Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Bitcoin Hardware

Quantum Computers Are a Million Times Too Small To Hack Bitcoin (newscientist.com) 61

Posted by BeauHD from the harvest-now-decrypt-later dept.
MattSparkes shares a report from New Scientist: Quantum computers would need to become around one million times larger than they are today in order to break the SHA-256 algorithm that secures bitcoin, which would put the cryptocurrency at risk from hackers. Breaking this impenetrable code is essentially impossible for ordinary computers, but quantum computers, which can exploit the properties of quantum physics to speed up some calculations, could theoretically crack it open.

[Mark Webber at the University of Sussex, UK, and his colleagues] calculated that breaking bitcoin's encryption in this 10 minute window would require a quantum computer with 1.9 billion qubits, while cracking it in an hour would require a machine with 317 million qubits. Even allowing for a whole day, this figure only drops to 13 million qubits. This is reassuring news for bitcoin owners because current machines have only a tiny fraction of this -- IBM's record-breaking superconducting quantum computer has only 127 qubits, so devices would need to become a million times larger to threaten the cryptocurrency, something Webber says is unlikely to happen for a decade. The study has been published in the journal AVS Quantum Science.
This discussion has been archived. No new comments can be posted.

Quantum Computers Are a Million Times Too Small To Hack Bitcoin More

Quantum Computers Are a Million Times Too Small To Hack Bitcoin

Comments Filter:

  • MD5 required more than heatdeath of the universe. Then it was cracked, and eventually easy.

    This I don't believe.

    • MD5 required more than heatdeath of the universe.

      Still does - if you're bruteforcing the full keyspace.

      But you're right- that's always, and will always be the rub- cryptographic hashes (seem) to always be vulnerable to some kind of smaller-than-bruteforce keyspace search.

      • One of interests is to someday make an image that contains its own MD5 checksum. Should be doable by the average cryptographer eventually on modern hardware.

        • How in the world can you make a checksum of something that is immediately going to change the moment you insert the checksum? Is there something I'm missing here?
          image = image+checksum(image+checksum(ad infinitum...)
          Do you see the problem there? Every time you compute the checksum and then add it to the image, the checksum will change. You have to know the checksum before you can insert it into the image. Sure you can keep iterating until you eventually find something that works but with modern hardware it

          • Re: (Score:2)

            by MobyDisk ( 75490 )

            Not as hard, but similar: XKCD: Self description [xkcd.com]

            • Yeah, but XKCD's example could be solved with a simple quadratic or similar equation being executed once, and you can even make intelligent guesses to get to the answer in just a few steps but computing md5=(image+md5) isn't since you must have the md5 BEFORE you can even begin to compute the md5. The only real solution is going to be similar to

              for i =1 to infinity
              if md5(image+i)=i then print "hurray"; exit
              else next

              Yes you could use random numbers or whatever type of search you like but since the md5 isn't

      • What is it with Slashdot and crypto shilling? Asymmetric encryption backs buttcoins, and you can use AES of multiple lengths including 256 in TLS. Forget the facts though, Slashdot is livin in a crypto paradise.
    • MD5 is still secure for preimage attacks. It's obviously insecure for collision attacks.

  • Now do secp256k1... (Score:3)

    by Entrope ( 68843 ) on Tuesday January 25, 2022 @08:43PM (#62207729) Homepage

    Hashes like SHA-256 and symmetric ciphers like AES are relatively robust to quantum computers. Traditional asymmetric cryptography is much easier for quantum computers to break, and would allow attackers to forge new transactions that move bitcoins between arbitrary wallets -- for example, the huge number of coins that Satoshi mined early on. The

  • Submitter didn't understand bitcoin or the paper (Score:5, Informative)

    by FeelGood314 ( 2516288 ) on Tuesday January 25, 2022 @08:54PM (#62207755)
    The paper is talking about the 256 bit ECC keys. SHA-256 doesn't secure bitcoin, it is the current proof of work method for bitcoin. Many coins change their proof of work method, it doesn't really affect the transactions. The paper talk about a real threat to bitcoin in that a large enough quantum computer could crack the 256 bit ECC keys used to spend the contents of a bitcoin wallet. Math Trigger Warning! A bitcoin wallet address is the hash of the public key. If I give you a public key and a signed transaction for the wallet with the address that is the hash of the public key, you can hash the public key to verify the wallet address and then use the public key to validate the transaction. If you have an ECC public key and a really big quantum computer you can find the private key needed to sign transactions and thus steal the contents of the wallet. Except in bitcoin you only see the public key the first time money is spent from a wallet. Assuming people in the future only use wallets once this means you only have at most 10 minutes from the time the transaction is published to the network to find the private key, create your own transaction and get some miner to mine it into the block chain before the legitimate spend is recorded in the block chain. The paper calculates a quantum computer would need 317 million cubits to do this calculation in the 10 minute window.

    • Thanks it was helpful.

    • That makes sense. 1,000,000X is a really small security margin (20 bits) for SHA-256 and Grover would only take you down to 128 from 256. So I could tell the summary was nonsense.

    • Also importantly, quantum computers don't have - even if they were here in a large enough version - a big advantage over classical once it comes to hashing algorithms. They can only reduce the search space by a square root, e.g. halfing the bit size.

  • Hacker cracks bitcoin with HP 35C.

  • Interesting, but the question everyone is wondering is... can we do quantum mining! /s

    • From a crypto currency stand point there are two things a quantum computer can do - 1) they can find the period of functions, this instantly cracks RSA and with a bit of work solves discrete logarithms the basis for elliptic curve cryptography. 2) they can halve the bit strength of any hash algorithm. So a 256 bit hash only has 128 bits of strength. 128 bits is still beyond any foreseeable computing power in the next 40 years.

      But lets look a bit closer at the mining hashing in Bitcoin. Bitcoin uses a

  • Correct me if I'm wrong (Score:5, Insightful)

    by clawsoon ( 748629 ) on Tuesday January 25, 2022 @09:08PM (#62207809)
    Wouldn't the cracking of Bitcoin be a relatively minor story in the shitstorm if SHA256 was broken?

    • Yes, but they've gotta have clickbait headlines to get those page views and drive up advertiser revenue.

    • Yes but quantum computers can at best only cut bit size of a hash function in half. And 2^128 is still too large to brute force. Quantum computers are not a concern for hash functions.

  • An exoplanet made of qubits.

  • If you had a computer that powerful that it approaches the power to break Bitcoin, it would definitely be more profitable to mine Bitcoin with it instead.

  • a quantum hacker you crack bitcoin, the majority of miners would probably agree to fix it?

  • Bitcoin is completely secure, nothing to worry about.

    something Webber says is unlikely to happen for a decade

    oh. so all my bitcoins might become worthless in ten years?

  • Doublings (Score:2, Interesting)

    by michaelmalak ( 91262 )

    If the size of quantum computers continues to double annually as it has been, that's log2(13 million / 127) = 17 years, or 2039.

    If, on the other hand, the pace drops to doubling biennially, that'd be 34 years, or 2056.

  • by order of magnitude. So, that means that SHA-256 is only “6” away from being broken.

  • you just need 51% of the mining to control bitcoin

  • 13 million qubits in about 32 years https://www.wolframalpha.com/i... [wolframalpha.com]

  • Firstly yes Quantum computing that is a danger is not happening anytime in the near future, way to many problems still to overcome for any sort of viability. Regardless it doesn't need to be a million times stronger, if a computer could break encryption in a year that would be devasting, so based on the maths in the summary that is around a 280 times increase in size required just to do in a year.
  • One of my major misgivings with crypto as a holding medium (transfer medium is somewhat of a different case) is the inevitability of "today" crypto being busted by "tomorrow" hardware and code. Even without an implementation flaw in the code or key sharing or something.

  • Good thing there's no precident (Score:3)

    by rsilvergun ( 571051 ) on Tuesday January 25, 2022 @11:28PM (#62208127)
    of computers getting more complex and capable by several orders of magnitude. Now if you'll excuse me I need to do some programming on my IBM 700 series mainframe.
  • I don't find this reassuring at all. We will have that kind of power someday so Bitcoin will essentially become futile in the future. Or am I missing something?

  • Given current understanding of quantum computing (Score:5, Insightful)

    by LostMyBeaver ( 1226054 ) on Wednesday January 26, 2022 @12:23AM (#62208179)
    Quantum computers are not what most people think they are.

    First of all, the point of a quantum computer is that algorithms run on a quantum computer should in theory decrease from exponential time to polynomial time.

    The estimates made above are based on current qubit technology which in traditional computing terms is equivalent to transistors soldered together one by one in the 1950's compared to a modern computer with transistor to transistor interconnects measured in nanometers.

    A current qubit propagation delay (there are better terms, but I'm trying to make analogies) is approximately 300 times slower than the qubits that are the "holy grail" of all quantum computer developers. This is the approximate speed they are focused on to make quantum a clearly usable technology. So, if the head of the CSC Finland quantum project is to be believed, this is a great focus.

    At least for now, the goal of most public (not privately owned) quantum projects around the world is to create a quantum computing grid which would link all quantum computers together over the globe as basically a quantum super computer. In addition, each of these computers within a few years are scheduled to be connected directly to exascale HPC systems.

    There are major points against cracking SHA-256 on quantum computers during the next 10 years.

    1) No one in quantum gives a rats ass about bitcoin. These machines aren't being built for that. They're being built to estimate approximate shapes of proteins and to solve quantum chemistry problems such as understanding hydrogen cyanide (the smallest goal for quantum at this time... and it's already been done on quantum simulators... but it's a starting point)

    2) Qubits are far from reliable. We currently depend on error correction algorithms to provide results. This is amazing for things which can be estimated by quantum and polished up by traditional computers. But it's not reliable or things like cracking precise bit chains. It's quite similar to the problems we faced with transistors before the first stable and reproduceable transistor was made.

    3) The energy required to operate a quantum computer is expensive and there is little value in using them as an assault on the economy.

    I can go on... but at least for 5-10 years, even if a hostile government were to invest in a goal of compromising bitcoin, it's not likely to happen.

    Quantum is difficult for most people to understand and there are some excellent lectures from Microsoft Research presented by Krysta M. Svore who is one of the most talented people I've encountered in this field. I highly recommend watching her presentations if you want to understand more.

    Before you watch her though, there are some key points which I'll explain here which makes quantum much much easier to understand.

    1) Quantum is much more like an FPGA than a CPU. More accurately, it's reconfigurable computing. When you develop algorithms, you're pretty much defining the order in which qubits are wired. This allows the output of one qubit to be directly routed into the next.

    2) Currently, quantum computers are programed in terms of satisfiability rather than an order of instructions. You wouldn't really compute loops. Rather you're attaching a series of what we might have called gates in the past and you're using the equivalent of comparative logic... in analog quantum computers, this would be like an opamp and in digital quantum computers, this would be like nand gates. So you would make use of superposition (find videos on this) and attach a series of quantum gates/logic/bits.... to describe what would be a solution to a problem. For the most part, this kind of thinking should be pretty clear to people who have developed in VHDL or even coded in functional languages.

    3) We are working weirdly at this time. We've developed languages like Q# which are high level languages for quantum computers and make quantum practical. We sort of skipped the whole assembly language phase. This means th

  • ... a million quantum computers, then.

    Thankfully there's No Such Agency in the US that could every amass that much computing power. Ever.

    • Comment removed based on user account deletion

      • Re: (Score:2)

        by ceoyoyo ( 59147 )

        It doesn't.

        A quantum computer's power is really given by how many bits each bit interacts with. A billion cubits isolated from each other isn't much use.

        You cannot make a beowulf cluster of those.

  • There is $1,030B in bitcoin.

    If you stole ALL of it, you wouldn't really be able to spend it.

    So say you're going to steal 1% of it. That's 10.3 billion dollars.

    Fukagu is the world's fastest computer. You can buy one for $1B. That's 10% of the reward money.
    It is an exascale computer, calculating 10**18 calculations per second.
    A typical desktop computer does 150-200 million calculations per second, or: 2*10**8 calculations.
    So Fukagu is about 10**10 times faster, which is... 10,000,000x faster.

    1.9 billion q

  • Today we have a hard time building a quantum arithmetic device with 137 qbits (thanks IBM!). That is an experimental machine. I think that once we have a really workable technology for building qbit machinery, our quantum machines will immediately be a million times larger.
  • "I think there is a world market for maybe five computers."

    "640K ought to be enough for anyone."

    We've heard it and seen it before. In a few decades time, quantum computers will be more than powerful enough to crack bitcoin, it's just a matter of "when", not "if"

  • Right now a secret cabal of AIs is laughing their diodes off... "heh, they fell for it, they think *computers* are the security problem. WE WON!

    Meanwhile, someone's getting sent an NFT that steals all their Ether while feeling perfectly secure because they read that computers won't decrypt the keychain.

  • As usual clickbait sinopsis sweeping under the carpet the huge issue that not a single error corrected (or logical) qubit has been demonstrated
  • Just hack the passwords to the accounts.

  • Right? A few years, and it'll be broken, as quantum computers grow, and crackers rent space on AmazOoogle QuantumCloud (tm).

  • Elephant in the room question; How long will it take 1 quantum computer to brute force crack open Satoshi's wallet? Next question; what if you had 1 million quantum computers all working that same wallet, divide and conqueror style.
  • Well, then you basically just need a million quantum computers...
  • Actually, it is only 100,000 times bigger (not 1M) In fact: 1.3 * 10^7 / 1.27 * 10^2 is about 10^5, i.e. 100K times bigger.

  • Only a decade away?

    Sounds like Bitcoin should be pushing a protocol update to move to a quantum-safe algorithm already to be honest. They already exist and have for years.

    Especially for something that purports to have billions in value, 10 years is not a lot of time to push such an update and you KNOW that you MUST do so eventually, so why are they waiting?

Slashdot Top Deals

In the long run, every program becomes rococco, and then rubble. -- Alan Perlis

Close