ECC

RefrigeratorLow1259

Doesn't take much power as it is centralised! Only has 23 nodes all run by big corporations - The hardware requirements are massive! The hardware requirements for Hedera nodes are quite specific and depend on whether you are running a consensus node or a mirror node. It's important to note that you can't just run a consensus node; they are currently permissioned and operated by the Hedera Governing Council members. However, anyone can run a mirror node. Consensus Node Requirements The requirements for a consensus node are very high-end and are designed for enterprise-grade performance and security. These are not for a typical home setup. * CPU: A high-performance, multi-core processor (e.g., Intel Xeon or AMD EPYC) with a minimum of 24 cores/48 threads is required. There are also specific performance benchmarks (Geekbench, Passmark) that must be met. * Memory (RAM): A large amount of ECC Registered DDR4 RAM is needed, with a minimum of 256GB and a recommendation of 320GB or more. * Storage: A substantial and very fast storage solution is essential. The requirements include at least 5TB of usable NVMe SSD storage with high sequential and random read/write speeds (e.g., 2,000-6,200 MB/s sequential read). The use of RAID arrays (e.g., RAID 1 for the OS, RAID 0 or 10 for data) is recommended for redundancy and performance. * Network: A sustained, unmetered 1 Gbps internet connection is required to handle the high volume of traffic. The node must also be deployed in an isolated DMZ network with specific ports open.

pontificuxius

For the more technical side of things (if you really want to get into it), look into Elliptic Curve Cryptography (ECC), hashing and Proof-of-Work.

KarateKid84Fan

🔐 Estimating the Probability of Quantum Computing Cracking SHA-256 Let’s clarify what’s involved: ⸻ ⚙️ SHA-256 in a Nutshell • A cryptographic hash function widely used in Bitcoin, blockchain, and digital signatures. • It’s designed to be one-way, meaning you can’t feasibly reverse or “crack” it with classical methods. • Output: 256-bit hash (2²⁵⁶ possibilities ≈ 1.16 × 10⁷⁷). ⸻ ⚛️ What Quantum Computing Can (and Can’t) Do ✅ Quantum Advantage: • Grover’s Algorithm can search an unstructured space of N possibilities in √N time. • For SHA-256, that brings the effective security level from 256 bits to 128 bits. • This is still extremely strong — as strong as AES-128, which is still considered secure. ❌ Quantum Limitations (as of 2025): • Grover’s Algorithm doesn’t “crack” SHA-256 — it only speeds up brute force guessing. • SHA-256 is not broken by Shor’s Algorithm (which is used for breaking RSA/ECC). • A quantum computer capable of attacking SHA-256 with Grover’s Algorithm would need: • Around 10⁶ – 10⁷ logical qubits (not physical qubits — those are much more error-prone). • Millions of quantum gates per query • Extremely low error rates and fault-tolerant architecture. Current state-of-the-art quantum computers (as of 2025): • Have hundreds of physical qubits, not logical qubits. • No current machine can run Grover’s algorithm at SHA-256 scale. ⸻ 🧠 Bottom Line: SHA-256 is quantum-resistant for now. A quantum computer cracking it with Grover’s Algorithm would still take 2¹²⁸ operations, which is still infeasible for the foreseeable future. Estimated probability today (2025): 0% If your application uses SHA-256 (e.g., Bitcoin), it is currently safe from quantum attacks — but future-proofing (e.g., post-quantum cryptography) is worth monitoring for long-term planning.

pbfarmr

It is not a threat to all encryption equally. It is a particular threat to ECC. And a password hashing routine for some random website can easily be changed to one of the NIST accepted quantum resistant options in a few days/weeks. Doing so for BTC would be a political nightmare as has been seen with other proposed changes.

Admirable_Ice3247

A Base58Check-encoded address showing consistent partial matches across many attempts would be statistically improbable if it were happening beyond pure chance. But here's the thing: Bitcoin addresses aren't raw outputs of ECC or SHA-256 alone; they go through multiple layers, including SHA-256, RIPEMD-160, a version prefix, a checksum, and finally Base58Check encoding. So a “33% match” in address characters might feel significant, but it doesn’t necessarily imply proximity in key space. Base58 encoding isn't linear, and small character overlaps don’t mean the inputs are mathematically close. If your AI is consistently getting partial matches better than chance across millions of samples, then yes, that would be noteworthy. But you need to verify that your dataset is truly random and not biased; for example, if you’re sampling from a narrow subset of keys, burn addresses, or vanity address prefixes, the character distributions might not reflect the true address space. It’s also important to compare your results against a statistical baseline for random attempts, and ensure your parsing of Base58Check addresses is correct. Some characters appear more frequently than others due to the checksum and version byte structure, which can skew superficial comparisons. If the anomaly holds under careful scrutiny, but chances are this is due to random noise, encoding quirks, or flawed assumptions in the match criteria. Still, it's good you're probing it; asking these kinds of questions.

Admirable_Ice3247

This is interesting, but just to clarify for others reading — cracking Bitcoin wallets isn’t just a matter of finding matching characters in addresses. Bitcoin’s security is based on two cryptographic pillars: Elliptic Curve Cryptography (ECC) and SHA-256, and both are extremely robust. ECC (specifically secp256k1) is used to generate public keys from private keys via one-way elliptic curve multiplication. The process is mathematically irreversible with current computing power — even with AI — due to the difficulty of solving the elliptic curve discrete logarithm problem. Then SHA-256 (followed by RIPEMD-160 and Base58Check encoding) is used to turn public keys into wallet addresses. SHA-256 is a secure, one-way hash function designed to be patternless and collision-resistant. Matching a few characters in a Bitcoin address doesn’t get you any closer to recovering the private key or even the full address. Unless your AI can reverse either ECC or SHA-256 (which would be a global cryptographic breakthrough), matching partial characters is statistically insignificant. You’re likely just seeing noise from brute force attempts.

mustachechap

Selling all my BTC for alts at the top of 2018 and not taking any profits. I basically entered that bear market bag holding a number of alts (XRP, XLM, VET, and ECC). I spent that bear market DCA'ing more heavily into BTC and ETH, so I've managed to turn things around for me, but that was definitely the biggest mistake I've made. In 2021 I sold about half my portfolio for some nice profits, which I'm happy with. This year I've taken things further, switched to fidelity, and am also playing things like MSTR, FBTC, and BITX. Fingers crossed, but so far it's working out well.

cueballspeaking

Whenever there is any risk, any risk at all, diversifying becomes essential. Of course, everyone has their own risk tolerance. Some examples of bitcoin risk, albeit, unlikely but not zero: 1. 51% attack. Any super power could overnight decide they’re going to stand up infrastructure and takeover mining, regardless of cost.. that would make it centralized and susceptible to attack. 2. Governments could reverse course, making your ability to on/off ramp difficult or impossible. 3. ECC gets cracked and BIPs fail to pass in time to prevent quantum computing from destroying the coin. Centralized authorities like banks can move swiftly to implement post quantum cryptography. 4. Another coin could take dominance. 5. Stocks could have an incredible bull run due to Ai / productivity gains, could overshadow crypto over the next decade. And the list goes on.

bazookateeth

In retrospect, it may look like the easiest investment of the last 100 years and for some people, that is true. Its very rare to have something that has been this consistent with its cycles while still having insane multiples of growth. Now, for those who were investing before it was mainstream (i.e. 2020 although some might say earlier) it was far from a guarantee. Most of OG's will tell you that it was a completely speculative asset and not something that they threw their entire networth into. With that being said, if there was ever an asset that was ripe for disruption based strictly on historical trends and blind allegiance (meaning people who hear "Bitcoin is a good investment" from MSNBC but have no idea what BTC actually is or what blockchain technology means) it would be Bitcoin for sure. This is purely speculative but I think we are in for a massive shake-up in crypto next cycle. It could be due to quantum cracking of the ECC, it could be due to genesis wallets being completely liquidated or Satoshi's wallet being liquidated, it could be a number of things. The thesis is that BTC has had a historical run and we have never seen something perform this consistently well too a "T". Now just because something is having a crazy run doesn't mean based on merit alone that it will come down, but rather in this speculation I we were to zoom out, compared to other historical assets, there is always a massive shake up for something that has run up the way that Bitcoin has. So by that logic, it would make sense that it will follow that principle. Just my two sense.

KeySpecialist9139

Why? Because most bitcoiners are delusional. When you strip all the layers of maxitalk, you are left with a useless technology that nobody needs and is severely flawed, ergo "don't dare point out the flaws we are going to the moon" attitude. Bitcoin, the digital leviathan hailed as the future of finance, rests on a brittle cryptographic pedestal. It relies on ECC, a foundation now vulnerable to Shor’s algorithm. When a wallet’s public key is exposed on-chain, it becomes a potential target for quantum-powered private-key attack. Studies and industry roadmaps now converge on 2028 to 2030 as the window when quantum computers could feasibly break ECC. This is the moment when Bitcoin becomes a worthless monument to human stupidity and greed. Maxis answer to that is the argument that only old legacy wallets are at risk. BUT, even if only one massive wallet (like Satoshi’s) gets hit, the impact would be explosive. Current Bitcoin lacks Quantum-safe cryptography, an urgent upgrade path via BIP or soft fork, and most importantly a consensus for transition. So, if we’re talking about the first truly viable hack into bitcoin guts, a realistic estimate would be around 2029, with a broader risk window extending late 2028 through 2032. When that happens bitcoin won't be worth the paper it's printed on. 😉 Cult is are there it's left, I am afraid.

Makunouchiipp0

ECC is comparably weak to what? A Quantum computer isn’t going to be able to just run around guessing private keys. It’s going to need the public key which is only exposed upon moving funds.

xpresstuning

I'll repeat what i said before: Let's use Willow (Google's state of the art quantum chip) as an example. Willow was a major milestone wrt error rates. The current generation still has 0 real-world applications like breaking encryption. There is no functionality other than proof of concept in being able to do some extremely specific tasks faster than modern computers. Many in computational mathematics do not consider RCS to even count as computations. Google's previous "quantum" processor, Sycamore, had 53 qubits (2019). Willow has 105 physical qubits. But wait - there's IBM's Condor, sitting at 1.121 physical qubits, making it more advanced. Then there's the most advanced quantum computer on Earth is Atom with 1,180 qubits. As an example, we will use Bitcoin - Cracking its ECC encryption requires \~1,500 logical qubits (millions of physical ones). IBM's most optimistic goals are to achieve 100.000 physical qubits by 2033. Cracking Bitcoin’s encryption would require millions of error-corrected qubits. The threat is multiple decades away, and Bitcoin can upgrade to quantum-resistant tech. The same applies to general security. Post-quantum algorithms will likely be integrated into any protocol before quantum computers pose a legitimate threat. Too long, didn't read -> No. It would require millions of physical qubits to hack Bitcoin encryption. Right now the most advanced quantum computer on Earth is Atom with 1,180 qubits. Every single aspect of this "quantum threat" is a worse pile of bullshit than Y2K was. Pure sensationalism feeding on fear mongering to attract attention.

Over_Significance996

Quantum computing's gonna fuck crypto up. Those fancy algorithms like RSA and ECC? Shattered like a glass dildo under a sledgehammer once quantum computers hit enough qubits. Shor's algorithm will rip through private keys like a horny teenager through a porn mag, exposing everyones wallets almost instantly. All of crypto not just bitcoin could collapse overnight if quantum tech scales before crypto adapts. Post-quantum cryptography’s the only hope, but it’s like trying to build a bomb shelter while the nuke’s already dropping. some nerds at NIST are scrambling for quantum-resistant algorithms, but good luck getting the whole ecosystem to upgrade before the quantum apocalypse. Oh, and just imagine the quantum miners. They’ll outhash a puny ASICs so fast, you’ll think your rig’s a goddamn abacus. Pretty much we gotta adapt or get fucked.

Cryptizard

Not really, no. You can't have a quantum computer in your living room, and probably won't be able to for a very long time if ever. But fortunately it isn't necessary, we have new ciphers that will replace RSA/ECC which are believed to be secure against quantum computers, we just have to switch to them.

OderWieOderWatJunge

Bei Bitcoin ist alles 256 Bit, die Verschlüsselung der Keys ist ECC. Bei normalen Anwendungen kann man einfach die Sicherheit hochschrauben, bei einer Blockchain ist das schwierig...

OderWieOderWatJunge

SHA256 is the hash algorithm, Bitcoin's encryption is 256 Bit ECC afaik. Why are you rambling about things you don't understand?

MPH2025

Great — future-proofing a multisig Bitcoin wallet for quantum resistance is smart, especially as quantum computing continues to progress. Here’s a clear path you can take today (and plan for tomorrow): ⸻ 🛡️ How to Future-Proof Your Multisig Wallet Against Quantum Attacks 1. Minimize Public Key Exposure Quantum attacks can only target public keys that have been exposed on-chain. So: • ✅ Use addresses derived from hashes of public keys, like P2SH or P2WSH (not raw P2PK). • ✅ Don’t reuse addresses — this avoids unnecessary key exposure. • ✅ Avoid leaving coins in addresses that have already been used to send — this exposes the public key. ⸻ 2. Use a Multisig Setup Wisely You already have a 3-of-4 multisig, which is strong. To improve: • 🔐 Store each key in separate geographic and security domains. • 🧩 Consider involving hardware wallets or air-gapped devices. • 🛠️ Avoid exposing all 4 keys during regular transactions — only the 3 required. ⸻ 3. Plan for a Post-Quantum Transition Bitcoin does not yet support post-quantum cryptography (PQC) natively, but you can prepare: 🔄 Strategy: Dual-Key (Hybrid) Wallets (Experimental) • Combine secp256k1 keys with quantum-safe keys like: • XMSS, SPHINCS+, or Lattice-based signatures. • Monitor projects exploring Taproot + quantum-safe tweaks. This isn’t supported in Bitcoin Core yet, but alternative protocols (like Bitcoin-sidechains, or layer 2s like Stacks, RSK, or Ark) may adopt PQ-safe scripts sooner. ⸻ 4. Watch for Protocol Upgrades Bitcoin Core and standards like BIPs will eventually propose post-quantum-compatible address/script formats. Stay informed by: • Watching Bitcoin developer discussions (e.g., Bitcoin dev mailing list, BIPs). • Tracking proposals related to quantum-safe script opcodes or alternative signature schemes. ⸻ 5. Have a Migration Plan When PQ-safe wallets become viable: • Be ready to sweep funds from ECC-based addresses to a PQ-safe wallet before public keys are exposed by spending. • Create a recovery playbook: include clear instructions and key access protocols for future wallet migration. ⸻ 📅 TL;DR Action Plan

MPH2025

From ChatGPT Cracking a Bitcoin 3-of-4 multisignature wallet with a current quantum computer is extremely unlikely at present. Let’s break down why. ⸻ 🔐 Understanding a 3-of-4 Multisig Wallet • This type of wallet requires any 3 out of 4 private keys to sign a transaction. • The keys use elliptic curve cryptography (ECC) — specifically the secp256k1 curve. ⸻ ⚛️ Quantum Threat to ECC Quantum computers could threaten ECC using Shor’s algorithm, which can efficiently solve the elliptic curve discrete logarithm problem (ECDLP). • To break one Bitcoin private key, a quantum computer needs: • Around 2,500 logical qubits and • Error correction with millions of physical qubits. • Current quantum computers (as of 2025) have: • Fewer than 100 logical qubits (if any), • Very limited coherence times, • High error rates, • And no capacity to run Shor’s algorithm at that required scale. Conclusion: They cannot break a single ECC key yet — let alone 3 of them. ⸻ 🔍 Why Multisig Is Even Harder A 3-of-4 wallet: • Requires breaking at least 3 different ECC keys. • If none of the public keys have been used (i.e., not yet exposed on-chain), then quantum computers have no target to attack. ⸻ 🧠 Key Points

Jonkonas

Even if, we already have PQC (Post-Quantum Cryptography) algorithms like Lattice-based cryptography, that are computable by standard computers, but even high qubit quantum computers struggle with. The network would have to agree to adopt it and people would have to transfer their Bitcoins from ECC wallets (current) to the new PQC wallets. Also, algorithms that can break asymmetric encryption that Bitcoin uses (e.g. Shor's algorithm) require an amount of qubits we won't have for at least 20 years (give or take). TLDR; You're safe for a long time and when quantum computers start getting reliable for these tasks, we will have implemented new algorithms for this.

ThereIsNoGovernance

Cuz QCs can't do jack shit. The sole purpose of QC is to raise FUD about crypto. To make people afraid of relying on it to ensure their funds and privacy. This is why they keep reminding us that in less than 10 years all of the collected encrypted internet traffic will be somehow amazingly decrypted and you will go to jail for downloading some shit on the net. Any quantum physicist with an ounce of moral fortitude will explain how utterly infeasible QC is. Its a glorified pipe dream being hyped through every portal. They are actually claiming on many wiki pages that it already breaks RSA and ECC. This is utter and complete BS. QC has never been able to factor any number greater than 21. That is the legal drinking age, i.e. 3x7 not 21 bits or bytes. Try to understand how absolutely ludicrous and preposterous it is for them to make the claim that they can currently break RSA and ECC. Those algos use numbers so huge they are greater than all the electrons in the known universe. Your private key is more than the coordinates to a single grain of sand on a beach. It is the coordinates to a molecule in a grain of sand on a specific beach on a specific planet in a specific galaxy somewhere out there in the vast reaches of space. In other words, if you lose that key your crypto is gone baby gone. More importantly it means that finding that key is literally impossible. No QC will ever get even vaguely close to cracking either RSA or ECC. This will NEVER happen. However, why waste a good scam? As long as they can keep hyping this vapor tech and keep us in fear that we will get caught with our pants down and our fingers in the cookie jar, they will continue to ride this thing and make announcements about new tech with 10x more Qubits that accomplish zilch, but sounds threatening.

ThereIsNoGovernance

Dem qUaNtUm cOmPuDeRs. Yesiree! QC, which has never reliably factored any number greater than 21 (legal drinking age, not 21 bits or bytes) will somehow through the power of pure super genius physicists (who really are just in it to rake in the massive grants given them by the likes of Google, MS, IBM etc. ) will manage to fake up some random number simulation that almost looks like its breaking RSA or ECC, but is just smoke and mirrors. But they are hoping this will somehow give them the ability to claim every cold wallet on the chain, or at least reliably threaten to claim them with all the interesting things that can be with such BS propagandized on the media.

HSuke

We're talking about ECDSA (vulnerable to Shor's Algorithm) for private keys, not SHA256 for mining. Fixing historical private keys is a hard fix requiring blacklisting. Either way, the whole Internet relies in ECC and ECDSA, so there will be plenty broken due to bring able to decrypting stored traffic from years ago.

ImpossibleHodler

Current quantum computing power is ~1,200 qubits vs. 1-20 million needed to break RSA/ECC. This will collapse internet security (HTTPS, banking authentication, digital signatures) and cryptocurrency systems by breaking public-key cryptography. Old Bitcoin wallets use ECC cryptography that quantum computers will break. When quantum computers arrive, all Bitcoin using old cryptography becomes vulnerable, active, dormant, lost wallets, doesn’t matter. If Bitcoin upgrades to post-quantum cryptography, there will be a race to steal coins from wallets that haven’t migrated, especially ‘lost’ wallets where owners are dead/missing and can’t upgrade. Probably 1-5 million Bitcoin could become accessible to whoever has quantum capability first.

HSuke

Shor's Algorithm on ECDSA. Early Bitcoin addresses used ECC. https://delvingbitcoin.org/t/bitcoin-and-quantum-computing/1730

ThereIsNoGovernance

Zero Ziltch Nada. Fucking QC is a FUD psyop. Prove me wrong! Can't even factor a number greater than 21 (legal drinking age, not 21 bits or bytes) IF you believe QC is any threat to current crypto you are gullible AF. And no, embedding lies that QC already cracks ECC or even RSA into every wiki page, does not make it a real threat.

xpresstuning

I'll paste a post I did on this subject a while back to put your mind at ease (unless you're intentionally spreading negative news): Let's use Willow (Google's state of the art quantum chip) as an example. Willow was a major milestone wrt error rates. The current generation still has 0 real-world applications like breaking encryption. There is no functionality other than proof of concept in being able to do some extremely specific tasks faster than modern computers. Many in computational mathematics do not consider RCS to even count as computations. Google's previous "quantum" processor, Sycamore, had 53 qubits (2019). Willow has 105 physical qubits. But wait - there's IBM's Condor, sitting at 1.121 physical qubits, making it the most advanced. Ok. As an example, we will use Bitcoin - Cracking its ECC encryption requires ~1,500 logical qubits (millions of physical ones). IBM's most optimistic goals are to achieve 100.000 physical qubits by 2033. Cracking Bitcoin’s encryption would require millions of error-corrected qubits.The threat is multiple decades away, and Bitcoin can upgrade to quantum-resistant tech. The same applies to general security. Post-quantum algorithms will likely be integrated into any protocol before quantum computers pose a legitimate threat. Too long, didn't read -> Every single aspect of this "quantum threat" is a worse pile of bullshit than Y2K was. Pure sensationalism feeding on fear mongering to attract attention.

xpresstuning

...... Let's use Willow (Google's state of the art quantum chip) as an example. Willow was a major milestone wrt error rates. The current generation still has 0 real-world applications like breaking encryption. There is no functionality other than proof of concept in being able to do some extremely specific tasks faster than modern computers. Many in computational mathematics do not consider RCS to even count as computations. Google's previous "quantum" processor, Sycamore, had 53 qubits (2019). Willow has 105 physical qubits. But wait - there's IBM's Condor, sitting at 1.121 physical qubits, making it the most advanced. Ok. As an example, we will use Bitcoin - Cracking its ECC encryption requires ~1,500 logical qubits (millions of physical ones). IBM's most optimistic goals are to achieve 100.000 physical qubits by 2033. Cracking Bitcoin’s encryption would require millions of error-corrected qubits.The threat is multiple decades away, and Bitcoin can upgrade to quantum-resistant tech. The same applies to general security. Post-quantum algorithms will likely be integrated into any protocol before quantum computers pose a legitimate threat. Too long, didn't read -> Every single aspect of this "quantum threat" is a worse pile of bullshit than Y2K was. Pure sensationalism feeding on fear mongering to attract attention.

ReallyOrdinaryMan

Wallets will never be vulnerable. Even if quantum computing works. ECC is unhackable, or cant be reverse engineered

AromaticQueef

You think Ethereum doesn't need to hardfork away from ECC just like everyone else?

AromaticQueef

Did you even read the article? SHA 256 isn't the nearest attack vector - it's the elliptic curve cryptography (ECC) underpinning the wallet. Grover's isn't even applicable in this regard; it's Shor's - an entirely different, and much more threatening, attack Centralized tech like banks, companies, etc... have a much easier time rolling out post quantum tooling and upgrades to combat against this because they are centralized. Bitcoin's greatest strength - decentralization - is it's greatest weakness here

Real-Hat-6749

Modern CPUs absolutely, but how modern OS uses them it is another story. There are several random number generators, mostly pseudo-random, with seeds from time, decay of isotopes, mouse, keyboards, .... If after that they continue using ECC, there might be a back door.

Real-Hat-6749

As long as RNG is not based on ECC, I agree with u

RipplesOfDivinity

I think a quantum computer coming online in the wrong hands is going to have an enormous impact on bitcoin. All it takes is beating the ECC one time, and *bam* Shor’s algorithm is used and suddenly hackers have accessed millions of private keys from the public keys listed on the blockchain. Trillions of dollars of wealth are stolen or destroyed. There’s no recovering from that.

pop-1988

> consensus from 90% of all mining pools Not correct. The upgrade consensus is for 90% of a specific number of consecutive blocks to signal for the upgrade, not 90% of mining pools > Do you guys think they wouldn't agree to do the same for post-quantum cryptographic algorithms? Taproot didn't increase the size of transactions. In some cases, taproot txinputs are smaller So-called quantum-proof signatures are substantially larger than Bitcoin's current signatures, reducing the number of transactions which can fit into a block. Yes, these algorithms will be controversial > 1. Must have a non-zero balance > 2. Once condition 1 above is met, the wallet then becomes vulnerable to a "quantum-powered theft Nonsense. A Bitcoin address does not have a balance An unspent coin (UTXO) is vulnerable if its public key is exposed. An address is not a public key, it is a hash of a public key. Quantum computers are not a threat to hashing algorithms, only to public ECC keys. The public key is secret until the coin is spent. A coin is vulnerable * if it has the same address as other coins, and * if one of the other coins has been spent

Azzuro-x

"Experts estimate a 256-bit ECC key could be cracked with 2,000 logical qubits, potentially within a decade." Source: Project Eleven https://thequantuminsider.com/2025/04/18/quantum-contest-offers-1-bitcoin-for-cracking-encryption-with-shors-algorithm/ https://www.qdayprize.com/

ReallyOrdinaryMan

Quantum computing possess risk because bitcoin is defenseless to brute force attacks. Brute force attacks meaning you could create private keys and there is a chance those keys have already used and has balance in it. Nothing stops you to create private keys. Right now its not important because our computing power is so low, we need billions of devices those running for million years to find any wallet with a balance. But if quantum tech mature enough, our computing power will be multiply with thousands, if not millions. Then people would create private keys more effectively, so their chances to find wallets with balance will increase. Keys and wallets will remain untargetable because ECC still stay. But ecc will have no meaning if you could create all private keys with quantum computers.

caoram

Quantum computing is a field even experts say is very difficult and not well understood so I will defer to them rather then make claims about its capabilities and risks to existing technologies. They write warnings such as this one by paloalto a Nasdaq listed cybersecurity company: The cybersecurity risks posed by quantum computing include: Breaking Asymmetric Encryption: Quantum computers can use algorithms like Shor's to quickly factorize large integers, rendering public-key encryption methods like RSA, ECC, and DH obsolete. [source](https://www.paloaltonetworks.com/cyberpedia/what-is-quantum-computings-threat-to-cybersecurity#:~:text=The%20cybersecurity%20risks%20posed%20by,%2C%20ECC%2C%20and%20DH%20obsolete.)

ReallyOrdinaryMan

He(?) wrote "quantum key decryption" which is bullshit. I dont think they know how ECC or quantum works. ECC (bitcoin algorithm) can't be decrypted, quantum computing has nothing to do with this fact.

OderWieOderWatJunge

That's not entirely right. Bitcoin uses 256 bit ECC and upgrading it isn't too easy (didn't see a single solution yet to be precise). Your Browser and bank website can be updated easily... at least to much longer keys until you find another solution.

ReallyOrdinaryMan

Elliptic-curve cryptography is how bitcoin handles encryption. Its not about computing power, it designed that way that encryption can't be reverse engineerable. No matter how much computing power you have. What you saying in your post is different thing. Its brute forcing. Its nothing to do with encryption method (ECC). Will ECC ever be broken? I have no clue, I'm not an math expert. I hope not.

ReallyOrdinaryMan

Both Sha256 and ECC were widely used in cryptography before bitcoin, so Satoshi did nothing new about particular components of how bitcoin works. He did well about blending them together to create a product. It doesn't need to be come from future.

freakythrowaway79

Quantum computing paired with AI (like for intelligent keyspace narrowing or pattern prediction) could eventually pose a serious threat to current cryptographic systems—including Bitcoin’s elliptic curve cryptography (ECC). Bitcoin Private Key Recovery To "recover" lost Bitcoin, you'd typically need the private key associated with a known address. Bitcoin uses: Elliptic Curve Digital Signature Algorithm (ECDSA) over the secp256k1 curve. The private key is a 256-bit number. A brute force attack would mean guessing the private key, but there are 2^256 possible combinations. Insanely huge. Quantum Threat Quantum computers could use Shor’s algorithm to break ECC: Shor’s algorithm can solve discrete log problems (the core of Bitcoin’s cryptography) exponentially faster than classical methods. A fully operational fault-tolerant quantum computer with ~1,500 to 2,500 qubits could potentially crack ECC used in Bitcoin. More than likely Bitcoins encryption will be updated before we come to this crossroads.

HSuke

Because these practice keys are much shorter and many orders of magnitude easier to crack than an actual 256/384-bit ECC key.

HSuke

The title is completely misleading and threw me off too. They meant whoever cracks the "longest" key of a simple version of the ECC keys, which are much, much shorter than actual 256/384-bit ECC keys.

HSuke

I really don't get this design. It's easier to break shorter ECC keys. If they reduced it to from 256/384 bits to 48-64 bits, then this would be an idea contest. Why are putting up a contest with longer keys?

Original-Assistant-8

This article was covered by Scott Melker. Of course, if you could crack ECC, you would be able to steal waaayyyyyy more than 1 BTC. The contest is actually to see how many bits you could break. The contest is aiming to understand how close the threat is. I find it comical because the MAJOR players who are building scalable machines using a multitude of approaches are not worried about earning 1 BTC. The contest will not tell us much, but it does raise awareness. If you watch Scott's video, he at one point realizes he has always just laughed this off, but he probably shouldn't. He fully expected to poke fun at the article and then saw this is something all systems will be dealing with. I've posted over time about the progress quantum computing is making, and how coin after coin begins to dig in on how to fork over to Post Quantum Cryptography. ETH, ADA, SOL, and even some BTC maxis are talking about what they are going to do. And the more they talk, the more of a mess they realize they have in front of them. I don't think it's doomsday... unless they keep spinning rather than start building.

coinfeeds-bot

tldr; Project Eleven has launched the 'Q-Day Prize,' offering 1 Bitcoin to anyone who can crack the largest Bitcoin key using a quantum computer by April 5, 2026. The competition aims to assess the threat quantum computing poses to Bitcoin and explore quantum-proof solutions. Participants must use Shor's algorithm without classical shortcuts. With over 6 million Bitcoin potentially at risk, the challenge highlights the urgency of addressing quantum computing's impact on elliptic curve cryptography (ECC). *This summary is auto generated by a bot and not meant to replace reading the original article. As always, DYOR.

ProsumGear

I am under the impression that the rest of the world have gotten over the breakup period of losing a partner and have started strengthening and making new trade partners. Canada has signed free trade with ECC and Jan 17th right before the inauguration Mexico did the same with ECC. Canada has made deals for oil exports to china japan and finally the ECC as well and reduced dependence on exporting to trump. China, Japan and South Korea would have never worked together, if it wasn’t for trump. One of those podcasts, can’t remember which stated that as trump keeps saying he was chosen by g-d to do his work on planet trump, the explanation is that, yes, he is right, he was used as one of those biblical plagues to break down humanity and to show the effects of vileness, cruelty and lack of empathy. As we see he is harming all people a like. He was bragging in th Oval Office about Charles Schwab making 2.5 Billion $ in one day and the other guy 900 million, however he didn’t say that he actually made them lose 20% of their wealth to start with and gain only 8% back. BTC what a shame. I really was under the impression that all the crypto gurus have been talking about 200k by the end of the year, now it’s seems as a distant dream.

Embarrassed-Wish-800

I wouldn’t rely on that guy. He got discredited by the devs of another project he “found flaws in”. there response clearly showed he was incorrect. Besides, we all know where he’s interest lies so makes sense that he finds problems in other projects. The truth is it’s ignorance (not understanding). Qanplatforms XLINK is a mechanism by which a chain can continue to safely use ECC with a means to transition to PQC when needed. Because every wallet address within the XLINK layer has a PQC signature to authenticate the address, thus all wallets are secure from QC’s before and after the transition PQC wallets. Of course this is only true for testnet at the moment as the mainnet hasn’t launched yet.

freakythrowaway79

From my understand & research that is correct. Even between quantum computing & Ai technologies. Technically It would be "illegal" to hack or steal them. From my understanding even the most advanced technology won't be able to hack due to the hashing sequence. 🤔 The mathamatics involved is unthinkable. The blockchain has I'm not sure how accurate Chat GPT is but ask it yourself. There's at least low-level information available to learn about it. Estimating when SHA-256 might be broken by AI and quantum computers depends on the progress of both fields, especially quantum computing. Here’s an analysis based on current knowledge: 1. Classical Computing and AI Threats AI, even with advanced machine learning models, cannot directly break SHA-256 because it’s based on complex mathematical properties like the avalanche effect (small input changes cause large hash changes). However, AI could help: Identify patterns in hash generation or network vulnerabilities. Optimize the mining process to make it more efficient (but not to break the hashing itself). Therefore, AI alone is unlikely to break SHA-256 anytime soon, if ever. --- 2. Quantum Computing Threats Quantum computers pose a more serious threat because of their ability to solve certain mathematical problems exponentially faster than classical computers: Shor’s Algorithm Shor’s algorithm can theoretically break RSA and ECC encryption by factoring large numbers and solving discrete logarithms efficiently. However, SHA-256 is based on a one-way hashing function (not factoring or discrete logs), so Shor's algorithm cannot directly break SHA-256. Grover’s Algorithm Grover’s algorithm allows quantum computers to search an unsorted database (or invert a hash) in √N time instead of N time. For SHA-256, Grover’s algorithm could reduce the effective security from 256 bits to 128 bits — which is still very strong (AES-128 is considered secure against classical attacks). --- 3. Timeline Estimate Current quantum computers (like those from Google and IBM) have only reached about 1,000 qubits — far below the estimated millions of error-corrected qubits needed to threaten SHA-256 using Grover’s algorithm. Estimates vary, but experts predict that: It could take 15 to 30 years to develop a quantum computer capable of running Grover’s algorithm at a scale that could weaken SHA-256. It may take even longer (if ever) to reduce security to a practically exploitable level, considering the need for fault-tolerant qubits. --- 4. Post-Quantum Cryptography To prepare for this, researchers are working on post-quantum cryptography (PQC), which includes hash-based cryptography that quantum computers are unlikely to break. SHA-256 itself is not currently under immediate threat, but blockchain systems could eventually upgrade to quantum-resistant hashing algorithms (like SHA-3 or lattice-based methods). --- 👉 Conclusion AI is unlikely to break SHA-256 directly. Quantum computers using Grover’s algorithm might weaken SHA-256 to 128-bit security, but this would require millions of qubits and may take 15–30 years (or longer) to become practical. Blockchain systems will likely adopt quantum-resistant algorithms before quantum computing reaches this level.

KeySpecialist9139

Bank sector does indeed uses RSA and ECC for encryption and authentication. Shor’s algorithm also threatens these systems, no doubt, by factoring large primes or solving discrete logarithms. However, banks often employ layered security, including symmetric encryption and centralized key management. So my money is a few orders of magnitude safer in traditional banking environments.

Born_Acanthisitta395

Alright, let’s talk about Bitcoin and its potential quantum doomsday scenario—but with a bit of perspective. Right now, Bitcoin is like a medieval castle, fortified with cryptographic walls so strong that even the most advanced classical computers would need longer than the age of the universe to break in. But enter quantum computing, the rebellious new kid on the block, with a sledgehammer made of Shor’s Algorithm and an attitude that says, “Rules? What rules?” What’s the Big Quantum Scare? Bitcoin’s security relies heavily on elliptic curve cryptography (ECC)—which is fantastic against traditional computers but about as useful as a wet paper bag against a large-scale quantum computer running Shor’s Algorithm. This means: 1. Public Keys Become Sitting Ducks – Right now, your Bitcoin is safe because your private key is derived from your public key in a way that makes it mathematically impossible (for classical computers) to reverse-engineer. Quantum computers, however, could do this in minutes or hours—turning your public key into an open invitation for thieves. 2. The “Steal-it-if-it’s-not-moved” Problem – Bitcoin transactions expose public keys during a transaction. If a quantum attacker sees an unmoved Bitcoin sitting in a wallet with a known public key, they could extract the private key and take the funds before you do. It’s a classic game of “who types faster?”—except your opponent is an AI-enhanced, quantum-fueled speed demon. 3. 51% Attack on Quantum Steroids – If a sufficiently powerful quantum computer emerges, it could theoretically break Bitcoin’s mining algorithm (which uses SHA-256 hashing) more efficiently than classical miners. This could lead to quantum dominance in mining, allowing one entity to outpace the network and potentially manipulate transactions or double-spend. So, Are We All Doomed? Not really. Here’s the good news: 1. Quantum Computers Aren’t There Yet – The largest functional quantum computers today have a few hundred qubits and are mostly busy simulating molecules, optimizing logistics, and confusing undergrads. To break Bitcoin, you’d need a fault-tolerant quantum computer with millions of qubits, and we’re not even close. Experts estimate this could take 10-20 years at minimum—and that’s assuming breakthroughs that no one has figured out yet. 2. Post-Quantum Cryptography is Already a Thing – Smart people (the kind who do math for fun) are developing quantum-resistant cryptographic algorithms. Bitcoin developers are actively researching ways to upgrade the network to use post-quantum cryptography before quantum computers pose a real threat. 3. You Can Protect Your Own Bitcoin – If you’re worried, don’t reuse addresses. Use wallets that generate a fresh address for every transaction so that your public key never sits exposed for long. 4. Soft Forks and Upgrades – If quantum computing gets close to being a real problem, Bitcoin can implement a network-wide soft fork to switch to post-quantum cryptographic algorithms like lattice-based cryptography. The Bitcoin network has survived major upgrades before; this would just be a big one. The Bottom Line Right now, Bitcoin is safe, and quantum computers are more of a James Bond villain concept than an immediate apocalypse. The real risk isn’t waking up tomorrow to find Bitcoin wallets empty—it’s being too slow to adapt once quantum computing actually reaches a breaking point. Fortunately, Bitcoin’s decentralized development community is already preparing, so when the quantum revolution comes, it’s more likely to be a tech upgrade rather than a catastrophic event. Now, if someone does manage to build a million-qubit quantum computer tomorrow, well… we’ll have bigger problems than just Bitcoin.

brandonholm

It’s not as big of a threat to Bitcoin currently since you can take some simple steps to protect yourself from long exposure attacks by using a P2PKH or P2WPKH address type and avoiding address reuse. With these addresses types, an attacker would need a significantly more advanced quantum computer that’s able to crack keys within the time from when a transaction is broadcast until when it is mined. We have the time still to flesh out an ideal solution that will have minimal impact to blockchain size. In an emergency situation say if there was a quantum breakthrough tomorrow, it would be easy enough to implement a solution that would work, but is far from ideal. ECC depreciation isn’t recommended by NIST until 2030 still, and it’s likely we could see a soft fork for BIP-360 well before that, so there’s no point rushing out a solution now. Coins like QRL just exist to enrich their devs from FUD around quantum computing, which while quantum concerns are valid, there’s no reason to panic yet, especially when people are working on solutions.

brandonholm

They are still working on figuring out the best solution. The major issue is that current quantum resistant signatures are significantly larger than ECC based signatures, and will likely require another witness discount or block size increase. It will also require extensive testing before it’s introduced to main net.

LewdConfiscation

Quantum computing is definitely a long-term concern, but crypto isn’t doomed just yet. Most modern cryptographic systems, including Bitcoin and Ethereum, rely on elliptic curve cryptography (ECC), which could be broken by a powerful enough quantum computer. However, researchers are already developing post-quantum cryptography (PQC) to counteract this, and blockchain networks will likely upgrade when the time comes. For self-custody, using a Cypherrock cold wallet or other hardware wallets that can integrate PQC-resistant cryptography in the future is a smart move. Decentralized key storage, like Cypherrock approach, already adds an extra layer of security against traditional hacks, and future firmware updates could further enhance protection against quantum threats.

AltcoinBaggins

According to the following paper Shor's algorithm actually *can* be used to break ECC as well: https://eprint.iacr.org/2017/598.pdf

brandonholm

The consensus mechanism and chain history aren’t vulnerable to quantum computing. Only the ECC cryptography used when signing transactions is vulnerable. Shor’s algorithm could theoretically be used by a powerful enough quantum computer to derive private keys from exposed public keys, so really old P2PK addresses and P2TR addresses are immediately vulnerable, and any P2PKH or P2WPKH or the script hash version of these addresses are safe for now unless addresses have been re-used. These addresses will be vulnerable if QC becomes fast enough that they can derive a private key from the public key while transactions from these addresses are still pending after they’ve been signed. What will be a lot of work is getting everyone to move their coins to the new quantum safe addresses once they’re available and before a quantum threat materializes.

Tondi007

Thanks ChatGPT. However I believe this answer assumes a brute force attack. This answer, and this thread in general, is missing an important discussion on the chips impact on identifying methods of factoring large primes which would break ECC.

Pasukaru0

1: Correct. Never said anything against that. 2: Also correct. See 1 3: Also correct. See 1 > Your 8-qubit processor Mine? I don't have one. I'm on your side here. I'm fully aware that quantum computing is no threat to ECC for a long long while. I don't know why you bang on this, that was not the point I was disagreeing with you?

DereksCrazy

Asked chat GPT how I could crack Satoshi’s wallet with this 8 qubit processor and it gave me the following: An 8-qubit processor is far from capable of breaking Bitcoin’s cryptography. Bitcoin’s security is based on elliptic curve cryptography (ECC) using the secp256k1 curve, which relies on the discrete logarithm problem—a problem that is currently infeasible to solve with classical or near-term quantum computers. Why Your 8-Qubit Processor Won’t Work: 1. Quantum Volume Matters More Than Qubit Count – An 8-qubit processor has neither the coherence time nor the error correction needed for meaningful cryptographic attacks. 2. Shor’s Algorithm Requires Thousands of Logical Qubits – To break a 256-bit ECC key, you would need a fault-tolerant quantum computer with millions of physical qubits to account for noise and error correction. 3. Current Quantum Computers Are Not There Yet – The most advanced quantum processors today (as of 2025) are in the range of a few hundred physical qubits and are far from breaking ECC or SHA-256. What Would Be Needed to Break Bitcoin? • A large-scale, fault-tolerant quantum computer with at least 3000+ logical qubits (which translates to millions of physical qubits). • A stable implementation of Shor’s algorithm for ECC, which is purely theoretical for now. • Decades of advancements in quantum error correction and hardware. Reality Check: Bitcoin remains safe from quantum attacks in the foreseeable future. If practical quantum attacks on ECC emerge, the Bitcoin network can upgrade to quantum-resistant cryptography (e.g., lattice-based cryptography) before any real threat materializes. If you’re interested in quantum computing, it’s more productive to explore fields like quantum chemistry, optimization, and cryptographic research rather than hypothetical attacks on well-secured systems.

hughhefnerd

I'm replying to you, rather than brtastic, because while he is technically correct, I feel as though you may benefit more from a more simplistic breakdown (please don't think I'm being condescending, this also helped solidify my knowledge gaps) There are different cryptographic concepts/ techniques which are easily confused because they can be used in different ways: Public Key Cryptography: Is an asymmetric cryptographic system that uses a mathematically linked key pair (public and private keys) PKC has multiple applications beyond just securing data. It can be used for encryption, digital signatures, and key exchange. In encryption, the public key encrypts, and the private key decrypts (used in HTTPS, PGP). In digital signatures, the private key signs data, and the public key verifies authenticity (used in Bitcoin transactions and document signing). Encryption: There are two types of encryption but essentially encryption is the process of making data unreadable/unusable (encrypted) until it can be rendered useable again with a key (unencrypted): Symmetric Encryption: Uses the same key for encryption and decryption. Asymmetric Encryption: Uses a Key Pair, which are essentially mathematically intertwined keys (RSA, ECC) in which the encryption key is different than the decryption key. Hashing: Hashing is a cryptographic process that transforms input data into a fixed-length string (hash) using a mathematical algorithm. It is a one-way function, meaning the original data cannot be reversed from the hash. Even a small change in the input produces a drastically different output. Hashing is used for data integrity verification, password storage, and proof-of-work in Bitcoin mining. Common hashing algorithms include SHA-256 (used in Bitcoin), MD5, and Bcrypt. Unlike encryption, hashing does not require a key and is meant for verification, not secrecy. Hopefully that helps clear some of the concepts up, and explains what brtastic was saying.

StationaryTravellers

The threat of quantum computing to cryptocurrency security isn’t just theoretica, it’s a real challenge the industry will have to face. Most blockchains today rely on SHA-256 and elliptic curve cryptography (ECC), both of which could be broken by quantum computers running Shor’s algorithm.... Lqrge scale quantum attacks are probably few years away but waiting until the last minute to adapt could be a DISASTER... This is where Cellframe stands out. Unlike BTC, ETH or other major blockchains that will have to retrofit quantum resistance later (Hard fork, shutting down the network for months...), the transition will be complex and slow. Cellframe is already quantum safe. CELL uses NTRU lattice based encryption, one of the most secure cryptographic methods against Q threats. It’s a multi-chain platform designed for interoperability, scalability, and even decentralized services like VPNs. The problem is clear: once quantum computers become powerful enough, traditional blockchains will be vulnerable to key theft, double spending and identity spoofing. The solution is also clear. DYOR. NFA.

sbux123321

Bitcoin uses multiple cryptographic techniques for different aspects of its functionality: # 1. Public-Key Cryptography (Elliptic Curve Cryptography - ECC) * **Algorithm:** **Elliptic Curve Digital Signature Algorithm (ECDSA)** * **Curve:** **secp256k1** * **Purpose:** Used for generating Bitcoin addresses and signing transactions to prove ownership of funds. # 2. Hash Functions * **SHA-256 (Secure Hash Algorithm 256-bit)** * Used in Bitcoin mining and block hashing.Ensures integrity by linking blocks via cryptographic hashes. * **RIPEMD-160** * Used in Bitcoin address generation (applied after SHA-256 to produce shorter addresses). # 3. Proof of Work (PoW) and Mining * **Algorithm:** **SHA-256 (double hash)** * **Purpose:** Used in Bitcoin’s mining process for solving cryptographic puzzles to add new blocks to the blockchain. # 4. Merkle Trees * **Algorithm:** SHA-256 * **Purpose:** Efficiently verify transactions within a block without requiring the full blockchain.

Tim-Sylvester

Oh, if I didn't want to answer you, I'd just ignore you. Far in the future b/c someone has to troll the blockchain to find inactive addresses, then has to figure out how to crack their keys so they can provide credentials to move the coins at the inactive address to another place. So I figure it'll take a while, if only because of the difficulty of cracking the key. Nothing prevents someone from finding it, the hard part is cracking the key so that you can move it. If you can't move it, you can engage in a transaction, so you can't buy anything. You'd have a lot of work to get the right key. Here's Gemini. "The Bitcoin blockchain primarily uses elliptic curve cryptography (ECC), specifically the "secp256k1" curve, to generate public and private key pairs, while relying on the SHA-256 (Secure Hash Algorithm 256-bit) hashing algorithm to encrypt data within blocks, ensuring data integrity and validating transactions on the network." A 256 bit key will take a hell of a lot of work to crack. That means there's 2^256 combinations of possible keys. Which... is a lot. So it would take a while to figure it out if you don't already have it. Yes you can theoretically just guess the key, but you have a 1/(2^256) chance of that, which is very, very small.

cico_to_keto

Oh wow, I thought BTC used prime factorization but its ECC. Thank you for the correction.

jlogelin

Simply put, they are wallets that are quantum-resistant. From the users perspective, Dilithium wallets would behave functionally the same as the current ECC wallets.

type_error

How do you guys feel about that new Google quantum chip? Did some research and some people said that it would take millions of physical qbits to break ECC and SHA but others said it would only take 2500 physical / logical qbits.  Currently Googles chip, willow, only has 105 physical qbits but many think reaching 2500 can be easily achieved in 5 years. Meanwhile many think that bitcoin can shift to a quantum resistant cryptographic algorithm but others say it is inherently not possible. Thoughts?

Nanobot

Quantum computers can't do *everything* faster than classical computers. In fact, they're much slower than classical computers at almost everything. But, there are some specific types of problems that they're theoretically better at than classical computers. In particular, they're able to solve the math that underpins the RSA and ECC algorithms, which are what pretty much everyone currently uses for digital signatures and key exchanges. Bitcoin mining is based on hashing. Although quantum computers can theoretically have an advantage at hashing, it isn't the kind of advantage it has with RSA/ECC, and it isn't enough to really be a problem. The mining difficulty can simply adjust (which happens automatically) to compensate for whatever advantage quantum computers might have. For Bitcoin, the only serious problem an advanced quantum computer would pose is the ability to crack the private key during the vulnerable window of time between when bitcoins and send out of an address and when that transaction is confirmed on the blockchain. Beyond that, as long as you don't reuse the address, your bitcoins should be safe.

Longjumping_Range524

It’s going to happen. Bitcoin uses ECC for security, which is susceptible to hacking from quantum computers. When? Nobody knows. But it will go from hero to zero one day. It’s inevitable with any crypto. I’m not saying there’s a safer way to place or invest your money. I’m just saying it will happen one day. Maybe next month. Maybe 10 years from now.

HSuke

Top secret and gov data is already post-quantum and redacted when using less secure channels. The weakest data is mobile traffic. As soon as browsers start deprecating ECC, or time for everyone to update their passwords and certificates. Traditional Internet can adopt. Blockchains can't without invalidating existing private keys.

usrname_chex_out

You can’t know those coins are lost, they could just be the ultimate diamond hands hodlers. From what I understand (which is not much) it is ECC not SHA256 that is at risk of being broken by quantum computers, so as long as lost coins are not in addresses that have been reused (where their public key has been exposed), even advance quantum computers would still require billions of years to brut force the private keys.

Desperate-Barnacle-4

No, there are loads of addresses with significant amounts of BTC with known public keys. (This article says there are 1.7M BTC in P2PK addresses: https://unchained.com/blog/bitcoin-address-types-compared/) If there was a quantum computer capable of reversing ECC public key to private key I'd expect them to do something more significant. They could attack cryptography fundamental to the internet. They could attack Bitcoin transactions in flight (e.g. to send the BTC to their own addresses). They could move that 1.7M BTC. So I'd expect an attacker to steal a bunch of Bitcoin and turn it into real estate, yachts, gold etc and then sell the quantum computer to someone that wants to destroy Bitcoin and/or the internet. Then live happily ever after. This seems like someone remembering or finding an old key. Probably they just got out of prison.

Original-Assistant-8

That's a misconception. The issue here is with private/public key signing which is asymmetric. "Most asymmetric encryption methods (public-key crypto, such as RSA encryption or Elliptic Curve Cryptography (ECC)) are vulnerable to quantum attacks." You're thinking of symmetric encryption (such as AES) which is considered safe assuming the key size is appropriate. So blockchain history is fine, but many many wallets can be cracked. https://www.quintessencelabs.com/blog/why-we-need-post-quantum-cryptography-or-quantum-safe-algorithms

Model_Citizen_1776

Folks like this are going to get slaughtered when it's finally leaked that ECC and SHA have been compromised. Every bitcoin wallet is based on a public/private keypair generated with ECC and SHA. The entity able to crack these ancient (in tech terms) algorithms will be able to generate your private key from your public key. All bitcoin wallets will require user intervention to 1) generate a new wallet with an updated cryptographic technology and 2) send their funds to the new address. People will just sell. It's only a matter of time. Tick tock. In the meanwhile, enjoy the party!

Crully

If they broke sha256, they can't steal anyone's coins. Your coins in your wallet are not protected by the hashing algorithm used to mine coins. The risk with it being broken, is a malicious actor takes over the block production and honest miners can't keep up, so they could pick and choose which transactions are allowed through. So you can't move your coins, but they can. If ECC is broken, everything is fucked, not just bitcoin.

Model_Citizen_1776

Nope. I mean, you could change the block chain code to only use keypairs generated with a new and secure algorithm, but you can't automatically update all those millions of keypairs that were generated with ECC and SHA to a new tech. Each individual Bitcoin investor will have to generate a new wallet with the new tech and send his funds to it. Chaos.

Model_Citizen_1776

The black swan that takes it to zero: You wake up to news reports that a government whistle blower has credibly leaked that some security agency has cracked ECC and SHA. This means that they're able to generate your private keys from your public keys. There is no way to update all keypairs to a new cryptographic algorithm. Each crypto holder has to create a new wallet with new keys based on a new tech. Then send their bitcoin to the new wallet. Most will just sell "to be safe". Except they won't be able to sell because everyone else will be selling. Doomsday. Until that day, the party continues! Party on, dudes! Ps. You think this will never happen? The Germans thought Enigma was uncrackable too. How'd that work out for them?

Ginux

I was born in the middle 70s and have worked as a system engineer for more than a decade. I use distributed storage, linked list structures, PKI, RSA or ECC every day, but I never thought of inventing something like this. So when I first saw the Bitcoin white paper, I knew the value of this thing. It has nothing to do with age, but more to do with experience and cognitive ability

Embarrassed-Wish-800

I agree, the quantum technology is growing exponentially and it won’t be long before error correction becomes more efficient. I’m pretty sure it’s 2330 logical qubits needed for shors algorithm to break ECC

Embarrassed-Wish-800

Whilst they are not the only one taking action, it does seem that Qanplatform have an edge when it comes to their quantum resistant technology and how they are implementing it to support existing ECC wallets.

Forbidden-Kid

A Bitcoin private key (ECC key) is an integer between one and about 10^77. This may not seem like much of a selection, but for practical purposes it’s essentially infinite. If you could process one trillion private keys per second, it would take more than one million times the age of the universe to count them all. Even worse, just enumerating these keys would consume more than the total energy output of the sun for 32 years. This currently is far out for now but maybe with time!

nexted

There are known quantum resistant algorithms that we can adopt, but they have a higher cost in terms of compute (and possibly storage?) and have not been studied/battle hardened as well as ECC. Signal recently adopted an approach where they layer a new quantum resistant algorithm (CRYSTALS-Kyber) on top of ECC, so that if there are known flaws in CRYSTALS-Kyber, we can in a sense "fallback" to ECC. This is primarily because, if messages are being captured/stored, in 10-20 years we don't want theoretical future quantum computers to be able to as easily decrypt our present day communications en masse, so it's worth the extra overhead. With Bitcoin, space in the blockchain is somewhat precious, but we're not vulnerable until a practical quantum computer is developed, so we don't benefit as much from taking a similar approach today. We pay the price for the protection today, but we don't need it until some TBD "tomorrow". When the time comes where we can see vulnerability on the near horizon, it's very likely that we'll need to hard fork the chain and have a grace period where folks can migrate their existing ECC wallets over to a new scheme, and then at some point we'll need to consider un-migrated wallets to be frozen/burned forever. Or at least, that's my speculation. It'll be a fascinating time, since we would rather quickly find out how many current wallets are well and truly lost, as well as possibly learn whether Satoshi is still out there and wishes to retain access to their stash.

polymath_uk

The problem comes when you look at the kind of qubit. One of the biggest problems with most hardware implementations (not photonics though) is that they couple to the environment which decoheres them. The qubits are noisy and the current batch of designs are known as NISQ noisy intermediate scale quantum devices. In order to do accurate calculations requires either better isolation from the environment which is next to impossible, or else multiple qubits can be combined to form a "decoherence free subspace" using various error correcting codes like Calder codes to deal with the problem (similar to how checksums and other ECC works in classical computers). This typically requires 7 - 10 physical qubits per corrected logical qubit. Your next problem is scaling and there are many other problems that are dependant on the underlying physical qubit type. It will only be disruptive over decades imo. 

Original-Assistant-8

It's your private/public key where the weakness lies. ECC is easily broken by quantum computing, which is why major business and government are already preparing. NIST has advised all systems to start preparing now. Check out Linux post quantum computing association. Nvidia, IBM, AWS, Google are there. They get it. There's about 20 members. 2 blockchain members include QANPlatform and QRL. While it would be great if bitcoin could implement similar solutions, it really is hard if not starting with a fresh chain.

Model_Citizen_1776

Here's how: go to the bitcoin chart. Click on "ALL" then click on "LOG". What you'll see is almost the perfect graph of y=log(x). As Elon would say, "Let that sink in". Just don't think about what happens when it finally leaks that the NSA cracked ECC and SHA. Have a great weekend!

Ok_Passage_4185

It's not arbitrary at all. I chose 4 year for Bitcoin for obvious reasons, and for MSFT, I'm looking at the annual change over it's entire history. USD has no impact on the relative growth of MSFT and BTC. I could just as easily compare MSFT to GE, but that makes no sense (much like you yourself are making). A cheap quantum attack on SHA256 makes Bitcoin worthless. If you don't understand that, you don't understand Bitcoin. Meanwhile, a quantum attack on SHA256 does not impact Microsoft at all. Not only can they change hashes whenever they want, they generally rely on more modern algorithms like ECC already. Where's your citation for Saylor's investment portfolio? How do you know (provide links) what he's invested in? You're ignorance is laughable.

HSuke

Please keep in mind that bit-size is a meaningless metric without an encryption protocol. A 256-bit ECC key is equivalent in strength to a 3072-bit RSA key

AggravatingRock8606

Because by definition: Cryptography is the art of using various methods/patterns and algorithms for encryption and decryption, as well as others such as digital signatures hashes etc. etc. you get the point Cryptocurrency is simply a digital currency that uses various cryptographic primitives (such as ECDSA) to securely facilitate verifiable digital transactions in a no -interactive fashion. These are two very different concepts. While yes, cryptocurrency uses cryptography, it’s not built upon unique mathematical concepts/constructs except for a select few shit coins/privacy coins utilizing novel constructs. Developers will need to switch from ECDSA/ECC to ML-DSA-44 (Level 1 - 128-bit security), ML-DSA-65 (Level 3 192-bit security) and ML-DSA-87 (Level 5 - 256-bit security). These are all based on the CRYSTALS-Dilithium method for digital signatures

only_merit

This is nicely done, upvote worth material. Just to nit pick on you. This does not prove you do not have the private key, it rather says that it is computationally infeasible for you to have it unless you broke ECC or got very lucky. In other words, ECDSA does have some model assumptions and those are not unbreakable in theory.

bigbarryb

imagine the formula (x*7)%10. By incrementing x from 1, you get: 7, 4, 1, 8... 10 would be the keyspace, your address could be anything from 0 to 9. And 7 would be your seed number. A wallet increments x to give you as many addresses as you need. The keysize for Bitcoin is obviously way more massive than 10, we use ECC instead of modular arithmetic and your seed is much bigger and harder to guess than 7. Regarding the ability to check your balance, using ECC, we can actually take the master private key derived from your seed words, get the associated public key, and from there we can generate all the addresses without being able to calculate their spending private keys. We take this public key (called an extended public key) and call it XPUB. Many wallets can import an XPUB and become a "read only" wallet. They can help you check your balance, see your historical transactions, without compromising funds.

makmanred

It may not be a hack but a response to the fact that quantum computing is advancing faster than expected. Quantinuum just achieved a mind-blowing ratio of 12 logical qubits on only 56 physical, and is expecting to be at hundreds of logical qubits by 2029. Shor's breaks ECC at around 1500. And the core dev's don't seem think it's an issue worth worrying about now. The wallets may simply be getting out before fear starts setting in.

MittenSplits

Without a trustworthy trapdoor function, none of this would work. SHA-2 was the foundational innovation that unlocked Hashcash/BTC. I would also argue that hashing algorithms are inherently more secure against QC than any kind of public-private key cryptography, since there isn't a fixed 1-to-1 pairing (infinite inputs resulting in finite outputs). ECC or any other discrete log encryption scheme is going to need replacement before SHA. Which is good, because SHA is the algo currently burned onto all of the ASIC's.

CryptOrBust

Quantum computing breaking ECC256 & the ability to derive private key from public key.

MittenSplits

It's open source, and surprisingly simple under the hood. Not much to attack. The security is derived from SHA-256. Hashing algos are what fundamentally made BTC possible. It is just a novel use of partial hash collisions, the real innovations have been piling up for years behind the scenes (ECC/proof-of-work). It really is as strong as everyone says it is. And far more secure than any other finacial network on Earth.

Original-Assistant-8

Both ECC and RSA are vulnerable. There is a reason NIST released new standards

Tech72

The year that people were commonly predicting for 256 bit ECC being at risk was 2030-2031, with increasing risk per year. The estimates among experts familiar with the papers described here are now estimating 2026-2027, with a slim possibility of 2025. More: https://quantumevm.com/article/quantum-algorithm-litinski

choicehunter

This stems from the fact that unused addresses are protected by SHA-256 and RIPEMD-160, while a used Private key that is exposed to the blockchain is vulnerable to Shor's algorithm due to using eliptic curve cryptography. However, even SHA-256 and RIPEMD-160 are not immune to quantum attacks and they are also vulberable to Grover's algorithm (which is less dramatically impactful than Shor's, but still an issue to consider), and while they may be MORE resistant to CERTAIN quantum attacks than ECC, no cryptographic algorithm is truly "quantum-resistant" at this time, including Bitcoin addresses with Private Keys that have never been used and exposed to the blockchain. For these reasons, the community is actively researching REAL quantum-resistant alternatives. It is definitely safer to use a new address every time, but it is a mistake to assume that an unused address with SHA-256 or RIPEMD-160 cannot be breached by a sufficiently powerful quantum computer. That is not the case and is a common misconception. BUT it is currently our best practice option until a real solution is presented...but the fact is that we will eventually need some kind of change to protect against quantum computing. We cannot keep things exactly as they are now without high risk in the long term. I hope that helps to clarify.

stay_safe_and_calm

Yes, there is a real risk, that the elliptic curve cryptography (ECC) of the bitcoin protocoll will be broken by quantum computing in the next 5 to 10 years. Read this to learn more about the issue: [https://arxiv.org/pdf/1710.10377v1](https://arxiv.org/pdf/1710.10377v1) The bitcoin ECC-algorithm is less quantum resistant than the classic RSA-algorithm, which is used in HTTPS-protocol for example.

biba8163

> **Diversifying your 2018 investment portfolio with high risk and low risk coins** > Put $10k into high risk high return coins XSPEC, SUMO, ECC, ODN, BNTY, SNOV > Put $15k into medium risk medium return (10x) coins, COSS, POE, PRL, DBC, ENJ > Put $5K into low risk, low return (3x-10x) coins Bitcoin, Ether, Nano, VEN, IOTA, BNB https://np.reddit.com/r/CryptoCurrency/comments/880ixl/diversifying_your_2018_investment_portfolio_with/ I remember so many of this kind of posts from 2018 to 2020.

BiscottiTrick3249

Our current cryptography (RSA, ECC) is vulnerable to quantum attacks. I guess adopting post-quantum cryptography is essential to secure our digital communications and transactions, no?