Securing Elliptic Curve Cryptocurrencies Against Quantum Vulnerabilities [pdf] (quantumai.google)
22 points by jandrewrogers 3 hours ago
int32_64 an hour ago
Is there any field with as big of gap between theory and experiment than QC? You read papers like this and think they will be harvesting all Satoshi's coins in a couple years and then you remember that nobody has even factored 21 yet on a real quantum computer.
xhkkffbf 7 minutes ago
And it's worse than that. In order to "factor" 15=3x5, they designed the circuit knowing that the factors were three and five. In other words, they just validated it. And that's something you can do with a regular CPU.
scorpionfeet 32 minutes ago
Y2K
Oh wait: thousands of programmers started working on this in the early 90s so that there would be so few failures people thought it was a scam.
The entire financial and government infrastructure was based on ecdsa until the shift to pqc. The consequences of not preparing are literal threats to global economy. That can’t be understated. The cost to switch to (hybrid) pqc is essentially zero when compared to the costs for not doing it.
Retr0id an hour ago
Fusion power comes to mind.
nostrademons an hour ago
It's interesting, solar panels were in this category in the 1980s and self-driving cars were in the 2010s, and both have had the gap between theory and practice significantly narrowed since.
jryio an hour ago
Here's an interesting discussion from Section 8 - Dormant Wallets:
If a nation state develops a sufficiently powerful quantum computer. Seizure of the Satoshi-era bitcoin wallets without post quantum protections would fund either rogue actors or nation states.
> Indeed, some governments will have the option of using CRQCs (or paying a bounty to companies) to acquire these assets (possibly to burn them by sending them to the unspendable OP RETURN address [321]) as a national security matter. As before, blockchain’s loss of the ability to reliably identify asset owners combined with the laches doctrine [319] enables governments to argue that the original owners, through years of inaction, have failed to assert their property rights
PowerElectronix an hour ago
As soon as activity is detected and reasonably atributable to sha256 being broken, bitcoin goes to zero.
some_furry 5 minutes ago
What?
Quantum computers don't break SHA256, nor would this attack be "reasonably attributable" to a SHA256 break.
In fact, if you have funds in a wallet that has never spent a transaction before (only received), it's still reasonably difficult for a CRQC to steal your funds. The trick is, the moment you've ever spent a transaction, now your public key is known (and therefore breakable).
(Yes, I'm aware of the literature on quantum search vs hash functions, but it's not a complete break like RSA or ECC.)
newpavlov 44 minutes ago
jditu 25 minutes ago
Somewhat ironic that they used ZK proofs to demonstrate they can break Bitcoin's security — while keeping the actual method secret.
SrslyJosh an hour ago
I can't think of a less useful avenue of research in cryptography right now.
gosub100 an hour ago
'Code is law' doesn't exclude quantum code.
meling 2 hours ago
Call me when they have broken ECC with a real quantum computer.
nh23423fefe 2 hours ago
Why is your use case interesting?
rvz 2 hours ago
There is a $2T dollar use-case.