Ask HN: Will Quantum Computing Break Bitcoin? - diveloper
======
physicsAI
Something important to keep in mind is the fact that to execute Shor's prime
factorization algorithm (which can break encryption protocols, like the RSA)
you need millions of physical quantum bits.

Even the most optimistic quantum engineers agree that building such enormous
quantum devices is likely 30+ years away. So Bitcoin has plenty of time to
adapt.

------
aphextim
TL:DR Bitcoin will most likely adapt.

>Bitcoin already has some built-in quantum resistance. If you only use Bitcoin
addresses one time, which has always been the recommended practice, then your
ECDSA public key is only ever revealed at the one time that you spend bitcoins
sent to each address. A quantum computer would need to be able to break your
key in the short time between when your transaction is first sent and when it
gets into a block. It will likely be decades after a quantum computer first
breaks a Bitcoin key before quantum computers become this fast.

>All of the commonly-used public-key algorithms are broken by QC. This
includes RSA, DSA, DH, and all forms of elliptic-curve cryptography. Public-
key crypto that is secure against QC does exist, however. Currently, Bitcoin
experts tend to favor a cryptosystem based on Lamport signatures. Lamport
signatures are very fast to compute, but they have two major downsides:

>The signature would be quite large, at least several kB (40-170 times larger
than now). This would be very bad for Bitcoin's overall scalability, since
bandwidth is one of the main limiting factors to Bitcoin's scaling. Advances
in scalability such as Segregated Witness (the signature is part of the
witness) and Lightning will be helpful. At the time that you create each
keypair, you would need to set some finite maximum number of times that you
can sign with this key. Signing more than this number of times would be
insecure. Increasing the signing limit increases the size of each signature
even more. Since you are only really supposed to use addresses once, this may
not be a huge problem for Bitcoin. There is also some ongoing academic
research on creating quantum-safe public-key algorithms with many of the same
properties as today's public-key algorithms, but this is very experimental. It
is not known whether it will end up being possible.

>A new public-key algorithm can be added to Bitcoin as a softfork. From the
end-user perspective, this would appear as the creation of a new address type,
and everyone would need to send their bitcoins to this new address type to
achieve quantum security.

[https://en.bitcoin.it/wiki/Quantum_computing_and_Bitcoin](https://en.bitcoin.it/wiki/Quantum_computing_and_Bitcoin)

