Cloud Hosting

John Smith, who has been regularly keeping up with computer science, quantum computing, and cryptocurrency-related developments, claims that the future of crypto is quantum-resistant, meaning we must build systems that can protect themselves against the potential attack from quantum computers (QCs) when they become powerful enough to present a challenge to digital asset networks.

While discussing what the future threat to Bitcoin (BTC) from Quantum Computing might be, and how big of a deal it really is, Smith claims that the threat is that quantum computers will eventually be able to break Bitcoins current digital signatures, which could render the network insecure and cause it to lose value.

He goes on to question why there isnt already a solution as trivial as simply upgrading the signatures? He explains that this might not be possible due to the decentralized nature of Bitcoin and other large crypto-asset networks such as Ethereum (ETH).

While discussing how long until someone actually develops a quantum computer that can steal BTC by quickly deriving private keys from their associated public keys, Smith reveals that serious estimates range somewhere from 5 to over 30 years, with the median expert opinion being around 15 years.

Smooth added:

Banks/govts/etc. will soon upgrade to quantum-resistant cryptography to secure themselves going forward. Bitcoin, however, with large financial incentives for attacking it and no central authority that can upgrade *for* users, faces a unique set of challenges.

Going on to mention the main challenges, Smith notes that we can separate vulnerable BTC into three classes, including lost coins (which are estimated to be several million), non-lost coins residing in reused/taproot/otherwise-vulnerable addresses, and coins in the mempool (i.e., being transacted).

Beginning with lost coins, why are they even an issue? Because its possible to steal a huge number all at once and then selling them in mass quantities which could tank the entire crypto market. He added that if that seems imminent, the market could preemptively tank. He also mentioned that an attacker may profit greatly by provoking either of the above and shorting BTC.

While proposing potential solutions, Smith suggests preemptively burning lost coins via soft fork (or backwards compatible upgrade). He clarifies that just how well this works will depend on:

He further noted:

Another potential way around the problem of millions of lost BTC is if a benevolent party were to steal & then altruistically burn them. Not clear how realistic this is, given the financial incentives involved & who the parties likely to have this capability would be.

He added:

Moving on why are non-lost coins with vulnerable public keys an issue? This is self-evident. The primary threat to the wealth of BTC holders is their BTC being stolen. And as with lost coins, a related threat is that the market starts to fear such an attack is possible.

He also mentioned that another solution could be that Bitcoin adds a quantum-resistant signature and holders proactively migrate. He points out that how well this all works will depend on:

While discussing the vulnerability of coins in the mempool, Smith mentioned that it could complicate migration to quantum-resistant addresses *after* large QCs are built or it could greatly magnify the threat posed by an unanticipated black swan advance in QC.

While proposing other solutions, Smith noted:

A commit-reveal tx scheme can be used to migrate coins without mempool security. This gets around the vulnerability of a users old public key by adding an extra encryption/decryption step based on their new quantum-resistant key but w/ crucial limitations.

He added:

Considerations w/ commit-reveal migration [are that] its not foolproof unless a user starts with their coins stored in a non-vulnerable address, because attackers can steal any vulnerable coins simply by beating the original owner to the punch.

Considerations with commit-reveal migration are also that commit transactions introduce technical hurdles (vs. regular txs) & increase the load on the network. Neither of these are insurmountable by any means, but they suggest that this method should not be relied upon too heavily, Smith claims.

He also noted that how well the commit-reveal transaction type works will depend on:

He added:

One potential way around the network overhead & just plain hassle of commit-reveal migration would be if a highly efficient quantum-resistant zero-knowledge proof were discovered. Current QR ZK algorithms are far too large to use in Bitcoin, but that could change. Worth noting.

While sharing other potential solutions, Smith noted that theres the tank the attack & rebuild.

He pointed out that Bitcoins network effects are massive, so it is challenging to accurately estimate or predict what the crypto ecosystem will look like in the future, but the potential economic disruption of BTC failing may incentivize extraordinary measures to save the network.

He added:

Bitcoins ability to tank a quantum-computing-related market crash will depend on [whether theres] another chain capable of replacing BTC as the main crypto store of value [and whether] BTC [can] avoid a mining death spiral? Also, how far will stakeholders go to ensure the network survives & rebounds?

Smith also mentioned that for people or institutions holding Bitcoin, some good measures may be purchasing insurance, and/or hedging BTC exposure with an asset that would be expected to increase in value in the case of an attack.

Originally posted here:
Quantum Computers May Steal Bitcoin by Deriving Private Keys once Advanced Enough in 5-30 Years, Experts Claim - Crowdfund Insider