Bitcoin Q&A: Migrating to post-quantum cryptography


[AUDIENCE] I have two questions that are-
[ANDREAS] Two questions? Okay, fine.
[AUDIENCE] Both of them are about risks
against Bitcoin. The first one is technological.
Recently, the National Institute of
Standards and Technology (NIST)…
said it is time to start promoting migration
to post-quantum cryptography, because…
[quantum computing] will weaken
the asymmetric cryptography of SHA-256.
We are talking about an attack of 51%, but in that case
it will take ten or twenty years [to create] a 99% attack.
One bad actor with a quantum computer will be
spending much less energy than anyone else,
and will acquire 99% of the hashing power.
[ANDREAS] If it is 99%, it is not an attack.
You realize that? [AUDIENCE] Yeah, it is a monopoly.
[ANDREAS] Well, not necessarily.
[AUDIENCE] Very quickly-
[ANDREAS] That is the first question?
[AUDIENCE] Yes. So do we change the algorithm?
Move to proof-of-stake? Things like that.
The second question is about the corporations…
and governments, who will not be happy with Bitcoin.
[ANDREAS] Oh no, [they won’t be happy?] [Laughter]
[AUDIENCE] Bitcoin’s community will need to respond.
Any ideas about this?
[ANDREAS] Okay, great.
First question, quantum cryptography and
more specifically quantum cryptanalysis.
At some point, quantum computing will exceed
the [strength] of current cryptographic algorithms.
Listen, that is part of [developing] cryptography.
You have twenty to thirty years of usable life cycle…
an algorithm before it is [broken] due to new
developments in mathematics and technology, etc.
Bitcoin is such that it can be upgraded; both the signing
algorithm and the hashing algorithm can be switched…
for other algorithms if we think
there is a need to do that.
Quantum [computing] represents a threat only if
it is unevenly distributed in commercial sectors.
But if quantum [computing] and
cryptanalysis is available only to one actor,
mostly likely they are a state actor
and they will not use it on Bitcoin.
[Instead], they will keep it secret and use it
at a time when they are threatened, such as…
by a cryptographically secured nuclear weapon
or whatever, some crazy [situation] like that.
Certainly, what we’ve seen with intelligence
agencies that have computing advantages,
they don’t use it until there is a dire emergency,
and Bitcoin is not a dire emergency.
Once you use it and everybody knows you have it,
then all the algorithms will be changed.
You have one shot, so you better make it good.
If quantum computing is available broadly, then miners
upgrade to quantum computers and use quantum SHA.
Crois-SHA-ntum. [Laughter] Something like that.
I don’t know. We would change the algorithms.
If there is enough availability of quantum computing
that 99% of mining capacity switched over, the chance…
the chance that it will be controlled
by one person is pretty slim.
[An attack would just prompt] everybody to run ‘quantum
SHA,’ and it will be a transition like when we went from…
FPGA to ASIC.
We will see a different order of magnitude
or several orders of magnitude improvement.
Keep in mind that running a quantum
computer is neither free nor easy, right?
It will be expensive in terms of energy and cooling costs.
The electricity that you are not spending [on hashing]…
will be spent on keeping the [machine] at
200 degrees below zero. All of these things add up.
We don’t know what the economics will be.
I try not to solve problems until problems come up.
Bitcoin is very much a system where we solve
problems when it is necessary to solve them.
We will see. As for the second [question about]
corporations and governments not being happy,
I’m sure that they won’t be happy.
I believe this is the [point] where people decided that
the King wouldn’t be too happy with their choices.
Kings were not happy anywhere, and yet the revolution
happened anyway. Bitcoin is a technological revolution.
It is a global system. Corporations and
governments must adapt to new technology.
They have been adapting to new technologies
for hundreds, sometimes thousands, of years.
They will adapt to Bitcoin, which is neither the worst
thing nor the most insurmountable thing to happen.
There could be far worse cryptocurrencies than
Bitcoin from the perspective of governments.
But the fact that governments will not
be happy really doesn’t concern me much.
Bitcoin is a system that does not require
their permission, approval, cooperation,
endorsement, or assistance.
It is a system that simply exists now.
[They] can deny that it exists, but it still exists.
[They] can pretend it will go away, but it isn’t.
We can talk all day about whether the government
should or shouldn’t regulate Bitcoin.
The difficult question is whether governments can
regulate Bitcoin. The answer is simple: they can’t.
They can’t regulate Bitcoin itself. They can regulate the
edges, the behaviour of some users within their borders,
under certain circumstances, but the truth is
that they can’t really regulate Bitcoin itself.
Governments and corporations will need to adapt.
I think that is a feature of Bitcoin, not a bug.
I think that is one of the reasons why
Bitcoin is so exciting to a lot of people.
It introduces a new choice. It is not saying you can’t
[do money] the old way, in hierarchical organizations,
restricted within one border and jurisdiction, and banking
with a central bank. You can still do all of those things.
But we will also do this and see which one is better.
That is really the bottom line.

24 thoughts on “Bitcoin Q&A: Migrating to post-quantum cryptography

  1. I don't know if you read these but what do you think of Bread Wallet? Also is it safe to print a paper wallet or is it possible you can have that history compromised even after clearing history?

  2. "Governments/Industry won't be happy" …..

    GOOD! Since when do we go around trying to appease 'masters'? Free your minds, folks!

  3. Peter Schiff is having a Bitcoin vs Gold debate… you should reach out to him!! it would be nice to have 2 heavyweights debating 2 stores of value that are coming to a head!!

  4. I am admittedly not smart enough to understand the math and technicalities behind these claims but perhaps some of you readers are. It seems that Iota with their Directed Acyclic Graph (DAG) named the Tangle are already taking extensive precautions to protect themselves from quantum computing attacks.

    Their system is also very scalable and becomes faster as it grows.

    This is from their whitepaper:

    4.3 Resistance to quantum computations

    It is known that a (today still hypothetical) sufficiently large quantum computer can be very efficient for handling problems where only way to solve it is to guess answers repeatedly and check them. The process of finding a nonce in order to generate a Bitcoin block is a good example of such a problem. As of today, in average one must check around 268 nonces to find a suitable hash that allows to generate a block. It is known (see e.g. [13]) that a quantum computer would need Θ(√N) operations to solve a problem of the above sort that needs Θ(N) operations on a classical computer. Therefore, a quantum computer would be around √2 68 = 234 ≈ 17 billion times more efficient in Bitcoin mining than a classical one.

    Also, it is worth noting that if blockchain does not increase its difficulty in response to increased hashing power, that would lead to increased rate of orphaned blocks. Observe that, for the same reason, the “large weight” attack described above would also be much more efficient on a quantum computer. However, capping the weight from above (as suggested in Section 4) would effectively fence off a quantum computer attack as well, due to the following reason. In iota, the number of nonces that one needs to check in order to find a suitable hash for issuing a transaction is not so huge, it is only around 38. The gain of efficiency for an “ideal” quantum computer would be therefore of order 34 = 81, which is already quite acceptable (also, remember that Θ(√N) could easily mean 10√N or so). Also, the algorithm is such that the time to find a nonce is not much larger than the time needed for other tasks necessary to issue a transaction, and the latter part is much more resistant against quantum computing.

    Therefore, the above discussion suggests that the tangle provides a much better protection against an adversary with a quantum computer compared to the (Bitcoin) blockchain.

  5. What they are doing is NOT "quantum" any more than believing it is making it so. :-/ consider carefully what quantum entails, the definition does not meet their criteria.

  6. These guys both have it wrong. The hashing doesn't need to change. Quantum computers are not exponentially better at hashing, and in fact there is a chance that asics are still better. The real issue with Quantum computers is that ESCDSA is compromised. We can't use public and private key encryption, which is one of the foundation blocks (pun intended) of bitcoin. Quantum computers will be able to guess the private keys we use to spend everybody's funds, it's what they're extremely good at.

  7. with less than 2000 good qubits, a quantum computer could create every possible wallet address and exploit exchanges, similar to recent etherium scandal.

  8. They better hurry up with the post quantum crypto..
    I think you underestimate the speed of the matter in which quantum computing is developing.

  9. What about AI? Can not that have a effect on the blockchain? Has anyone ever posed this question to AI and have them run it against each other?

  10. I think people are missing something very important. Today we encrypt our data using binary computers. In the quantum era we will use quantum computers to encrypt the data. Is not like only the bad guys will have the good stuff…

  11. Couldn’t large nations such as the USA already be covertly hoarding as much bitcoin as possible? Could the NSA carry out the worlds largest covert mining/insider trading operations to hack, mine and trade their way to be the dominant holder of btc and thus have massive influence/control over the btc price? And If they do that, then they would have converted bitcoin back into a manipulated and centrally controlled currency. Keeping the status quo? Why wouldn’t they quash the threat that way? And if they did that would we be able to find the evidence?

  12. I was at a conference
    Today and one of the university professors mentioned his son and his friend both 15,years old purchased the parts needed for making the super computer in Japan? !!!!

Leave a Reply

Your email address will not be published. Required fields are marked *