding, implications and upcoming challenges for quantum computing development. But, even though this report is one of the most thourough up to date, it doesn't make an estimate on when the risk for ECDSA or RSA would occur. They acknowledge this is quite impossible due to the fact there are a lot of unknowns and due to the fact that they have to base any findings only on publicly available information, obviously excluding any non available advancements from commercial companies and national efforts. So if this group of specialized scientists can’t make an estimate, who can make that assessment? Is there any credible source to make an accurate prediction?
The conclusion at this point of time can only be that we do not know the answer to the big question "when".
Now if we don't have an answer to the question "when", then why act? The answer is simple. If we’re talking about security, most take certainty over uncertainty. To answer the question when the threat materializes, we need to guess. Whether you guess soon, or you guess not for the next three decades, both are guesses. Going for certain means you'd have to plan for the worst, hope for the best. No matter how sceptical you are, having some sort of a plan ready is a responsible thing to do. Obviously not if you're just running a blog about knitting. But for systems that carry a lot of important, private and valuable information, planning starts today. The NAS describes it quite well. What they lack in guessing, they make up in advice. They have a very clear advice:
"Even if a quantum computer that can decrypt current cryptographic ciphers is more than a decade off, the hazard of such a machine is high enough—and the time frame for transitioning to a new security protocol is sufficiently long and uncertain—that prioritization of the development, standardization, and deployment of post-quantum cryptography is critical for minimizing the chance of a potential security and privacy disaster."
Another organization that looks ahead is the National Security Agency (NSA) They have made a threat assessment in 2015. In August 2015, NSA announced that it is planning to transition "in the not too distant future" (statement of 2015) to a new cipher suite that is resistant to quantum attacks. "Unfortunately, the growth of elliptic curve use has bumped up against the fact of continued progress in the research on quantum computing, necessitating a re-evaluation of our cryptographic strategy." NSA advised: "For those partners and vendors that have not yet made the transition to Suite B algorithms, we recommend not making a significant expenditure to do so at this point but instead to prepare for the upcoming quantum resistant algorithm transition.” https://en.wikipedia.org/wiki/NSA_Suite_B_Cryptography#cite_note-nsa-suite-b-1
What these organizations both advice is to start taking action. They don't say "implement this type of quantum resistant cryptography now". They don't say when at all. As said before, the "when" question is one that is a hard one to specify. It depends on the system you have, the value of the data, the consequences of postponing a security upgrade. Like I said before: you just run a blog, or a bank or a cryptocurrency? It's an individual risk assesment that's different for every organization and system. Assesments do need to be made now though. What time frame should organisationds think about when changing cryptography? How long would it take to go from the current level of security to fully quantum resistant security? What changes does it require to handle bigger signatures and is it possible to use certain types of cryptography that require to keep state? Do your users need to act, or can al work be done behind the user interface? These are important questions that one should start asking. I will elaborate on these challenges in the next articles.
Besides the unsnswered question on "when", the question on what type of quantum resistant cryptography to use is unanswered too. This also depends on the type of system you use. The NSA and NAS both point to NIST as the authority on developments and standardization of quantum resistant cryptography. NIST is running a competition right now that should end up in one or more standards for quantum resistant cryptography. The NIST competition handles criteria that should filter out a type of quantum resistant cryptography that is feasable for a wide range of systems. This takes time though. There are some new algorithms submitted and assessing the new and the more well known ones must be done thouroughly. They intend to wrap things up around 2022 - 2024. From a blockchain perspective it is important to notice that a specific type of quantum resistant cryptography is excluded from the NIST competition: Stateful Hash-Based Signatures. (LMS and XMSS) This is not because these are no good. In fact they are excelent and XMSS is accepted to be provable quantum resistant. It's due to the fact that implementations will need to be able to securely deal with the requirement to keep state. And this is not a given for most systems.
At this moment NIST intends to approve both LMS and XMSS for a specific group of applications that can deal with the statefull properties. The only loose end at this point is an advice for which applications LMS and XMSS will be adviced and for what applications it is discouraged. These questions will be answered in the beginning of april this year: https://csrc.nist.gov/news/2019/stateful-hbs-request-for-public-comments This means that quite likely LMS and XMSS will be the first type of standardized quantum resistant cryptography ever. To give a small hint: keeping state, is pretty much a naturally added property of blockchain.
Quantum resistant blockchains
“Quantum resistant” is only used to describe networks and cryptography that are secure against any attack by a quantum computer of any size in the sense that there is no algorithm known that makes it possible for a quantum computer to break the applied cryptography and thus that system.
Also, to determine if a project is fully quantum resistant, you would need to take in account not only how a separate element that is implemented in that blockchain is quantum resistant, but also the way it is implemented. As with any type of security check, there should be no backdoors, in which case your blockchain would be just a cardboard box with bulletproof glass windows. Sounds obvious, but since this is kind of new territory, there are still some misconceptions. What is considered safe now, might not be safe in the age of quantum computers. I will address some of these in the following chapters, but first I will elaborate a bit about the special vulnerability of blockchain compared to centralized systems.
Why is it easier to change cryptography for centralized systems such as banks and websites than for blockchain?
Developers of a centralized system can decide from one day to the other that they make changes and update the system without the need for consensus from the nodes. They are in charge, and they can dictate the future of the system. But a decentralized blockchain will need to reach consensus amongst the nodes to update. Meaning that the majority of the nodes will need to upgrade and thus force the blockchain to only have the new signatures to be valid. We can’t have the old signature scheme to be valid besides the new quantum resistant signature scheme. Because that would mean that the blockchain would still allow the use of vulnerable, old public- and private keys and thus the old vulnerable signatures for transactions. So at least the majority of the nodes need to upgrade to make sure that blocks which are constructed using the old rules and thus the old vulnerable signature scheme, are rejected by the network. This will eventually result in a fully upgraded network which only accepts the new post quantum signature scheme in transactions. So, consensus is needed. The most well-known example of how that can be a slow process is Bitcoin’s need to scale. Even though everybody agrees on the need for a certain result, reaching consensus amongst the community on how to get to that result is a slow and political process. Going quantum resistant will be no different, and since it will cause lesser performance due to bigger signatures and it will need hardware upgrades quite likely it will be postponed rather than be done fast and smooth due to lack of consensus. And because there are several quantum resistant signature schemes to choose from, agreement an automatic given. The discussion will be which one to use, and how and when to implement it. The need for consensus is exclusively a problem decentralized systems like blockchain will face.
Another issue for decentralized systems that change their signature scheme, is that users of decentralized blockchains will have to manually transfe migrate their coins/ tokens to a quantum safe address and that way decouple their old private key and activate a new quantum resistant private key that is part of an upgraded quantum resistant network. Users of centralized networks, on the other hand, do not need to do much, since it would be taken care of by their centralized managed system. As you know, for example, if you forget your password of your online bank account, or some website, they can always send you a link, or secret question, or in the worst case they can send you mail by post to your house address and you would be back in business. With the decentralized systems, there is no centralized entity who has your data. It is you who has this data, and only you. So in the centralized system there is a central entity who has access to all the data including all the private accessing data, and therefore this entity can pull all the strings. It can all be done behind your user interface, and you probably wouldn’t notice a thing.
And a third issue will be the lost addresses. Since no one but you has access to your funds, your funds will become inaccessible once you lose your private key. From that point, an address is lost, and the funds on that address can never be moved. So after an upgrade, those funds will never be moved to a quantum resistant address, and thus will always be vulnerable to a quantum hack.
To summarize: banks and websites are centralized systems, they will face challenges, but decentralized systems like blockchain will face some extra challenges that won't apply for centralized systems.
All issues specific for blockchain and not for banks or websites or any other centralized system.
Conclusion
Bitcoin and all currently running traditional cryptocurrencies are not excluded from this problem. In fact, it will be central to ensuring their continued existence over the coming decades. All cryptocurrencies will need to change their signature schemes in the future. When is the big guess here. I want to leave that for another discussion. There are enough certain specifics we can discuss right now on the subject of quantum resistant blockchains and the challenges that existing blockchains will face when they need to transfer. This won’t be an easy transfer. There are some huge challenges to overcome and this will not be done overnight. I will get to this in the next few articles.
Part 1, what makes blockchain reliable?
Part 2, The two most important mathematical concepts in blockchain.
Part 4A, The advantages of quantum resistance from genesis block, A
Part 4B, The advantages of quantum resistance from genesis block, B
Part 5, Why BTC will be vulnerable sooner than expected.
submitted by QRCollector to CryptoTechnology [link] [comments]

I decided to post this here as I saw some questions on the QRL discord.

Is elliptic curve cryptography quantum resistant?
No. Using a quantum computer, Shor's algorithm can be used to break Elliptic Curve Digital Signature Algorithm (ECDSA). Meaning: they can derive the private key from the public key. So if they got your public key, they got your private key, and they can empty your funds. https://en.wikipedia.org/wiki/Elliptic-curve_cryptography#Quantum_computing_attacks https://eprint.iacr.org/2017/598.pdf
Why do people say that BTC is quantum resistant, while they use elliptic curve cryptography? (Here comes the idea from that never reusing a private key from elliptic curve cryptography (and public key since they form a pair) would be quantum resistant.)
Ok, just gonna start with the basics here. Your address, where you have your coins stalled, is locked by your public- private key pair. See it as your e-mail address (public key) and your password (Private key). Many people got your email address, but only you have your password. If you got your address and your password, then you can access your mail and send emails (Transactions). Now if there would be a quantum computer, people could use that to calculate your password/ private key, if they have your email address/ public key.
What is the case with BTC: they don't show your public key anywhere, untill you make a transaction. So your public key is private untill you make a transaction. How do they do that while your funds must be registered on the ledger? Wel, they only show the Hash of your public key (A hash is an outcome of an equation. Usually one-way hash functions are used, where you can not derive the original input from the output. But everytime you use the same hash function on the same original input (For example IFUHE8392ISHF), you will always get the same output (For example G). That way you can have your coins on public key IFUHE8392ISHF, while on the chain, they are on G.) So your funds are registered on the blockchain on the "Hash" of the public key. The Hash of the public key is also your "email address" in this case. So you give "G" as your address to send BTC to.
By the way, in the early days you could use your actual public key as your address. And miners would receive coins on their public key, not on the hashed public key. That is why all the Satoshi funds are vulnerable to quantum attacks even though these addresses have never been used to make transactions from. These public keys are already public instead of hashed. Also certain hard forks have exposed the public keys of unused addresses. So it's really a false sense of security that most people hang on to in the first place.
But it's actually a false sense of security over all.
Since it is impossible to derive a public key from the Hash of a public key, your coins are safe for quantum computers as long as you don't make any transaction. Now here follows the biggest misconseption: Pretty much everyone will think, great, so BTC is quantum secure! It's not that simple. Here it is important to understand two things:
1 How is a transaction sent? The owner has the private key and the public key and uses that to log into the secured environment, the wallet. This can be online or offline. Once he is in his wallet, he states how much he wants to send and to what address.
When he sends the transaction, it will be broadcasted to the blockchain network. But before the actual transaction that will be sent, it is formed into a package, created by the wallet. This happens out of sight of the sender.
That package ends up carrying roughly the following info: The public key to point to the address where the funds will be coming from, the amount that will be transferred, the public key of the address the funds will be transferred to.
Then this package caries the most important thing: a signature, created by the wallet, derived from the private- public key combination. This signature proves to the miners that you are the rightfull owner and you can send funds from that public key.
So this package is then sent out of the secure wallet environment to multiple nodes. The nodes don’t need to trust the sender or establish the sender’s "identity." And because the transaction is signed and contains no confidential information, private keys, or credentials, it can be publicly broadcast using any underlying network transport that is convenient. As long as the transaction can reach a node that will propagate it into the network, it doesn’t matter how it is transported to the first node.
2 How is a transaction confirmed/ fullfilled and registered on the blockchain?
After the transaction is sent to the network, it is ready to be processed. The nodes have a bundle of transactions to verify and register on the next block. This is done during a period called the block time. In the case of BTC that is 10 minutes.
If you comprehend the information written above, you can see that there are two moments where you can actually see the public key, while the transaction is not fullfilled and registered on the blockchain yet.
1: during the time the transaction is sent from the sender to the nodes
2: during the time the nodes verify the transaction.
This paper describes how you could hijack a transaction and make a new transaction of your own, using someone elses address to send his coins to an address you own during moment 2: the time the nodes verify the transaction:
https://arxiv.org/pdf/1710.10377.pdf
"(Unprocessed transactions) After a transaction has been broadcast to the network, but before it is placed on the blockchain it is at risk from a quantum attack. If the secret key can be derived from the broadcast public key before the transaction is placed on the blockchain, then an attacker could use this secret key to broadcast a new transaction from the same address to his own address. If the attacker then ensures that this new transaction is placed on the blockchain first, then he can effectively steal all the bitcoin behind the original address."
So this means that practically, you can't call BTC a quantum secure blockchain. Because as soon as you will touch your coins and use them for payment, or send them to another address, you will have to make a transaction and you risk a quantum attack.
Why would Nexus be any differtent?
If you ask the wrong person they will tell you "Nexus uses a combination of the Skein and Keccak algorithms which are the 2 recognized quantum resistant algorithms (keccal is used by the NSA) so instead of sha-256, Nexus has SK-1024 making it much harder to break." Which would be the same as saying BTC is quantum resistant because they use a Hashing function to hash the private key as long as no transaction is made.
No, this is their sollid try to be quantum resistant: Nexus states it's different because they have instant transactions (So there wouldn't be a period during which time the nodes verify the transaction. This period would be instant.) Also they use a particular order in which the miners verify transactions: First-In-First-Out (FIFO) (So even if instant is not instant after all, and you would be able to catch a public key and derive the private key, you would n't be able to have your transaction signed before the original one. The original one is first in line, and will therefore be confirmed first. Also for some reason Nexus has standardized fees which are burned after a transaction. So if FIFO wouldn't do the trick you would not be able to use a higher fee to get prioritized and get an earlyer confirmation.
So, during during the time the nodes verify the transaction, you would not be able to hijack a transaction. GREAT, you say? Yes, great-ish. Because there is still moment # 1: during the time the transaction is sent from the sender to the nodes. This is where network based attacks could do the trick:
There are network based attacks that can be used to delay or prevent transactions to reach nodes. In the mean time the transactions can be hijacked before they reach the nodes. And thus one could hijack the non quantum secure public keys (they are openly included in sent signed transactions) who then can be used to derive privatekeys before the original transaction is made. So this means that even if Nexus has instant transactions in FIFO order, it is totally useless, because the public key would be obtained by the attacker before they reach the nodes. Conclusion: Nexus is Nnot quantum resistant. You simply can't be without using a post quantum signature scheme.
Performing a DDoS attack or BGP routing attacks or NSA Quantum Insert attacks on a peer to peer newtork would be hard. But when provided with an opportunitiy to steal billions, hackers would find a way. For example:
https://bitcoinmagazine.com/articles/researchers-explore-eclipse-attacks-ethereum-blockchain/
For BTC:
https://eprint.iacr.org/2015/263.pdf
"An eclipse attack is a network-level attack on a blockchain, where an attacker essentially takes control of the peer-to-peer network, obscuring a node’s view of the blockchain."
That is exactly the receipe for what you would need to create extra time to find public keys and derive private keys from them. Then you could sign transactions of your own and confirm them before the originals do.
By the way, yes this seems to be fixed now, but it most definately shows it's possible. And there are other creative options. Either you stop tranasctions from the base to get out, while the sender thinks they're sent, or you blind the network and catch transactions there. There are always options, and they will be exploited when billions are at stake. The keys can also be hijacked when a transaction is sent from the users device to the blockchain network using a MITM attack. The result is the same as for network based attacks, only now you don't mess with the network itself. These attacks make it possible to 1) retrieve the original public key that is included in the transaction message. 2) Stop or delay the transaction message to arrive at the blockchain network. So, using a quantum computer, you could hijack transactions and create forged transactions, which you then send to the nodes to be confirmed before the nodes even receive the original transaction. There is nothing you could change to the Nexus network to prevent this. The only thing they can do is implement a quantum resistant signature scheme. They plan to do this in the future, like any other serious blockchain project. Yet Nexus is the only of these future quantum resistant projects to prematurely claim to be quantum resistant. There is only one way to get quantum resistancy: POST QUANTUM SIGNATURE SCHEMES. All the rest is just a shitty shortcut that won't work in the end.
(If you use this info on BTC, you will find that the 10 minutes blocktime that is used to estimate when BTC will be vulnerable for quantum attacks, can actually be more then 10 minutes if you catch the public key before the nodes receive them. This makes BTC vulnerable sooner thatn the 10 min blocktime would make you think.)
By the way, Nexus using FIFO and standadrized fees which are burned after the transaction comes with some huge downsides:
Why are WOTS+ signatures (and by extension XMSS) more quantum resistant?
First of all, this is where the top notch mathematicians work their magic. Cryptography is mostly maths. As Jackalyst puts it talking about post quantum signature schemes: "Having papers written and cryptographers review and discuss it to nauseating levels might not be important for butler, but it's really important with signature schemes and other cryptocraphic methods, as they're highly technical in nature."
If you don't believe in math, think about Einstein using math predicting things most coudldn't even emagine, let alone measure back then.
Then there is implementing it the right way into your blockchain without leaving any backdoors open.
So why is WOTS+ and by extension XMSS quantum resistant? Because math papers say so. With WOTS it would even take a quantum computer too much time to derive a private key from a public key. https://en.wikipedia.org/wiki/Hash-based_cryptography https://eprint.iacr.org/2011/484.pdf
What is WOTS+?
It's basiclally an optimized version of Lamport-signatures. WOTS+ (Winternitz one-time signature) is a hash-based, post-quantum signature scheme. So it's a post quantum signature scheme meant to be used once.
What are the risks of WOTS+?
Because each WOTS publishes some part of the private key, they rapidly become less secure as more signatures created by the same public/private key are published. The first signature won't have enough info to work with, but after two or three signatures you will be in trouble.
IOTA uses WOTS. Here's what the people over at the cryptography subreddit have to say about that:
https://www.reddit.com/crypto/comments/84c4ni/iota_signatures_private_keys_and_address_reuse/?utm_content=comments&utm_medium=user&utm_source=reddit&utm_name=u_QRCollector
With the article:
http://blog.lekkertech.net/blog/2018/03/07/iota-signatures/
Mochimo uses WOTS+. They kinda solved the problem: A transaction consists of a "Source Address", a "Destination Address" and a "Change Address". When you transact to a Destination Address, any remaining funds in your Source Address will move to the Change Address. To transact again, your Change Address then becomes your Source Address.
But what if someone already has your first address and is unaware of the fact you already send funds from that address? He might just send funds there. (I mean in a business environment this would make Mochimo highly impractical.) They need to solve that. Who knows, it's still a young project. But then again, for some reason they also use FIFO and fixed fees, so there I have the same objections as for Nexus.
How is XMSS different?
XMSS uses WOTS in a way that you can actually reuse your address. WOTS creates a quantum resistant one time signature and XMSS creates a tree of those signatures attached to one address so that the address can be reused for sending an asset.
submitted by QRCollector to QRL [link] [comments]

More unanswered questions about Bitcoin from a butthurt crypto critic

copypasta'd from my zerohedge comment section
These people still haven't adequately explained several things to us
1) Why they think that totalitarian governments who now have quantum computers and 5000+ qbit processors can't unzip the blockchain and aren't actively doing this now or trying to. We know that a 4 qbit processor can crack a 4bit encryption by merit of the fact a it calculates all possible solutions in parallel and picks the correct one, whereas a linear processor must try each one sequentially, making time to brute force crack a password grow at least linearly/proportionately with the size of the key(s) or geometrically with stronger crypto algoritms. The point is that these algos are not quantum proof, and that is said in their own literature in science journals. So that's point 1.
2) Point 2--Why adopt and put all your faith in this scheme if the governments haven't sanctioned it? And even if they have, they are super DUPER corrupt. The last year alone and all the scandals should tell you have the CIA operates and they have actively trying been trying to create a 2 class society of upper and underclass....why do you think a system like this is safe if it truly empowers the underclass and isn't a ploy to get them to invest their actual dollars into it and then turn the lights off and that money has been taken away.
You may say, 'taken away'? You mean destroyed, right? When stock falls it's gone right? NO. Not in the case of crypto. If you mined it, then the energy industry has your money, because it took money to mine bitcoin.
3) Bitcoin is so difficult to mine now (complexity has increased) that the barrier to entry is so high that you have to own a solar farm of your own and a datacenter to do it; so most people either PAY for bitcoin, or they PAY someone else with a datacenter to mine in the cloud, which is increasingly a stupid option because it's risky and the payoff is not so much as to be more desirable than buying bitcoin
Where do you buy bitcoin then? Especially since it keeps going UP UP UP, who in their right mind is going to sell it?
Exchanges
Where do they get their bitcoin from? Mining? HAHA that's a laugh, miners making bitcoin aren't going to sell it
WHere do you get bitcoin from when no one wants to sell?
4) Well you get it from Exchanges
Ok who owns the exchanges?
....
....Anyone..?
...?
I'm guessing it's the CIA / NSA / DEA. After all they confiscated a ton of bitcoin from darknet drug sites and continue to do so on a daily basis. WIth the shutdown of Silk Road, Silk Road 2, Silk Road 2.2, Alphabay, they are setting people up, getting their bitcoin and their drugs
Wash rinse recycle
Bitcoin price goes up as it becomes more rare...right? I mean you thought this was just from some market cap going up at an accelerated pace? Why would it do that if the complexity is getting harder....?
..Oh because the NSA is using their computers now probably to mine bitcoin to keep this illusion going
Some people are probably injecting real money into this thing, but they are buying bitcoin from the FBI, Counterintelligence, DEA, CIA, NSA, etc...the intelligence community as a drug interdiction/money laundering darknet honeypot by my estimation
I could be very wrong. We don't know but it's a better explanation than any I've heard.
5) Anyone (like the teen) who bought into bitcoin and then bought a house with it will eventually be targetted by Sessions / DOJ for failing to pay capitol gains tax on it. Therefore it will be subject to asset forfeiture and seized byt he government.
I KNOW this is going to happen. I KNOW IT WILL. You can be all cavelier about it, but this is an inevitability.
I don't see Congress passing any kind of bitcoin or crypto related capital gains tax bills because these people can't find their way out of a paper bag or even remember to take their Alzheimers meds, much less understand EVEN REMOTELY how crypto works
So the DOJ/IRS are going to use this as a mass wealth grab strategy and the media will just be like, "hey you don't get something for nothing", "no free lunch", "#shrugsnotdrugs", "bit what?"
So if they legitimize bitcoin, they will probably asset forfeiture
If they de-legitimize bitcoin, they will use the incredible infrastructure of the NSA to block bitcoin like they've done bittorrent and VPNS. You'll fight them for a while but you will fail. ISPs will be mandated to block or cut off your internet if you use crypto
I doubt they'll do option 2, so they'll do option 1 and take your unpaid capital gains tax
submitted by 911bodysnatchers322 to C_S_T [link] [comments]

A way to solve Monero's quantum, scaling, and slight-trust problems

Put your tin foil hats on for a second.
In 2014, scientists used 4 qubits and Shor's algorithm to factor the number 56,153. In 2016, the Pentagon got audited and could not account for 6.5 trillion fucking dollars lol. What if they used that money to develop a quantum computer, capable of breaking all modern encryption! :O It would give the U.S. (if successfully kept a secret) one of the biggest advantages over every single country that the world has ever seen, and this advantage would justify almost any expense.. What if they have one right now?!
OK you can take your hats off. Let me start off by saying that I do not think the U.S. has such a quantum computer. In fact, I would argue that it is super, super, super unlikely, at least at this very second. However, I would also argue that it does not === 0% either. Maybe it is .0000001%, or maybe its .000000000001%. Regardless of what it actually is, we can all agree that it is a positive, finite number. And with every second that ticks by, that number increases ever so slightly.
This finiteness should disturb you. We are all Siths here, we all like to deal in cryptographic absolutes. And as of right now, there is no way to know, with 100% cryptographic certainty, whether or not there are fake Monero in circulation.
If the NSA had a quantum computer today, it would be able to print a kajillion Monero out of thin air without anyone knowing. In my previous post, olark_0x00D8D8E5 referred me to a paper about switch commitments, which could be implemented to prevent this from happening. However, I think that this will only make sure that current confidential transactions are balanced, not previous transactions. If a quantum computer prints out a bunch of fake coins before this algorithm is implemented, then I think this evil deed will go undetected forever. If this is the case, then it is essentially a race to implement quantum-proof output types/algorithms before the evil gummit actually comes up with a such a device.
The problem is that once we implement all the cool quantum-proof stuff, someone could just fork Monero, completely restart the blockchain, and market this new chain as having === 0% chance of having fake 'quantum' coins in circulation, unlike that pesky Monero with its .00000001%. They could argue that Monero was just too ahead of its time, and cannot be considered 'sound money' with that finite number hanging over its head.
Is there a way that we can know, with 100% cryptographic certainty, whether or not there are fake coins in circulation? I think there is, and I'm going to call this technique a “MoneroNoob12345 Audit”, named after a great and humble man. To do such an audit, we would just need to follow 3 simple rules:
  1. Old output types can only ring with old output types, and new output types can only ring with new output types. In between these two output types is a one-way audit border.
  2. When converting from old output types to new output types (crossing the one-way audit border), you must publicly reveal the transaction amount being sent.
  3. After a specified Block X, no transactions are allowed to cross the audit border ever again.
Doing this would allow us to convert to quantum-proof algorithms/output types, while at the same time auditing the entire blockchain. If more coins cross the audit border than were ever mined, Monero's price would immediately drop to 0, and Monero would die the absolute quickest of deaths. She wouldn't even know what hit her :(
However, if we get to Block X, and the amount that has crossed the border is less than or equal to the amount that had been mined, then Monero lives to see another day, and we all become rich little heathens. Everyone could know with 100% certainty that there were 0 fake coins in circulation before the audit.
The most likely outcome of such an audit would be that less coins cross the audit border than were mined, due to lost coins and the like. This difference in coins can either be burned (increasing the scarcity of everyone's Monero), or redistributed to miners as a bonus over so many blocks (increasing the security of Monero while also maintaining the emission schedule). This, however, is a whole nother debate. I personally kind of like the latter, because with it you can get more of the benefits of inflation without the inflation (less dependence on fee market, dynamic blocksize, etc). These benefits would come at the expense of coins that are already screwed to begin with.
Regardless of which path we take, simply being able to numerically quantify the amount of screwed coins is pretty sweet.
Now how exactly does this help scaling? Well, after Block X, all of the old outputs are now utterly and completely useless! Throw that shit away! Out with the old, in with the new! Unbounded, exponential growth of the TXO set can officially suck our dicks!
Every audit would essentially create a brand new, fresh, 0MB blockchain that everyone peacefully transitions to. Every user would be able to verify that nothing funky has happened: they still have the same amount of Monero, and the supply of Monero is still the same (if not less) on this 'new' blockchain. The 'genesis outputs' on this new chain have their transaction amounts revealed, so anybody can add up these outputs as well as the chain's coinbases to calculate the total supply.
An occasional audit would actually solve one of Monero's tiny but inevitable trust issues too. With any opaque blockchain, there is always a small-but-finite chance that a genius 8 year old kid finds a bug in the code, and secretly exploits it, printing a kajillion coins in his mom's basement without anyone knowing. With Bitcoin, the second this happens, alarm bells start ringing, thanks to their blockchain being transparent. Monero has no such alarm bells, by design. The reason we don't have alarm bells is the reason why we all love Monero.
Audits could be a replacement for alarm bells. It could prove that the fears of fake coins are unwarranted again and again and again, while at the same time completely slashing the TXO set again and again and again. It is a win-win.
A downside to this idea is that some people want to send Monero to a paper wallet, and then forget about it for 20 years. To this I reply: tough shit. Again, someone could easily fork Monero after the quantum transition, restart the blockchain, and advertise a 0% chance of fake coins in their new chain. I am pretty sure that a lot of people would buy into this too, especially Siths. This has a chance of ultimately killing Monero, and consequently killing the complainer's stash. Participating in an occasional blockchain audit would be a small price to pay in order to use a beautiful, opaque blockchain.
Furthermore, everyday users of Monero are already having to update their software once every 6 months. so occasional audits won't be much of a drastic change. (Sidenote: I love the 6 month hardfork schedule, and I hope it never gets phased out.)
As decades pass, and the code becomes more and more set in stone, and technology progresses, these audits can occur way less and less frequently, if at all after a certain time. But during these primitive years, and especially when converting to quantum proof algorithms, I think it might be important to do this.
There is also the downside of having to publicly reveal the transaction amount when converting to new output types. However, because of Monero's anonymity features, like not knowing if these newly converted outputs have been spent, I do not think that this is a problem in the slightest. In fact, Monero publicly showed transaction amounts for much of its life; here, we are only doing it for just one single transaction.
This could open the door for a temporary 'rich list', where you rank these transaction amounts from highest to lowest. I personally don't see this as much of a problem either, but if it is, then we could just cap the max conversion amount. This would force whales to convert their stash in large chunks, in order to not spook the market or whatever.
Now this whole thing assumes that it is possible to publicly reveal the amount you are sending when converting from an old CT output to a new quantum proof one. I think this can be done if you publicly reveal the private view key of the address that you are sending to when crossing the audit border. This is possible if you are sending Monero to yourself, which is what I think should be happening when converting. Miners would have to verify that the private view key in the transaction lines up with the transaction's destination, and reject any that do not.
In summary: Audit the Monero! Slash the TXO! Profit!
Let me know what you think, and thanks for reading this far!
TLDR: Users send their Monero to a new output type by a certain deadline, and reveal the transaction amount when doing this (and only this). This would allow us to make sure that there are 0 fake coins in circulation, and at the same time slash the TXO set down to 0MB.
submitted by moneronoob12345 to Monero [link] [comments]

New and improved way to audit the Monero blockchain and fix scaling problems

In a previous post, I discussed how there is a tiny-but-finite chance that the evil gummit has created a powerful quantum computer, and has created millions of Monero out of thin air. Lets say there is a .00000001% chance that this has happened.
I thought I had come up with a genius way to audit the Monero blockchain, and know with 100% certainty whether or not there are fake coins out there in circulation. The idea was that you create a new quantum-proof output type, and have every user convert their Monero to the new output type by a certain deadline. You also have them reveal the transaction amount when doing this (and only this). If more Monero publicly convert to new outputs than had been mined, then the price would drop to 0 and Monero would die a very quick death.
But if less convert than had been mined, then after the deadline we can delete all of the old output types since they are now useless. If there were a million fake coins, and the NSA chose not to convert them in order to not reveal their capabilities, then these fake coins would get deleted forever. This would slash the entire TXO set back down to 0MB. Any coins that weren’t converted by the deadline are screwed, and could potentially be used to feed the miners better. You could get the benefits of inflation without the inflation, having your cake and eating it too.
This idea was pooped on for good reason. As _avnr so elegantly put it
So if I was hospitalized, in jail, serving my country with no internet access, whatever, then gone is my money. If I left my keys in my will but my heirs were found only after the deadline, bad for them - they lost their inheritance.
This is a great point, and completely kills the idea. In order for a currency to be truly valuable, you need to be able to store it for long periods of time without having to touch it.
We could get rid of the deadline all together, but if the NSA has a million fake coins, then they would always have the ability to kill Monero at any second they like, simply by converting their huge stash. This would reveal that there are more coins in circulation than there should be, and the alarm would trip, insta-killing Monero.
After pondering this problem for some time, I think I have found a nice middle ground, and am curious to see as to what you all think.
The idea is kind of like having a checking and a savings account. If you get thrown in jail, or you die, or whatever, and you miss the next scheduled deadline, then the money in your checking gets screwed. If it helps you sleep at night, those screwed coins will help feed the miners and secure the network.
Money in you savings account will be OK though, and will be for all eternity. How do you move coins into your savings?
In August, RingCT will be required, which is badass. However, to put your Monero into your savings account, you would have to convert it to a non-CT output. There would have to be a protocol rule that states that these non-CT outputs cannot be ringed with, and are never to be deleted until converted to a CT output type.
We need to be able to know if a non-CT output has been converted or not, and the only way to do this is to prevent people from ringing with non-CT outputs. Requiring non-CT outputs to be converted to the most recent CT type in order to be spent would allow Monero to keep its enforced/required anonymity feature.
Because non-CT outputs would not be able to be ringed with, I think it would be super easy to implement multisig for them. It is my understanding the problem with multisig in Monero is figuring out a way to do it with ring signatures without revealing who the actual signer is. If we don’t allow anyone to ring with non-CT output, then there wont be this problem with multisig, at least just with these new multisig savings accounts.
If putting away money for years, you would ring with many outputs to secure your anonymity when converting to non-CT. And when you are ready to spend it, you can convert it to the most recent CT output type without ringing with any other outputs. When doing this, all that is happening is your output address is just changing from one to another; this shouldn't affect anonymity at all.
So any non-CT output will be saved forever and ever and ever, whereas CT outputs would get deleted after scheduled deadlines. To calculate the total supply, you count the amount of CT coins that have been converted to the most recent CT type, the amount of non-CT outputs that have never been converted, and the amount of all of the new chain’s coinbases.
Deleting just old CT outputs wont slash the entire TXO to 0MB like deleting all old outputs would, but it would slash the entire CT TXO set to 0MB. This is still just as good because it is the CT TXO that needs help getting under control, and prevented from becoming too big. This might allow us to forever be able to run a full node on a dad gum smart phone like we currently can. We might also never have to use sharding, an idea the LMDB master has said is inevitable. Monero, with its tail emission and screwed coins feeding the miners, could potentially scale better than Bitcoin. We would be limited only by bandwidth.
Deleting old CT TXO sets would allow us to implement quantum-proof algorithms earlier too, since these algorithms take up more memory. We would not have to wait as long for technology to catch up.
The biggest downside of this is that there might be people in jail, or have died, or whatever, and have put their CT outputs into a cold wallet. If these coins don’t get moved by the first deadline, then these people would get screwed.
However, RingCT has only been a thing since January of this year. I think we should start telling everyone that at a minimum of 5 years from now, only non-CT outputs and a new, to-be-determined CT output type will be safe. If storing in CT (your checking account) you should at least keep track of Monero news like once a year to make sure there isn't anything you need to do currently.
I doubt there are very many cases of people who are in jail or died and wont be able to convert sometime between now and 5 years from now. The sooner we start to warn people, the lower the number of these screwed people there will be. This path is a lot better than a contentious/dangerous hard fork way down the road, between pro-auditors and anti-auditors.
A weird quirk about this idea is that you would be able to see how much Monero in circulation is in savings vs checking. Not sure if this is a problem or not.
Also, for the record, I do NOT think you should get interest on your ‘savings’ account. I just used the savings/checking analogy when it comes to security of funds, and how you have to move your money from savings to checking in order to spend it, not interest. Fuck proof of stake!!!
In summary
Have opaque blockchain (unlike Bitcoin)
Maintain required anonymity (unlike Bitcoin), by keeping things like minimum ring size, and forcing people to convert to CT in order to spend
Be 100% auditable (like Bitcoin)
Have multisig (like Bitcoin)
Be quantum proof (like Bitcoin)
Be able to secure coins forever without ever having to touch it (like Bitcoin)
Better solve on-chain scaling problems by deleting old CT TXO set and feeding miners screwed coins (unlike Bitcoin’s inevitable fee-market solution)
Let me know what you think, and thanks!
submitted by moneronoob12345 to Monero [link] [comments]

Cryptography in 2016 — Overview of how fast things are changing…

Encryption using unthinkable numbers due to their length in digits is the most important aspect of our digital security in the early 21st century. It is so difficult because finding the greatest common denominator to determine if a number is prime, requires looping through every digit until a particular number you are checking to ensure it is only divisible by two and itself. It is a very time consuming process. our every day processors used in literally almost all of humanity technology. Processors are wonderful because they perform so many different tasks, although it is usually necessary to develop a proprietary method for complex applications. Breaking encryption is considered one of the most complex applications due to the amount of operations required to find the digits may take years.
Human science projects have performed highly complicated, or resource intense applications such as crowd sourcing computers to scour for aliens. General population has lot of interest due to the nature of how it relates to their religion, and our historic records. Cracking an encryption key is not important for a random user browsing the internet because it doesn’t relate to them at all. The incentive to donate their computing power ceases to play a role. Specialized data centers have to be utilized with the most sophisticated algorithms, and resources which only because of sheer numbers may succeed.
RSA encryption is the most widely used because it is actively happening almost as consistent as we breathe within a web browser. It depends on the web servers having a set of two large prime numbers that they had generated in secrecy so that another party cannot easily match the pair. It performs arithmetic operations using these prime numbers such as multiplication, and division. It requires the specific two prime numbers to be exact to obtain the original data before it was encrypted. The prime numbers could have hundreds of digits within them which is incomprehensible for a human to perform arithmetic operations with. Computers have methods for easily generating these primes however it requires two different primes to reverse the mathematic operations to obtain the original information.
RSA code breaking would require a function to find every prime number. Primes that are found would have to be used with other primes using the same search method, and then attempting to use those primes with the operations on the particular data. It would still depend on whether or not you know what the data looks like to determine if the prime numbers were the particular key pair used. The hurdles are absolutely realistic and is the main concept behind the trust left with these cryptographic methods.
Primes are generated using an initial seed which puts them anywhere between several digits to hundreds of digits within the number itself. It is such a large address space that the computer would exhaust its memory attempting to keep a list to attempt to perform the operations after each unlisted prime is found. You may imagine in the context of web browsers themselves requiring a gigabyte of RAM at times for particularly graphical, or video intense features of sites. It would be exponentially larger, and would grow at a rate while also increasing the time it takes to attempt the verification as each new prime is found. The software has to attempt to pair every prime found with all new primes which means the longer the list becomes the longer it will take. It becomes infeasible quite quickly.
The current technology in the year 2016 has amazing circumstances such as cloud, extremely fast bandwidth, Moor’s law almost maxed out, and the ability for any small business to have the crunching power of the most important companies on the planet. It becomes possible to reconsider the original methods for attempting to crack these keys in a way that expands the speed, and memory limitations of prior attacks. All sorts of crafty projects exist to coordinate, plan, and optimize results consisting of billions of separate operations. These processes ultimately answers the most critical, or basic problems in our society. Siri performs countless multiplication, and comparison operations just to begin to recognize your speech as particular areas of interest. These calculations are being used on every syllable, or word that you speak which exponentially increases the complexity. It was inevitably successful, and is being used by mass consumers for any categories that Apple believes we may request as buyers of their products.
Cyber war programs worldwide have drastically increased in funding within the past decade. NSA revelations amongst other Chinese, and Russian hacks are causing security to become the cornerstone of any corporations natural due diligence. The budgets of small countries for these areas will exceed tens of thousands of salaries for individuals working within the fields. Resources are being poured into it like never before, and the criminal activity has surpassed the drug trade recently. It would be neglectful to imagine that people wouldn’t revisit the cryptography side of security to attempt to increase probability of success.
I’ve spent a lot of time researching, and considering the abilities of our current technology and the relationships with security infrastructure in place today. I am not pouring money, or man hours into these concepts but believe that they need to be considered a legitimate concern. Quantum computing allows mathematical functions to attempt calculations at such a higher rate that it will be feasible to break our current encryption technology within a short few years. Everything that you communicate across the internet today may be read sooner than anyone would want to believe. Data centers, and internet providers can create long term dumps of encrypted traffic with intention of decrypting it in the future.
It requires a new set of methods which will raise bar and ensure security for the foreseeable future. It is important to do this as quickly as possible because the internet is a backwards compatible network. Most of the protocols were developed in the 1970s region of our history. Large portions of information being thrown onto the internet is going to stay as it is using the same software for many years. It is impossible to fix some problems with particular sets of core protocols regardless of how dangerous they may be abused. The longer that we believe our current encryption technology is secure directly affects the amount of abuse, fraud, manipulation, and other activities will take place in the near future. It would render things such as insider trading to become as normal as Russia having it legalized.
Bitcoin is a cutting edge economic experiment with more than 10 billion of assets that solely relies on encryption algorithms which contain these same limitations. Anyone could shift funds anywhere within the Bitcoin network with even small vulnerabilities found within their methods. Secure socket layer which web browsers use to protect banking transactions amongst many other datasets has the same reliability on encryption being secure. Bitcoin is extremely interesting because of the vast number of accounts which are publicly available to anyone who downloads the software.
Cryptography is infeasible to waste those expensive resources to undermine a single encryption key. However, if you were to attempt to break every Bitcoin address with funds in it simultaneously then your chances of success are increased by the exact amount of those addresses. It relies on some very low level technical knowledge, and circumstances as well but I’m just attempting to deliver a state of mind to you. SSL projects exist today which contain all known websites certificates so that they can verify other variables within them. The same concept of increasing that probability exist there as well.
It is also feasible to attack the session keys themselves. Proceeding from this direction would allow you to record all communications between various hosts which would amount to thousands rapidly, and then attempt to brute force the keys for them all at once. It would be increase the probability of success although its tough to determine beforehand whether the particular encrypted communication is of any value. The session keys themselves are far less difficult to crack being other algorithms. It is the concept that since the keys change so often that it is not the correct approach. SSH encrypted management connections for web servers, and various other technologies are also of major concern. It is more likely to have sensitive data, and could easily be retrieved from major internet providers without causing delay in the traffic due to the majority being console based access.
The realistic nature depends on your goals regarding various encrypted information. The best possibility would be to obtain as much information as possible. It would ensure that the resources, and budget would make sense. If you do not have a backdoor, then you should have almost billions of attempts to decrypt communications for every prime match that is found.
Wouldn’t you like to know that there isn’t only a single needle in that haystack your attempting to scour? I’d like to address some concepts for distributing, and attacking each individual cryptographic use case but it really would require decent engineering and testing. The fact remains that things are not as they were even five years ago. It is only a matter of time that the average hackers in basements begin to obtain access to encrypted data on a mass scale to allow them to have millions, or billions of needles in their cracking environments.
Please discuss questions, or comments. I am willing to work with anyone who is interested in attacking the top 5 major protocols. I do have some extra CPU resources, and possibly enough RAM to attack them with a well optimized system. I have the majority of the distribution specification handled but I would need help developing all of the modular systems for verification against each algorithm. I do not have time to deal with the entire project. The data is not something I am shopping around for either.
submitted by mikeguidry to Information_Security [link] [comments]

03-15 17:13 - 'The day the banks got a quantum computer.' (self.Bitcoin) by /u/Serialnvestor removed from /r/Bitcoin within 11-21min

'''
the day was like any other. I got up, got dressed, showered and then I went to work. I checked the btc price as I booted up my laptop and went to write a bit of angular code for an antiquated page that wouldn't work without angular.
I sighed. I went to check the btc balance... and wtf. That couldn't be right. There was simply no trading activity on bittrex. That was confusing. Bittrex was down, binance was not allowing logins, kucoin was saying that btc was "suspended" Well that was not good. I went to my old coinbase account, and tried to buy bitcoin. Coinbase wasn't selling. Gdax trading had stopped.
Well... shit. Time to look at the blockchain itself. I popped open block explorer, and I was horrified. There were millions of transactions that had all been triggered. The mempool was swamped. And every single transaction was sending the entire contents of their wallet to one of the btc eater addresses. The entire money supply of bitcoin had been... burned.
I sat back in horror. I searched the blockchain for my wallet. My measly hoard of 10.5 btc had also been burned. I now had... no money. This.... was bad.
I told my boss I was feeling ill, went to my bank, got my private key, booted up my bitcoin core wallet and looked at my balance. 0btc. This was... pretty terrible.
I turned on the television a month later. Apparently, wells fargo had bought a supercomputer from the nsa, because the nsa was broke, because their director had gotten into a fight with trump in 2021 over russian soldiers on us soil, and trump had gotten their funding reduced to zero dollars. So they had sold a quantum computer to wells fargo. Wells fargo had turned around and used that supercomputer to calculate the private keys of every bitcoin wallet in existence and then.... shut the network down. Burned it with fire. Boom. Gone.
They had gone through not just bitcoin but through thousands of alt coins.
There were only a few surviving cryptocurrencies that had survived the fiery attack by the banksters. Those were the quantum immune cryptocurrencies. They had changed their PoW algorithm, or they signed their addresses differently, or they used one time signatures.
There were congressional hearings, and several people went to jail, wells fargo disavowed use of a quantum device to destroy bitcoin but they were found out.
That was the day that bitcoin had a fork to bitcoin-q. It was a non contentious fork, but that was only the beginning of bitcoin's woes. People had lost faith in btc, and another crypto had risen to take its place in marketcap and individual coin price. It had been a small and insignificant alt before the quantum attack. It had been worth less than $5 before the quantum hack. Now, it was worth well over $5000 (in rubles). It had STOLEN btc's value.
And that all happened because on a forum post in 2018, 3 years before the btc hack went down, a lone cryptographer on the btc forums on reddit who was yelling at other redditors about the need for a quantum secure blockchain protocol had been ignored and the users had gone on without realizing the absolute horrifying quantum danger the good ship btc was sailing into...
We need to implement quantum secure wallets or some other method to prevent quantum attacks. This needs to have happened yesterday, because soon a quantum computer will emerge. And then a malicious person will get their hands on it. And they will use the quantum computer to steal bitcoin, burn the system down, or launch 51% attacks. Quantum is an emerging threat that can kill bitcoin in an instant if we don't fix the quantum loopholes in the blockchain's armor. So get off your thumbs, tweet to the devs, write proposals, write code and lets get to work implementing a patch of some sort.
'''
The day the banks got a quantum computer.
Go1dfish undelete link
unreddit undelete link
Author: Serialnvestor
submitted by removalbot to removalbot [link] [comments]

[uncensored-r/CryptoCurrency] Is Crypto Currency truly at risk due to Quantum Computers, and what can you do about it?

The following post by satoshibytes is being replicated because some comments within the post(but not the post itself) have been openly removed.
The original post can be found(in censored form) at this link:
np.reddit.com/ CryptoCurrency/comments/7uvomu
The original post's content was as follows:

Is Crypto Currency truly at risk due to Quantum Computers, and what can you do about it?

There is no denying that the Quantum revolution is coming. Security protocols for the internet, banking, telecommunications, etc... are all at risk, and your Bitcoins (and alt-cryptos) are next!
This article is not really about quantum computers[i], but, rather, how they will affect the future of cryptocurrency, and what steps a smart investor will take. Since this is a complicated subject, my intention is to provide just enough relevant information without being too “techy.”

The Quantum Evolution

In 1982, Nobel winning physicist, Richard Feynman, hypothesized how quantum computers[ii] would be used in modern life.
Just one year later, Apple released the “Apple Lisa”[iii] – a home computer with a 7.89MHz processor and a whopping 5MB hard drive, and, if you enjoy nostalgia, it used 5.25in floppy disks.
Today, we walk around with portable devices that are thousands of times more powerful, and, yet, our modern day computers still work in a simple manner, with simple math, and simple operators[iv]. They now just do it so fast and efficient that we forget what’s happening behind the scenes.
No doubt, the human race is accelerating at a remarkable speed, and we’ve become obsessed with quantifying everything - from the everyday details of life to the entire universe[v]. Not only do we know how to precisely measure elementary particles, we also know how to control their actions!
Yet, even with all this advancement, modern computers cannot “crack” cryptocurrencies without the use of a great deal more computing power, and since it’s more than the planet can currently supply, it could take millions, if not billions, of years.
However, what current computers can’t do, quantum computers can!
So, how can something that was conceptualized in the 1980’s, and, as of yet, has no practical application, compromise cryptocurrencies and take over Bitcoin?
To best answer this question, let’s begin by looking at a bitcoin address.

What exactly is a Bitcoin address?

Well, in layman terms, a Bitcoin address is used to send and receive Bitcoins, and looking a bit closer (excuse the pun), it has two parts:[vi]
A public key that is openly shared with the world to accept payments. A private key that is derived from the public key. The private key is made up of 256 bits of information in a (hopefully) random order. This 256 bit code is 64 characters long (in the range of 0-9/a-f) and further compressed into a 52 character code (using RIPEMD-160).
NOTE: Although many people talk about Bitcoin encryption, Bitcoin does not use Encryption. Instead, Bitcoin uses a hashing algorithm (for more info, please see endnote below[vii]).
Now, back to understanding the private key:
The Bitcoin address “1EHNa6Q4Jz2uvNExL497mE43ikXhwF6kZm” translates to a private key of “5HpHagT65TZzG1PH3CSu63k8DbpvD8s5ip4nEB3kEsreAnchuDf” which further translates to a 256 bit private key of “0000000000000000000000000000000000000000000000000000000000000001” (this should go without saying, but do not use this address/private key because it was compromised long ago.) Although there are a few more calculations that go behind the scenes, these are the most relevant details.
Now, to access a Bitcoin address, you first need the private key, and from this private key, the public key is derived. With current computers, it’s classically impractical to attempt to find a private key based on a public key. Simply put, you need the private key to know the public key.
However, it has already been theorized (and technically proven) that due to private key compression, multiple private keys can be used to access the same public key (aka address). This means that your Bitcoin address has multiple private keys associated with it, and, if someone accidentally discovers or “cracks” any one of those private keys, they have access to all the funds in that specific address.
There is even a pool of a few dedicated people hunting for these potential overlaps[viii], and they are, in fact, getting very efficient at it. The creator of the pool also has a website listing every possible Bitcoin private key/address in existence[ix], and, as of this writing, the pool averages 204 trillion keys per day!
But wait! Before you get scared and start panic selling, the probability of finding a Bitcoin address containing funds (or even being used) is highly unlikely – nevertheless, still possible!
However, the more Bitcoin users, the more likely a “collision” (finding overlapping private/public key pairs)! You see, the security of a Bitcoin address is simply based on large numbers! How large? Well, according to my math, 1.157920892373x1077 potential private keys exist (that number represents over 9,500 digits in length! For some perspective, this entire article contains just over 14,000 characters. Therefore, the total number of Bitcoin addresses is so great that the probability of finding an active address with funds is infinitesimal.

So, how do Quantum Computers present a threat?

At this point, you might be thinking, “How can a quantum computer defeat this overwhelming number of possibilities?” Well, to put it simple; Superposition and Entanglement[x].
Superposition allows a quantum bit (qbit) to be in multiple states at the same time. Entanglement allows an observer to know the measurement of a particle in any location in the universe. If you have ever heard Einstein’s quote, “Spooky Action at a Distance,” he was talking about Entanglement!
To give you an idea of how this works, imagine how efficient you would be if you could make your coffee, drive your car, and walk your dog all at the same time, while also knowing the temperature of your coffee before drinking, the current maintenance requirements for your car, and even what your dog is thinking! In a nutshell, quantum computers have the ability to process and analyze countless bits of information simultaneously – and so fast, and in such a different way, that no human mind can comprehend!
At this stage, it is estimated that the Bitcoin address hash algorithm will be defeated by quantum computers before 2028 (and quite possibly much sooner)! The NSA has even stated that the SHA256 hash algorithm (the same hash algorithm that Bitcoin uses) is no longer considered secure, and, as a result, the NSA has now moved to new hashing techniques, and that was in 2016! Prior to that, in 2014, the NSA also invested a large amount of money in a research program called “Penetrating Hard Targets project”[xi] which was used for further Quantum Computer study and how to break “strong encryption and hashing algorithms.” Does NSA know something they’re not saying or are they just preemptively preparing?
Nonetheless, before long, we will be in a post-quantum cryptography world where quantum computers can crack crypto addresses and take all the funds in any wallet.

What are Bitcoin core developers doing about this threat?

Well, as of now, absolutely nothing. Quantum computers are not considered a threat by Bitcoin developers nor by most of the crypto-community. I’m sure when the time comes, Bitcoin core developers will implement a new cryptographic algorithm that all future addresses/transactions will utilize. However, will this happen before post-quantum cryptography[xii]?
Moreover, even after new cryptographic implementation, what about all the old addresses? Well, if your address has been actively used on the network (sending funds), it will be in imminent danger of a quantum attack. Therefore, everyone who is holding funds in an old address will need to send their funds to a new address (using a quantum safe crypto-format). If you think network congestion is a problem now, just wait…
Additionally, there is the potential that the transition to a new hashing algorithm will require a hard fork (a soft fork may also suffice), and this could result in a serious problem because there should not be multiple copies of the same blockchain/ledger. If one fork gets attacked, the address on the other fork is also compromised. As a side-note, the blockchain Nebulas[xiii] will have the ability to modify the base blockchain software without any forks. This includes adding new and more secure hashing algorithms over time! Nebulas is due to be released in 2018.

Who would want to attack Bitcoin?

Bitcoin and cryptocurrency represent a threat to the controlling financial system of our modern economy. Entire countries have outright banned cryptocurrency[xiv] and even arrested people[xv], and while discrediting it, some countries are copying cryptocurrency to use (and control) in their economy[xvi]!
Furthermore, Visa[xvii], Mastercard[xviii], Discover[xix], and most banks act like they want nothing to do with cryptocurrency, all the while seeing the potential of blockchain technology and developing their own[xx]. Just like any disruptive technology, Bitcoin and cryptocurrencies have their fair share of enemies!
As of now, quantum computers are being developed by some of the largest companies in the world, as well as private government agencies.
No doubt, we will see a post-quantum cryptography world sooner than most realize. By that point, who knows how long “3 letter agencies” will have been using quantum technology - and what they’ll be capable of!

What can we do to protect ourselves today?

...
submitted by censorship_notifier to noncensored_bitcoin [link] [comments]

How many qubits would it take to break Bitcoins SHA 256 bit encryption?

INFORMATION I GATHERED
Where are we at? 512 qubit computer ... But these are low quality qubits mainly due to issues with sufficient isolation from our universe, getting clear readings, and speeding up the gates. Also Dwave computers are currently limited in a way that supposedly does not have the capability for encryption cracking
If the qubits worked optimally how much does it take to break existing encryption? 2048-bit RSA requires roughly 4096 qubits while a quantum computer to break the equivalently secure 224-bit Elliptic Curve Cryptography requires between 1300 and 1600 qubits Yes this is not bitcoins 256 bit, nor the same math, but its the closest information I could reasonably find.
The NSA is preparing to make a computer that can crack any currently used difficult encryption except types that are quantum protected like the new Lattice encryption. When the NSA is done it will be able to crack Bitcions SHA256 private keys using the public. Right now they are currently working with a 2 qubit computer to do testing before the production implementation
Remember those /bitcoin frontpage posts about how cracking bitcoin would require a computer the size of the universe? Check out this excerpt about a 300 qubit computer "The projected performance of this new experimental quantum simulator eclipses the current maximum capacity of any known computer by an astonishing 10 to the power of 80. That is 1 followed by 80 zeros, in other words 80 orders of magnitude, a truly mind-boggling scale," Dr Michael Biercuk, at the University of Sydney, said. "[It] has the potential to perform calculations that would require a supercomputer larger than the size of the known universe - and it does it all in a diameter of less than a millimetre.
Adding to alarm is that quantum computers double in their ability to calculate with every qubit. In general, a quantum computer with n qubits can be in an arbitrary superposition of up to 2n different states simultaneously To build more powerful quantum computers, though is currently restrained by the quality of the qubit. If you read the timeline of quantum computing advancements you will see progress is being made on this at a decent pace though. Once we have a clean method down, the multidimensional sky is the limit.
Yes the rest of the banking industry is also largely vulnerable if such a quantum computer was made, as they also use common public key encryption.
Another caveat is that bitcoin uses 2 encryption methods. SHA256 for mining. Elliptic Curve for relating the pubic keys and private keys.
QUESTIONS FOR BITCOIN
Ok so, that is what related information I could find.
Yes I realize there is plenty of material written about how bitcoin code can be updated, or other reasons quantum computers are not a concern, but the point here is that the community needs to know about when this risk will happen and be prepared. It could be sooner or further away than we expected and everyone's finances should not be caught off guard. This post is about when bitcoin should expect a risk, not gauging the risk (unless it is zero)
submitted by imkharn to Bitcoin [link] [comments]

A Beginner’s Guide To Quantum Computing - YouTube An NSA Quantum-Resistant Cryptocurrency, and Pomp Doesn’t Own BTC??? LagerMaschinen.de - YouTube NSA FOIA Reveals SR/WL Comms, ND Fire Started By Computer Glitch??? Quantum Computers Explained – Limits of Human Technology

In their paperwhich landed at arXiv in late October, Divesh Aggarwal and nsa quantum computer .. Bitcoin mining has evolved since the inception of BTC in 2009.Quantum Code is a very misleading automated binary options software that is claiming that you can make $1,892,460 (around two million dollars) every month just by making a little ... The goal of the competition is to select the best post-quantum cryptographic algorithm. Interestingly, the U.S. National Security Agency also expressed its readiness to benefit from the NIST submission. Back in 2015, the NSA said that it planned to move its National Security Systems to post-quantum public key cryptography. In the past few ... Quantum computer systems shall be a risk to Bitcoin and XRP - ... you possibly can additionally say what if the NSA has quantum computing. ... billionaires bitcoin blackmail email 2019 bitcoin block explorer bitcoin blockchain bitcoin bull run bitcoin buy bitcoin calculator bitcoin card bitcoin cash bitcoin cash news bitcoin cash price bitcoin ... In 2017, IBM announced a 50-qubit quantum computer, while Google upped the ante in 2018 with Bristlecone, a 72-qubit quantum computer. Despite these efforts, quantum computing won’t have many practical applications until scientists can cut down on quantum decoherence and the number of qubits is significantly increased. IBM Q is an initiative ... Quantum computers, first theorized by physicist Richard Feynman in 1982, have promised a new era of computing. The theory has only recently translated into significant real-world advances, with NASA, the CIA and Google working on a quantum computer. Computer scientists now warn the machines will cripple existing encryption methods and destroy bitcoin’s technological foundations.

[index] [8023] [4695] [10692] [2763] [14179] [33647] [26105] [20757] [2462] [753]

A Beginner’s Guide To Quantum Computing - YouTube

Dr. Talia Gershon, a materials scientist by training, came to IBM Research in 2012. After 4.5 years of developing next-generation solar cell materials, she g... Save BIG on Auto, Home and Life Insurance! https://patriotrates.com ^^^Click the Link Above to Get Your FREE Quote Today. You'll never believe the new excuse for the ND fire, a computer glitch. An ... An NSA Quantum-Resistant Cryptocurrency, and Pomp Doesn’t Own BTC??? ... Practical Quantum Computing - MIT AI Conference 2019 - Duration: ... 100 Trillion Dollar Bitcoin Catalyst - Duration: 21:35. Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube. We are moving rapidly toward quantum computing. How does the technology work and what does it mean for our future? Scientist Dario Gil, VP of Science and Sol...

http://ethmining.phaeverdemp.gq