The $BTC (-0.07%) network is known to have the most secure computer network in the world. However, myths and fears have been swirling around a certain technology for years. Time and again it is said: "Quantum computers could destroy Bitcoin!"
I recently received the following comment here on GetQuin, for example:
"I hope you get away with it and Bitcoin will never break, not even because of quantum computers that will crack the dinky Bitcoin encryption with a flick of the wrist."
In addition, recently $GOOGL (+0.94%) caused quite a stir with the presentation of their new quantum processor "Willow". This processor with 105 physical qubits is said to be able to perform calculations that would take even the best supercomputer longer than the universe exists - according to a headline in IT magazine Heise.
But what does this mean for Bitcoin, which is based on cryptographic security mechanisms?
The key question is: Are we already at a point where quantum computers can become dangerous to Bitcoin?
In this post, I want to take a look at the potential attack vectors that quantum computers could have on the Bitcoin network. I will discuss how real this threat is today and give you an outlook on how Bitcoin could deal with this challenge in the future. Along the way, I'll try to give you a bit of know-how about Bitcoin mining and Bitcoin addresses.
What is Google's "Willow" and why is it causing discussion?
Google has attracted the attention of the technology world with the launch of its latest quantum processor, Willow. Willow is part of the next generation of quantum computers and is designed to significantly outperform its predecessors. Willow already has 105 qubits - but what exactly is a "qubit"?
As most of you probably know, a normal computer works with so-called bits. A bit can assume two states: 0 or 1. A qubit, on the other hand, can do something special: it can assume both states simultaneously - i.e. 0 and 1 at the same time.
But what is the benefit of this? Quantum computers can calculate many possible solutions to a problem at the same time instead of going through them step by step like conventional computers. This makes them potentially much faster, especially for complex tasks.
Willow brings improvements in two key areas in particular, namely scalability and error correction.
Quantum computers struggle with high error rates and a limited number of qubits, making them unusable for many practical applications. Google's Willow is intended to significantly reduce these problems and thus pave the way for more powerful quantum computers.
And this is precisely where the crucial question arises: Could a quantum computer like Willow jeopardize the security of the Bitcoin network?
The discussion focuses on two main concerns:
(1) SHA-256 and mining security
Could a quantum computer find valid blocks faster and thus dominate mining? And could an attacker even carry out a 51% attack on the network using a quantum computer?
(2) Can the private key be calculated from the public key?
Is there a risk that quantum computers can calculate private keys from public keys and thus steal Bitcoin from other people?
SHA-256 and mining security
SHA-256 forms the cryptographic basis of the Bitcoin network and is the core of the proof-of-work mechanism that validates transactions and secures the network.
But how could a quantum computer jeopardize this mechanism?
A brief excursion into the mining process
The goal of every miner is to find a valid block that they can add to the blockchain. In return, the miner receives the block reward, which is currently 3.125 Bitcoin, as well as the transaction fees for all transactions contained in the block.
A valid block is found when the hash of the block is smaller than a specified target value (difficulty).
In simple terms, the process looks like this:
- The miner grabs transactions and assembles a block from them.
- It "chases" the block through the SHA-256 algorithm and generates a hash.
- It checks whether the hash is smaller than the target value.
- If this is not the case, it changes a parameter in the block (nonce) and repeats the process. Theoretically, it can also re-sort the transactions or fiddle with the time a little, but that's going too far :D
SHA-256 is a so-called one-way function, which means that you cannot calculate back from the hash (output) to the original data (input). The only way for miners to find a valid block is therefore to repeat this process over and over again - a pure trial-and-error procedure. The more computing power a miner has, the more often it can carry out this process and the higher its probability of finding the next block.
A powerful quantum computer could use the Grover algorithm This means that a quantum computer could mine more efficiently than conventional hardware, allowing it to find more blocks and potentially dominate the network.
Danger of a 51% attack
If a quantum computer can actually mine faster than all other participants combined, an attacker could launch a 51% attack attack. This would allow him to
- Censor transactions,
- undo past transactions,
- carry out double spending.
But why is such an attack unlikely?
(1) Inefficiency:
An attacker who has the computing power for a 51% attack could use it much more profitably by mining regularly and earning Bitcoin. An attack would drastically lower the price of Bitcoin, thereby nullifying its own advantage.
(2) Technology in the hands of everyone:
It is likely that honest miners would also have access to quantum computing technology. This would neutralize the advantage of a single attacker.
Protection mechanisms of the network
(1) Difficulty Adjustment:
Bitcoin has a Difficulty Adjustment that automatically adjusts the mining difficulty every 2016 blocks to the computing power of the network. A miner with a quantum computer could only utilize its efficiency until the next Difficulty Adjustment. After that, the difficulty would be adjusted so that its advantage is neutralized.
(2) Technological reality:
In order to use the Grover algorithm effectively with SHA-256, it is estimated that several thousand to millions of error-corrected qubits would be would be necessary.
For comparison: Google's Willow has 105 physical qubits. These enable a certain amount of error correction during calculations thanks to innovative technologies, but do not represent fully error-corrected qubits. To create a completely error-free qubit, hundreds or even thousands of physical qubits are needed. This makes the development of stable quantum computers particularly difficult.
But why is this the case?
Every new qubit that is added to a quantum computer increases the computing power exponentially. However, the susceptibility to errors also increases exponentially! The development of error-corrected quantum computers is therefore extremely complex and technically challenging. It will probably be decades before quantum computers are powerful enough for the scenario described.
Elliptic curve cryptography
In order to explain this point, we need to make another small digression. This time not into mining, but into how Bitcoin addresses work and the interaction between private and public keys:
From private to public key:
1. a private key is simply a random 256-digit number in binary form (256 zeros and ones :D)
2. the public key is generated by a mathematical operation called scalar multiplication on an elliptic curve (Bitcoin uses the curve secp256k1) from the private key. This is again a mathematical one-way function and is only efficient in one direction. Calculating back from the public key to the private key is impossible (yet?)
From the public key to the Bitcoin address
1. the public key is first hashed with SHA-256. This creates a 256-bit hash.
2. the result is then hashed by RIPEMD-160 (another hashing algo), creating a 160-bit value. This shortened hash is used as the basis for the Bitcoin address.
3. finally, the hash is converted into a readable format by the so-called Base58Check encoding, including a checksum to avoid typing errors.
What I would like to show you:
If the public key is known, "only" the elliptic curve would have to be calculated back in order to gain access to the private key and thus the Bitcoin on it.
However, if only the public Bitcoin address is known, you would first have to back-calculate RIPEMD-160, then SHA-256 and then the elliptic curve in order to access the Bitcoin.
When does the public key become visible?
As long as an address is only used as a receiving address, the public key remains hidden, as the address only contains the hashed public key. The public key only becomes visible when coins are issued from the address.
During a transaction, the owner of the address must provide the public key and a valid signature to prove that they have the corresponding private key. From this point onwards, the public key is publicly visible and theoretically vulnerable to attack.
(Incidentally, this is another reason why you should only ever use a Bitcoin address once)
This leads to two potential attack scenarios by quantum computers:
(1) Attack on the elliptic curve
A quantum computer could use the Shor algorithm to crack the elliptic curve and calculate the private key from a known public key. However, to make this possible would require several million error-corrected qubits. would be required. As previously described, we are still decades away from this, and it is also uncertain whether this will ever be possible.
(2) Attack on SHA-256 and RIPEMD-160:
For a direct attack on a Bitcoin address, an attacker would have to crack both hash functions and additionally the elliptic curve. With the Grover algorithm, a quantum computer would have to try up to 2^80 combinations with RIPEMD-160 to find the input and then up to 2^128 again with SHA-256... and then the elliptic curve would still have to be cracked.
Accordingly, this scenario is also extremely unlikely and probably still several decades away.
Bitcoin continues to develop!
A major advantage of Bitcoin is its ability to adapt to new technological challenges through protocol upgrades. If the threat of quantum computing ever becomes real, the network could rely on quantum-safe algorithms be converted. These algorithms are specifically designed to remain secure against attacks from powerful quantum computers.
There are already some ideas for this in the community. It is highly likely that a new, quantum-safe address format will be introduced in the future. Bitcoin owners would then have to switch to this new address format. (You can find out more about the process of Bitcoin's further development here: https://getqu.in/BWrHVw/)
Of course, the lost coins in particular would be potentially at risk, as they could be brought back onto the market by quantum computers at some point in the distant future. Satoshi Nakamoto's approximately 1.1 million Bitcoin are of particular interest. However, as these were never moved and the public key is therefore unknown, these addresses are also particularly difficult to crack. In the distant future, quantum computers would probably still take an extremely long time to crack one of these addresses (and Satoshi has many different addresses, estimated at around 20,000 :D).
Conclusion
Bitcoin is based on robust cryptographic mechanisms that are absolutely not at risk even from the most innovative quantum computers of today, such as Google's Willow. The computing power required to attack the network is far beyond our technological capabilities.
Even with future advances in quantum computing technology, Bitcoin offers protection mechanisms such as Difficulty Adjustment and a flexible architecture that can be converted to quantum-safe cryptography. The current security mechanisms will remain strong for many decades to come, and through best practices - such as the unique use of a Bitcoin address - you can achieve additional protection today.
The myths surrounding quantum computers and Bitcoin are therefore absolutely unfounded from today's perspective. I have also often been asked why this upgrade to quantum-safe addresses does not already exist - the answer is quite simple, because there is no need yet :)
I hope the article has been reasonably comprehensible, even if it is very technical in parts.
As always, if you have any questions, feel free to ask them in the comments👇
Have a nice evening!
