LoginSignup
profile image
Stefan21
@stefan_21
6Mon·

Quantum computer vs. bitcoin (875326)

The $BTC (-0.27%) network is known to have the most secure computer network in the world. However, myths and fears have been swirling around a certain technology for years. Time and again it is said: "Quantum computers could destroy Bitcoin!"


I recently received the following comment here on GetQuin, for example:

"I hope you get away with it and Bitcoin will never break, not even because of quantum computers that will crack the dinky Bitcoin encryption with a flick of the wrist."


In addition, recently $GOOGL (+0.85%) caused quite a stir with the presentation of their new quantum processor "Willow". This processor with 105 physical qubits is said to be able to perform calculations that would take even the best supercomputer longer than the universe exists - according to a headline in IT magazine Heise.


But what does this mean for Bitcoin, which is based on cryptographic security mechanisms?


The key question is: Are we already at a point where quantum computers can become dangerous to Bitcoin?


In this post, I want to take a look at the potential attack vectors that quantum computers could have on the Bitcoin network. I will discuss how real this threat is today and give you an outlook on how Bitcoin could deal with this challenge in the future. Along the way, I'll try to give you a bit of know-how about Bitcoin mining and Bitcoin addresses.


What is Google's "Willow" and why is it causing discussion?

Google has attracted the attention of the technology world with the launch of its latest quantum processor, Willow. Willow is part of the next generation of quantum computers and is designed to significantly outperform its predecessors. Willow already has 105 qubits - but what exactly is a "qubit"?


As most of you probably know, a normal computer works with so-called bits. A bit can assume two states: 0 or 1. A qubit, on the other hand, can do something special: it can assume both states simultaneously - i.e. 0 and 1 at the same time.

But what is the benefit of this? Quantum computers can calculate many possible solutions to a problem at the same time instead of going through them step by step like conventional computers. This makes them potentially much faster, especially for complex tasks.


Willow brings improvements in two key areas in particular, namely scalability and error correction.

Quantum computers struggle with high error rates and a limited number of qubits, making them unusable for many practical applications. Google's Willow is intended to significantly reduce these problems and thus pave the way for more powerful quantum computers.


And this is precisely where the crucial question arises: Could a quantum computer like Willow jeopardize the security of the Bitcoin network?


The discussion focuses on two main concerns:


(1) SHA-256 and mining security

Could a quantum computer find valid blocks faster and thus dominate mining? And could an attacker even carry out a 51% attack on the network using a quantum computer?


(2) Can the private key be calculated from the public key?

Is there a risk that quantum computers can calculate private keys from public keys and thus steal Bitcoin from other people?


SHA-256 and mining security

SHA-256 forms the cryptographic basis of the Bitcoin network and is the core of the proof-of-work mechanism that validates transactions and secures the network.

But how could a quantum computer jeopardize this mechanism?


A brief excursion into the mining process

The goal of every miner is to find a valid block that they can add to the blockchain. In return, the miner receives the block reward, which is currently 3.125 Bitcoin, as well as the transaction fees for all transactions contained in the block.

A valid block is found when the hash of the block is smaller than a specified target value (difficulty).


In simple terms, the process looks like this:

  • The miner grabs transactions and assembles a block from them.
  • It "chases" the block through the SHA-256 algorithm and generates a hash.
  • It checks whether the hash is smaller than the target value.
  • If this is not the case, it changes a parameter in the block (nonce) and repeats the process. Theoretically, it can also re-sort the transactions or fiddle with the time a little, but that's going too far :D


SHA-256 is a so-called one-way function, which means that you cannot calculate back from the hash (output) to the original data (input). The only way for miners to find a valid block is therefore to repeat this process over and over again - a pure trial-and-error procedure. The more computing power a miner has, the more often it can carry out this process and the higher its probability of finding the next block.


A powerful quantum computer could use the Grover algorithm This means that a quantum computer could mine more efficiently than conventional hardware, allowing it to find more blocks and potentially dominate the network.


Danger of a 51% attack

If a quantum computer can actually mine faster than all other participants combined, an attacker could launch a 51% attack attack. This would allow him to

  • Censor transactions,
  • undo past transactions,
  • carry out double spending.



But why is such an attack unlikely?

(1) Inefficiency:

An attacker who has the computing power for a 51% attack could use it much more profitably by mining regularly and earning Bitcoin. An attack would drastically lower the price of Bitcoin, thereby nullifying its own advantage.


(2) Technology in the hands of everyone:

It is likely that honest miners would also have access to quantum computing technology. This would neutralize the advantage of a single attacker.


Protection mechanisms of the network

(1) Difficulty Adjustment:

Bitcoin has a Difficulty Adjustment that automatically adjusts the mining difficulty every 2016 blocks to the computing power of the network. A miner with a quantum computer could only utilize its efficiency until the next Difficulty Adjustment. After that, the difficulty would be adjusted so that its advantage is neutralized.


(2) Technological reality:

In order to use the Grover algorithm effectively with SHA-256, it is estimated that several thousand to millions of error-corrected qubits would be would be necessary.

For comparison: Google's Willow has 105 physical qubits. These enable a certain amount of error correction during calculations thanks to innovative technologies, but do not represent fully error-corrected qubits. To create a completely error-free qubit, hundreds or even thousands of physical qubits are needed. This makes the development of stable quantum computers particularly difficult.


But why is this the case?

Every new qubit that is added to a quantum computer increases the computing power exponentially. However, the susceptibility to errors also increases exponentially! The development of error-corrected quantum computers is therefore extremely complex and technically challenging. It will probably be decades before quantum computers are powerful enough for the scenario described.


Elliptic curve cryptography

In order to explain this point, we need to make another small digression. This time not into mining, but into how Bitcoin addresses work and the interaction between private and public keys:


From private to public key:

1. a private key is simply a random 256-digit number in binary form (256 zeros and ones :D)

2. the public key is generated by a mathematical operation called scalar multiplication on an elliptic curve (Bitcoin uses the curve secp256k1) from the private key. This is again a mathematical one-way function and is only efficient in one direction. Calculating back from the public key to the private key is impossible (yet?)


From the public key to the Bitcoin address

1. the public key is first hashed with SHA-256. This creates a 256-bit hash.

2. the result is then hashed by RIPEMD-160 (another hashing algo), creating a 160-bit value. This shortened hash is used as the basis for the Bitcoin address.

3. finally, the hash is converted into a readable format by the so-called Base58Check encoding, including a checksum to avoid typing errors.


What I would like to show you:

If the public key is known, "only" the elliptic curve would have to be calculated back in order to gain access to the private key and thus the Bitcoin on it.

However, if only the public Bitcoin address is known, you would first have to back-calculate RIPEMD-160, then SHA-256 and then the elliptic curve in order to access the Bitcoin.


When does the public key become visible?

As long as an address is only used as a receiving address, the public key remains hidden, as the address only contains the hashed public key. The public key only becomes visible when coins are issued from the address.

During a transaction, the owner of the address must provide the public key and a valid signature to prove that they have the corresponding private key. From this point onwards, the public key is publicly visible and theoretically vulnerable to attack.


(Incidentally, this is another reason why you should only ever use a Bitcoin address once)


This leads to two potential attack scenarios by quantum computers:


(1) Attack on the elliptic curve

A quantum computer could use the Shor algorithm to crack the elliptic curve and calculate the private key from a known public key. However, to make this possible would require several million error-corrected qubits. would be required. As previously described, we are still decades away from this, and it is also uncertain whether this will ever be possible.


(2) Attack on SHA-256 and RIPEMD-160:

For a direct attack on a Bitcoin address, an attacker would have to crack both hash functions and additionally the elliptic curve. With the Grover algorithm, a quantum computer would have to try up to 2^80 combinations with RIPEMD-160 to find the input and then up to 2^128 again with SHA-256... and then the elliptic curve would still have to be cracked.


Accordingly, this scenario is also extremely unlikely and probably still several decades away.


Bitcoin continues to develop!

A major advantage of Bitcoin is its ability to adapt to new technological challenges through protocol upgrades. If the threat of quantum computing ever becomes real, the network could rely on quantum-safe algorithms be converted. These algorithms are specifically designed to remain secure against attacks from powerful quantum computers.

There are already some ideas for this in the community. It is highly likely that a new, quantum-safe address format will be introduced in the future. Bitcoin owners would then have to switch to this new address format. (You can find out more about the process of Bitcoin's further development here: https://getqu.in/BWrHVw/)


Of course, the lost coins in particular would be potentially at risk, as they could be brought back onto the market by quantum computers at some point in the distant future. Satoshi Nakamoto's approximately 1.1 million Bitcoin are of particular interest. However, as these were never moved and the public key is therefore unknown, these addresses are also particularly difficult to crack. In the distant future, quantum computers would probably still take an extremely long time to crack one of these addresses (and Satoshi has many different addresses, estimated at around 20,000 :D).


Conclusion

Bitcoin is based on robust cryptographic mechanisms that are absolutely not at risk even from the most innovative quantum computers of today, such as Google's Willow. The computing power required to attack the network is far beyond our technological capabilities.

Even with future advances in quantum computing technology, Bitcoin offers protection mechanisms such as Difficulty Adjustment and a flexible architecture that can be converted to quantum-safe cryptography. The current security mechanisms will remain strong for many decades to come, and through best practices - such as the unique use of a Bitcoin address - you can achieve additional protection today.


The myths surrounding quantum computers and Bitcoin are therefore absolutely unfounded from today's perspective. I have also often been asked why this upgrade to quantum-safe addresses does not already exist - the answer is quite simple, because there is no need yet :)


I hope the article has been reasonably comprehensible, even if it is very technical in parts.

As always, if you have any questions, feel free to ask them in the comments👇


Have a nice evening!

attachment

#bitcoin

220
35 Comments
profile image
Thomas@DonkeyKongx
6Mon
after the post my IQ has risen by +30 😄💯🔥
34
profile image
Pope Donkey XXI@DonkeyInvestor
6Mon
@DonkeyKongx so now at 45?
2
profile image
Thomas@DonkeyKongx
6Mon
@DonkeyInvestor Should that be a diss now? 😂😂 you still have a lot to learn, young Padawan
1
profile image
Pope Donkey XXI@DonkeyInvestor
6Mon
@DonkeyKongx nope, a compliment 😘
1
profile image
Thomas@DonkeyKongx
6Mon
@DonkeyInvestor I'll let it go again, next time 1vs1 on the playground [without biting]😘
profile image
Pope Donkey XXI@DonkeyInvestor
6Mon
@DonkeyKongx I am a donkey. My whole fighting tactic is based on biting. You can forget it
profile image
Thomas@DonkeyKongx
6Mon
@DonkeyInvestor well, you old jackass doesn't want to learn anything new either
2
profile image
Pope Donkey XXI@DonkeyInvestor
6Mon
Mega contribution. Thanks for your assessment of the topic. I've only ever had the hacking of private keys on the agenda, but of course there could also be an attack on mining.

Two more comments on this:

If an attacker is the only one with quantum and the difficulty is increased, the attacker does not lose his advantage. It is only slightly weakened. The difficulty also increases for the rest of the network. I also find it a little difficult to see this as an attack at all.

If an attacker manipulates the blockchain with quanta, you're right of course, they're cutting themselves off. But this could also be intentional if a state, a powerful company, a mad scientist or aliens simply want to destroy Bitcoin.

Since AI changes everything, AI could of course also help to significantly accelerate the speed at which quantum computers are developed.

Overall though, thank you very much. Now I can at least look forward to the next Halving with confidence 👍
5
profile image
Stefan21@stefan_21
6Mon
@DonkeyInvestor Thank you 🫶
Yes, I also thought for a long time about whether I should include mining at all. But I've already received two questions here about whether a quantum computer could simply take over mining - as you say, it doesn't necessarily have to be an attack in that sense - market participants who have access to this technology first would just have a clear efficiency advantage.

You are absolutely right about the difficulty - the advantage would still be there in principle - but the "attacker" would take considerably longer with a 51% attack, for example, or it would be more difficult and cost-intensive to maintain the attack over a longer period of time :)

Yes, AI will certainly have a finger in the pie in the next few years. Nevertheless, I think it will be a gradual process in which the danger gradually increases. And then I'm sure that an update to quantum-safe addresses will follow in due course.
2
profile image
“Klaatu_Barada_Nikto!“@Ash
6Mon
You are someone who works in IT and therefore have a basic understanding of these things. However, I would be interested to know whether you had to familiarize yourself intensively with the topic again in this case or whether it is simply knowledge you have accumulated over the years that you have now called up.

In any case, the article has brought me one step closer to understanding Bitcoin. That's what all the coins I still own are for. 🪙🪙🪙
3
profile image
Stefan21@stefan_21
6Mon
@Ash Thank you 🧡
I had to read up again on quantum computers and the Grover and Shor algo and the susceptibility to errors. I'd heard all that before, but didn't remember it in a way that I could have just written it down :D

I also read up on the structure of Bitcoin addresses again in Bitcoin & Blockchain by Antonopoulos - I check it out from time to time. It's a really great book that goes into a lot of technical detail (right down to the source code level).

But it took me a really long time to write this post😂 I had the idea weeks ago and had already started writing it - then suddenly Google came around the corner with Willow and I thought "crap, this is a great opportunity, now I have to rewrite the post again" 😆
4
profile image
Christian@christian
6Mon
Thanks!
1
profile image
V7Hodl@V7Hodl
6Mon
Thank you! Very interesting. I didn't know about the public key😅 and I didn't know about the elyptic curve either - I thought it all worked via SHA-256😂
It will be exciting to see if and when quantum computers are actually ready. In principle, I would assume so. Willow won't have been the last breakthrough😅
1
profile image
Vinc3🚀@BlockBard
6Mon
Top article, very informative, many thanks ❤️
1
profile image
U D.@market_analyst_466
6Mon
As always: a big thank you - the learning curve went steeply upwards. ⬆️😁
1
profile image
VincGetsTheBag@VincGetsTheBag
6Mon
Stefan as always with a lot of added value! Best man
1
profile image
Moritz@leveragegrinding
6Mon
good contribution.

Scalar multiplication gave me flashbacks to VWL II, but still good
1
Moritz@MoritzMuc
6Mon
Mega! Thanks for your effort and the exciting excursion!
1
profile image
gqx@gqx
5Mon
Thanks!
1
Karbi@Karbi_maker_214
4Mon
Found it again by chance today and read it for the 2nd time thanks for that ☺️
1
market_maestro_1944@market_maestro_1944
1Mon
Thanks!
1
profile image
SemiGrowth@SemiGrowth
3Wk
Grover algorithm does not halve the number of trials (that would still be 2^255), but reduces it quadratically (square root).
The number 2^128 is correct.
You could also terminate Grover's algorithm earlier and then obtain the correct input with a certain probability not equal to 100% (but higher than 1/2^256). You would have to see how early you can end it so that there is a good chance of guessing the input
1
Rbbbbb@Rbbbbb
6Mon
#hi people if you have a hard time with taxation tax Bitcoin in monacco ✌️
strategy_sherpa_770@strategy_sherpa_770
5Mon
Bitcoin also equals math.
So don't forget it's only a matter of time before it reaches the millions.
profile image
Andy@0
4Mon
> theoretically halve the number of trials required - from 2^256 to 2^128

What?
Deleted User
6Mon
Comment was deleted
profile image
Stefan21@stefan_21
6Mon
@user35903002213 I'd love to😘
Deleted User
6Mon
Comment was deleted
profile image
Stefan21@stefan_21
6Mon
@PowerWordChill is in the article :D
Theoretically yes - practically it's not so easy because Satoshi has never moved the coins and therefore the public key of the addresses is not known. Accordingly, both hash algorithms + elliptic curve would have to be cracked - and that per address (Satoshi has approx. 20,000 different😂)
But yes, it is theoretically possible that the coins will gradually return to the market in the distant future :)
Deleted User
6Mon
Comment was deleted
profile image
Stefan21@stefan_21
6Mon
@PowerWordChill No problem, it's become a lot of text😅
profile image
Pope Donkey XXI@DonkeyInvestor
6Mon
@stefan_21 oh, as soon as the time comes, Peter can simply move the coins 🤷
1
profile image
Stefan21@stefan_21
6Mon
@DonkeyInvestor that's how it is😂😂
Deleted User
5Mon
Comment was deleted
profile image
Stefan21@stefan_21
5Mon
@Seebi Then it would be the classic 51% attack :)
An attacker wants to destroy the network by controlling 51% of the network and starts censoring transactions, double spending etc...

To do this, however, the attacker would have to expend an incredible amount of energy - and maintain the 51% computing power over a longer period of time. If another miner were to connect to the network during the attack, the attacker would be out of luck again. The attacker would have to mine faster than the rest of the world in order to be able to carry out such an attack.

I think this type of attack by quantum computers is almost impossible. Firstly, it is not certain whether quantum computers will ever become that powerful, secondly, the costs for the attacker would be enormous and thirdly, it would certainly not only be this one attacker who would have this technology, but also honest miners who could win many blocks thanks to the computing power and thus earn a lot of money :)
Join the conversation
Sign upLogin