Reddit Posts
Are P2WSH addresses the most quantum-secure addresses?
Let's have one last discussion about quantum computers.
Brave brings privacy to Web3 with ECC and Filecoin partnership
Hacker Steals 24M from rETH Whale [NEW INFORMATION]
Should I share possible "new " math methods regarding online cryptography?
Can quantum computing trivialize cryptocurrency?
Zcash, the popular privacy-focused Blockchain, released a new version of its full node software on Thursday, according to a post by its creator Electronic Coin Company (ECC). The software version 5.5.0 introduces several bug fixes, a proportional fee mechanism, and lays the groundwork for ...
Maximalism in the computer era versus bitcoin maximalism. Any parallel possible?
Maximalism in the computer era versus bitcoin maximalism. Any parallel possible?
Zcash to Proof of Stake? Approach, focus, and next steps - Electric Coin Company [ECC]
$4M Size ECC Launching Real-World Crypto Round-up app in the Next Few Months
Fox Inu / Stealth Launched 1h ago — The next 1000X Altcoin — Real Project with solid fundamentals and experienced team - Community Growing so fast!
Fox Inu $FInu Just Launched 30min ago!!! Airdrop: 50$ worth of token when we reach 50 members in our official telegram group !
Fox Inu $FInu Just Stealth Launched!!! | MemeUtility Token on the BSC Network! LP Locked, New opportunity for a Fox Parabolic Moon shot !
Saint Valentine | Stealth Launched!!|Locked Link Provided!|Simply hold Saint Valentine and get paid 10%!|Enter telegram and get in early! | | Auto staking rewards | Voice chat before launch | Amazing Team| Don't Miss This Gem!!|
Understanding ECC, the technology behind Litecoin's new privacy update: Minblewimble
Taking a look at Elliptic Curve Cryptography (ECC), the encryption process behind Litecoin's newfound privacy fortune
♑️Paragon Capital💎Micro MC 💎 Your Next Moonshot♑️
Empire Capital Token (ECC) – Defi 3.0 Layer of Yield Generating Protocols | True 1% Burn on Every Transaction | Incorporated Investment Firm | Hold ECC and Gain Exposure to Yield on All Chains
$ECC - Empire Capital Token - This is where my money is going! #1 on CMC today!
EmpireCapital (ECC) Fair Launched Yesterday - Low Market Cap - Strong Utility - Based Dev Team - Earn Yield By Holding
Confusion on Public Key Cryptography and digital signatures
100 Crypto Quotes - The Good, the Bold and the Ugly
Reward Switching Everyday $RSE 🔥| Doxxed dev Video and VC ✅ | 1 Day old Gem 💎 | ADA rewards for Today | Low Cap < 50 K Potential 1 M cap 🚀
Doxxed dev 🔥 | Reward Switching Everyday | ADA rewards now ⚠️ | stealth launched today 💎
SafeMoonCake is the original next-gen token that rewards you with CAKE airdrops! Only 40k mc!
🐱Cake Kitty 🍰 Fair Launched 30 Minutes Ago! Active Community with Low mcap! Earn Cake Rewards just by holding | 1000X Potential!
🐱Cake Kitty 🍰 Fair Launched Right Now! Earn Cake Rewards just by holding | 1000X Potential!
🐱Cake Kitty 🍰 Fair Launching in just 10 Minutes! Earn Cake Rewards just by holding | 1000X Potential!
🐱Cake Kitty 🍰 Fair Launching in only 30 Minutes! Earn Cake Rewards | 1000X Potential!
🐱Cake Kitty 🍰 Fair Launch in 1 Hour! Earn Cake Rewards | 1000X Potential!
🐱BabyKittyCake 🍰 just Fair Launched!! Earn Cake Rewards when you hold BabyKittyCake | 1000X Potential!
🐱 BabyKittyCake just Fair Launched! ! 🍩 Earn Cake Rewards when you hold BabyKittyCake | 1000X Potential! 🚀
🍰 CAKE LOVER | 8% Cake Rewards to Holders | Stealthed Launch | SAFU 🍰
🥞CakeLover🥞 This Big Daddy just Did a Stealthed - only at 6k Mcap!! Huge Cake rewards!! 100x from here, Join TG: CakeLoverBSC
🥞CakeLover🥞 Just stealth launch with low 5k mcap ,cake rewards! SAFU ownership renounced [ tg:Cakeloverbsc ]
🥞CakeLover🥞 Is a Heaven for all the cake lovers , join us and get cake rewards! Based dev, safu project [ tg:Cakeloverbsc ]
HoneyMoney ! Gains are sweet as Honey 🎂 Stealth Launched just now, marketing push soon
FriendOfCake - Stealth launch - Automatic $CAKE reward - LP Locked 100%
🍰 UltraCakePrint 🍰 - Stealth Launch - Nano Mcap Gem - LP Locked - Renouced - CAKE reward
Hurry up buy $50 Ecc token and earn free 20:1 eyfi token
🚀CornDog 💎Just fair launched with ONLY $500 Market Cap 🤑
🦄AstroUnicorn Token - deflationary meme token, not even one hour old, $2k market cap, locked liquidity!
🚀 ShibaMoo n 🚀 is now launching! [1 Minute Old] [8k$ market cap]
🚀 ShibaMoo n just launched! 8k market cap!
🚀 ShibaMoo n just launched! 8k market cap!
🚀 ShibaMoo n 🚀 is now launching! [1 Minute Old] [3k$ market cap]
🚀 ShibaMoo n 🚀 is now launching! [1 Minute Old] [3k$ market cap]
🚀 ShibaMoo n 🚀 is now launching! [1 Minute Old] [3k$ market cap]
🚀 ShibaMoon 🚀 is now launching! [1 Minute Old] [3k$ market cap]
VENUSIA - Official NFTs Model Content Platform
🐱 KITTEN Finance DeFi Platform is Skyrocketing 🚀 Get in while its still early 🔥
Founders of Tezos and ethereum join ECC
I coded a Java application to generate bitcoin addresses, sign transactions and brute force private keys. Is it worth anything?
Mentions
Oh, if I didn't want to answer you, I'd just ignore you. Far in the future b/c someone has to troll the blockchain to find inactive addresses, then has to figure out how to crack their keys so they can provide credentials to move the coins at the inactive address to another place. So I figure it'll take a while, if only because of the difficulty of cracking the key. Nothing prevents someone from finding it, the hard part is cracking the key so that you can move it. If you can't move it, you can engage in a transaction, so you can't buy anything. You'd have a lot of work to get the right key. Here's Gemini. "The Bitcoin blockchain primarily uses elliptic curve cryptography (ECC), specifically the "secp256k1" curve, to generate public and private key pairs, while relying on the SHA-256 (Secure Hash Algorithm 256-bit) hashing algorithm to encrypt data within blocks, ensuring data integrity and validating transactions on the network." A 256 bit key will take a hell of a lot of work to crack. That means there's 2^256 combinations of possible keys. Which... is a lot. So it would take a while to figure it out if you don't already have it. Yes you can theoretically just guess the key, but you have a 1/(2^256) chance of that, which is very, very small.
Oh wow, I thought BTC used prime factorization but its ECC. Thank you for the correction.
Simply put, they are wallets that are quantum-resistant. From the users perspective, Dilithium wallets would behave functionally the same as the current ECC wallets.
How do you guys feel about that new Google quantum chip? Did some research and some people said that it would take millions of physical qbits to break ECC and SHA but others said it would only take 2500 physical / logical qbits. Currently Googles chip, willow, only has 105 physical qbits but many think reaching 2500 can be easily achieved in 5 years. Meanwhile many think that bitcoin can shift to a quantum resistant cryptographic algorithm but others say it is inherently not possible. Thoughts?
Quantum computers can't do *everything* faster than classical computers. In fact, they're much slower than classical computers at almost everything. But, there are some specific types of problems that they're theoretically better at than classical computers. In particular, they're able to solve the math that underpins the RSA and ECC algorithms, which are what pretty much everyone currently uses for digital signatures and key exchanges. Bitcoin mining is based on hashing. Although quantum computers can theoretically have an advantage at hashing, it isn't the kind of advantage it has with RSA/ECC, and it isn't enough to really be a problem. The mining difficulty can simply adjust (which happens automatically) to compensate for whatever advantage quantum computers might have. For Bitcoin, the only serious problem an advanced quantum computer would pose is the ability to crack the private key during the vulnerable window of time between when bitcoins and send out of an address and when that transaction is confirmed on the blockchain. Beyond that, as long as you don't reuse the address, your bitcoins should be safe.
It’s going to happen. Bitcoin uses ECC for security, which is susceptible to hacking from quantum computers. When? Nobody knows. But it will go from hero to zero one day. It’s inevitable with any crypto. I’m not saying there’s a safer way to place or invest your money. I’m just saying it will happen one day. Maybe next month. Maybe 10 years from now.
Top secret and gov data is already post-quantum and redacted when using less secure channels. The weakest data is mobile traffic. As soon as browsers start deprecating ECC, or time for everyone to update their passwords and certificates. Traditional Internet can adopt. Blockchains can't without invalidating existing private keys.
You can’t know those coins are lost, they could just be the ultimate diamond hands hodlers. From what I understand (which is not much) it is ECC not SHA256 that is at risk of being broken by quantum computers, so as long as lost coins are not in addresses that have been reused (where their public key has been exposed), even advance quantum computers would still require billions of years to brut force the private keys.
No, there are loads of addresses with significant amounts of BTC with known public keys. (This article says there are 1.7M BTC in P2PK addresses: https://unchained.com/blog/bitcoin-address-types-compared/) If there was a quantum computer capable of reversing ECC public key to private key I'd expect them to do something more significant. They could attack cryptography fundamental to the internet. They could attack Bitcoin transactions in flight (e.g. to send the BTC to their own addresses). They could move that 1.7M BTC. So I'd expect an attacker to steal a bunch of Bitcoin and turn it into real estate, yachts, gold etc and then sell the quantum computer to someone that wants to destroy Bitcoin and/or the internet. Then live happily ever after. This seems like someone remembering or finding an old key. Probably they just got out of prison.
That's a misconception. The issue here is with private/public key signing which is asymmetric. "Most asymmetric encryption methods (public-key crypto, such as RSA encryption or Elliptic Curve Cryptography (ECC)) are vulnerable to quantum attacks." You're thinking of symmetric encryption (such as AES) which is considered safe assuming the key size is appropriate. So blockchain history is fine, but many many wallets can be cracked. https://www.quintessencelabs.com/blog/why-we-need-post-quantum-cryptography-or-quantum-safe-algorithms
Folks like this are going to get slaughtered when it's finally leaked that ECC and SHA have been compromised. Every bitcoin wallet is based on a public/private keypair generated with ECC and SHA. The entity able to crack these ancient (in tech terms) algorithms will be able to generate your private key from your public key. All bitcoin wallets will require user intervention to 1) generate a new wallet with an updated cryptographic technology and 2) send their funds to the new address. People will just sell. It's only a matter of time. Tick tock. In the meanwhile, enjoy the party!
If they broke sha256, they can't steal anyone's coins. Your coins in your wallet are not protected by the hashing algorithm used to mine coins. The risk with it being broken, is a malicious actor takes over the block production and honest miners can't keep up, so they could pick and choose which transactions are allowed through. So you can't move your coins, but they can. If ECC is broken, everything is fucked, not just bitcoin.
Nope. I mean, you could change the block chain code to only use keypairs generated with a new and secure algorithm, but you can't automatically update all those millions of keypairs that were generated with ECC and SHA to a new tech. Each individual Bitcoin investor will have to generate a new wallet with the new tech and send his funds to it. Chaos.
The black swan that takes it to zero: You wake up to news reports that a government whistle blower has credibly leaked that some security agency has cracked ECC and SHA. This means that they're able to generate your private keys from your public keys. There is no way to update all keypairs to a new cryptographic algorithm. Each crypto holder has to create a new wallet with new keys based on a new tech. Then send their bitcoin to the new wallet. Most will just sell "to be safe". Except they won't be able to sell because everyone else will be selling. Doomsday. Until that day, the party continues! Party on, dudes! Ps. You think this will never happen? The Germans thought Enigma was uncrackable too. How'd that work out for them?
I was born in the middle 70s and have worked as a system engineer for more than a decade. I use distributed storage, linked list structures, PKI, RSA or ECC every day, but I never thought of inventing something like this. So when I first saw the Bitcoin white paper, I knew the value of this thing. It has nothing to do with age, but more to do with experience and cognitive ability
I agree, the quantum technology is growing exponentially and it won’t be long before error correction becomes more efficient. I’m pretty sure it’s 2330 logical qubits needed for shors algorithm to break ECC
Whilst they are not the only one taking action, it does seem that Qanplatform have an edge when it comes to their quantum resistant technology and how they are implementing it to support existing ECC wallets.
A Bitcoin private key (ECC key) is an integer between one and about 10^77. This may not seem like much of a selection, but for practical purposes it’s essentially infinite. If you could process one trillion private keys per second, it would take more than one million times the age of the universe to count them all. Even worse, just enumerating these keys would consume more than the total energy output of the sun for 32 years. This currently is far out for now but maybe with time!
There are known quantum resistant algorithms that we can adopt, but they have a higher cost in terms of compute (and possibly storage?) and have not been studied/battle hardened as well as ECC. Signal recently adopted an approach where they layer a new quantum resistant algorithm (CRYSTALS-Kyber) on top of ECC, so that if there are known flaws in CRYSTALS-Kyber, we can in a sense "fallback" to ECC. This is primarily because, if messages are being captured/stored, in 10-20 years we don't want theoretical future quantum computers to be able to as easily decrypt our present day communications en masse, so it's worth the extra overhead. With Bitcoin, space in the blockchain is somewhat precious, but we're not vulnerable until a practical quantum computer is developed, so we don't benefit as much from taking a similar approach today. We pay the price for the protection today, but we don't need it until some TBD "tomorrow". When the time comes where we can see vulnerability on the near horizon, it's very likely that we'll need to hard fork the chain and have a grace period where folks can migrate their existing ECC wallets over to a new scheme, and then at some point we'll need to consider un-migrated wallets to be frozen/burned forever. Or at least, that's my speculation. It'll be a fascinating time, since we would rather quickly find out how many current wallets are well and truly lost, as well as possibly learn whether Satoshi is still out there and wishes to retain access to their stash.
The problem comes when you look at the kind of qubit. One of the biggest problems with most hardware implementations (not photonics though) is that they couple to the environment which decoheres them. The qubits are noisy and the current batch of designs are known as NISQ noisy intermediate scale quantum devices. In order to do accurate calculations requires either better isolation from the environment which is next to impossible, or else multiple qubits can be combined to form a "decoherence free subspace" using various error correcting codes like Calder codes to deal with the problem (similar to how checksums and other ECC works in classical computers). This typically requires 7 - 10 physical qubits per corrected logical qubit. Your next problem is scaling and there are many other problems that are dependant on the underlying physical qubit type. It will only be disruptive over decades imo.
It's your private/public key where the weakness lies. ECC is easily broken by quantum computing, which is why major business and government are already preparing. NIST has advised all systems to start preparing now. Check out Linux post quantum computing association. Nvidia, IBM, AWS, Google are there. They get it. There's about 20 members. 2 blockchain members include QANPlatform and QRL. While it would be great if bitcoin could implement similar solutions, it really is hard if not starting with a fresh chain.
Here's how: go to the bitcoin chart. Click on "ALL" then click on "LOG". What you'll see is almost the perfect graph of y=log(x). As Elon would say, "Let that sink in". Just don't think about what happens when it finally leaks that the NSA cracked ECC and SHA. Have a great weekend!
It's not arbitrary at all. I chose 4 year for Bitcoin for obvious reasons, and for MSFT, I'm looking at the annual change over it's entire history. USD has no impact on the relative growth of MSFT and BTC. I could just as easily compare MSFT to GE, but that makes no sense (much like you yourself are making). A cheap quantum attack on SHA256 makes Bitcoin worthless. If you don't understand that, you don't understand Bitcoin. Meanwhile, a quantum attack on SHA256 does not impact Microsoft at all. Not only can they change hashes whenever they want, they generally rely on more modern algorithms like ECC already. Where's your citation for Saylor's investment portfolio? How do you know (provide links) what he's invested in? You're ignorance is laughable.
Please keep in mind that bit-size is a meaningless metric without an encryption protocol. A 256-bit ECC key is equivalent in strength to a 3072-bit RSA key
Because by definition: Cryptography is the art of using various methods/patterns and algorithms for encryption and decryption, as well as others such as digital signatures hashes etc. etc. you get the point Cryptocurrency is simply a digital currency that uses various cryptographic primitives (such as ECDSA) to securely facilitate verifiable digital transactions in a no -interactive fashion. These are two very different concepts. While yes, cryptocurrency uses cryptography, it’s not built upon unique mathematical concepts/constructs except for a select few shit coins/privacy coins utilizing novel constructs. Developers will need to switch from ECDSA/ECC to ML-DSA-44 (Level 1 - 128-bit security), ML-DSA-65 (Level 3 192-bit security) and ML-DSA-87 (Level 5 - 256-bit security). These are all based on the CRYSTALS-Dilithium method for digital signatures
This is nicely done, upvote worth material. Just to nit pick on you. This does not prove you do not have the private key, it rather says that it is computationally infeasible for you to have it unless you broke ECC or got very lucky. In other words, ECDSA does have some model assumptions and those are not unbreakable in theory.
imagine the formula (x*7)%10. By incrementing x from 1, you get: 7, 4, 1, 8... 10 would be the keyspace, your address could be anything from 0 to 9. And 7 would be your seed number. A wallet increments x to give you as many addresses as you need. The keysize for Bitcoin is obviously way more massive than 10, we use ECC instead of modular arithmetic and your seed is much bigger and harder to guess than 7. Regarding the ability to check your balance, using ECC, we can actually take the master private key derived from your seed words, get the associated public key, and from there we can generate all the addresses without being able to calculate their spending private keys. We take this public key (called an extended public key) and call it XPUB. Many wallets can import an XPUB and become a "read only" wallet. They can help you check your balance, see your historical transactions, without compromising funds.
It may not be a hack but a response to the fact that quantum computing is advancing faster than expected. Quantinuum just achieved a mind-blowing ratio of 12 logical qubits on only 56 physical, and is expecting to be at hundreds of logical qubits by 2029. Shor's breaks ECC at around 1500. And the core dev's don't seem think it's an issue worth worrying about now. The wallets may simply be getting out before fear starts setting in.
Without a trustworthy trapdoor function, none of this would work. SHA-2 was the foundational innovation that unlocked Hashcash/BTC. I would also argue that hashing algorithms are inherently more secure against QC than any kind of public-private key cryptography, since there isn't a fixed 1-to-1 pairing (infinite inputs resulting in finite outputs). ECC or any other discrete log encryption scheme is going to need replacement before SHA. Which is good, because SHA is the algo currently burned onto all of the ASIC's.
Quantum computing breaking ECC256 & the ability to derive private key from public key.
It's open source, and surprisingly simple under the hood. Not much to attack. The security is derived from SHA-256. Hashing algos are what fundamentally made BTC possible. It is just a novel use of partial hash collisions, the real innovations have been piling up for years behind the scenes (ECC/proof-of-work). It really is as strong as everyone says it is. And far more secure than any other finacial network on Earth.
Both ECC and RSA are vulnerable. There is a reason NIST released new standards
The year that people were commonly predicting for 256 bit ECC being at risk was 2030-2031, with increasing risk per year. The estimates among experts familiar with the papers described here are now estimating 2026-2027, with a slim possibility of 2025. More: https://quantumevm.com/article/quantum-algorithm-litinski
This stems from the fact that unused addresses are protected by SHA-256 and RIPEMD-160, while a used Private key that is exposed to the blockchain is vulnerable to Shor's algorithm due to using eliptic curve cryptography. However, even SHA-256 and RIPEMD-160 are not immune to quantum attacks and they are also vulberable to Grover's algorithm (which is less dramatically impactful than Shor's, but still an issue to consider), and while they may be MORE resistant to CERTAIN quantum attacks than ECC, no cryptographic algorithm is truly "quantum-resistant" at this time, including Bitcoin addresses with Private Keys that have never been used and exposed to the blockchain. For these reasons, the community is actively researching REAL quantum-resistant alternatives. It is definitely safer to use a new address every time, but it is a mistake to assume that an unused address with SHA-256 or RIPEMD-160 cannot be breached by a sufficiently powerful quantum computer. That is not the case and is a common misconception. BUT it is currently our best practice option until a real solution is presented...but the fact is that we will eventually need some kind of change to protect against quantum computing. We cannot keep things exactly as they are now without high risk in the long term. I hope that helps to clarify.
Yes, there is a real risk, that the elliptic curve cryptography (ECC) of the bitcoin protocoll will be broken by quantum computing in the next 5 to 10 years. Read this to learn more about the issue: [https://arxiv.org/pdf/1710.10377v1](https://arxiv.org/pdf/1710.10377v1) The bitcoin ECC-algorithm is less quantum resistant than the classic RSA-algorithm, which is used in HTTPS-protocol for example.
> **Diversifying your 2018 investment portfolio with high risk and low risk coins** > Put $10k into high risk high return coins XSPEC, SUMO, ECC, ODN, BNTY, SNOV > Put $15k into medium risk medium return (10x) coins, COSS, POE, PRL, DBC, ENJ > Put $5K into low risk, low return (3x-10x) coins Bitcoin, Ether, Nano, VEN, IOTA, BNB https://np.reddit.com/r/CryptoCurrency/comments/880ixl/diversifying_your_2018_investment_portfolio_with/ I remember so many of this kind of posts from 2018 to 2020.
Our current cryptography (RSA, ECC) is vulnerable to quantum attacks. I guess adopting post-quantum cryptography is essential to secure our digital communications and transactions, no?
Very interesting history. Thanks for pointing out ECC along with RSA.
You act very confidently and aggressive, dare I say. Yet all this posturing rests on that tiny "if" the current paradigm is s broken. Small thing. Reversing the hash, as you put it, is the real problem. QC cannot do that, it "only" breaks ECC. But IF that paradigm is broken, your pads are useless because I'm going to drain your bank account directly through online banking. And then some more, since the SHA that wraps a Bitcoin public key is the same used all over. So IF the current paradigm is broken, unless you have gold only and bullets aplenty, you're just as much of a bag holder. Also, Bitcoin's public keys are hashed twice, just in case. And for the love of everything cryptographic, stop throwing vaguely related issues like P and NP out there. Won't even impress armchair cryptographers.
There are a few quantum resistant encryption schemes on the way: # 1. Lattice-Based Cryptography: * **How it works**: Lattice-based cryptography uses the hardness of certain mathematical problems related to lattices (geometric structures in multi-dimensional spaces). The security of lattice-based schemes relies on finding short vectors in high-dimensional lattices, which is believed to be difficult for both classical and quantum computers. * **Quantum resistance**: Quantum computers are not expected to have a significant advantage in solving lattice problems due to their design. They would need exponentially more qubits (quantum bits) and operations to break lattice-based cryptography compared to classical computers. This makes lattice-based schemes a strong candidate for post-quantum security. # 2. Code-Based Cryptography: * **How it works**: Code-based cryptography uses error-correcting codes where encoding and decoding messages involve solving specific mathematical problems, such as the syndrome decoding problem. These problems are computationally hard and believed to resist attacks from quantum computers. * **Quantum resistance**: Quantum computers are not known to efficiently solve problems related to error-correcting codes used in code-based cryptography. The algorithms used in this approach are designed to be resistant to quantum attacks by leveraging the complexity of decoding techniques. # 3. Hash-Based Cryptography: * **How it works**: Hash-based cryptography relies on hash functions, which are mathematical algorithms that convert input data into a fixed-size string of bits (the hash value). It uses properties such as collision resistance, where it's hard to find two different inputs that produce the same hash value. * **Quantum resistance**: Quantum computers can theoretically perform faster searches for collisions or pre-images (finding an input that matches a given hash value). However, cryptographic hash functions like SHA-256 are designed with sufficiently large output sizes and complex structures that make finding collisions infeasible, even for quantum computers. # 4. Multivariate Cryptography: * **How it works**: Multivariate cryptography uses systems of multivariate polynomial equations for encryption. Solving these equations to break the encryption requires finding solutions in a large space of possible inputs, which is computationally intensive. * **Quantum resistance**: Quantum computers face challenges in efficiently solving systems of multivariate polynomial equations due to the complexity of operations involved. The security of multivariate schemes relies on the difficulty of solving these equations, which current quantum algorithms are not expected to significantly expedite. # Summary: * **Common theme**: All these quantum-resistant cryptographic approaches rely on leveraging mathematical problems that are believed to be hard for quantum computers to solve efficiently. * **Quantum advantage**: Quantum computers do not provide a substantial advantage in breaking these types of encryption compared to classical computers, ensuring robust security even in the future quantum computing era. * **Development**: Ongoing research and standardization efforts aim to further develop and refine these cryptographic techniques to enhance their efficiency and applicability in securing digital communications and data against potential quantum threats. The real threat from quantum computing is to RSA encryption and ECC. AES-256 will still be fine so long as the password has enough entropy, such as above 100.
No it can't, not simply. This is a massive undertaking that will be a minimum of 5 years assuming the core devs can even come to consensus on which algorithm to use There's a real chance we have a sufficiently capable quantum computer by then (IBM says they should have one by early 2030s) running Shor's algorithm which can crack ECC - what BTC, ETH, and all other cryptos are using for their signature scheme. The only projects that have even mentioned it are ETH and ALGO but are still using ECC. Vitalik even said in his blog post that ETH will wait for a quantum attack to occur, then perform a rollback which will damage the immutability of the chain. https://ethresear.ch/t/how-to-hard-fork-to-save-most-users-funds-in-a-quantum-emergency/18901 QRL is leading the small subset of coins actively addressing this problem of being quantum secure from genesis. Bitcoin cannot simply fork to solve the problem
Sure. I suppose that would break all encryption, including blockchain security. I consider quantum computing breaking ECC (using supercomputers) to be a gray swan event that could occur in 100 years, but solving the Riemann Hypothesis seems near-impossible.
No bud. Just no. Below are the Network & Hardware reqs for a rpc node. Source: https://docs.solanalabs.com/de/operations/requirements Networking: Internet service should be at least 1GBbit/s symmetric, commercial. 10GBit/s preferred. Hardware Recommendations The hardware recommendations below are provided as a guide. Operators are encouraged to do their own performance testing. CPU 12 cores / 24 threads, or more 2.8GHz base clock speed, or faster SHA extensions instruction support AMD Gen 3 or newer Intel Ice Lake or newer AVX2 instruction support (to use official release binaries, self-compile otherwise) Support for AVX512f is helpful RAM 256GB or more Error Correction Code (ECC) memory is suggested Motherboard with 512GB capacity suggested Disk PCIe Gen3 x4 NVME SSD, or better Accounts: 500GB, or larger. High TBW (Total Bytes Written) Ledger: 1TB or larger. High TBW suggested OS: (Optional) 500GB, or larger. SATA OK The OS may be installed on the ledger disk, though testing has shown better performance with the ledger on its own disk Accounts and ledger can be stored on the same disk, however due to high IOPS, this is not recommended The Samsung 970 and 980 Pro series SSDs are popular with the validator community GPUs Not necessary at this time Operators in the validator community do no use GPUs currently RPC Node Recommendations The hardware recommendations above should be considered bare minimums if the validator is intended to be employed as an RPC node. To provide full functionality and improved reliability, the following adjustments should be made. CPU 16 cores / 32 threads, or more RAM 512 GB or more if account-index is used Disk Consider a larger ledger disk if longer transaction history is required Accounts and ledger should not be stored on the same disk
>RAM >256GB or more >Error Correction Code (ECC) memory is suggested >Motherboard with 512GB capacity suggested Okay Solana :D
Source: https://docs.solanalabs.com/de/operations/requirements Hardware Recommendations The hardware recommendations below are provided as a guide. Operators are encouraged to do their own performance testing. CPU 12 cores / 24 threads, or more 2.8GHz base clock speed, or faster SHA extensions instruction support AMD Gen 3 or newer Intel Ice Lake or newer AVX2 instruction support (to use official release binaries, self-compile otherwise) Support for AVX512f is helpful RAM 256GB or more Error Correction Code (ECC) memory is suggested Motherboard with 512GB capacity suggested Disk PCIe Gen3 x4 NVME SSD, or better Accounts: 500GB, or larger. High TBW (Total Bytes Written) Ledger: 1TB or larger. High TBW suggested OS: (Optional) 500GB, or larger. SATA OK The OS may be installed on the ledger disk, though testing has shown better performance with the ledger on its own disk Accounts and ledger can be stored on the same disk, however due to high IOPS, this is not recommended The Samsung 970 and 980 Pro series SSDs are popular with the validator community GPUs Not necessary at this time Operators in the validator community do no use GPUs currently RPC Node Recommendations The hardware recommendations above should be considered bare minimums if the validator is intended to be employed as an RPC node. To provide full functionality and improved reliability, the following adjustments should be made. CPU 16 cores / 32 threads, or more RAM 512 GB or more if account-index is used Disk Consider a larger ledger disk if longer transaction history is required Accounts and ledger should not be stored on the same disk
Well it's not only FUD, it's also false. First, we do not know if QC of that power are even viable to exist. That is still an open question. Then, let's assume that this question is resolved positively, that is that someone at some point finds a way to create such a powerful QC that could produce the signature without having the private key. Advancements like this do not happen over night. Computers of all kinds are incrementally improved and since we are talking about many orders of magnitude, we would first hear about QC being able to break weaker forms of cryptography long before there would be one strong enough to break ECC used in Bitcoin. What that means that we would have enough time to apply a softfork to introduce quantum resistant schemes to protect the coins. And while there is a separate problem with coins that would not upgrade (e.g. lost coins), there have already been discussed schemes based on zero knowledge proofs of having the correct seed that would protect even those coins with a softfork. It's not 100%, but it's close enough. So for all active users, QC will be non-issue, i.e. Bitcoin is safe. For some of unupgraded/lost coins, the attacker could possible spend them and create a temporary disruption of the market, not unlike we've seen with MtGox, FTX and others. And yet, Bitcoin always recovered from this in somewhat short time. Arguably, Bitcoin is more safe than physical gold as it is very hard to move the gold, so you are often stuck to a location, or have a great risk of losing it. And since nation states are arbitrary about changes in their laws, this property makes gold quite insecure for the future in many places in the world including US and EU.
Most of them post data like this: * L1 or DA Layer: Gets only the hashes of the transactions. * DA Committee: Gets transaction data and hashes. Keep in mind that Validiums are not all the same. I'm not sure why you mentioned all of that mumbo jumbo about elliptic curve cryptography since it seems irrelevant to understanding Validiums. Rollups don't have to use ECC.
This is not strictly true. The upgrade from RSA to ECC on the card networks took years. The NSA monitors the resilience to attack of encryption methods. I would imagine that there are few quantum computing sites with the facilities, let alone know-how, to mount a credible attack. Those that will be monitored by the NSA, if not, they should be.
While you got some things right you forgot one key thing for the attack to succeed. First you need a quantum computer with 6x qbits of the key length for ECC. which means for bitcoin that uses 256bits keys, you’ll need 1536 qbits. That’s not a small feat, and I won’t get into the details but it’s not coming in 5 years that’s for sure. Second and most importantly you’ll need a public key to try this attack, and this information is not disclosed until you send bitcoin from an address. The address is a hash derived from the public key, and cannot be reversed of course. Basically if you just use an address to accumulate bitcoin, it’s not vulnerable to quantum computers, until you send bitcoins from it. That’s why it’s a recommendation to not reuse adresses and always generate new ones.
20 funds selected for monthly dividend distribution: Fund Ticker.....annual Yield ECC.....18.73% ACP..... 17.7% CRF.....17.67% SVOL..... 16.27% IGR...... 13.64% RYLD.... 11.9% RIV..... 12.77% RYLD..... 11.51% THW..... 11.13% MORT..... 10.71% XYLD..... 9.47% SPE..... 8.5% ETJ..... 8.3% EXG..... 8.16% LGI..... 7.88% JEPI..... 7.24% AMZA..... 7.17% EINC..... 3.49% Almost pure ETFs. Some closed ended funds. Main theory behind it was to promote DCA. All the dividends get reinvested to rebalance the portfolio to an even 5% split across 20 funds. I'll prune out the closed ended funds this year and rebalance for pure ETF portfolio. But again, this is about 50% of my brokerage account. With these funds exceed the allocation for it, the dividends buy BTC etfs and other growth focused ETFs that may have quarterly, annual, or no dividend at all.
Supercomputers cannot break 128-bit cryptography, that is like guessing the one correct atom in the visible universe, and guessing has a cost of energy and computation. However, quantum computers could break ECC cryptography, although all indications point to that being far away or perhaps not possible given the current rate of errors. Bitcoin may need to eventually adopt quantum-secure digital signature schemes, but all lost or unmoved coins could be stolen.
Depends on what you're thinking about. I don't think quantum computers will overtake bitcoin mining. It would simply cost too much. One think I tend not to hear actually is about how efficient quantum computing is compared to bit computing. For sure it will be faster, but how much power does it take to reach that speed? If we're talking about cracking addresses, there's SHA256, there's the ECC algorithm, there's usually some SHA512 in HD wallets (which is basically all wallets now) So cracking an address is hard and cracking a wallet is even harder. I just don't think it's worth being worried about right now.
One of the most significant threats quantum computers pose to SHA-256 is their ability to efficiently perform Shor’s algorithm. Shor’s algorithm can factor large numbers exponentially faster than the best-known classical algorithms, which could compromise the security of widely used encryption methods like RSA and ECC. These encryption methods often rely on the difficulty of factoring large numbers for their security. Quantum computers also threaten the security of hash functions like SHA-256 by utilizing Grover’s algorithm. Grover’s algorithm can search unsorted databases quadratically faster than classical algorithms, making brute-force attacks on hash functions more feasible. While a 256-bit hash is still considered secure against classical attacks, it is theoretically as secure as a 128-bit hash against quantum attacks.
Depends how well grounded you are in computer science and cryptography. As a software engineer, I was able to comprehend the paper the first time I read through it, and then diving in to the Bitcoin Core code solidified it all even more. I still don't understand ECC math but I do trust that the cryptography is strong.
I also wondered if there is a proof for addresses which cannot have a private key. Where do you have this address from? Link? I guess it falls mathematically into the same category as the eliptic curve cryptography(ECC). BTC relies on the discrete logarithm problem, but there is also no proof for this. So in this sense BTC is as "risky" as the famous N vs NP problem. If you think N=NP, than you should not buy BTC 😎
Hmmm this is what I was thinking as well, sounds like the best possible 'solution'. Backward compatibility is a pretty core feature of Bitcoin, at a minimum it would create another fork, but I don't know how else to do it if ECC and SHA 256 are compromised then those stashes of old coins will crash the market hard. But Bitcoin would still survive, so what's worse, a massive market crash or requiring everyone to recreate their private keys or forfeit their funds.
BTW ECC algorithm used by BTC,ETH,etc is also time constant.
76302 0xD85C478106D15ECC391409cc212b36Fd07e7B6BD
1. 428,929 2. 0x346ca5B85a0eec8FA0ECC59fd0b5aea6Da184055
I mean obviously you bought it already and are now trying pump it by posting here...we aren't completely gullible! But I'm glad to have given you some key words to search for. It seems sensible to get a basic understanding of cryptography if you want to invest in quantum resistance projects... otherwise you're just going to get tricked by scammers using impressive sounding buzzwords. A good place to start would be CloudFlare's introduction to ECC: https://blog.cloudflare.com/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography/
Sha256 is a hashing algorithm. It is not encryption. iMessage used RSA and ECC. Bitcoin priv keys use ecdsa. QC is less of a threat to mining and double sha256 hashes than to ecdsa since there's a difficulty adjustment as well. So no QC "51% attack soon." Sha1 is bad, sha2 still works, and sha3 like keccac already exists for a decade. There is no encryption in bitcoin so there's nothing to replace like what Apple is doing.
It all started with ECC, but that is predated by RSA, so in 1977 Ron Rivest, Adi Shamir and Leonard Adleman but wait if you don't mind me taking a 30 second, maybe half-minute, detour - we should first look at prime numbers and the persona of Pitagoras... but to there, did you know that The Rhind Mathematical Papyrus, from around 1550 BC, has Egyptian fraction expansions of different forms for prime and composite numbers
> it's not as secure as a long password of random characters. It's every bit as secure *if it has the same entropy*. Which is *exactly* what a mnemonic in a deterministic wallet is about. It may be just a series of unaltered words from a limited dictionary, but it still has 128–256 bits of security. And it's easier to remember. Applying that to your example (), you could take 421 bits of entropy, pad them with 8 checksum bits, and turn them into 39 words from a 2048-word dictionary, and have something just as secure. And not need to be a savant to remember it. But 421 bits is pretty extreme, IMO. You're ignoring that Bitcoin keys have only 128 bits of security (because of a known attack on ECC), so no wallet password is going to provide protection much better than that.
Apologies if I've misunderstood what you're expressing here, but looking at the *NSA kleptographic backdoor in the Dual\_EC\_DRBG PRNG* section you pointed out, we read: "(NSA) inserted a backdoor into a pseudorandom number generator (PRNG) of NIST SP 800-90A...as independent security experts long suspected", citing [a 2007 Wired article by (eminent) cryptographer Bruce Schneier](https://www.wired.com/2007/11/securitymatters-1115/). Put plainly, cryptographers were (publicly!) suspicious of NIST crypto recommendations before Bitcoin was released (2009). Thus the suggestion that *not* using NIST ECC curves implies some kind of NSA insider knowledge is silly.
I think you may be right, but I still disagree with his conclusion; it seems an entirely unnecessary assumption that we should dismiss (per Occam's Razor). Do we really believe that the only way someone *wouldn't* choose an ECC curve from the US government's handpicked list is because that person worked for the intelligence agency? Would a dissident use NIST's curves? Would (say) a Russian engineer? There are many plausible explanations that fit the facts, so there's really no basis to make the assumption he does. It's probably not so obvious now, but if you were in software in the 90s, it was a *weird* time. [It was illegal to export "strong cryptography"](https://en.wikipedia.org/wiki/Export_of_cryptography_from_the_United_States) in the US—what we'd now consider totally normal crypto your browser would use to talk to your bank's website was *illegal math*. Which meant normal browsers and other programs had to / were supposed to jump through weird hoops to weaken encryption if it they were available on the internet. The government was trying to [backdoor all voice and data transmissions through a special chip](https://en.wikipedia.org/wiki/Clipper_chip). There was a growing awareness that the Internet would be super important, but also that there was essentially *no* privacy. All of that got even worse after 9/11. My point in mentioning all of that is that the cypherpunks came up in that era, when trust in the US government with respect to all things digital was at an all time low, and the roots of Bitcoin trace back to that world. In a certain way, I'd be shocked if Satoshi *did* pick an off-the-shelf NIST ECC curve.
This is not worth taking seriously. Presumably he's referring to the [secp256k1 elliptic curve](https://en.bitcoin.it/wiki/Secp256k1) Bitcoin uses with ECDSA, which *was* an unusual choice at the time. The choice of what curve parameters to use for encryption / signing is a question of *math*, which is to say that a "backdoor" in this sense really just means that someone else (*e.g.* the government) knows a way to make a certain math problem easy that others presume is always hard. A good cryptographer might come to an independent conclusion that a particular form of encryption is not safe, or even just *suspect* it and steer clear. There has been skepticism about government (*e.g.* NIST) suggested encryption algorithms / parameters long before Bitcoin existed—presumably from the *beginning* of published standards. And the cypherpunks (out of which Bitcoin grew) were exactly the type of folks to be skeptical. If Bitcoin was created by a three-letter agency, it would presumably use one of the backdoored algorithms so that the agency could gain advantage. The fact that it *doesn't* lends credence to the idea that it was *not* created by them. If he's just saying that the creator might have worked at one of those agencies at some point and knew which algorithms had vulnerabilities, fine—but what does it matter? There are numerous (perhaps infinite? I'm not intimately familiar with ECDSA) [choices of curves to use for ECC](https://safecurves.cr.yp.to/index.html). If you were aiming to build a secure, global, digital cash system, outside the reach of fiat, and you had the cryptographic proficiency, would you choose your (pivotal) encryption parameters from an opaque menu presented to you by a government, or would you come to an independent conclusion? Even if *you* trusted said government, would future users trust the system, knowing that that government might have a backdoor to that entire financial system? Moreover, "unlike the popular NIST curves, secp256k1's constants were selected in a predictable way, which significantly reduces the possibility that the curve's creator inserted any sort of backdoor into the curve" ([https://en.bitcoin.it/wiki/Secp256k1](https://en.bitcoin.it/wiki/Secp256k1)). This is a *great* quality to have if you're trying to inspire trust in your choice, and some kind of choice needed to be made. It seems like Satoshi made the best, most logical choice available to him / her / them.
> My thinking was to use the Ian Coleman "IC" site for its strengths and choose a different language as any hacker getting it from the USA would likely try English Why is English a problem? Are you thinking of dictionary attacks? I don't believe that applies here. Dictionary attacks work with *passwords* because people are not very random with their choice of passwords and like to make short ones based on a word or two. Key word: "choice". Passwords people choose tend to be low-entropy, because people are bad at randomness. However, here you are letting an RNG generate 128–256 bits of entropy. The mnemonic is nothing but an encoding of that entropy. It doesn't make it any easier to guess. But it *does* make it easier for you to handle as a human. That is, *if* you use the mnemonic, as opposed to just copying master keys or whatever. > derivation 84 (I was just saying 32 because earlier because it was the standard and messing it with is a good way to make your coins unrecoverable) thru experimenting I realized only 84 will produce bc1 addresses, which I think is best going into the future. BIP 84 is the standard that specifies the derivation path for P2WPKH (pay-to-witness-public-key-hash) wallets, P2WPKH being the script type that has "bc1q" addresses associated with it. So it makes sense you get those only if you choose BIP 84. Other choices there, other than BIP 32, correspond to other script types. One that is missing on that page is BIP 86, which is for P2TR (pay-to-Taproot) scripts, which have "bc1p" addresses. But then, Electrum doesn't yet support P2TR wallets. > 1. ... > 2. ... > 3. ... I'm not sure I understand what this is about. Were these different things you tried? Did you create multiple wallets using these different steps? Or something else? > if I could get the QR to work that would be great, but getting the laptop camera to snap a picture in a mirrror didnt work. QR codes generally cannot be scanned in mirror image, as they are not designed to make such a distinction apparent to a scanner. A mirrored QR code looks superficially like a non-mirrored one turned a different way, but things are in the wrong places. If you really need to have a device scan a QR code from its own screen, you need to use an even number of mirrors, so the image goes back non-mirrored. However... > However next to the camera button there was the choice to "Read from file". I snapped a screenshot (.png) and went to the .png file and entered it. It took a few seconds but it seemed to load/accept it Yes, this is a lot easier. But is even that really necessary? Does Tails prevent you doing a simple copy-and-paste of the field, instead of going through all that rigamarole? I'm not familiar with use of Tails, so I don't actually know. But surely there is an easier way than what you're trying to do. > enter 12 more custom words (this is another reason im using IC, I get a good set of 12 more words This is your passphrase, then. That's what the "extend with custom words" option in Electrum is referring to. > then the PassPhrase There is no "then" at this point. You have already entered your second 12-word phrase as the passphrase. There is no option to add anything more. If you want to enter 24 words in Electrum (which is of dubious benefit, as Bitcoin keys, being ECC, only have ~128 bits of security, the same as the entropy you get through a 12-word mnemonic), then just generate a 24-word mnemonic, which Electrum will accept as a BIP 39 mnemonic. It's only Electrum mnemonics that must be 12 words. > HERE IS the main reason Im trying to use the IC -as long as it doesn't make my wallet unrecoverable- it generates a 100 digit passphrase, the longest allowable, in my brain I hope you have a savant-level memory, because there is no way *I* would be able to remember something like that. And there is no way I can recommend it to anyone, including you. Word of advice: unless you have superb discipline, don't try to get fancy with your security measures. A lot more people lose their bitcoin by losing or forgetting all the details of what they did than by actually having it stolen.
Yes the reason is important. It’s important to stay in the loop, and try to be ahead of the news instead of behind it. I know that the amount of seed phrases is more than the atoms in the universe or whatever. But thanks for pointing out ECC, I’ll research it. It would be nice if our personal bank account was something more personal tho… like a feeling only you could have, lol. Thoughts about the future can get pretty wild. But I’ll take one of my atoms for now 😚
Depends on the reason it went down. If it was just selling pressure then I’d buy as much as disposable income I could. If it was something way worse like someone figured out how to crack seed phrases… that’s when you’d want to be out. The good thing is that seed phrase cracking won’t be an issue unless some major technological breakthrough happens. Highly unlikely due to the nature of ECC.
Are you sure about not using sha 256 for keys? On kraken's website they say: "Bitcoin uses elliptic curve cryptography (ECC) and the Secure Hash Algorithm 256 (SHA-256) to generate public keys from their respective private keys".
Thats an old video but Shor's algorithm could break RSA-256 bit encryption with a quantum computer with about 4098 logical qubits and ECC-256 with around 2330 logical qubits. It's inevitable in the next few years.
Not SHA-256. That's the mining puzzle algorithm. Public/private keys are based on ECC.
>We have. Bitcoin will move away from elliptic curve crypto Why? There is no reason to do that. While there are sound reasons to expect space mining of gold could become a reality in the next 15 - 75 years, using already existing technology and methods, there isnt any basis to expect ECC to become broken in the same time frame.
Also, there's no cryptography in the Bitcoin blockchain. "The Bitcoin network and database itself does not use any encryption. As an open, distributed database, the blockchain has no need to encrypt data. All data passed between Bitcoin nodes is unencrypted in order to allow total strangers to interact over the Bitcoin network." Also, "ECDSA, which stands for Elliptic Curve Digital Signature Algorithm, uses the same mathematical primitives as ECC (elliptic curve cryptography) and, as such, also uses an asymmetric key pair of public and private keys. This is synonymous with other cryptography algorithms which use a public key to encrypt messages and a private key to decrypt them. However, these keys are not used to encrypt or decrypt anything." So, no cryptography, no anonymity, and no encryption. And being *pseudonymous* isn't worth much if you bought your BTC from a KYC exchange. Seems to me the title of the Wired article is just clickbait.
Pretty sure my barista had a computer science degree this morning. It doesn’t change the fact that you’re wrong. You clearly don’t even know what you are talking about since you repeated my error in mentioning sha256 instead of ECC But please continue to parrot and misrepresent memes that were proven to be misleading over a decade ago.
Mathematical shortcut being discovered for ECC.
The whole blockchain doesn't need kept or stored. It says so right in the Bitcoin Whitepaper: > 7. Reclaiming Disk Space > Once the latest transaction in a coin is buried under enough blocks, the spent transactions before it can be discarded to save disk space. To facilitate this without breaking the block's hash, transactions are hashed in a Merkle Tree, with only the root included in the block's hash. Old blocks can then be compacted by stubbing off branches of the tree. The interior hashes do not need to be stored. > A block header with no transactions would be about 80 bytes. If we suppose blocks are generated every 10 minutes, 80 bytes * 6 * 24 * 365 = 4.2MB per year. With computer systems typically selling with 2GB of RAM as of 2008, and Moore's Law predicting current growth of 1.2GB per year, storage should not be a problem even if the block headers must be kept in memory. Also, Satoshi said: > Long before the network gets anywhere near as large as that, it would be safe for users to use Simplified Payment Verification (section 8) to check for double spending, which only requires having the chain of block headers, or about 12KB per day. Only people trying to create new coins would need to run network nodes. At first, most users would run network nodes, but as the network grows beyond a certain point, it would be left more and more to specialists with server farms of specialized hardware. A server farm would only need to have one node on the network and the rest of the LAN connects with that one node. > > The bandwidth might not be as prohibitive as you think. A typical transaction would be about 400 bytes (ECC is nicely compact). Each transaction has to be broadcast twice, so lets say 1KB per transaction. Visa processed 37 billion transactions in FY2008, or an average of 100 million transactions per day. > > That many transactions would take 100GB of bandwidth, or the size of 12 DVD or 2 HD quality movies, or about $18 worth of bandwidth at current prices. > > If the network were to get that big, it would take several years, and by then, sending 2 HD movies over the Internet would probably not seem like a big deal. > > Satoshi Nakamoto > https://www.mail-archive.com/cryptography@metzdowd.com/msg09964.html
The majority didn't decide the keep the blocks small. Over 85% of nodes were signalling for a blocksize increase. I think your scenario of 1gb blocks is unrealistic, but if it were the case, the whole blockchain doesn't need kept or stored. It says so right in the Bitcoin Whitepaper: > 7. Reclaiming Disk Space > Once the latest transaction in a coin is buried under enough blocks, the spent transactions before it can be discarded to save disk space. To facilitate this without breaking the block's hash, transactions are hashed in a Merkle Tree, with only the root included in the block's hash. Old blocks can then be compacted by stubbing off branches of the tree. The interior hashes do not need to be stored. > A block header with no transactions would be about 80 bytes. If we suppose blocks are generated every 10 minutes, 80 bytes * 6 * 24 * 365 = 4.2MB per year. With computer systems typically selling with 2GB of RAM as of 2008, and Moore's Law predicting current growth of 1.2GB per year, storage should not be a problem even if the block headers must be kept in memory. Also, Satoshi said: > Long before the network gets anywhere near as large as that, it would be safe for users to use Simplified Payment Verification (section 8) to check for double spending, which only requires having the chain of block headers, or about 12KB per day. Only people trying to create new coins would need to run network nodes. At first, most users would run network nodes, but as the network grows beyond a certain point, it would be left more and more to specialists with server farms of specialized hardware. A server farm would only need to have one node on the network and the rest of the LAN connects with that one node. > > The bandwidth might not be as prohibitive as you think. A typical transaction would be about 400 bytes (ECC is nicely compact). Each transaction has to be broadcast twice, so lets say 1KB per transaction. Visa processed 37 billion transactions in FY2008, or an average of 100 million transactions per day. > > That many transactions would take 100GB of bandwidth, or the size of 12 DVD or 2 HD quality movies, or about $18 worth of bandwidth at current prices. > > If the network were to get that big, it would take several years, and by then, sending 2 HD movies over the Internet would probably not seem like a big deal. > > Satoshi Nakamoto > https://www.mail-archive.com/cryptography@metzdowd.com/msg09964.html
To make it more challenging there is no mathematical proof saying a shortcut is not possible in theory for ECC. Such a proof exists for DH on the other hand.
An encryption algorithm takes an input value that you want to encrypt and an encryption key. It produces an unreadable series of letters and numbers. Anyone with the key can unlock that unreadable string and get the initial value. Encryption is a two-way thing. Hashing is a one-way thing. You take a value and a hashing algorithm like SHA-256 and you produce an unreadable string of characters. Once you do, there is no going back. You can test it out here [https://emn178.github.io/online-tools/sha256.html](https://emn178.github.io/online-tools/sha256.html) The same algorithm will always produce the same hash for the same input. Encryption is used when the information needs to be transferred through an untrusted medium and decrypted on the other end. Most common use case is SSL. When you put your credit card details in a web portal, they are encrypted to be sent to let's say MasterCard and decrypted there. Hashing is used when knowledge of the actual value is not needed on the other end. Best example is passwords on online platforms. Reddit for example does not store your password in clear text. It hashes it. Every time you login, they hash the password you provided and compare the hashes. The actual password is never stored on their servers. If someone steals the password hash they cannot derive the password. ( To be more precise, they can if the algorithm is weak, google SHA-1 or rainbow tables) ​ In the context of Bitcoin, many people think that SHA-256 is used for private key generation but that's not true. In very simplified terms, a bitcoin private key is a very large random number. So random that it would take you millions of years to guess an existing one. A public key is a hash of the private key using Elliptic Curve Cryptography. This is different than SHA-256 and even more powerful and hard to crack. Finally, a part of the public key is used along with some other info to generate your wallet's addresses using SHA-256. For someone to crack Bitcoin they would have to first crack SHA-256 to acquire the public key and then crack ECC to get to your private key and spend your Bitcoin.
Can you be more specific? ECC is pretty common and Ed25519 is considered safer than secp256k1 or whatever.
I'm very much a person who is here because of the decentralisation. Solana does not fit that category. Even if someone wants to make the case that by definition it is decentralised because its not running on one machine, sure, but it is so far on the scale of being centralised that it wouldn't even be a good point to make. What they will say is that this allows the network to process more TPS, but on the flip side, look at how many times the chain has been switched off because of the central control. Not to mention most of the TPS aren't actually TPS, but rather consensus messages added onto that metric so it looks like it being used far more than it actually is. The hardware requirements to run a node is off the charts, for example suggested 256GB of ECC ram but recommended 512GB ECC "or more". At that point you're basically building your own mini data centre. They also recommend a 10GBit/s asymmetric commercial internet connection, so at that point you might as well just buy a machine in a datacentre anyway given that type of internet connection must cost a fortune. For me this isn't even possible, the highest I can get is 1Gbit/s. They need to pay node operators a huge amount of money because of the huge upfront and ongoing costs, and the Solana network barely makes any revenue in fees anyway, so where do they pay the node operators from? Via new coin issuance, which means high inflation, which means the network security is quite literally dependent on the price of Solana.
It's the private keys themselves that are no longer secure (ECC is not quantum resistant, meaning there is an algorithm). Mining is the least of the problems. Bitcoin would simply become worthless.
the math checks, shouldn’t be any issue unless the basic arithmetic of ECC were vulnerable
There's no way this "ECC offset" strategy is secure for EOAs vanity addresses are already inherently less secure (eoa only, does not apply to contracts), and allowing others to generate the private keys using an offset is a terrible idea. It is only a matter of time until there are victims from this.
Bitcoin stood on the shoulders of giants. It might have seemed sudden, but the groundwork for Bitcoin was being built decades before the white paper. Blockchains have actually been around since the 90's (although fairly different in design) . There were many breakthroughs in the decades before the white paper. Hash cash, reusable proof of works, elliptic curve cryptography (ECC), Wei dei's b-money. Digital cash has been the holy grail of Cypherpunks for a long time prior to bitcoin. It can feel like bitcoin appeared out of thin air, but there's a fascinating history to dig through of previous break through.
Bitcoin uses ECC private keys and SHA256 hashes, it's crypto
Well, you heard it from OP first. IBM is now capable of breaking RSA or ECC in seconds. If only this 1.6T dollar industry full of the brightest engineers, mathematicians, scientist, and other academics could have seen this coming. All these roadmaps to upgrading to quantum resistant encryption, but we never stood a chance without OP. If only OP could just borrow one of these academics for a lesson on how to Google "How to short Bitcoin?". Feels bad.
Another question, if I may: Am I correct in the assumption, that the security of a 160bit P2WPKH address is 159bit against a classical computer and 129bit against a quantum computer? The classical computer simply has to try different private/public keys until it finds a suitable one that produces the address. So, this should take on average (2^160)/2 trys, that is 159 bit security. The quantum computer can use Grover's algorithm to find the preimage of the address (which is a RIPEMD-160 hash) within 2^80 iterations. But then it still has to find the preimage of the Sha256 hash. Again, using Grover's algo, this halves to 128bits. Finally, it has to break the ECC to find the private key corresponding to the public key, which is again 128bits. So in total, approx. 129 bits. PS: To preemptively defend myself, because often people get mad when you mention quantum computers: I know we are far away from this being a concern. In fact, we don't even know if quantum computers this strong are even possible to build. I don't mean to spread FUD, just asking out of curiosity.
True, that's best practice. However, if an attacker really were able to beat the ECC, he may be able to frontrun your transaction, so nothing will be sent to your change address. That assumes that he can break the ECC and thus find your private key, before the next block is mined, so he has approx 10 minutes time. Obviously all very unrealistic, but still fun to think about.
1) Very much info, thank you! Do I understand this link correctly, that P2WPKH addresses only have 160 bits of brute-force resistance, since they again use RIPEMD-160? I would've thought they are considered "modern" and thus have 256 bits. https://en.bitcoin.it/wiki/Bech32 2) Another thing: afaik from reading some pages in Mastering Bitcoin, the ECC is only used to create public keys from private keys, while the address is then a hash of the public key, as explained in the link above. As long, as you don't spend from an address, the public key remains secret and the ECC security is not relevant. Obviously, at the moment you broadcast a signed transaction, your pubkey is leaked, so if you ever want to spend Bitcoin (its money after all), the ECC security is what matters.
P2WSH addresses are 256 bits. But the length of the address isn't the limiting issue for security ECC key pairs have a mathematical shortcut which reduces bruce force effort by the square root. A 256-bit ECC secp256k1 Bitcoin key can be brute forced with 2^128 iterations, is 128-bit secure, not 256 There's no need for more than 90 bits. Round up to 128 bits because 128 is a power of 2, and make a 12 word mnemonic by adding 4 checksum bits The passphrase has purposes apart from increasing the entropy. It also adds a usability risk, but that's a separate topic
Thank you for this answer! Can you explain to someone with limited knowledge on ECC why ECC only has the security equivalent to half the bits?
Modern addresses have 256-bits, so really your question is basically done at that point. But ignoring that, it depends on how those 160 bits of seed are turned into an address. ECC only has security equivalent to half the bits. So normally a 256-bit key has 128 bits of security. But if you make a 160-bit key which lies in a regular subspace of the curve (as would be the case for just using a 160-bit private key) then you will only have 80 bits of security. This isn't the product of any kid of obscure attack, the *ordinary* and sensible attack against ECC (or any cryptosystem in a finite cyclic group) works via a collision search rather than an enumeration of all possible keys. So even in the 160-bit address case the ECC strength itself was already security-limiting against someone trying to find your private key. Why are modern addresses longer? For a couple reasons but the big one is that an attacker that tries to generate two different private keys that share a single address (like a multisig key involving you and one just involving them) only need to do work equivalent to half the address length.. so 160 bit addresses result in 80-bit security. 80-bits is not considered an acceptable level of security today (bitcoin's mining, to give a not very applicable example has done many times 2^80 operations).
ECC doesn't realy on multiplying prime numbers. Also you're totally ignoring the very basis of math. People found proof that these methods are secure. There are no patterns we can't see if there's mathematical proof.
It's more theoretical, isn't the Shor-Algorithm suitable to crack RSA but not ECC? I've read in a paper that quantum computers would be more of a threat to other types at first. There might also be a solution for ECC to become 100% quantum resistant, even though it isn't right now
Nothing more :D There are several different ways to create private keys, but ECC is pretty common and it's also supposedly quantum computer safe (at least right now)
SHA256 is NOT encryption. It's the hash being used for creating blocks. SHA might be used at some point, but Bitcoin's private key is an ECC key.
Why do so many people talk about encryption and AI without having a basic understanding of how it all works? AI can barely do math, and math has already shown that this kind of encryption is secure. People try to make themselves more interesting by spreading bullshit like this. A good indicator of bullshit is that they don't distinguish between different types of encryption. For example, there is RSA and there is ECC (which is what Bitcoin uses).
Only the ECC is quantum vulnerable. When the time comes for core to release a quantum secure signing algorithm, just your coins to a new quantum secure wallet.